Vision Wizard Dijital Hizmetler Anonim Şirketi
Privacy Policy and Personal Data Text
MuscleUp
Update Date: 28.11.2024
1. Objective
Vision Wizard Dijital Hizmetler Anonim Şirketi (“Vision Wizardor “Company”), aims
to process the personal data of users in accordance with general principles of privacy and
the provisions of the applicable data protection legislation to the relevant person,
particularly Law on Personal Data Protection No. 6698, (“PDP Law”) and other applicable
legislation. In addition to the PDP Law, this policy also stipulates the extra rights of the
individuals, where General Data Protection Regulation (European Union) 2016/679 is
applicable.
Your personal data, which you provided/will provide to our Company and/or obtained
by our Company by any external means, may be processed by our Company as “Data
Controller”;
In the context of the objective of processing your personal data and in connection
with this purpose, in a limited and measured manner,
By maintaining the accuracy and up-to-date version of the personal data as
reported or notified to our Company,
May be recorded, stored, preserved, reorganized and be transferred to the
institutions authorized to request such personal data by law and shall be
transferred, classified and shared with third parties within the country or abroad
under the conditions stipulated by legislation and upon your explicit consent if
necessary, and they may be processed by other means listed under the legislation
and be subject to other procedures set forth in the legislation.
This Privacy Policy is adopted for the continuance and improvement of the activities
carried out by The Company in line with the principles set forth in the PDP Law.
This Privacy Policy describes which data we collect, how we intend to use, store, protect
and share the data we collect, how you can withdraw your consent for the processing of
these data and how you can correct and revise the data.
Capitalized terms in this Policy shall have the meanings specified in the Terms and
Conditions unless defined separately in this Policy.
2. Collection of Personal Data and Method
The Company may process your personal data for the purposes specified in this Privacy
Policy.
The personal data of users collected and used by The Company in particular, are as
follows: your name and surname, e-mail address and phone number which we will receive
once you contact The Company; your name and e-mail address when you register; your
order information if you make a purchase through in-app purchase; messages, phrases,
text, information, photos, images, visual records, screenshots, and other data which you
have uploaded or transmitted to MuscleUp application (MuscleUp and/or Application)
and identifier for advertisers designated in your mobile device used in accessing our
services (The Identifier for Advertisers-IDFA), identifier for vendors/developers
designated your mobile device (The Identifier for Vendors-IDVF), Internet Protocol
Address-IP Address, and (if you give us permission) geolocation information.
Data Categories and Data Types
Identity and Contact
Information
Name, surname, phone number and e-mail address (if you
contact us)
Process Security
Internet traffic data (network movements, IP address,
visit data, time and date information, information about
your access and use of our application, time and date
information, the time spent on the Application), device
name, purchase history, Token ID (when you allow
notifications through your device), identifier for
advertisers designated in your mobile device used in
accessing our services (if you give a permission, the
Identifier for Advertisers-IDFA), identifier for
vendors/developers designated your mobile device (The
Identifier for Vendors-IDVF)
Profile Information
User ID, nickname, username, profile picture, user token,
Open ID, phone number, e-mail address, password
User content
messages, posts, communication, statements, information,
phrases, entries, text, questions, responses, answers, choices;
files, documents, links, images, photos, visual records,
screenshots, graphics, media and similar material and the
underlying texts on those; and any content, record or data that
you voluntarily provide, upload, transmit, create, store, use,
edit or share with or through Application or its AI
Mentor/Couch/Chatbot.
Survey responses, answers, choices or any other similar data
that you voluntarily provide with or through Application (an
example might be the survey choices that you make); names of
the goals/achievement, information relating to your body type,
body fat, current weight and targeted weigth and progress,
current activity and fitness level, information relating to your
eating habits, your workout data. Please note that we do not
infer any health-related characteristics from this information
- Before you start using the Application, we may ask you
onboarding questions about your age, gender, height
and current and targeted weight, current body type,
current activity and fitness level. We may collect and
process these answers primarily for the purpose of
customising the services we offer (for example, to
calculate and display your estimated Body Mass Index
(BMI) and body fat for you to consider when planning
your goals).
- In some surveys, you may provide us with information
about how you feel. Please note that we do not infer any
health-related characteristics from this information.
We only collect and process this information for the
purposes stated herein.
- Workout data includes your workout plan created on
Application, the list of your favourite workout content,
the information that indicates whether you have
started, completed or progressed to a workout content,
and its time and schedule.
