Privacy Policy and Personal Data Text

Update Date: 26 May 2024

1. Objective

WEBMİX YAZILIM HİZMETLERİ LİMİTED SİRKETİ (“webmix” or “Company”) aims to process the personal data of users in accordance with general principles of privacy and the provisions of applicable data protection legislation, particularly the Law on Personal Data Protection No. 6698 (“PDP Law”) and other relevant legislation.

Your personal data, which you have provided or will provide to our Company, and/or obtained by our Company through any external means, may be processed by our Company as the “Data Controller” in the following ways:

• In the context of the objective of processing your personal data and in connection with this purpose, in a limited and measured manner.
• By maintaining the accuracy and up-to-date status of the personal data as reported or notified to our Company.
• May be recorded, stored, preserved, reorganized, transferred to the institutions authorized to request such personal data by law, transferred, classified, and shared with third parties within the country or abroad under the conditions stipulated by legislation and upon your explicit consent if necessary, and processed by other means listed under the legislation and subject to other procedures set forth in the legislation.

This Privacy Policy is adopted for the continuance and improvement of the activities carried out by webmix in line with the principles set forth in the PDP Law. This Privacy Policy describes which data we collect, how we intend to use, store, protect, and share the data we collect, how you can withdraw your consent for the processing of these data, and how you can correct and revise the data.

Capitalized terms in this Policy shall have the meanings specified in the Terms and Conditions unless defined separately in this Policy.

2. Collection of Personal Data and Method

webmix may process your personal data for the purposes specified in this Privacy Policy. The personal data of users collected and used by webmix include the following:

• Your order information if you make a purchase through in-app purchases.
• Identifier for Advertisers (IDFA) designated in your mobile device used in accessing our services.
• Identifier for Vendors/Developers (IDVF) designated in your mobile device.
• Internet Protocol (IP) Address.

Data Categories and Data Types

1. Process Security

• Internet traffic data: Network movements, IP address, visit data, time and date information.
• Device information: Device name, in-app purchase history, Token ID (when you allow notifications through your device), identifier for advertisers (IDFA) designated in your mobile device used in accessing our services (if you give permission), identifier for vendors/developers (IDVF) designated in your mobile device.

2. Customer Transaction

• Order information: Details related to your purchases through in-app purchases.

3. Marketing Data

• Identifiers: IDFA, IDVF.

We may collect your aforementioned data directly from you through electronic or physical mediums, your mobile device, third-party applications, or third-party sources which you can access our application through these mediums such as Apple App Store, Google Play App Store, and similar platforms (collectively referred to as “App Stores”). This data collection is for the purposes of compliance with legal obligations, enhancing our services, administering your use of our services, and enabling you to enjoy and easily navigate our services.

We may also collect your log data generated while you are using our services/applications (through our products or third-party products). This log data may include information such as your device’s Internet Protocol (IP) address, device name, operating system version, the configuration of the app when utilizing our service/application, the time/date of your use of the service/application, and other statistics.

General Principles Regarding Personal Data Processing

In accordance with this Privacy Policy, personal data are processed by webmix as a data controller in line with the following basic principles:

• Lawfulness and Good Faith: Processing in accordance with the law and good faith principles.
• Accuracy and Up-to-date: Ensuring data is accurate and kept up-to-date where necessary.
• Specific, Explicit, and Legitimate Purposes: Data is processed for specific, explicit, and legitimate purposes.
• Data Minimization: Processing is limited to what is necessary in relation to the purposes for which they are processed.
• Storage Limitation: Data is stored only for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

3. Purposes of Processing Personal Data and Legal Reasons

Your personal data will be processed via automatic or non-automatic means for the purposes stated below, in accordance with the applicable legislation and Articles 5 and 6 of the PDP Law. This processing is expressly permitted by law, necessary for the establishment of a contract or directly related to the execution or performance of the contract, and for the legitimate interests of webmix, provided that your fundamental rights and freedoms are protected.

a) Purposes of Processing Personal Data

In accordance with this text, your personal data is processed for the following purposes in accordance with the above general principles:

• Compliance with Legal Obligations: Ensuring adherence to legal and regulatory requirements.
• Enhancing Our Services: Improving and optimizing the services provided to users.
• Administering Your Use of Our Services: Managing and facilitating your interaction with our services.
• User Experience Improvement: Enabling you to enjoy and easily navigate our services.

