PEPAPP PRIVACY POLICY
Effective as of: 09/09/2019
Here at Pepapp Teknoloji A.Ş. (“We”, “Us”, “Pepapp”) we are deeply concerned about our Users’ (“You”, “User”) privacy and to that end when you’re using Pepapp mobile application or our services (collectively “Application”, “App”) we process your personal data regardless of point of access or your country of residency. This Privacy Policy (“Policy”) informs you about who we are, why we are collecting your Personal Information, to whom we are sharing your information with, our legal basis and reasons for doing so, and finally your rights.
The Personal Information when signing-up for an account, inviting your friends, using the Application or by contacting us, may differ for each action and Pepapp using the Policy herein informs you about how we are handling your Personal Information.
It is of utmost importance to read the Policy provided herein in tandem with our Terms of Use to better grasp the key terms provided and explained therein.
If you are a resident of State of California, please see §7.1 and §7.2 titled “California Residents’ Privacy Rights” and; if you are a European Union citizen, see §7.3 titled “Additional Information for European Union Citizens”
Pepapp Teknoloji A.Ş. is a data controller (“Controller”) for any and all data processing that occurs through accessing the App.
Our contact details are as follows,
|
Name of the company |
Pepapp Teknoloji Anonim Şirketi |
|
Location of the company |
Istanbul, Turkey |
|
E-mail address |
|
|
Trade registry number |
Registered in Istanbul Trade Registry Directorate 179346-5 |
|
DPO Officer and/or EU Representative |
Emrah Yiğit |
For the Policy the definitions provided herein shall be understood as follows;
|
CCPA |
The California Consumer Privacy Act of 2018, signed into law on June 28, 2018 by the State of California |
|
CalOPPA |
California Online Privacy Protection Act, signed into law on July 1, 2004 by the State of California |
|
Controller |
A natural or legal person who determines the means of and purposes for processing personal data |
|
Data Subject |
A natural personal who can be identified or rendered identifiable through the personal data related to |
|
GDPR |
The General Data Protection Regulation, signed into law on May 25, 2018 by the European Union |
|
Non-Personal Data |
Information that is collected by Pepapp that cannot be tracked back to the data subject or rendered untraceable by Pepapp through the means of anonymization |
|
Personal Information |
Information that makes it possible for any other person to identify an individual to whom the data relates to |
|
Personal Information Breach |
A breach of security whether accidental or on purpose, resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. |
|
Processing |
Collecting and manipulating data items to generate meaningful information |
|
Processor |
A natural or legal person who processes personal data on behalf of a Controller |
|
Sensitive Personal Information |
Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and; genetic and biometric information, information concerning data subject’s sex life or sexual orientation |
|
Third Party |
Any other natural or legal person that is not part of Pepapp |
The Personal Information listed hereunder may be collected when you;
· create an account,
· use our App,
· provide us with your feedback,
· purchase and use our premium services,
· contact us,
· recommend the App to your friends or,
· request technical support services.
|
Categories of Personal Information |
Types of Personal Information |
|
Contact Information |
Email Address |
|
Financial Information |
Payment Card Details |
|
Identity Information |
First and Last Name Birth Place Birth Time and Date |
|
Marketing and Communications Information |
Preferences for marketing communications such as the Newsletter and how you engage with therewith |
|
Transaction Information |
Any and all details about payments from you and other related details thereto |
|
Personal Mood Information |
Daily Emotional Mood Information |
|
Health Information |
Ovulation and Menstrual Cycle Dates and Length Ovulation and Menstrual Cycle Details Daily Menstrual Pain Information Daily Menstrual Bleeding Information Daily Menstrual Symptoms Medication Information Height Weight |
|
Sexual Life Details |
Usage of Birth Control Pills Pregnancy Information Planned Pregnancy Preference Frequency of Sexual Activity Protected Sexual Activity Information |
|
Account Information |
Account Password |
|
Other |
Contacts |
The Personal Information listed hereunder may be collected through automatic means including without limitation cookies, server logs and other technologies of equivalent nature. In cases where a Third Party uses our cookies, we may also receive Personal Information therefrom.
|
Categories of Personal Information |
Types of Personal Information |
|
User Feedback |
Feedback when prompted automatically by the App |
|
Technical Information |
Internet Protocol (IP) address, login data, device version and type, time zone settings, operating system and platform (collectively “Cookie Information”) |
|
Profile Information |
Password preferences and how you contact our User Services |
|
Usage Information |
The pages that you have visited, and time spent, the frequency of your use of App, the links that you access, language preferences |
Your Personal Information either given to or collected by us shall only be processed when necessary, to do so we may refer to reasons (“Processing Reason”) and a limited number of legal reasons (“Legal Basis”) associated therewith.
