Privacy Policy

Privacy Policy

Connectinno Oyun Yazılım Teknolojileri ve Ticaret Anonim Şirketi Privacy Policy and Personal Data Text

“ImaginAI”

• Objective

Update Date: 12 September 2024

Connectinno Oyun Yazılım Teknolojileri ve Ticaret Anonim Şirketi (“Connectinno” or “Company”), aims to process the personal data of users in accordance with general principles of privacy and the provisions of the applicable data protection legislation to the relevant person, particularly Law on Personal Data Protection No. 6698, (“PDP Law”) and other applicable legislation.

Your personal data, which you provided/will provide to our Company and/or obtained by our Company by any external means, may be processed by our Company as “Data Controller”;

• In the context of the objective of processing your personal data and in connection with this purpose, in a limited and measured manner,

• By maintaining the accuracy and up-to-date version of the personal data as reported or notified to our Company,

• May be recorded, stored, preserved, reorganized and be transferred to the institutions authorized to request such personal data by law and shall be transferred, classified and shared with third parties within the country or abroad under the conditions stipulated by legislation and upon your explicit consent if necessary, and they may be processed by other means listed under the legislation and be subject to other procedures set forth in the legislation.

This Privacy Policy is adopted for the continuance and improvement of the activities carried out by Connectinno in line with the principles set forth in the PDP Law.

This Privacy Policy describes which data we collect, how we intend to use, store, protect and share the data we collect, how you can withdraw your consent for the processing of these data and how you can correct and revise the data.

Capitalized terms in this Policy shall have the meanings specified in the Terms and Conditions unless defined separately in this Policy.

      2. Collection of Personal Data and Method

Connectinno may process your personal data for the purposes specified in this Privacy Policy.

The personal data of users collected and used by Connectinno in particular, are as follows: your name and surname, e-mail address and phone number which we will receive once you contact Connectinno, your order information if you make a purchase through in-app purchase, the photo which you have uploaded to ImaginAI application (ImaginAI) and identifier for advertisers designated in your mobile device used in accessing our services (The Identifier for Advertisers-IDFA), identifier for vendors/developers designated your mobile device (The Identifier for Vendors-IDVF) and Internet Protocol Address-IP Address. We collect your username, password and e-mail address information only when you sign up to ImaginAI and become a member through Registration.

Data Categories and Data Types

Identity Information: Name and surname

• Contact Information: Phone number, e-mail address

• Process Security:

  • Internet traffic data (network movements, IP address, visit data, time and date information)

  • Device name

  • In-app purchase history

  • Token ID (when you allow notifications through your device)

  • Identifier for advertisers (IDFA) if permission is given

  • Identifier for vendors/developers (IDVF)

• Visual and Audio Records: The photo you have uploaded to ImaginAI

• Customer Transaction: Order information

• User Content:  Messages, posts, communication, statements, information, phrases, entries, text, questions, images, photos, videos, visual and audio records, graphics, materials, and any content, record or data that you provide, upload, transmit, create, store, use, edit or share with or through AI Image Generator ImaginAI.
  We may ask for your permission to access your device’s photo file or gallery app or camera tool, in order to provide certain services, when you are using AI Image Generator ImaginAI, such as returning edited images. You can choose not to allow us to access your camera by either rejecting our access or later disabling such access in your device settings. However, you may not be able to use certain aspects of our services if you choose to opt out.

• Marketing Data: IDFA, IDFV

We may collect your above mentioned data directly from you through electronic or physical mediums, your mobile device, third party applications or third party sources which you can access our application through these mediums such as Apple App Store, Google Play App Store (similar platforms together with “App Stores”), for the purposes of compliance with legal obligations, enhancing our services, administering your use of our services, as well as enabling you to enjoy and easily navigate our services.

We may collect your log data generated while you are using our services/applications (through our products or third party products). This log data may include information such as your device’s Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our service/application, the time/date of your use o the service/application, and other statistics.

