Meditopia Privacy Policy

 

 

The purpose of this Privacy Policy is to set out the terms and conditions regarding the usage of the information and data shared by natural and/or legal person (“User” or “you”) visiting www.meditopia.com (the “Website”) or downloading Meditopia application (“Application” or “App”) to Yedi70 Yazılım ve Bilgi Teknolojileri A.Ş.  (the “Company” or “Yedi70” or “we” or “us”) registered at the address Acıbadem Mahallesi Cecen Sokak Akasya Acıbadem Kent Etabı A Blok Kat: 20 No: 85 Uskudar, Istanbul, Turkey with Mersis number 0946024351100016. This Privacy Policy is an annex and an inseparable part of the User Contract executed with the User, and it applies when you visit or use the Website, download or use the Application, or related services (the “Services”). 

Who Processes Your Personal Information? 

We, as a legal entity incorporated under the laws of Republic of Turkey and with the following contact information, process your personal information:

YEDİ70 YAZILIM VE BİLGİ TEKNOLOJİLERİ ANONİM ŞİRKETİ

Acıbadem Mahallesi Cecen Sokak Akasya Acıbadem Kent Etabı A Blok Kat: 20 No: 85 Uskudar, Istanbul, TURKEY

Email: gdpr@meditopia.com

If you are in the EU, you may also contact our representative appointed according to GDPR Art. 27:

The Meditation Company GmbH

Address: Brandenburgische Strasse 86/87, 10713 Berlin Deutschland

Email: gdpr@meditopia.com

What is Personal Data?

According to the European Commission, Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

We collect, use, disclose and process Personal Data in line with this Privacy Policy, for the purposes of provision of Services, which includes but is not limited to development and improvement of the Services and also our business; of advertising and marketing; to provide you with innovational additional services, and for other purposes described further below.

We may exclude certain data components, such as your name and email address that makes the data personally identifiable to you, from your Personal Data and create an unidentifiable or anonymous data; the usage of which would not be subject to this Privacy Policy.

How We Collect Your Information

We collect certain information directly from you, which includes but is not limited to the information you provide as a response to the questions we ask. We also collect your personal data from third parties, such as the information in your profile in the social media platforms you connect with the Website and/or the Application. There is also certain data we collect automatically, like information about your device and what sections of our Services you interact with or spend time using.

The Information We Collect Directly from You:

We may collect personal information from you, such as your name, email address, password, and date of birth (“Profile Data”), when you are setting up your profile. We may also provide you with the option of putting in additional personal information, such as a photograph and the information you may put into the “My Notes” section of the Application.

We use a third-party payment processor to process payments made to us. In connection with the processing of such payments, we do not retain any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processor. In such circumstances, the third-party service provider, and not Yedi70, stores your payment information on our behalf.

You may be invited to complete a form or a survey, share your testimony, or participate in a promotion (like a contest or challenge) or a user generated content (like podcasts), either through the Services or a third-party platform, such as Typeform. If you participate, we will collect and store the data you provide as part of participating, such as your name, email address, date of birth and/or phone number. The mentioned data is and will be subject to the rules of this Privacy Policy, unless the rules of a campaign or another and more specific privacy policy, which will also be submitted to your attention, contains a contrary or different rule. Provided that you have given your explicit consent, we may collect, store and publish your photograph, for the purpose of sharing your testimony with others through the Application, the Website or email bulletin. Where we use a third-party platform to administer a survey or promotion, the third party’s privacy policy will apply. 

If you contact us for support or to report a problem or concern (regardless of whether you have created a profile), we collect and store your data such as your contact information, messages, and other data, including but not limited to your name, email address, language, location, operating system, IP address, and any other data you provide or that we collect automatically. We use this data to respond to you and research your question or concern, in line with the rules of this Privacy Policy.

The Information We Collect from Third-Parties:

We may obtain certain information through your social media profiles or other online accounts you have permitted to be connected to the Application. If you login to the Application via Facebook or another third-party platform or service, we ask for your permission to access certain information which is already given under that account, such as your name, profile picture, account ID number, email address, location, physical location of your access devices, and birthday. Those platforms and services make information available to us through their APIs, and therefore, the information given to us is limited with the scope of your privacy settings in the platform or service.

If you access or use our Services through a third-party platform or service, the collection, usage, and sharing of your data will also be subject to the privacy policies and other agreements of that third party.

We may also obtain information through Third Parties, which we have a business or legal relationship with, such as business partners, technical, payment and delivery service subcontractors, advertising networks, analytics providers or search information providers.

The Information We Collect Through Automated Means:

When you access the Services, we collect certain data by automated means, including but not limited to technical data about your computer or device, like your IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain and other systems data, and platform types (“System Data”); usage statistics about your interactions with the Services, including meditations accessed, time spent on the Service, pages visited, features used, your search queries, click data, date and time, and other data regarding your use of the Services (“Usage Data”); an approximate geographic location, including information like country, city, and geographic coordinates, calculated based on your IP address.

