PEPAPP PRIVACY POLICY

Effective as of: 09/09/2019

1.     Key Details and Who We Are

1.1.   Our Purpose

Here at Pepapp Teknoloji A.Ş. (“We”, “Us”, “Pepapp”) we are deeply concerned about our Users’ (“You”, “User”) privacy and to that end when you’re using Pepapp mobile application or our services (collectively “Application”, “App”) we process your personal data regardless of point of access or your country of residency. This Privacy Policy (“Policy”) informs you about who we are, why we are collecting your Personal Information, to whom we are sharing your information with, our legal basis and reasons for doing so, and finally your rights.

The Personal Information when signing-up for an account, inviting your friends, using the Application or by contacting us, may differ for each action and Pepapp using the Policy herein informs you about how we are handling your Personal Information.

It is of utmost importance to read the Policy provided herein in tandem with our Terms of Use to better grasp the key terms provided and explained therein.

If you are a resident of State of California, please see §7.1 and §7.2 titled “California Residents’ Privacy Rights” and; if you are a European Union citizen, see §7.3 titled “Additional Information for European Union Citizens”

1.2.    Controller

Pepapp Teknoloji A.Ş. is a data controller (“Controller”) for any and all data processing that occurs through accessing the App.

1.3.   Contact Details

Our contact details are as follows,

Name of the company

Pepapp Teknoloji Anonim Şirketi

Location of the company

Istanbul, Turkey

E-mail address

[email protected]

Trade registry number

Registered in Istanbul Trade Registry Directorate

179346-5

DPO Officer and/or EU Representative

Emrah Yiğit

 

2.     Definitions

For the Policy the definitions provided herein shall be understood as follows;

CCPA

The California Consumer Privacy Act of 2018, signed into law on June 28, 2018 by the State of California

CalOPPA

California Online Privacy Protection Act, signed into law on July 1, 2004 by the State of California

Controller

A natural or legal person who determines the means of and purposes for processing personal data

Data Subject

A natural personal who can be identified or rendered identifiable through the personal data related to

GDPR

The General Data Protection Regulation, signed into law on May 25, 2018 by the European Union

Non-Personal Data

Information that is collected by Pepapp that cannot be tracked back to the data subject or rendered untraceable by Pepapp through the means of anonymization

Personal Information

Information that makes it possible for any other person to identify an individual to whom the data relates to

Personal Information Breach

A breach of security whether accidental or on purpose, resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Processing

Collecting and manipulating data items to generate meaningful information

Processor

A natural or legal person who processes personal data on behalf of a Controller

Sensitive Personal Information

Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and; genetic and biometric information, information concerning data subject’s sex life or sexual orientation

Third Party

Any other natural or legal person that is not part of Pepapp

 

3.     Your Personal Information

3.1.   Personal Information You Provide to Us

The Personal Information listed hereunder may be collected when you;

·       create an account,

·       use our App,

·       provide us with your feedback,

·       purchase and use our premium services,

·       contact us,

·       recommend the App to your friends or,

·       request technical support services.

 

Categories of Personal Information

Types of Personal Information

Contact Information

Email Address

Financial Information

Payment Card Details

Identity Information

First and Last Name

Birth Place

Birth Time and Date

Marketing and Communications Information

Preferences for marketing communications such as the Newsletter and how you engage with therewith

Transaction Information

Any and all details about payments from you and other related details thereto

Personal Mood Information

Daily Emotional Mood Information

Health Information

Ovulation and Menstrual Cycle Dates and Length

Ovulation and Menstrual Cycle Details

Daily Menstrual Pain Information

Daily Menstrual Bleeding Information

Daily Menstrual Symptoms

Medication Information

Height

Weight

Sexual Life Details

Usage of Birth Control Pills

Pregnancy Information

Planned Pregnancy Preference

Frequency of Sexual Activity

Protected Sexual Activity Information

Account Information

Account Password

Other

Contacts

 

3.2.   Personal Information Collected by Us

The Personal Information listed hereunder may be collected through automatic means including without limitation cookies, server logs and other technologies of equivalent nature. In cases where a Third Party uses our cookies, we may also receive Personal Information therefrom.

