Who Processes Your Personal Information?
We, as a legal entity incorporated under the laws of Republic of Turkey and with the following contact information, process your personal information:
YEDİ70 YAZILIM VE BİLGİ TEKNOLOJİLERİ ANONİM ŞİRKETİ
Acıbadem Mahallesi Cecen Sokak Akasya Acıbadem Kent Etabı A Blok Kat: 20 No: 85 Uskudar, Istanbul, TURKEY
If you are in the EU, you may also contact our representative appointed according to GDPR Art. 27:
The Meditation Company GmbH
Address: Brandenburgische Strasse 86/87, 10713 Berlin Deutschland
What is Personal Data?
According to the European Commission, Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
How We Collect Your Information
We collect certain information directly from you, which includes but is not limited to the information you provide as a response to the questions we ask. We also collect your personal data from third parties, such as the information in your profile in the social media platforms you connect with the Website and/or the Application. There is also certain data we collect automatically, like information about your device and what sections of our Services you interact with or spend time using.
The Information We Collect Directly from You:
We may collect personal information from you, such as your name, email address, password, and date of birth (“Profile Data”), when you are setting up your profile. We may also provide you with the option of putting in additional personal information, such as a photograph and the information you may put into the “My Notes” section of the Application.
We use a third-party payment processor to process payments made to us. In connection with the processing of such payments, we do not retain any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processor. In such circumstances, the third-party service provider, and not Yedi70, stores your payment information on our behalf.
The Information We Collect from Third-Parties:
We may obtain certain information through your social media profiles or other online accounts you have permitted to be connected to the Application. If you login to the Application via Facebook or another third-party platform or service, we ask for your permission to access certain information which is already given under that account, such as your name, profile picture, account ID number, email address, location, physical location of your access devices, and birthday. Those platforms and services make information available to us through their APIs, and therefore, the information given to us is limited with the scope of your privacy settings in the platform or service.
If you access or use our Services through a third-party platform or service, the collection, usage, and sharing of your data will also be subject to the privacy policies and other agreements of that third party.
We may also obtain information through Third Parties, which we have a business or legal relationship with, such as business partners, technical, payment and delivery service subcontractors, advertising networks, analytics providers or search information providers.
The Information We Collect Through Automated Means:
When you access the Services, we collect certain data by automated means, including but not limited to technical data about your computer or device, like your IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain and other systems data, and platform types (“System Data”); usage statistics about your interactions with the Services, including meditations accessed, time spent on the Service, pages visited, features used, your search queries, click data, date and time, and other data regarding your use of the Services (“Usage Data”); an approximate geographic location, including information like country, city, and geographic coordinates, calculated based on your IP address.
We also collect certain information through Apple Health and/or Google Fit, provided that you have given your explicit consent.
Apple HealthKit. We use Apple’s HealthKit framework, which provides a central repository for health and fitness data on iPhone and Apple Watch and – with your explicit consent – lets apps communicate with the HealthKit store to access and share this data. If you download and use Apple Watch version of the Application, we may collect and process your heart rate data, obtained through the HealthKit framework and the Apple CoreMotion processor, with your explicit consent. New data attributes may be added to the HealthKit framework, which will be portrayed in the Application and which you have to consent to.
Yedi70 and Yedi70’s analytics service providers may analyze engagement data for research purposes designed to provide a personalized experience and motivate engagement in healthy habits. We do not use information gained through the HealthKit framework for advertising or similar services. You can always stop us from accessing your data by changing the settings of your mobile device.
If you grant the Application access to HealthKit, it can add information to certain sections of HealthKit, ie. adding the minutes of meditation that the User is listening to in the Application to the Awareness Time section in HealthKit.
Google Fit. We use Google’s Fit SDK which is an open platform that lets users control their fitness data. We do not collect or process any data from Google Fit. However, we may add information to certain sections of Google Fit, ie. adding the minutes of meditation that the User is listening to in the Application to the Awareness Time section in Google Fit. New data attributes may be added to the Google Fit framework, which will be portrayed in the Application and which you have to consent to.
We do not use information gained through the HealthKit framework or GoogleFit SDK for marketing, advertising or use-based data mining and we do not transfer that information to third parties for those purposes. Information gained through the HealthKit framework or GoogleFit SDK may only be used to provide the Services and may only be transferred to third-parties for that purpose and with your explicit consent.
What We Use Your Information For?
Your personal data collected hereunder may be processed
- to develop, improve, personalize, provide, and administer the Services, including to display customized content.
- To process your requests and orders for products, specific services, information, or features;
- To communicate with you about the Services by:
- responding to your questions, requests and concerns;
- sending you administrative messages and information, including messages from our team, notifications about changes to our Service, and updates to our agreements;
- sending you information and e-mail about your progress in meditations, rewards programs, new services, new features, promotions, advertising, newsletters, and other available products and services which you can opt out of at any time;
- sending push notifications to your wireless device to provide updates, daily quotes, and other relevant messages.
- offering you the possibility of taking part in user generated contents.