Your Personal Information may be used;
· to form the contract that we are entering or perform the contract that have entered with you,
· to comply with legal and/or regulatory obligations when required by the law, and
· when it is necessary for our legitimate interests given that your fundamental rights and interests are not violated.
We do not rely on consent for our legal basis except for your Health & Sexual Life Information, Marketing Preferences and Contacts, which you can opt-out at any time in the App.
|
Personal Information Category |
Personal Information |
Processing Reason |
Legal Basis |
|
Identity |
First Name and Last Name |
Creation of an account |
Entering into a contract |
|
Birth Place |
Provision of astrological predictions |
Performance of a contract |
|
|
Birth Date and Time |
Provision of astrological predictions |
Performance of a contract |
|
|
Personal Mood |
Daily Emotional Mood Information |
Provision of premium services |
Performance of a contract |
|
Marketing and Communications Information |
Marketing Preference |
Personalized offers and services |
Consent |
|
Contact |
Email Address |
Creation of an account |
Entering into a contract |
|
Email Address |
Notifying you about changes to our Policy |
Necessity to comply with a legal obligation |
|
|
Email Address |
Notifying you about changes in the App |
Performance of a contract |
|
|
Financial Information |
Payment Card Details |
Processing the payment |
Performance of a contract |
|
Transaction Information |
Payment History |
In the event of a dispute |
Legitimate interest to keep our records updated |
|
Health |
Ovulation and Menstrual Cycle Dates and Length |
Provision of accurate period cycle predictions |
Consent |
|
Ovulation and Menstrual Cycle Details |
Provision of accurate period cycle predictions |
Consent |
|
|
Daily Menstrual Pain Information |
Personalized period cycle predictions |
Consent |
|
|
Daily Menstrual Bleeding Information |
Provision of accurate period cycle predictions |
Consent |
|
|
Daily Menstrual Symptoms |
Personalized period cycle predictions |
Consent |
|
|
Medication Information |
Provision of accurate period cycle predictions |
Consent |
|
|
Height |
Personalized period cycle predictions |
Consent |
|
|
Weight |
Personalized period cycle predictions |
Consent |
|
|
Sexual Life Details |
Usage of Birth Control Pills |
Personalized period cycle predictions |
Consent |
|
Pregnancy Information |
Provision of accurate period cycle predictions |
Consent |
|
|
Planned Pregnancy Preference |
To support your pregnancy plans |
Consent |
|
|
Frequency of Sexual Activity |
To support your pregnancy plans |
Consent |
|
|
Protected Sexual Activity Information |
To support your pregnancy plans |
Consent |
|
|
User Feedback |
Feedback |
Improvement of the App |
Legitimate interest to improve our App |
|
Other |
Contacts |
To recommend by users |
Consent |
|
Account Information |
Password |
Creation of an account |
Entering into a contract |
|
Usage Information |
Use of the App |
Improvement of the App |
Legitimate interest to study how our Users use the App |
|
Technical Information |
IP Address |
Accessing the App |
Necessity to comply with a legal obligation |
|
Cookie Information |
Improvement of the App |
Legitimate interest to analyze how our App is performing |
As mentioned above, we rely on your explicit and informed consent to contact our Users regarding Promotions based on a number of data including without limitation, Technical Information, Usage Information, User Feedback and Transaction Information.
In the event of your Personal Information becoming a subject for third-party marketing services, Pepapp shall ask for our Users’ explicit and informed consent to share the information therein with third-party marketing services.
Withdrawing your consent to opt-in (“Opting-out”) to our Sensitive Personal Information Processing & Marketing and Promotions Services and third-party marketing services shall mean your exclusion from our personalized content tailored based on Personal Information and that of third-party marketing services.
That being said, such opt-out shall not apply to your Transaction Information prior to opting-out.