We also collect certain information through Apple Health and/or Google Fit, provided that you have given your explicit consent.

Apple HealthKit. We use Apple’s HealthKit framework, which provides a central repository for health and fitness data on iPhone and Apple Watch and – with your explicit consent – lets apps communicate with the HealthKit store to access and share this data. If you download and use Apple Watch version of the Application, we may collect and process your heart rate data, obtained through the HealthKit framework and the Apple CoreMotion processor, with your explicit consent. New data attributes may be added to the HealthKit framework, which will be portrayed in the Application and which you have to consent to. 

Yedi70 and Yedi70’s analytics service providers may analyze engagement data for research purposes designed to provide a personalized experience and motivate engagement in healthy habits. We do not use information gained through the HealthKit framework for advertising or similar services. You can always stop us from accessing your data by changing the settings of your mobile device. 

If you grant the Application access to HealthKit, it can add information to certain sections of HealthKit, ie. adding the minutes of meditation that the User is listening to in the Application to the Awareness Time section in HealthKit.

Google Fit. We use Google’s Fit SDK which is an open platform that lets users control their fitness data. We do not collect or process any data from Google Fit. However, we may add information to certain sections of Google Fit, ie. adding the minutes of meditation that the User is listening to in the Application to the Awareness Time section in Google Fit. New data attributes may be added to the Google Fit framework, which will be portrayed in the Application and which you have to consent to.

We do not use information gained through the HealthKit framework or GoogleFit SDK for marketing, advertising or use-based data mining and we do not transfer that information to third parties for those purposes. Information gained through the HealthKit framework or GoogleFit SDK may only be used to provide the Services and may only be transferred to third-parties for that purpose and with your explicit consent.

We also use cookies to access information when you sign in, store your preferences, to keep you logged in, and to store a limited amount of behavioral data. For more information about cookies, please review our Cookie Policy.

What We Use Your Information For?

Your personal data collected hereunder may be processed 

  • to develop, improve, personalize, provide, and administer the Services, including to display customized content.
  • To process your requests and orders for products, specific services, information, or features;
  • To communicate with you about the Services by:
    • responding to your questions, requests and concerns;
    • sending you administrative messages and information, including messages from our team, notifications about changes to our Service, and updates to our agreements;
    • sending you information and e-mail about your progress in meditations, rewards programs, new services, new features, promotions, advertising, newsletters, and other available products and services which you can opt out of at any time;
    • sending push notifications to your wireless device to provide updates, daily quotes, and other relevant messages.
    • offering you the possibility of taking part in user generated contents. 
  • to manage your profile preferences;
  • to maintain and develop the technical functioning of the Services, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;
  • to solicit feedback from users;
  • to market and administer surveys and promotions administered or sponsored by us;
  • to learn more about you by linking your data with additional data through third-party data providers or analyzing the data with the help of analytics service providers;
  • to identify unique users across devices;
  • to tailor advertisements across devices;
  • to improve our Services and develop new products, services, and features;
  • to analyze trends and traffic, track purchases, and track usage data;
  • to advertise the Services on third-party websites and applications;
  • as required or permitted by law; or
  • as we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, employees, third parties, the public, or our Services.

Profile Data, System Data and Usage Data, will be stored in our secured database for a period of 1 (one) year following the User's termination of membership to expedite the process and for user satisfaction if the User who was a member of the Application subsequently wishes to re-join.

With Whom Do We Need to Share Your Information?

In order to provide you with our Services and for other purposes set forth in this Privacy Policy, we may need to share your Personal Data with third parties as described below.

We take every precaution to ensure such third parties provide all appropriate technical and administrative measures, identical to or equal to those required from us, before transferring your information.

We may transfer your information to the servers outside the country of your domicile, when needed, provided that all measures are taken.

Where possible, we anonymize or pseudonymize your information, before sharing, and in that case, we can disclose or use your aggregated or de-identified data for any purpose. De-identified Data means data where we have removed information like your name and email address and replaced it with a token ID. This allows the third parties to provide their services without being able to match such data with you. We do this to ensure your personal data is protected.

We also would like you to know that, with your consent, we may share data to third parties outside the scope of this Privacy Policy.

With Service Providers, Contractors, and Agents: We need to share your data with third parties who perform services on our behalf, like payment processing, data analysis, marketing, and advertising services (including retargeted advertising), email and hosting services, customer services and support. These service providers may access your personal data and are required to use it solely as we direct, to provide our requested service.

With Analytics and Data Enrichment Services: As part of our use of third-party analytics tools, like Amplitude, and data enrichment services, we may share certain information, such as Profile Data, System Data and Usage Data, or de-identified data as needed, with analytics and data enrichment services.

To Power Social Media Features: The social media features in the Services (like the Facebook Like button) may allow the third-party social media provider to collect things like your IP address and which page of the Services you’re visiting, and to set a cookie to enable the feature. Your interactions with these features are governed by the third-party company’s privacy policy.