- to manage your profile preferences;
- to maintain and develop the technical functioning of the Services, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;
- to solicit feedback from users;
- to market and administer surveys and promotions administered or sponsored by us;
- to learn more about you by linking your data with additional data through third-party data providers or analyzing the data with the help of analytics service providers;
- to identify unique users across devices;
- to tailor advertisements across devices;
- to improve our Services and develop new products, services, and features;
- to analyze trends and traffic, track purchases, and track usage data;
- to advertise the Services on third-party websites and applications;
- as required or permitted by law; or
- as we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, employees, third parties, the public, or our Services.
Profile Data, System Data and Usage Data, will be stored in our secured database for a period of 1 (one) year following the User's termination of membership to expedite the process and for user satisfaction if the User who was a member of the Application subsequently wishes to re-join.
With Whom Do We Need to Share Your Information?
We take every precaution to ensure such third parties provide all appropriate technical and administrative measures, identical to or equal to those required from us, before transferring your information.
We may transfer your information to the servers outside the country of your domicile, when needed, provided that all measures are taken.
Where possible, we anonymize or pseudonymize your information, before sharing, and in that case, we can disclose or use your aggregated or de-identified data for any purpose. De-identified Data means data where we have removed information like your name and email address and replaced it with a token ID. This allows the third parties to provide their services without being able to match such data with you. We do this to ensure your personal data is protected.
With Service Providers, Contractors, and Agents: We need to share your data with third parties who perform services on our behalf, like payment processing, data analysis, marketing, and advertising services (including retargeted advertising), email and hosting services, customer services and support. These service providers may access your personal data and are required to use it solely as we direct, to provide our requested service.
With Analytics and Data Enrichment Services: As part of our use of third-party analytics tools, like Amplitude, and data enrichment services, we may share certain information, such as Profile Data, System Data and Usage Data, or de-identified data as needed, with analytics and data enrichment services.
For Advertising: We may use and share certain System Data and Usage Data with third-party advertisers and networks to show general demographic and preference information among our users. We may also allow advertisers to collect System Data through automated data collection tools like cookies, tags, scripts, customized links, device or browser fingerprints (together, “Data Collection Tools”), and to use this data to offer you targeted ad delivery to personalize your user experience (through behavioral advertising) and undertake web analytics. Advertisers may also share with us the data they collect about you. We would like to remind you that we do not share any of your personal data related to your health, motion and fitness; any information gained through the HealthKit framework or Google Fit SDK, or any of the correspondences between you and your mindfulness coach (if you have purchased Mindfulness Meditopia Coaching Program) with third parties for marketing and advertising purposes.
For Security and Legal Compliance: We may disclose your data to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:
- Permitted or required by law;
- Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
- Reasonably necessary as part of a valid subpoena, warrant, or other legally valid request;
- Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
- Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of Yedi70, our users, employees, members of the public, or our Services.
Meditopia for Work: If your employer has purchased “Meditopia for Work” for you to access Meditopia Premium Membership, we may share your personal data with your employer when it is necessary to affirm, validate, confirm or revoke the activation of your Premium Membership or to detect, prevent, or address fraud, abuse, or misuse of our Services. In such a case, we will always consider data minimization principle and we will never share any of your personal data not necessary to achieve the purposes specified under this paragraph. Without prejudice to the above, we will never share any non-aggregated or non-anonymized personal data with your employer, (such as the time spent on the Application and the content engaged with).
During a Change in Control: If Yedi70 undergoes a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of its assets, we may share, disclose, or transfer all of your data to the successor organization during such transition or in contemplation of a transition (including during due diligence).
After Aggregation/De-identification: we can disclose or use aggregated or de-identified data for any purpose.
What We Do to Secure Your Information
We are actively seeking and taking the most effective, appropriate, and commercially reasonable security measures in order to maintain the safety of your personal data. These measures are designed not only to prevent unauthorized access to your personal data, but also to prevent its accidental loss, alteration, and disclosure.
Also, our service providers are under the obligation to comply with the provisions of the data processing agreements, which they are subject to, when applicable.
If you have purchased Meditopia Mindfulness Coaching Program, we would like you to know that we put special emphasis on ensuring the privacy of correspondences between you and your mindfulness coach. For this purpose, we use various technologies, such as data masking and pseudonymization. Moreover, all our mindfulness coaches are under strict confidentiality liabilities, and none has access to any of your identity data (e.g., your surname and email address) which would jeopardize your anonymity. Your correspondences may only be associated with your identity data in very exceptional circumstances (such as fulfilling our legal duties) and by only a very limited number of personnel. Moreover, your correspondences are never used, processed, or transferred for any marketing or advertorial purposes. We may only transfer your correspondences to third parties after pseudonymization. We retain your correspondences for as long as it is necessary to fulfill the purpose for which it was collected, but we may retain them for longer if they may be the subject of a legal claim or may be relevant for future litigation.
We Might Be Required to Retain Some of Your Information
Subject to limitations in applicable law, you are entitled to object to or request the restriction of processing of your personal data, and to request access to, rectification, erasure, and portability of your personal data. This means that you also have the right to withdraw your prior consents.
To make a request concerning your rights, please send an email to firstname.lastname@example.org. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you are in the EU, you can also contact our EU representative appointed according to GDPR Art. 27, of whom you can find the contact information above.
Last But Not Least,
Please send your questions, opinions, and recommendations regarding privacy and any other issue to email@example.com. It is an honor and privilege to help you with being a happier, more peaceful, and mindful person and any other issue.