Privacy Policy

This Privacy Policy applies to Equinox, our iOS and Android mobile application (our “App”). In the below policy, we inform you about the scope of the processing of your Personal Data. 

GENERAL INFORMATION

a) What law applies?

Our use of your Personal Data is subject to Turkey’s Law on Protection of Personal Data (Law No. 6698) (“LPPD”) and the EU General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly. 

b) What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number, as well as online identifiers such as your IP address and device ID. 

c) What is Special Category Data?

Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data. As well as data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing

d) What is processing?

Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

e) Who is responsible for data processing?

A “data controller” is a person or organization who alone or jointly determines the purposes for which and the manner in which any personal data is, or is likely to be, processed. In this sense, Tecnograde Yazilim Teknoloji̇ Sanayi̇ Ve Ti̇caret Li̇mi̇ted Şi̇rketi̇ - Merkez Mah, Feri̇köy Firin Sk. Şi̇şli̇/ İstanbul (“Equinox”, “we”, “us”, or “our”) is the data controller. If you want to contact us or if you have any questions, you can contact us using [Insert email address] with “Data Protection” in the subject line.

f) The Legal Bases for processing Personal Data

In accordance with the above-mentioned laws, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent; b) the data is necessary for the fulfillment of a contract / pre-contractual measures; c) the data is necessary for the fulfillment of a legal obligation; or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden. 

PROCESSING OF AUTOMATICALLY COLLECTED DATA

a) Downloading our App

The App can be downloaded from the “Google Playstore'' a service offered by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU and Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland if you are a resident within the EU), or the Apple App service “App Store” a service of Apple Inc.,(1 Infinite Loop, Cupertino, CA 95014, US, if you are resident outside the EU and Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, if you are a resident within the EU), to install our App. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.

b) Installing our App 

As far as we are aware, Google collects and processes the following data: license check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store. 

As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, and location information. It cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple, as the operator of the Apple App Store. 

c) Device information

Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength, information about device sensors such as accelerometer, gyroscope, and compass, and Payment Data and Billing confirmations.

d) Authorizations and Access

We may request permission to store your App data, including your internet connection and network, push notifications. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures, and your consent. You can deny access on your device via the Settings/Notifications options of your device; however, this means that our App may not function as intended.

e) Push messages

When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via a) the device settings of your device or b) by enabling or disabling specific types of notifications within the App. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.

f) Subscriptions

If you take out a subscription, your payment will be processed via our payment service providers, Google and Apple. Payment data will solely be processed through Google or Apple. In both cases, we have no access to any payment data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

g) App Store & Play Store payments

When you make an in-app purchase, our payment service providers, Google and Apple, may collect the following data from you to process the desired order: a) user ID; b) email address; c) payment confirmation from the payment data collected depending on the payment method; and d) device IP and device serial number to link the story history to the device. Payment data will solely be processed through Google or Apple. In both cases, we have no access to any payment data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

h) Firebase

We use the Google Firebasedeveloper App and related features and services provided by Google. We use the following Google Firebase services in our App: a) Firebase Analytics, b) Firebase Crashlytics, c) Firebase Cloud Messaging for Push Notifications. By integrating Google services, Google may collect and process information (including personal data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacyThe legal basis is the implementation of the user contract for the use of the App.

i) Crashlytics

The app uses the tool Crashlyticsto log crashes of our App. No personal data is transmitted. Only real-time crash reports with precise details of code locations and device information are sent, which is intended to simplify maintenance and improve the resulting stability of our App. The legal basis for data processing is our legitimate interest. In the settings under data services, you can select whether you want to send crash reports or not. 

j) Google Analytics for Firebase

Our App uses the web analytics service Google Analytics for Firebase, which uses tracking technologies to track your use of our App. In this respect, information is generated about, among other things, the number of users and their sessions, the session duration, the operating system used by the users, their device model, the region from which our App is accessed, the first start of our App, our App execution, and any updates.

In order to provide the relevant data for analysis, Firebase Analytics uses your a) device's advertising ID, b) an App instance ID (a randomly generated number that identifies a single app installation), c) and the IP address, which is shortened (IP masking) before being processed on Google's servers (which may be located outside Turkey/EEA) to generate the usage analysis. You can object to the use of Firebase Analytics at any time by disabling the sending of usage statistics in your device settings (Reset Advertising ID). We have no influence on these data processing operations.The basis for processing is our legitimate interest and your consent.

k) Google Admob

The app uses the Google Admob service to display ads. Ads are personalized based on the device you are using. You can disable this via the settings on your device. Google may use the advertising ID of your device, as well as cookies and/or similar technologies, to collect personal data for the purpose of generating and displaying personalized advertising. More detailed information about what data Google collects and how it is processed can be found here. 

In accordance with Google's own guidance: To improve the performance of AdMob, the Google Mobile Ads SDK may collect certain information from apps, including:

IP address, which may be used to estimate the general location of a device.

● Non-user-related crash logs, which may be used to diagnose problems and improve the SDK. Diagnostic information may also be used for advertising and analytics purposes.

● User-associated performance data, such as app launch time, hang rate, or energy usage, which may be used to evaluate user behavior, understand the effectiveness of existing product features, and plan new features. Performance data may also be used for displaying ads, including sharing with other entities that display ads.

● A device ID, such as the device's advertising identifier or other app-bounded device identifiers, which may be used for the purpose of third-party advertising and analytics.

● Advertising data, such as advertisements the user has seen, may be used to power analytics and advertising features.