To Administer Promotions and Surveys: We may share your data as necessary to administer, market, or sponsor promotions and surveys you choose to participate in, in accordance with this Privacy Policy, or the rules of the promotion or survey.

For Advertising: We may use and share certain System Data and Usage Data with third-party advertisers and networks to show general demographic and preference information among our users. We may also allow advertisers to collect System Data through automated data collection tools like cookies, tags, scripts, customized links, device or browser fingerprints (together, “Data Collection Tools”), and to use this data to offer you targeted ad delivery to personalize your user experience (through behavioral advertising) and undertake web analytics. Advertisers may also share with us the data they collect about you. We would like to remind you that we do not share any of your personal data related to your health, motion and fitness; any information gained through the HealthKit framework or Google Fit SDK, or any of the correspondences between you and your mindfulness coach (if you have purchased Mindfulness Meditopia Coaching Program) with third parties for marketing and advertising purposes.

For Security and Legal Compliance: We may disclose your data to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:

  • Permitted or required by law;
  • Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
  • Reasonably necessary as part of a valid subpoena, warrant, or other legally valid request;
  • Reasonably necessary to enforce our Terms of Use, Privacy Policy, and other legal agreements;
  • Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
  • Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of Yedi70, our users, employees, members of the public, or our Services.
  • We may also disclose data about you to our auditors and legal advisors in order to assess our disclosure obligations and rights under this Privacy Policy.

Meditopia for Work: If your employer has purchased “Meditopia for Work” for you to access Meditopia Premium Membership, we may share your personal data with your employer when it is necessary to affirm, validate, confirm or revoke the activation of your Premium Membership or to detect, prevent, or address fraud, abuse, or misuse of our Services. In such a case, we will always consider data minimization principle and we will never share any of your personal data not necessary to achieve the purposes specified under this paragraph. Without prejudice to the above, we will never share any non-aggregated or non-anonymized personal data with your employer, (such as the time spent on the Application and the content engaged with).

During a Change in Control: If Yedi70 undergoes a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of its assets, we may share, disclose, or transfer all of your data to the successor organization during such transition or in contemplation of a transition (including during due diligence).

After Aggregation/De-identification: we can disclose or use aggregated or de-identified data for any purpose.

With Your Permission: with your consent, we may share data to third parties outside the scope of this Privacy Policy.

What We Do to Secure Your Information

We are actively seeking and taking the most effective, appropriate, and commercially reasonable security measures in order to maintain the safety of your personal data. These measures are designed not only to prevent unauthorized access to your personal data, but also to prevent its accidental loss, alteration, and disclosure.

We prefer our employees and service providers all around the globe to be under strict non-disclosure and confidentiality obligations. If we need to share any of your personal data with them, for the purposes set out in this Privacy Policy, we consider data minimization principles at all times.

Also, our service providers are under the obligation to comply with the provisions of the data processing agreements, which they are subject to, when applicable.

If you have purchased Meditopia Mindfulness Coaching Program, we would like you to know that we put special emphasis on ensuring the privacy of correspondences between you and your mindfulness coach. For this purpose, we use various technologies, such as data masking and pseudonymization. Moreover, all our mindfulness coaches are under strict confidentiality liabilities, and none has access to any of your identity data (e.g., your surname and email address) which would jeopardize your anonymity. Your correspondences may only be associated with your identity data in very exceptional circumstances (such as fulfilling our legal duties) and by only a very limited number of personnel. Moreover, your correspondences are never used, processed, or transferred for any marketing or advertorial purposes. We may only transfer your correspondences to third parties after pseudonymization. We retain your correspondences for as long as it is necessary to fulfill the purpose for which it was collected, but we may retain them for longer if they may be the subject of a legal claim or may be relevant for future litigation.

We Might Be Required to Retain Some of Your Information

We do not keep your information we collect and process for the purposes identified in this Privacy Policy for longer than is necessary for the specific purpose specified in this Privacy Policy, unless we are required to retain those information for a longer period of time to comply with our legal obligations, enforce our legal agreements and policies, and resolve disputes.

Your Rights

Subject to limitations in applicable law, you are entitled to object to or request the restriction of processing of your personal data, and to request access to, rectification, erasure, and portability of your personal data.  This means that you also have the right to withdraw your prior consents.

To make a request concerning your rights, please send an email to . We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you are in the EU, you can also contact our EU representative appointed according to GDPR Art. 27, of whom you can find the contact information above.

Last But Not Least,

We may decide to update this Privacy Policy by posting the changes on the Website and/or the App at any time. In case we decide to materially change the way we collect or process your personal data, we will inform you with a prior notice, or where legally required, we will request your consent prior to implementing such changes.

Please send your questions, opinions, and recommendations regarding privacy and any other issue to gdpr@meditopia.com. It is an honor and privilege to help you with being a happier, more peaceful, and mindful person and any other issue.