General Principles Regarding Personal Data Processing

In accordance with this Privacy Policy, personal data are processed by Connectinno as a data controller in line with the basic principles named here: (i) being in accordance with law and good faith, (ii) being accurate and, where necessary, up-to-date, (iii) being processed for specific, explicit and legitimate purposes, (iv) being limited for the purpose for which they are

processed and data minimization; and (v) being stored for the period stipulated in the

relevant legislation or required for the purpose for which they are processed.

Sharing and Storing Face Data with Third Parties

Third-Party Data Sharing: Connectinno shares face data collected through the ImaginAI application with third-party service providers such as Vertex AI and Gemini to enable specific functionalities within the app. This collaboration involves the analysis and transformation of face data. The face data is shared exclusively with these providers, strictly for the duration and purpose required to perform the requested services.

Third-Party Storage Practices: Our third-party service providers, Vertex AI and Gemini, adhere to stringent data privacy regulations such as GDPR and CCPA when processing and storing your face data. These entities store face data only for the period necessary to fulfill the functionalities requested by the ImaginAI application. The storage duration of face data is limited to the scope of the intended use, and once this period expires or the data is no longer needed for its intended purpose, it is promptly deleted, destroyed, or anonymized.

Duration and Reason for Data Storage: Face data is stored only as long as necessary for the processing activities for which it was collected. Throughout this period, all necessary technical and administrative measures are taken to ensure the security of the data. Once the storage period ends, or there are no longer legal obligations requiring the retention of the data, the information is immediately deleted or anonymized. The storage practices of our third-party processors are aligned with this policy and are designed to protect the rights of the data subjects throughout the process.

User Rights for Data Deletion

If you wish to request the deletion of your face data, or inquire about the data processing practices, you can do so by sending an email to support@connectinno.com. Upon receiving your request, Connectinno will take steps to ensure that your face data is deleted from our systems and also request our third-party processors to do the same. This process adheres to our commitment to your data privacy and is compliant with applicable data protection laws. You will receive confirmation once your data has been successfully deleted or if further actions are necessary.

3. Purposes of Processing Personal Data and Legal Reasons

Your personal data will be processed via automatic or non-automatic means for the purposes stated below, in accordance with the applicable legislation and articles 5 and 6 of the PDP Law where it is expressly permitted by the laws, the establishment of a contract or direct relation to the execution or performance of the contract and for the legitimate interests o Connectinno provided that your fundamental rights and freedoms are protected.

• Purposes of Processing Personal Data

In accordance with this text, your personal data is processed for the following purposes in accordance with the above general conditions:

Identity and Contact Information Uses

• Legal and Regulatory Compliance: Ensuring all operations conform to applicable laws, protecting individual rights, privacy, and safety.

• Service Commitments: Fulfilling obligations related to our products and services.

• Communication Operations: Managing interactions with users and stakeholders.

• Business Operations and Audits: Conducting and auditing our business activities for efficacy and compliance.

• After-Sales Services: Offering support post-purchase and engaging in communications related to services and, with your consent, marketing.

• Sales Process Management: Overseeing the sales of goods and services.

• Data Storage and Archiving: Maintaining and securing stored data.

• Contract Execution: Managing and fulfilling contractual obligations.

• Product Operation: Ensuring our products function effectively to meet user needs.

Process Security

• Information Security: Implementing processes to secure user information.

• Ethical and Compliance Audits: Ensuring business integrity and compliance with ethical standards.

• Business Continuity: Establishing protocols to maintain operations under various conditions.

• Authorized Sharing: Providing information to legally authorized entities.

Customer Transactions

• Business Activity Management: Monitoring and auditing business processes related to customer interactions.

• Customer Satisfaction: Engaging in activities to enhance the customer experience.

User Content Management

• Product Functionality: Utilizing user input to refine product responses and features.

• Crime Prevention: Implementing measures to prevent illegal activities.

• Service Improvement: Developing our services, including AI model training (opt-out available via the “Data Subject Application Form” at support@connectinno.com).

Marketing Data Usage

• Market Analysis: Conducting studies to understand market trends and customer needs.

• Promotions and Campaigns: Managing advertising efforts and promotional activities.