Process Security

• Compliance with Legislation: Execution of activities in adherence to applicable laws and regulations.
• Commitment Operations: Fulfillment of company, product, and service commitments.
• Communication Activities: Management of internal and external communication.
• Business Activities: Execution and auditing of business processes to ensure efficiency and effectiveness.
• After-sales Support: Provision of support services for goods and services post-purchase.
• Sales Processes: Management of sales processes for goods and services.
• Storage and Archiving: Conducting storage and archival activities for records and data.
• Agreement Processes: Execution and management of contractual agreements.
• Information Security: Implementation and maintenance of information security measures.
• Audit and Ethical Activities: Conducting audits and ensuring compliance with ethical standards.
• Business Continuity: Ensuring ongoing operations and business continuity.
• Information Provision: Providing necessary information to authorized persons, institutions, and organizations.

Customer Transaction

• Business Activities: Execution and auditing of business processes.
• After-sales Support: Provision of support services for goods and services post-purchase.
• Sales Processes: Management of sales processes for goods and services.
• Customer Satisfaction: Conducting activities to ensure and enhance customer satisfaction.
• Agreement Processes: Execution and management of contractual agreements.

Marketing Data

• Marketing Analysis: Conducting studies to analyze market trends and user behavior.
• Advertising and Promotion: Execution of advertising, campaign, and promotion processes.

Additional Purposes

The purposes of processing personal data may be updated in line with our obligations arising from company policies and legislation, including but not limited to:

• User Accounts: Creating user accounts for service recipients and application users.
• Customization of Services: Customizing our services to understand user preferences and enhance user experience.
• Informing Users: Informing users about new products, services, applications, advertisements, and promotions.
• Digital Subscriptions: Managing digital subscriptions and in-app purchase processes for service recipients.
• Auto-renewable Subscriptions: Managing auto-renewable subscriptions for access to content, services, or premium features.
• Information Security: Ensuring the security of information and conducting related processes.
• Compliance with Legislation: Conducting activities in accordance with legal requirements.
• Responding to Authorities: Fulfilling demands from competent authorities.
• Finance and Accounting: Managing financial and accounting transactions.
• Communication Activities: Conducting internal and external communication processes.
• Contract Management: Managing contractual agreements.
• Strategic Planning: Carrying out strategic planning activities.
• Request and Complaint Management: Following up on user requests and complaints.

Legal Reasons

Customer Transaction

• Contractual Relationship: Processing your personal data is necessary to establish a contractual relationship with you, or it is directly related to our performance obligation arising from this contract.
• Rights Protection: Processing is required to establish, exercise, or protect your rights.

Process Security

• Legal Compliance: The law explicitly stipulates the process by which we process your personal data.
• Legal Obligations: Processing is necessary to fulfill our legal obligations.
• Contractual Relationship: Processing your personal data is necessary to establish a contractual relationship with you, or it is directly related to our performance obligation arising from this contract.

Marketing Data

• Explicit Consent: Your explicit consent, acquired via Apple and/or Google.

Third-Party Websites and Applications

The Agichat App may contain links to other websites that are not controlled by webmix. These linked websites may have terms and conditions different from webmix’s texts. webmix cannot be held responsible for the use or disclosure of information that these websites may process. Likewise, webmix has no responsibility for any links from other sites provided to Agichat owned by webmix.

We collect information by fair and lawful means, with your knowledge and consent. We also inform you why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

Cookies

Cookies are small text files stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies allow a website to run more efficiently and ensure the presentation of personalized web pages to provide you with a faster and more tailored visit experience. Containing only data on your website visit history via the internet, cookies do not collect any information, including your personal data/files stored on your computer or mobile device.