Please note that we store user content in accordance with this
Privacy Policy and relevant legislation, in particular in order to
provide our services. You may request that this data be deleted
at any time. Your rights in relation to this data are set out in
detail in this Privacy Policy.
Customer Transaction
Order information
Marketing Data
IDFA, IDVF
We may collect your abovementioned data directly from you through electronic or
physical mediums, your mobile device, third party applications or third party sources
which you can access our application through these mediums such as Apple App Store,
Google Play App Store (similar platforms together with “App Stores”), for the purposes of
compliance with legal obligations, enhancing our services, administering your use of our
services, as well as enabling you to enjoy and easily navigate our services.
We may collect your log data generated while you are using our services/applications
(through our products or third party products). This log data may include information
such as your device’s Internet Protocol (“IP”) address, device name, operating system
version, the configuration of the app when utilizing our service/application, the time/date
of your use of the service/application, and other statistics.
General Principles Regarding Personal Data Processing
In accordance with this Privacy Policy, personal data are processed by the Company as a
data controller in line with the basic principles named here: (i) being in accordance with
law and good faith, (ii) being accurate and, where necessary, up-to-date, (iii) being
processed for specific, explicit and legitimate purposes, (iv) being limited for the purpose
for which they are processed and data minimization; and (v) being stored for the period
stipulated in the relevant legislation or required for the purpose for which they are
processed.
3. Purposes of Processing Personal Data and Legal Reasons
Your personal data will be processed via automatic or non-automatic means for the
purposes stated below, in accordance with the applicable legislation and articles 5 and 6
of the PDP Law where it is expressly permitted by the laws, the establishment of a contract
or direct relation to the execution or performance of the contract and for the legitimate
interests of The Company provided that your fundamental rights and freedoms are
protected.
a) Purposes of Processing Personal Data
In accordance with this text, your personal data is processed for the following purposes
in accordance with the above general conditions:
Identity and Contact
Information
Profile Information
execution of activities in compliance with legislation
compliance with legislation and protection of
persons’ rights, privacy and safety
execution of company/product/service
commitment operations
execution of communication activities
execution/auditing of business activities
conducting after-sales support services for
goods/services and communicating with you to send
information or about services (if you consent)
marketing about services
execution of goods/services sales processes
conducting storage and archive activities
execution of agreement processes
operation of our product
Process Security
execution of information security processes
conducting audit/ethical activities
execution/audit of business activities
conducting activities to ensure business continuity
providing information to authorized persons,
institutions and organizations
Customer Transaction
execution/auditing of business activities
conducting after-sales support services for
goods/services
execution of goods/services sales processes
conducting activities for customer satisfaction
execution of agreement processes
User Content
operation of our product, e.g., to enable you to
monitor your goals
conducting after-sales support services for
goods/services and communicating with you to send
information or about services
execution of activities in compliance with legislation
compliance with legislation and protection of
persons’ rights, privacy and safety
prevention of crimes and other illegal acts
execution of agreement processes
conducting storage and archive activities
execution/auditing of business activities
conducting activities to ensure business continuity
execution of activities for customer satisfaction
improving our services (including training AI
models) (You can opt out of our use for your
information to train AI models by filing a request
through a “Data Subject Application Form” at
muscle@visionwizard.co )
Marketing Data
conducting marketing analysis studies
execution of advertising/campaign/promotion
processes
Besides, the purposes of processing personal data may be updated in line with our
obligations arising from our company policies and legislation; in particular,
Creating user accounts for the service recipients/application users,
Customizing our Services, understanding our users and their preferences to
enhance user experience and enjoyment using our Services and improve our users’
experience,
Informing about new products, services and applications and delivering you
information regarding advertisements and promotions,
Carrying out a digital subscription and in-app purchase processes of service
recipients,
Carrying out the auto-renewable subscriptions for giving users access to content,
services, or premium features in our service,
Carrying out the processes of information security,
Conducting activities in accordance with legislation,
Fulfilling the demands of competent authorities,
Conducting the processes of finance and accounting transactions,
Conducting communication activities,
Conducting the processes of contracts,
Carrying out strategic planning activities,
Following up requests and complaints.
b) Legal Reasons
Identity and Contact
Information
Profile Information
It is necessary to process your personal data,
provided that we establish a contractual
relationship with you, or that it is directly related to
our performance obligation arising from this
contract
We have to process data in order to establish a right
for you, to exercise and protect this right
Your consent (e.g., if you consent us to send you
marketing material).