Updates to Data Processing Objectives

Our data processing purposes may be revised to align with company policy changes or new legislative requirements, ensuring our operations remain compliant and effective.

Besides, the purposes of processing personal data may be updated in line with our obligations arising from our company policies and legislation; in particular,

• Creating user accounts for the service recipients/application users,

• Customizing our Services, understanding our users and their preferences to enhance user experience and enjoyment using our Services and improve our users’ experience,

• Informing about new products, services and applications and delivering you information regarding advertisements and promotions,

• Carrying out a digital subscription and in-app purchase processes of service recipients,

• Carrying out the auto-renewable subscriptions for giving users access to content, services, or premium features in our service,

• Carrying out the processes of information security,

• Conducting activities in accordance with legislation,

• Fulfilling the demands of competent authorities,

• Conducting the processes of finance and accounting transactions,

• Conducting communication activities,

• Conducting the processes of contracts,

• Carrying out strategic planning activities,

• Following up requests and complaints.

b) Legal Reasons

 Identity Information, Contact Information, Customer Transaction

• It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract

• We have to process data in order to establish a right for you, to exercise and protect this right

Visual and Audio Records

• It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract

• We have to process data in order to establish a right for you, to exercise and protect this right

• Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms of are not harmed

Process Security

• The law explicitly stipulates the process by which we process your personal data

• Conditions that are necessary in order to fulfill our legal obligation

• It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract

Marketing Data

• Your  explicit  consent (acquired  via Apple  and/or Google)

Third Party Websites and Applications (Third-Party Data Sharing Policy for ImaginAI: AI Image Generator)
Privacy Commitment:
We prioritize your privacy and are committed to protecting your personal information. In the operation of our ImaginAI: AI Image Generator, we may collect and process a variety of data types including messages, posts, communications, statements, phrases, entries, text, questions, images, photos, videos, visual and audio records, graphics, materials, and any other content or data that you provide, upload, transmit, create, store, use, edit, or share through the app.
Data Usage:
The data collected, such as face images and related content, is solely used to facilitate the app's functionalities. This encompasses image analysis, transformation, or generation utilizing machine learning models hosted on third-party platforms like Vertex AI and Gemini.
Third-Party Processors:
Vertex AI and Gemini act as our third-party data processors. These services undertake the processing and analysis of your data while observing stringent privacy and security measures. Your data, including face images and other personal details, are not shared with any entities beyond these specified platforms.
Device Access:
For certain services provided by ImaginAI, such as delivering edited images, we may request access to your device’s photo file, gallery app, or camera tool. You have the option to deny or later disable this access in your device settings. Please note that opting out may restrict your ability to fully utilize some features of our services.
Data Retention:
Data is processed only as long as necessary for the specific task at hand and is not retained in our system or on third-party platforms any longer than required. We ensure that no personal or facial data is stored permanently or utilized for any purposes outside those clearly outlined in this policy.
Compliance:
We confirm that our third-party processors, including Vertex AI and Gemini models, adhere to relevant data privacy regulations, such as GDPR and CCPA, ensuring the protection of your information.
Consent:
By utilizing our services, you agree to the processing of your data, including face images and additional content, by third-party platforms solely to provide the requested functionalities of ImaginAI: AI Image Generator.

ImaginAI; may contain links to other websites that are unknown to Connectinno and whose content is not controlled. These linked websites may contain terms and conditions other than Connectinno texts. Connectinno cannot be held responsible for the use or disclosure of information that these websites may process. Likewise, Connectinno shall not have any responsibility for any links from other sites provided to ImaginAI owned by Connectinno.

We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

Cookies

Cookies are little text files that are stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies allow a website to run more efficiently in addition to ensuring the presentation of personalized web pages in order to make you live a faster visit experience which is more fit for your specific personal needs and demands. Containing only data on your website visit history via the internet, cookies do not collect any information, including your personal data/files stored on your computer or mobile device. We may use cookies when it is necessary for operating our services, to enhance our service performance and functionality, and to deliver content, including ads relevant to your interests, on our sites, or third-party sites. You can delete cookies which are already present on your computer and prevent the recording/location of cookies on your internet explorer.