 

Categories of Personal Information

Types of Personal Information

User Feedback

Feedback when prompted automatically by the App

Technical Information

Internet Protocol (IP) address, login data, device version and type, time zone settings, operating system and platform (collectively “Cookie Information”)

Profile Information

Password preferences and how you contact our User Services

Usage Information

The pages that you have visited, and time spent, the frequency of your use of App, the links that you access, language preferences

 

3.3.   How Your Personal Information is Processed

Your Personal Information either given to or collected by us shall only be processed when necessary, to do so we may refer to reasons (“Processing Reason”) and a limited number of legal reasons (“Legal Basis”) associated therewith.

Your Personal Information may be used;

·       to form the contract that we are entering or perform the contract that have entered with you,

·       to comply with legal and/or regulatory obligations when required by the law, and

·       when it is necessary for our legitimate interests given that your fundamental rights and interests are not violated.

We do not rely on consent for our legal basis except for your Health & Sexual Life Information, Marketing Preferences and Contacts, which you can opt-out at any time in the App.

 

Personal Information Category

Personal Information

Processing Reason

Legal Basis

Identity

First Name and Last Name

Creation of an account

Entering into a contract

Birth Place

Provision of astrological predictions

Performance of a contract

Birth Date and Time

Provision of astrological predictions

Performance of a contract

Personal Mood

Daily Emotional Mood Information

Provision of premium services

Performance of a contract

Marketing and Communications Information

Marketing Preference

Personalized offers and services

Consent

Contact

Email Address

Creation of an account

Entering into a contract

Email Address

Notifying you about changes to our Policy

Necessity to comply with a legal obligation

Email Address

Notifying you about changes in the App

Performance of a contract

Financial Information

Payment Card Details

Processing the payment

Performance of a contract

Transaction Information

Payment History

In the event of a dispute

Legitimate interest to keep our records updated

Health

Ovulation and Menstrual Cycle Dates and Length

Provision of accurate period cycle predictions

Consent

Ovulation and Menstrual Cycle Details

Provision of accurate period cycle predictions

Consent

Daily Menstrual Pain Information

Personalized period cycle predictions

Consent

Daily Menstrual Bleeding Information

Provision of accurate period cycle predictions

Consent

Daily Menstrual Symptoms

Personalized period cycle predictions

Consent

Medication Information

Provision of accurate period cycle predictions

Consent

Height

Personalized period cycle predictions

Consent

Weight

Personalized period cycle predictions

Consent

Sexual Life Details

Usage of Birth Control Pills

Personalized period cycle predictions

Consent

Pregnancy Information

Provision of accurate period cycle predictions

Consent

Planned Pregnancy Preference

To support your pregnancy plans

Consent

Frequency of Sexual Activity

To support your pregnancy plans

Consent

Protected Sexual Activity Information

To support your pregnancy plans

Consent

User Feedback

Feedback

Improvement of the App

Legitimate interest to improve our App

Other

Contacts

To recommend by users

Consent

Account Information

Password

Creation of an account

Entering into a contract

Usage Information

Use of the App

Improvement of the App

Legitimate interest to study how our Users use the App

Technical Information

IP Address

Accessing the App

Necessity to comply with a legal obligation

Cookie Information

Improvement of the App

Legitimate interest to analyze how our App is performing

 

3.4.   Marketing and Promotions

As mentioned above, we rely on your explicit and informed consent to contact our Users regarding Promotions based on a number of data including without limitation, Technical Information, Usage Information, User Feedback and Transaction Information.

3.4.1.     Third-Party Marketing

In the event of your Personal Information becoming a subject for third-party marketing services, Pepapp shall ask for our Users’ explicit and informed consent to share the information therein with third-party marketing services.

3.4.2.     Opting-Out

Withdrawing your consent to opt-in (“Opting-out”) to our Sensitive Personal Information Processing & Marketing and Promotions Services and third-party marketing services shall mean your exclusion from our personalized content tailored based on Personal Information and that of third-party marketing services.

That being said, such opt-out shall not apply to your Transaction Information prior to opting-out.

3.5.   Changes to our Processing Reasons

We shall only process your Personal Information in according to Processing Reasons listed under §3.3, in the event a Processing Reason changes but remains compatible with the original reason listed thereunder, we may use the new Processing Reason for your Personal Information. If you want to learn more about new Processing Reason, please do not hesitate in contacting us.

If it is necessary for us to process your Personal Information unrelated to the original Processing Reason listed thereunder, Pepapp shall update §3.3 accordingly and notify you of the changes.