We may use cookies when necessary for operating our services, to enhance our service performance and functionality, and to deliver content, including ads relevant to your interests, on our sites or third-party sites. You can delete cookies already present on your computer and prevent the recording/location of cookies on your internet browser. Internet browsers are predefined to automatically accept cookies by default. As the management of cookies varies from browser to browser, you may consult the help menu of your browser or application for detailed information.

By adhering to these practices, webmix ensures the responsible handling and protection of your personal data.

Data Retention

Your data will be stored for the duration specified in the applicable legislation or for a reasonable period until the purpose of processing ceases to exist, or during legal periods of limitation. webmix may continue to store your personal data even after the expiry of its intended purpose if required by other laws or based on your explicit consent. Should you permit webmix to store your personal data for an extended period, such data will be immediately deleted, destroyed, or anonymized upon the expiry of this additional time or once the processing purpose no longer exists.

Technical and Administrative Measures

webmix is committed to ensuring the confidentiality, integrity, and security of personal data by taking all necessary technical and administrative measures. To prevent unlawful processing, unauthorized access, and unlawful disclosure, modification, or destruction of personal data, webmix implements the following measures:

• Anti-virus Applications: All computers and servers in webmix's IT infrastructure are equipped with periodically updated anti-virus software.
• Firewalls: The data center and disaster recovery centers hosting webmix servers are protected by firewalls loaded with updated software. These next-generation firewalls monitor internet connections of all staff, providing protection against viruses and similar threats.
• VPN Access: Suppliers can access webmix servers or systems through SSL-VPN defined on firewalls. Each supplier has a unique SSL-VPN identification, allowing access only to the systems they are authorized to use.
• User Identifications: Authorization for webmix employees to access systems is limited based on their job descriptions. Systemic authorizations are updated promptly in case of any change in authority or duty.
• Information Security Threat and Event Management: Events occurring on webmix servers and firewalls are transferred to an “Information Security Threat and Event Management” system. This system alerts responsible staff when a security threat arises, allowing immediate response.
• Encryption: Sensitive data is stored using cryptographic methods and, if necessary, transferred through encrypted environments. Cryptographic keys are stored in secure and diverse environments.
• Logging: All transaction records related to sensitive data are securely logged.
• Two-factor Authentication: Remote access to sensitive data is permitted only through at least two-factor authentication.

Penetration Testing

Periodically, webmix conducts penetration tests on its servers to identify and close security gaps. Following these tests, a verification test is performed to ensure that the identified security gaps have been addressed. Additionally, the Information Security Threat and Event Management System automatically performs penetration tests. All test results are recorded for review and action.

Information Security Management System (ISMS)

At ISMS meetings within webmix, topics covered in the control forum are audited monthly by the Director of Information Technology and the Director of Financial Operations.

Employee Training

To increase awareness of information security among webmix employees and minimize the impact of human factors in security breaches, regular training sessions are conducted.

Physical Data Security

Personal data in physical form is securely stored in locked facilities and accessed only by authorized personnel. Adequate security measures (e.g., protection against electrical leaks, fire, flooding, theft) are taken based on the nature of the environment where sensitive data is stored.

Data Backup

webmix periodically backs up its data using both cloud infrastructure providers' backup facilities and its own backup solutions, ensuring compliance with relevant legislation and this Policy.

Non-disclosure Agreements

Employees involved in processing sensitive personal data are required to sign non-disclosure agreements to ensure confidentiality.

Transfer of Sensitive Personal Data

When transferring sensitive personal data via email, webmix uses either encrypted corporate email or Registered E-mail to ensure data security.

Incident Response

In the event of a data breach or unauthorized access to personal data, webmix will notify affected users and, if necessary, relevant data protection authorities immediately, taking appropriate measures to mitigate the breach.