Internet browsers are predefined to automatically accept the cookies as default. As the management of cookies varies from browser to browser, you may look at the help menu of the browser or application to get detailed information.

Push Notifications

Connectinno may occasionally send you push notifications via its mobile applications regarding application upgrades or notifications about our services. You can always edit such communication and notifications through the settings on your device and stop receiving such communications and notifications.

Your data will be stored for the duration specified in the applicable legislation or for a reasonable time until the purpose of processing ceases to exist, or during legal periods of limitation.

Connectinno may continue to store your personal data, even after the expiry of the purpose of its use provided that it is required by other laws or a separate granted by you in this regard.

In cases that you allow Connectinno to store your personal data for additional time by giving your consent, such data shall be immediately deleted, destructed or anonymized upon the expiry of such additional time or once the purpose of processing no longer exists.

Technical and Administrative Measures

Connectinno stores the personal data it processes in accordance with relevant legislation for periods stipulated in relevant legislation or required for the purpose of processing. Connectinno undertakes to take all necessary technical and administrative measures and to take the due care to ensure the confidentiality, integrity and security of personal data. In this context, it takes the necessary measures to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure, modification or destruction of data. Accordingly, Connectinno takes the following technical and administrative measures regarding the personal data it processes:

Anti-virus application. On all computers and servers in Connectinno's information technology infrastructure, a periodically updated anti-virus application is installed.

Firewall. The data center and disaster recovery centers hosting Connectinno servers are protected by periodically updated software-loaded firewalls; the relevant next generation firewalls control the internet connections of all staff and provide protection against viruses and similar threats during this control.

VPN. Suppliers can access Connectinno servers or systems through SSL-VPN defined on Firewalls. A separate SSL-VPN identification has been made for each supplier; with the identification made, the supplier only provides access to the systems that it should use or is authorized to use.

User identifications. Connectinno employees' authorization to Connectinno systems is limited only to the extent necessary by job descriptions; in case of any change of authority or duty, systemic authorizations are also updated.

Information security threat and event management. Events that occur on Connectinno servers and firewalls, are transferred to the “Information Security Threat and Event

Management” system. This system alerts the responsible staff when a security threat occurs and allows them to respond immediately to the threat.

Encryption. Sensitive data is stored with cryptographic methods and if required, transferred through environments encrypted with cryptographic methods and cryptographic keys are stored in secure and various environments.

Logging. All transaction records regarding sensitive data are securely logged.

Two-factor authentication. Remote access to sensitive data is allowed through at least two- factor authentication.

Penetration test. Periodically, penetration tests are performed on servers in the Connectinno system. The security gaps created as a result of this test are closed and a verification test is performed to show that the relevant security gaps have been closed. Besides, Information Security Threat and Event Management System automatically performs penetration tests. Test results are recorded.

Information Security Management System (ISMS). At the ISMS meetings made within Connectinno, the topics contained in the control forum are audited monthly by the director of information technology and the director of financial operations.

Training. In order to increase the awareness of Connectinno employees against various information security violations and to minimize the impact of the human factor in informatio violation incidents, trainings are provided to employees at regular intervals.

Physical data security. It ensures that personal data on papers is necessarily stored in lockers and accessed only by authorized persons. Adequate security measures (for situations such as electric leakage, fire, deluge, thievery etc.) are taken based on the nature of the environment where sensitive data is stored.

Backup. Connectinno periodically backs up the data it stores. As a backup mechanism, it uses the backup facilities provided by the cloud infrastructure providers, as well as the backup solutions it develops when deemed necessary, provided that it is in compliance with relevant legislation and provisions of this Policy.

Non-disclosure agreement. Non-disclosure agreements are concluded with employees taking part in sensitive personal data processing.

Transfer of sensitive personal data. If transfer of sensitive personal data is required through email; such transfer is done through (i) encrypted corporate email or (ii) Registered E-mail.

