TWING Policy on the Personal Data Protection and Processing

As TWIN Yazılım Mühendislik Sanayi Ve Ticaret Joint Stock Company (“TWIN” and/or “Company”), the protection and security of your personal data are at paramount important to us.

Therefore, we are constantly reviewing our data processing activities and revising our policies in accordance with the applicable legislation in our present markets.

This Privacy Policy and Data Processing Principles (“Privacy Policy”) at our company website (“Website”) are written and will be regularly reviewed in accordance with General Data Protection Regulation (“GDPR”) and applies to all Websites, apps, events and to any other services owned and operated by TWIN in relation to TWING.

  1. Data Processing Principles

    1. Information Automatically Collected. When you access our Websites, we and our possible third party partners automatically record information from your device and its software, such as your IP address, browser type, Internet service provider, platform type, the site from which you came and the site to which you are going when you leave our website, date and time stamp and one or more cookies that may uniquely identify your browser or your account. When you access our Services using a mobile device, we may also receive or collect identification numbers associated with your device (such as a unique device ID, IDFA, Google AdID), device type, model and manufacturer, mobile device operating system brand and model, phone number, email address, and other apps that you have downloaded (“Technical Data“).

    2. Location Data. We do not currently collect your precise geolocation or any latitude or longitude coordinates for you. Some of the information we collect, for example an IP address, can sometimes be used to approximate a device’s location. In some cases, we assign the latitude and longitude of the centre of a city or state on record for you to your profile as a way to improve our analytics and offer best matches for you. This is a general latitude and longitude and does not correspond to your real time or historical location specifically.

       

    3. Information Provided by Others. We may link or combine the personal data we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.

    4. Anonymization. We may anonymise and aggregate any of the personal data we collect (so that it does not directly identify you). We may use anonymised information for our business purposes including testing our IT systems, research, data analysis, improving our services

      and developing new products and features. We may also share such anonymised information with others.

      Where you do not provide the personal data, we may not be able to provide you the related services; as it may depend on this information.

    • Where you have given consent for us to use your personal data, for the stated purposes like; marketing, sales and any sort of informative reasons

    • Job applications directly from our Websites and/or via company e-mail accounts and any sort of communication deriving from contact forms or written enquiries

    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

    • Where we need to comply with a legal or regulatory obligations.

      How We Collect and Use Your Data

      The main reason we use your information is to deliver what we offer and constantly improve our services. Additionally, we use your information to help keep you safe and to provide you with advertising that may be of interest to you.

      Generally, we will use your personal data in the following circumstances:

    When the public area of the website is used, the user’s automatically anonymised IP address is saved. As a result of the anonymization, it is impossible to identify the anonymised user and tracking their movement on the website does not allow for any conclusions to be drawn about a specific user.

  2. Withdrawing your Consent

    You may withdraw your consent fully or partially at any time by contacting us from; [.] or from any contact details at our Website.

  3. Marketing Purposes

    From time to time we may contact you with relevant information about our services and products. Most messages we send will be by email. For some messages, we may use personal

    data we collect about you to help us determine the most relevant information to share with you.

  4. Disclosure of Your Information to Third Parties

    We may have to share your personal data with the parties set out below;

    • Disclosure to Protect Abuse Victims. We reserve the right, but have no obligation, to disclose any information that you submit to the Websites, if in our sole opinion, we suspect or have reason to suspect, that the information involves a party who may be the victim of abuse in any form. Abuse may include, without limitation, elder abuse, child abuse, spousal abuse, neglect, or domestic violence. Information may be disclosed to authorities that we, in our sole discretion, deem appropriate to handle such disclosure. Appropriate authorities may include, without limitation, law enforcement agencies, child protection agencies, or court officials. You hereby acknowledge and agree that we are permitted to make such disclosure.

    • Technology Services Providers, including infrastructure partners (such as AWS), customer support service providers, analytics service providers, cybersecurity partners, fraud analytics companies, payment providers, chargeback representation services and similar partners.

    • Advertising networks and technology companies that measure advertising performance and attribution.

    • Third parties, including consultants, who we engage to provide services on our behalf or to jointly provide services to you, including but not limited to contests and sweepstakes, marketing outreach and analytics, customer support, safety checks, and payment services (such as Cyber Source).

    • Social Networks, such as Facebook, where you have given permission to do so or where you have used your social network account to log-in to the pages of the Company. If you have chosen to do this, your data will be governed by the privacy policy of that social network.

    • To, in our discretion, (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms of Service, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect against harm to the rights, property or safety of TWIN, its employees or the public as required or permitted by law and (v) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.

    • In connection with any company transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy, dissolution, divestiture or any related or similar proceedings; and

    • We require all third parties to respect the security and privacy of your personal data and to treat it in accordance with the law. However, we are not responsible for those third parties.