We shall only process your Personal Information in according to Processing Reasons listed under §3.3, in the event a Processing Reason changes but remains compatible with the original reason listed thereunder, we may use the new Processing Reason for your Personal Information. If you want to learn more about new Processing Reason, please do not hesitate in contacting us.
If it is necessary for us to process your Personal Information unrelated to the original Processing Reason listed thereunder, Pepapp shall update §3.3 accordingly and notify you of the changes.
Additional information may be used, collected and/or shared by Pepapp as Aggregated Data including statistical data on use of the App. Even though the information hereunder may be derived from your personal information as given thereunder in §3.1 and §3.2, they can no longer be linked back to you nor identify you thus can no longer be considered as Personal Information.
Your failure to provide Personal Information where,
· its necessity arises out of law and/or any secondary act of legislation related thereto,
· it is needed by our Terms of Use or the reasons stipulated thereunder to enter into a contract and/or provide you with our App
shall result with your access to the App being ceased upon your notification.
We may share your Personal Information only when your explicit and informed consent is acquired to do so.
Your Personal Information that may be disclosed or under the circumstances during which your Personal Information may be disclosed without your explicit consent are underlined hereunder;
We offer several premium services in the App. Purchasing such services requires your Financial Information which may be shared with our third-party service providers depending on your operating system. For Android users, Financial Information shall be shared with Google Play payment system which is an operation of Google, Inc (“Google”). For Apple device users, Financial Information shall be shared with App Store payment system which is an operation of Apple, Inc. (“Apple”). To clarify, Pepapp does not store any of your payment card details.
We may be compelled to disclose your Personal Information whether given to or collected by us when compelled to do so when required by the law including without limitation legal claims, legal investigations, lawful requests or legal processes.
We may process your Personal Data, for the following services and reasons;
*To limit such activity, for the tracking purposes, you may also check your device settings to activate “Limit Ad Tracking” function.
Google Analytics: To improve the functionality of our App, we use Google Analytics, an analysis tool by Google. Your Personal Information gathered by Google Analytics is anonymized before reporting.
Google AdSense: To keep the App’s basic functions free, we use Google AdSense, an ad tool by Google. AdSense shows relevant ads based on your interests. To opt-out personalized ad preference, please visit www.adssettings.google.com/. For more information, please read Google’s Privacy Policy www.policies.google.com/privacy.
Apple HealthKit: You may give consent to synchronize your “height”, “weight” and “menstruation” data with Apple HealthKit app in your Apple device. You may opt-in any time to make such synchronization with the consciousness of sharing your Sensitive Personal Information. Such Personal Information shall be lawfully processed under the legal basis and reasons stated above in detail. We also recommend you to visit the provider’s Privacy Policy.
Google Fit: You may give consent to synchronize your “height”, “weight” and “menstruation” data with Google Fit app in your Android device. You may opt-in any time to make such synchronization with the consciousness of sharing Sensitive Personal Information. Such Personal Information shall be lawfully processed under the legal basis and reasons stated above in detail. We also recommend you to visit the app provider’s Privacy Policy.
The App may contain third party website links or embedded third-party media and services. Since this Policy applies to data that have collected by us, we want to inform you that Pepapp is not responsible from such data collection practices.
We have enacted appropriate security measures to ensure the safety, protection and the encryption of your Personal Information such that we may prevent accidental or unauthorized destruction, loss, theft or; unauthorized use, alteration and disclosure.
To do so, we limit the accessibility of your Personal Information to our employees, agents, contractors, affiliates, directors and other relevant third parties on a need-to-know basis. Any legal or natural person processing your Personal Information shall be under the duty of confidentiality and shall act with fiduciary care.
In addition, any case of Personal Information Breach or reasonable suspicion of shall be handled according to our internal documents detailing how to act under such circumstances.
Our App is not intended for those under the age of 13 (a “Minor”) as stipulated in our Terms of Use, as a result of this Pepapp does not knowingly collect and/or is provided with Personal Information belonging to a Minor.
If we learn that any Personal Information processed by us, belongs to a Minor we shall take the appropriate measures to delete such Personal Information.
In regard to CalOPPA & CCPA and relevant state laws, Our Users and those who visit our App residing in the State of the California have the right to contact us to be informed about their Personal Information, if any processed by us or shared by us with third parties.