In the event that the personal data is damaged as a result of attacks on ImaginAI or on the Connectinno system, despite Connectinno taking the necessary information security measures, or the personal data is obtained by unauthorized third parties, Connectinno notifies this situation to Users immediately and, if necessary, to relevant data protection authority and takes necessary measures.

4. Transferring Personal Data to Third Parties

The procedures and principles to be applied for transferring of personal data are regulated in articles 8 and 9 of the PDP Law, and the personal and special categories of data of the supplier may be transferred to third parties within the country or abroad since we may use servers and cloud systems located abroad.

Your personal data may be transferred abroad for the following reasons:

•  Conducting storage and archive activities

• Conducting business activities

• Conducting after-sales support services for goods/services

• Managing customer relationship management processes

Connectinno may also transfer your personal data to services providers of our Company, third parties such as Facebook SDK, Adjust and Firebase Analytics which are embedded into our service for the following purposes:

• Sharing identity, communication and transaction security information with authorized public institutions and organizations for the purpose of execution of activities in compliance with legislation, monitor and execution of legal affairs, informing authorized persons, institutions and organizations.

• Sharing identity and contact information to manage after-sales support services, conduct business activities and manage customer relationship management processes.
  
  

5. Your Rights as the Data Subject

Pursuant to Article 11 of the PDP Law, you may request the following regarding your personal data by applying to Connectinno:

• Learn whether or not your personal data have been processed;

• Demand for information as to if your personal data have been processed;

• Learn the purpose of the processing of personal data and whether data are used in accordance with their purpose;

• Know the third parties in the country or abroad to whom your personal data have been transferred;

• In case the personal data is processed incompletely or inaccurately; requesting notification of the transactions made under this scope to third parties to whom personal data have been transferred;

• Request deletion, destruction or anonymization of personal data if the reasons for the processing have disappeared and request notification of the transactions made under this scope to third parties to whom personal data have been transferred;

• Object to occurrence of any result that is to your detriment by means of the analysis of personal data exclusively through automated systems;

• Request compensation for the damages in case you incur damages due to unlawful processing of your personal data.

Where General Data Protection Regulation (GDPR) is applicable, data subjects have the following rights:

• Right of access - Learning whether personal data is being processed and, if so, accessing your personal data and the information regarding the processing of your personal data,

• Right to correction -To request the correction of information that you believe is inaccurate or the completion of information that you believe is incomplete by Connectinno,

• Right to delete – To request deletion of personal data under the conditions stipulated in GDPR,

• The right to restrict processing - To request the restriction of the processing of personal data under the conditions stipulated in the GDPR,

• Right to object to processing - To object to the processing of personal data under the conditions stipulated in the GDPR,

• Right to data portability - To request the data collected by Connectinno to be transferred directly to another organization or under certain conditions,

• Objection to the occurrence of a result against the person himself/herself, by analyzing the processed data exclusively through automatic systems, including profiling.

In the application that includes your explanations about the right you have as the data subject and exercise your rights stated above and that you request to exercise; your request must be explicit and understandable, if the subject of your request is related to you or if you are acting on behalf of someone else, you must be specially authorized in this regard and your authority must be documented, the application must contain identity and address information and documents proving your identity must be attached to the application. Our Company will enable you to file such requests through the “Data Subject Application Form” at support@connectinno.com. In accordance with Article 13 of the PDP Law, our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest depending on the nature of the request. In case the request is rejected, the reason or reasons for the rejection will be notified in writing or electronically along with its justification.

If you believe that we or someone with whom we have transferred your data is violating your rights, you can file a complaint to the data protection authority in your country and to other competent supervisory authorities.

This Privacy Policy may be revised by our Company when deemed necessary. If you continue to access ImaginAI and use or access ImaginAI without benefiting from the Services offered by Connectinno after the notification period, you shall be deemed to have allowed the changes in this Privacy Policy.

Company Title: Connectinno Oyun Yazılım Teknolojileri ve Ticaret Anonim Şirketi

Address:             Çınarlı Mah. Ozan Abay Cad. Egeperla No: 8 Iç Kapi No: Z17 Konak / Izmir

E-mail:               support@connectinno.com