3.6.   Exemptions and Exclusions to Your Personal Information

Additional information may be used, collected and/or shared by Pepapp as Aggregated Data including statistical data on use of the App. Even though the information hereunder may be derived from your personal information as given thereunder in §3.1 and §3.2, they can no longer be linked back to you nor identify you thus can no longer be considered as Personal Information.

3.7.   Failure to Provide Personal Information

Your failure to provide Personal Information where,

·       its necessity arises out of law and/or any secondary act of legislation related thereto,

·       it is needed by our Terms of Use or the reasons stipulated thereunder to enter into a contract and/or provide you with our App

shall result with your access to the App being ceased upon your notification.

4.     Third Party Sites and Services

We may share your Personal Information only when your explicit and informed consent is acquired to do so.

Your Personal Information that may be disclosed or under the circumstances during which your Personal Information may be disclosed without your explicit consent are underlined hereunder;

4.1.   Payment Information

We offer several premium services in the App. Purchasing such services requires your Financial Information which may be shared with our third-party service providers depending on your operating system. For Android users, Financial Information shall be shared with Google Play payment system which is an operation of Google, Inc (“Google”). For Apple device users, Financial Information shall be shared with App Store payment system which is an operation of Apple, Inc. (“Apple”). To clarify, Pepapp does not store any of your payment card details.

4.2.   Law Enforcement and other Judiciary Authorities

We may be compelled to disclose your Personal Information whether given to or collected by us when compelled to do so when required by the law including without limitation legal claims, legal investigations, lawful requests or legal processes.

4.3.   Third Party Services

We may process your Personal Data, for the following services and reasons;

*To limit such activity, for the tracking purposes, you may also check your device settings to activate “Limit Ad Tracking” function.

Google Analytics: To improve the functionality of our App, we use Google Analytics, an analysis tool by Google. Your Personal Information gathered by Google Analytics is anonymized before reporting.

Google AdSense: To keep the App’s basic functions free, we use Google AdSense, an ad tool by Google. AdSense shows relevant ads based on your interests. To opt-out personalized ad preference, please visit www.adssettings.google.com/. For more information, please read Google’s Privacy Policy www.policies.google.com/privacy.

Apple HealthKit: You may give consent to synchronize your “height”, “weight” and “menstruation” data with Apple HealthKit app in your Apple device. You may opt-in any time to make such synchronization with the consciousness of sharing your Sensitive Personal Information. Such Personal Information shall be lawfully processed under the legal basis and reasons stated above in detail. We also recommend you to visit the provider’s Privacy Policy.

Google Fit: You may give consent to synchronize your “height”, “weight” and “menstruation” data with Google Fit app in your Android device. You may opt-in any time to make such synchronization with the consciousness of sharing Sensitive Personal Information. Such Personal Information shall be lawfully processed under the legal basis and reasons stated above in detail. We also recommend you to visit the app provider’s Privacy Policy.

4.4.   Links

The App may contain third party website links or embedded third-party media and services. Since this Policy applies to data that have collected by us, we want to inform you that Pepapp is not responsible from such data collection practices.

5.     Information Security

We have enacted appropriate security measures to ensure the safety, protection and the encryption of your Personal Information such that we may prevent accidental or unauthorized destruction, loss, theft or; unauthorized use, alteration and disclosure.

To do so, we limit the accessibility of your Personal Information to our employees, agents, contractors, affiliates, directors and other relevant third parties on a need-to-know basis. Any legal or natural person processing your Personal Information shall be under the duty of confidentiality and shall act with fiduciary care.

In addition, any case of Personal Information Breach or reasonable suspicion of shall be handled according to our internal documents detailing how to act under such circumstances.

6.     Children’s Privacy

Our App is not intended for those under the age of 13 (a “Minor”) as stipulated in our Terms of Use, as a result of this Pepapp does not knowingly collect and/or is provided with Personal Information belonging to a Minor.

If we learn that any Personal Information processed by us, belongs to a Minor we shall take the appropriate measures to delete such Personal Information.

7.     Your Rights

7.1.   California Residents’ Privacy Rights

In regard to CalOPPA & CCPA and relevant state laws, Our Users and those who visit our App residing in the State of the California have the right to contact us to be informed about their Personal Information, if any processed by us or shared by us with third parties.

If you satisfy the conditions listed hereunder, you may contact us at [email protected].