If you satisfy the conditions listed hereunder, you may contact us at [email protected].
As per California and Delaware State Laws, Pepapp honors the “Limit Ad Tracking” settings in user devices that turn-off targeted advertising.
Any and all references to Personal Information in this Policy shall be read as “Personal Data” under GDPR.
Pepapp Teknoloji Anonim Şirketi is the data controller under the relevant provisions of GDPR as set forth in §1.2
Your Personal Data listed under §3.3 shall be processed,
· lawfully, fairly and in a transparent manner in relation to the Data Subject (“lawfulness”, “fairness” and “transparency”)
· accurately and where necessary, kept up to date (“accuracy”)
· for specific, explicit and legitimate purposes (“purpose limitation”),
· relevant, limited and proportionate to the purposes for which they are processed (“data minimization”), and
· in a manner that ensures appropriate security of the Personal Data and kept in a form which allows identification of Data Subjects for no longer than is necessary for the Processing Reasons.
Legal Basis for processing Personal Data listed thereunder §3.3 shall be understood as listed under GDPR Art. 6 as;
|
Entering into a contract |
Processing your Personal Data such that we can enter into a contract to provide you access to the App, i.e. signing up for an account |
|
Performance for a contract |
Processing your Personal Data such that we can honor our obligations arising out of the contract between you and Us, i.e. providing you the personalized period cycle |
|
Necessity to comply with a legal obligation |
Processing your Personal Data because of a valid European Law, i.e. logging your IP address |
|
Legitimate interest |
Processing your Personal Data for the security concerns or development of the App, i.e. your Transaction History |
|
Consent |
Giving us permission to use your Personal Data in accordance with our Processing Reasons via an opt-in mechanism |
The rights under the GDPR for our Users who are European Union Citizens are listed below,
|
Right to be informed |
Providing you with clear and concise information about company, your Personal Data collected by or given to us, generally our Policy |
|
Right of access |
Your request to learn your Personal Data collected by or given to us (“subject access”) |
|
Right of rectification |
Your request to rectify or complete, if incomplete, your Personal Data in relation with Art. 5 (1)(d) of GDPR |
|
Right to erasure |
Your request to have your Personal Data erased (“the right to be forgotten”) |
|
Right to restrict processing |
Your request to limit the way your Personal Data is used |
|
Right to data portability |
Your request to receive your Personal Data in a machine-readable format and/or request us to transfer your Personal Data to another Controller |
|
Right to objects |
Your request for us to stop processing your Personal Data |
|
Rights in relation to automated decision making |
In the cases where we process your Personal Data via automated decision making (where no human is involved, i.e. sending you personalized marketing offers based on your Transaction Information), you may request us to stop doing so |
Unless extenuating circumstances apply, we shall respond to your requests in one calendar month after your request has reached us, and we shall do so free of charge notwithstanding extraordinary efforts on our part.
*You may also delete your all data, including your processed Personal Data. Please visit “Delete All Data” button in the settings section of App.
In cases where we take longer due to the number of requests, we shall notify you and keep you updated of the process.
We may also need identity-proving documentation on your part such that we can verify the identity of the requester, we may also contact you about your request in order for us to hasten the process.
We shall only keep your Personal Data in accordance with Principles under §7.3.2, specifically Data Minimization to the satisfaction of our relevant Legal Basis.
In determining your Personal Data retention, we consider the nature, amount, the potential risks associated with in case of Personal Data Breach, our Processing Reasons and whether or not such reasons can be achieved in a different manner.
We keep your Personal Data for different amounts of time and by exercising your right to access listed under §7.3.4, you can learn in detail our data retention policy.
Personal Information given to or collected by us may be sent out of the United States and/or the European Economic Area to be processed by us in our facilities or on the cloud services offered by our service providers.
We shall always protect your Personal Information regardless of where processing takes place.
If we transfer your Personal Information out of the Europe, we shall ensure the safety and security of your Personal Information and in cases where we are required to comply with different sets of regulations concerning your Personal Information, we shall do so.
Pepapp reserves the right to update the Policy and other related notices thereto, and herein Policy shall be understood in a manner such that the Policy supplements and complements any and notices and overrides any past notices.
The date on which herein Policy becomes effective (“Effective Date”) is given on this page and any changes to thereto shall be understood as an update to the herein Policy.