Transferring Personal Data to Third Parties

The procedures and principles for transferring personal data are regulated by Articles 8 and 9 of the PDP Law. webmix may transfer personal and special categories of data to third parties within the country or abroad, as we may use servers and cloud systems located abroad.

Reasons for Data Transfer Abroad

• Conducting storage and archival activities.
• Conducting business activities.
• Providing after-sales support services for goods/services.
• Managing customer relationship processes.

Data Transfer to Service Providers

webmix may also transfer your personal data to service providers and third parties such as Facebook SDK, Adjust, and Firebase Analytics embedded in our services for the following purposes:

• Enhancing service performance and functionality.
• Conducting marketing and analytical studies.
• Supporting customer relationship management.
• Improving user experience and engagement.

Sharing of Personal Data

1. With Public Institutions and Organizations:

webmix may share identity, communication, and transaction security information with authorized public institutions and organizations to ensure compliance with legislation, monitor and execute legal affairs, and provide necessary information to authorized persons, institutions, and organizations.

2. With Third Parties:

webmix may share customer transaction information to manage after-sales support services, conduct business activities, and manage customer relationship management processes.

Your Rights as a Data Subject

Under Article 11 of the PDP Law, you have the right to request the following from webmix regarding your personal data:

1. Right to Know:

• Learn whether your personal data has been processed.
• Request information on the processing of your personal data.
• Understand the purpose of processing and ensure data is used accordingly.

2. Right to Access:

• Know the third parties, within the country or abroad, to whom your personal data has been transferred.

3. Right to Rectification:

• Request correction of incomplete or inaccurate personal data.
• Request that third parties who received your data be notified of these corrections.

4. Right to Erasure:

• Request deletion, destruction, or anonymization of personal data if the processing reasons no longer exist.
• Request that third parties who received your data be notified of these actions.

5. Right to Object:

• Object to outcomes that are detrimental to you resulting from analysis of your data via automated systems.

6. Right to Compensation:

• Seek compensation for damages incurred due to unlawful processing of your personal data.

Additional Rights under GDPR

If the General Data Protection Regulation (GDPR) is applicable, you have additional rights:

1. Right of Access:

• Confirm whether personal data is being processed and access your personal data and related processing information.

2. Right to Rectification:

• Request correction of inaccurate or incomplete information.

3. Right to Erasure:

• Request deletion of personal data under conditions specified in the GDPR.

4. Right to Restrict Processing:

• Request restriction of personal data processing under conditions specified in the GDPR.

5. Right to Object:

• Object to the processing of personal data under conditions specified in the GDPR.

6. Right to Data Portability:

• Request transfer of your personal data directly to another organization or under specific conditions.

7. Right to Object to Automated Processing:

• Object to decisions made solely based on automated processing, including profiling, that produce legal or significant effects on you.

Exercising Your Rights as a Data Subject

To exercise your rights as described above, please follow these guidelines:

• Explicit and Understandable Requests: Ensure your request is clear and comprehensible.
• Authority Verification: If acting on behalf of someone else, you must provide documented proof of your authorization.
• Identification: Include your identity and address information, along with documents verifying your identity, in your application.

You can submit your request via the “Data Subject Application Form” at [email protected]. In compliance with Article 13 of the PDP Law, webmix will process your request free of charge and within 30 (thirty) days at the latest, depending on the nature of the request. If your request is denied, the reasons for the rejection will be provided in writing or electronically, along with a justification.

If you believe that your rights are being violated by webmix or any third party to whom your data has been transferred, you have the right to file a complaint with the data protection authority in your country and other relevant supervisory authorities.

Policy Updates

This Privacy Policy may be revised by webmix as necessary. By continuing to access Agichat and using its services after any notification period, you will be deemed to have accepted the changes in this Privacy Policy.

Company Information

Company Name: WEBMİX YAZILIM HİZMETLERİ LİMİTED ŞİRKETİ
Address: LEVENT MAH. GEYİKLİ SK. BEK NO: 3 Beşiktaş / ISTANBUL
Email: [email protected]