● Other user product interactions, like app launch taps, and interaction information, like video views, may be used to improve advertising performance.

l) Advertising

Advertisers and third parties may also collect information about your activity on our app, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our app and on third-party sites and applications. If you do not wish to participate in our advertising personalization or retargeting/tracking, you can object to behavioral advertising at the following websites: Your Online Choices, Digital Advertising Alliance of Canada, Network Advertising Initiative, AdChoices and the European Interactive Digital Advertising Alliance (Europe only). In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.

DATA PROCESSING BY US

a) Contacting us

Personal data is processed depending on the contact method. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also include certain Personal Data. The personal data collected when you contact us is used to process your request and the legal basis is your consent. 

b) Providing our services

The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfill our contractual obligations to you or to carry out pre-contractual measures. 

c) Registration

If you register, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form, including your name, gender, date of birth, birth time, relationship status, and place of birth. The entry of your data is encrypted so that third parties cannot read your data when it is entered.Your data will remain stored for as long as the registration lasts, in particular if the storage is necessary for the fulfillment/execution of the contract, to enforce our rights, or for our other legitimate interests, or we are required by law to retain your data (e.g., within the framework of tax retention periods). 

d) Profile

As a registered user, you have the opportunity to create a user profile with just a few clicks and details and the relevant profile data you provide will be posted on your profile. Of course, you can change the information at any time via the settings in your profile. You have choices about the information on your profile. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of our App and your consent.

e) Using our App and its features

If you wish to use our App and its features, we process the Personal Data you voluntarily provide for the purpose of providing our App. Depending on how you use our services, you may ask questions or provide information about yourself in the chat or to our psychics, provide text, etc. 

Some of the Personal Data you provide may be considered “special” or “sensitive”. Special category data is Personal Data that is more sensitive because there could be significant risks posed to an individual's rights and freedoms. This includes Personal Data concerning, for example, your racial or ethnic origins, sexual orientation, sexual preferences, and gender. In contrast, sensitive data is Personal Data that could cause harm or discrimination if it were disclosed without authorization. By choosing to provide this data, you consent to our processing of that data. You have choices about the data you provide and how you share it. You don’t have to provide this data. It’s your choice whether to include this data and to make that information available to us. Please do not share information that you would not want to be available. The legal basis for the processing is the establishment and implementation of the user contract for the use of the service as well as your consent. 

We also collect information about your activities on our App, such as how you use it (e.g., the date and time you logged in, features you used, searches you performed, clicks and pages you were shown, content you clicked on) and how you interact with other users (e.g., users you connect and interact with, the time and date of your exchanges). The legal basis is the fulfillment of the user contract for the use of the platform as well as your consent.

f) AI Disclosure

In accordance with current best practices, the Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence and the upcoming Artificial Intelligence Act ("EU AI Act") we have assessed the risks associated with our AI Supported Services, designed our AI Supported Services on ethical principles, and provided, among other measures, an AI Statement and Disclaimer.

g) Aggregated Data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose including improving our App and Services. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy. 

h) Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as the organization of our business and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services and stored in our customer relationship management system. The processing bases are our legal obligations and our legitimate interest. 

i) Promotional use of your data 

We use your data within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive sales, promotions, or special events. The legal basis for processing is our legitimate interest.

GENERAL PRINCIPLES

a) What we do not do

● We do not request Personal Data from minors and children;

● We do not process special category data without obtaining prior specific consent;

● We do not use Automated decision-making including profiling; and

● We do not sell your Personal Data.

a) Sharing

We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Equinox (or a part of Equinox) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect our business.

b) International Transfer

We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

c) Data Security

Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”), for example, encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through our App. 

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

YOUR RIGHTS AND PRIVILEGES 

a) Data Security

You can exercise the following rights:

● The right to access;

● The right to rectification;

● The right to erasure;

● The right to restrict processing;

● The right to object to processing;

● The right to data portability;

b) Update your information and withdraw your consent 

If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.

c) Access Request 

In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

d) What we do not do

● We do not request Personal Data from minors and children;

● We do not process special category data without obtaining prior specific consent;

● We do not use automated decision-making, including profiling; and

● We do not sell your Personal Data.

e) Who is the competent data protection authority?

You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. The supervisory authority in Turkey is the Personal Data Protection Authority (KVKK). The KVKK is located at Nasuh Akar Mahallesi Ziyabey Caddesi, 1407 Sokak No:4 06520, Çankaya , Ankara, Türkiye, and online at www.kvkk.gov.tr. However, we would appreciate the opportunity to address your concerns before you contact the KVKK or any other supervisory authority.

f) Data Breaches and Notification

Databases or records containing Personal Data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.

USA SPECIFIC PROVISIONS

The following applies to users located in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the EU’s GDPR exists on a federal level, we are committed to following and applying the for your state relevant privacy rules and regulations. 

As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

Further, the following also apply

i) “Shine the Light”

“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.

ii) COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

iii) CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.

iv) Telephone Consumer Protection Act (TCPA)

If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.

v) Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

vi) Right to complain

Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above-mentioned states may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

CANADA AND MEXICO SPECIFIC PROVISIONS

Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.

In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx). 

DOES THIS POLICY CHANGE?

We may update this policy from time to time. This might be for a number of reasons, such as to reflect a change in the law or to accommodate a change in our business practices and the way we use your Personal Data. We recommend that you check here periodically for any changes to this policy. This policy was last updated on Friday, 24th of December 2024.

WHO SHOULD I CONTACT FOR MORE INFORMATION?

If you feel that the above is not sufficient or if you have any queries as regards the collection, processing, or use of your Personal Data, we are looking forward to hearing from you. We will make every effort to reply as soon as possible and take into consideration any suggestions from your end.