     

  5. International Transfers

    The personal data we collect may be transferred to, and processed and stored in, countries outside of your local jurisdiction. If you are located in the European Union (“EU”), your personal data may be processed outside of the EU, including, for example in Turkey; these international transfers of your personal data are made:

    1. to a country or territory ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data as determined by the European Commission; or

    2. pursuant to appropriate safeguards, such as the Standard Contractual Clauses and Corporate Binding Rules, approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission

      If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Privacy Policy.

  6. Security

    We have extensive security measures in place to protect the loss, misuse and alteration of the information stored in our database. These measures include the use of Secure Socket Layer (SSL) and administrative access to site data as well as other proprietary security measures which are applied to all repositories and transfers of user information. We will exercise reasonable care in providing secure transmission of information between your computer and our servers, but given that no information transmitted over the Internet can be guaranteed 100% secure, we cannot ensure or warrant the security of any information transmitted to us over the Internet and hence accept no liability for any unintentional disclosure.

  7. Data Retention

    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (as set out above), including for the purpose of satisfying and legal, accounting, or reporting requirements.

    To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

  8. Your Rights under GDPR

    You may have certain rights under GDPR in relation to your personal data. You have the rights to:

    • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

    • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

    • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

    • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us

      to establish the accuracy of the personal data; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need the personal data for the purposes set out above, but we are required by you for the establishment, exercise or defence of legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

    • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

    • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain features of the services to you. We will advise you if this is the case at the time you withdraw your consent.

     

    If you wish to exercise any of these rights, you can contact us from our Websites.

     

  9. Cookies and Similar Tracking Technics

    1. We use cookies and similar technologies to distinguish you from other users of the Service. This helps us to provide you with a good experience when you browse the Websites and also allows us to improve.

    2. A cookie is a small data file that we transfer to your device’s hard disk (such as your computer or smartphone) for record-keeping purposes.

    3. We use the following types of cookies:

      1. Strictly necessary cookies. These are cookies that are required for the essential operation of the Website such as security measures.

      2. Functionality cookies. These are used to recognise you when you return to the Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

      3. Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose.

      4. Third party cookies. Please be aware that advertisers and other third parties may use their own cookies tags when you click on an advertisement or link on our website. These third parties are responsible for setting out their own cookie and privacy policies.

    4. The cookies we use are designed to help you get the most from the Service but if you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse cookies you may not be able to use the full functionality of the Service. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the “Help” option in your browser for more details.

    5. If you only want to limit third party advertising cookies, you can turn such cookies off by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website):

      1. Your Online Choices ( http://www.youronlinechoices.com/ )

      2. Network Advertising Initiative (http://www.networkadvertising.org/)

      3. Digital Advertising Alliance (http://www.aboutads.info/consumers)

    6. If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org or the Network Advertising Initiative’s online sources at www.networkadvertising.org.

       

  10. Links to Third Party Sites

    The Website may, from time to time, contain links to and from third party services. If you follow a link to any of these services, please note that these services have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those services.

  11. Our Policy Towards Children

    The TWING Platform is mainly directed towards children. Yet, in order to process any persons’ personal data who are under the age of 16 it is required for their parents to provide approval through email.

    We do not process any personal information of the persons who under the age of 16 (“Children” or “Child”) unless their parents give an explicit consent in this regard and fulfil our online verifications.

     

    Children are able to initialize their registration process without their parents’ supervision. Yet, in order for the Child to gain full access to the App and begin to share his/her personal information with the App or the other Users, he/she has to complete the registration process. The Child’s registration process may only be completed and finalized by parental consent.

     

    Children are asked to provide the following information during the registration process:

     

    Information Collected During Registration

    Purpose

    TWING User Name

    It is collected and shared publicly for identifying the User and providing him/her

    to interact with the App and the other Users.

    Password

    It is asked for the User to create one that is to be known only by him/her for enabling a

    secure and personal access to the App.

    Date of Birth

    It is essentially important to identify for providing a secure and friendly environment

    within the context of the App.

    Parental E-mail Address

    This information is asked to attain parental

    consent for the Child.

     

    Children gain full access to the App and all its features, only after their parent approves the account.

     

    The Child’s registration shall not be complete until his/her parent completes the registration process by activating and/or approving the Child’s account. Once the Child is approved by a parent, she/he becomes an TWING Member and the Child will have access to all the features in the App. Only after this stage the childeren may share their personal data with the platform.

     

  12. Changes to This Policy

    We evaluate our privacy policies and procedures to implement improvements and refinements from time to time. Accordingly, we may update this Privacy Policy and so you should review this page periodically. If we make material changes to this Privacy Policy, we will update the “last updated” data at the start of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.

  13. Notices

    If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the communication. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.

     

  14. Contact Details

Questions, comments and requests regarding this Privacy Policy are welcome and should be sent to:

TWIN Yazılım Mühendislik Sanayi Ve Ticaret Joint Stock Company (“TWIN”) Address: İTÜ Magnet İleri Aş. Kuluçka Merkezi Reşit Paşa Mah. Katar Cad.No:4/1101 Maslak/İstanbul