7.2.   California and Delaware “Do Not Track” Disclosures

As per California and Delaware State Laws, Pepapp honors the “Limit Ad Tracking” settings in user devices that turn-off targeted advertising.

7.3.   Additional Information for European Union Users

Any and all references to Personal Information in this Policy shall be read as “Personal Data” under GDPR.

7.3.1.     Controller

Pepapp Teknoloji Anonim Şirketi is the data controller under the relevant provisions of GDPR as set forth in §1.2

7.3.2.     Principles

Your Personal Data listed under §3.3 shall be processed,

·       lawfully, fairly and in a transparent manner in relation to the Data Subject (“lawfulness”, “fairness” and “transparency”)

·       accurately and where necessary, kept up to date (“accuracy”)

·       for specific, explicit and legitimate purposes (“purpose limitation”),

·       relevant, limited and proportionate to the purposes for which they are processed (“data minimization”), and

·       in a manner that ensures appropriate security of the Personal Data and kept in a form which allows identification of Data Subjects for no longer than is necessary for the Processing Reasons.

7.3.3.     Legal Basis

Legal Basis for processing Personal Data listed thereunder §3.3 shall be understood as listed under GDPR Art. 6 as;

Entering into a contract

Processing your Personal Data such that we can enter into a contract to provide you access to the App, i.e. signing up for an account

Performance for a contract

Processing your Personal Data such that we can honor our obligations arising out of the contract between you and Us, i.e. providing you the personalized period cycle

Necessity to comply with a legal obligation

Processing your Personal Data because of a valid European Law, i.e. logging your IP address

Legitimate interest

Processing your Personal Data for the security concerns or development of the App, i.e. your Transaction History

Consent

Giving us permission to use your Personal Data in accordance with our Processing Reasons via an opt-in mechanism

 

7.3.4.     Your Rights

The rights under the GDPR for our Users who are European Union Citizens are listed below,

Right to be informed

Providing you with clear and concise information about company, your Personal Data collected by or given to us, generally our Policy

Right of access

Your request to learn your Personal Data collected by or given to us (“subject access”)

Right of rectification

Your request to rectify or complete, if incomplete, your Personal Data in relation with Art. 5 (1)(d) of GDPR

Right to erasure

Your request to have your Personal Data erased (“the right to be forgotten”)

Right to restrict processing

Your request to limit the way your Personal Data is used

Right to data portability

Your request to receive your Personal Data in a machine-readable format and/or request us to transfer your Personal Data to another Controller

Right to objects

Your request for us to stop processing your Personal Data

Rights in relation to automated decision making

In the cases where we process your Personal Data via automated decision making (where no human is involved, i.e. sending you personalized marketing offers based on your Transaction Information), you may request us to stop doing so

 

Unless extenuating circumstances apply, we shall respond to your requests in one calendar month after your request has reached us, and we shall do so free of charge notwithstanding extraordinary efforts on our part.

 

*You may also delete your all data, including your processed Personal Data. Please visit “Delete All Data” button in the settings section of App.

In cases where we take longer due to the number of requests, we shall notify you and keep you updated of the process.

We may also need identity-proving documentation on your part such that we can verify the identity of the requester, we may also contact you about your request in order for us to hasten the process.

7.3.5.     Retention

We shall only keep your Personal Data in accordance with Principles under §7.3.2, specifically Data Minimization to the satisfaction of our relevant Legal Basis.

In determining your Personal Data retention, we consider the nature, amount, the potential risks associated with in case of Personal Data Breach, our Processing Reasons and whether or not such reasons can be achieved in a different manner.

We keep your Personal Data for different amounts of time and by exercising your right to access listed under §7.3.4, you can learn in detail our data retention policy.

8.     International Transfers

Personal Information given to or collected by us may be sent out of the United States and/or the European Economic Area to be processed by us in our facilities or on the cloud services offered by our service providers.

We shall always protect your Personal Information regardless of where processing takes place.

9.     Cross-Border Transfer

If we transfer your Personal Information out of the Europe, we shall ensure the safety and security of your Personal Information and in cases where we are required to comply with different sets of regulations concerning your Personal Information, we shall do so.

10.  Changes to the Policy

Pepapp reserves the right to update the Policy and other related notices thereto, and herein Policy shall be understood in a manner such that the Policy supplements and complements any and notices and overrides any past notices.

The date on which herein Policy becomes effective (“Effective Date”) is given on this page and any changes to thereto shall be understood as an update to the herein Policy.