User Content
It is necessary to process your personal data,
provided that we establish a contractual
relationship with you, or that it is directly related to
our performance obligation arising from this
contract
We have to process data in order to establish a right
for you, to exercise and protect this right
Processing is necessary for our legitimate interests,
provided that your fundamental rights and
freedoms of are not harmed
Your consent
Process Security and
Application Data
The law explicitly stipulates the process by which
we process your personal data
Conditions that are necessary in order to fulfill our
legal obligation
It is necessary to process your personal data,
provided that we establish a contractual
relationship with you, or that it is directly related to
our performance obligation arising from this
contract
Processing is necessary for our legitimate interests,
provided that your fundamental rights and
freedoms of are not harmed
Your consent
Marketing Data
Your explicit consent (acquired via Apple and/or
Google)
Third Party Websites and Applications
The Application may contain links to other websites or apps that are unknown to The
Company and whose content is not controlled. These linked websites or apps may contain
terms and conditions other than Company’s texts. The Company cannot be held
responsible for the use or disclosure of information that these websites or apps may
process. Likewise, the Company shall not have any responsibility for any links from other
sites or apps provided to the Application owned by the Company.
We collect information by fair and lawful means, with your knowledge and consent. We
also let you know why we’re collecting it and how it will be used. You are free to refuse
our request for this information, with the understanding that we may be unable to provide
you with some of your desired services without it.
While using the the Application, you may provide information through third party
websites and apps to the Company, please be aware that your liability and obligations
against third party apps or website will continue and The Company shall not be held
responsible any terms, conditions, rules or policies determined by third parties.
Cookies
Cookies are little text files that are stored on the browser or hard drive of your computer
or mobile device when you visit a webpage or application. Cookies allow a website to run
more efficiently in addition to ensuring the presentation of personalized web pages in
order to make you live a faster visit experience which is more fit for your specific personal
needs and demands. Containing only data on your website visit history via the internet,
cookies do not collect any information, including your personal data/files stored on your
computer or mobile device. We may use cookies when it is necessary for operating our
services, to enhance our service performance and functionality, and to deliver content,
including ads relevant to your interests, on our sites, or third-party sites. You can delete
cookies which are already present on your computer and prevent the recording/location
of cookies on your internet explorer.
Internet browsers are predefined to automatically accept the cookies as default. As the
management of cookies varies from browser to browser, you may look at the help menu
of the browser or application to get detailed information.
Push Notifications
The Company may occasionally send you push notifications via its mobile applications
regarding application upgrades or notifications about our services. You can always edit
such communication and notifications through the settings on your device and stop
receiving such communications and notifications.
Data Storage
Your data will be stored for the duration specified in the applicable legislation or for a
reasonable time until the purpose of processing cease to exist, or during legal periods of
limitation.
The Company may continue to store your personal data, even after the expiry of the
purpose of its use provided that it is required by other laws or a separate granted by you
in this regard.
In cases that you allow The Company to store your personal data for additional time by
giving your consent, such data shall be immediately deleted, destructed or anonymized
upon the expiry of such additional time or once the purpose of processing no longer exists.
Technical and Administrative Measures
The Company stores the personal data it processes in accordance with relevant legislation
for periods stipulated in relevant legislation or required for the purpose of processing.
The Company undertakes to take all necessary technical and administrative measures and
to take the due care to ensure the confidentiality, integrity and security of personal data.
In this context, it takes the necessary measures to prevent unlawful processing of
personal data, unauthorized access to data, unlawful disclosure, modification or
destruction of data. Accordingly, The Company takes the following technical and
administrative measures regarding the personal data it processes:
Anti-virus application. On all computers and servers in The Company's information
technology infrastructure, a periodically updated anti-virus application is installed.
Firewall. The data center and disaster recovery centers hosting The Company servers are
protected by periodically updated software-loaded firewalls; the relevant next generation
firewalls control the internet connections of all staff and provide protection against
viruses and similar threats during this control.
VPN. Suppliers can access The Company servers or systems through SSL-VPN defined on
Firewalls. A separate SSL-VPN identification has been made for each supplier; with the
identification made, the supplier only provides access to the systems that it should use or
is authorized to use.
User identifications. The Company employees' authorization to The Company systems
is limited only to the extent necessary by job descriptions; in case of any change of
authority or duty, systemic authorizations are also updated.
Information security threat and event management. Events that occur on The
Company servers and firewalls, are transferred to the “Information Security Threat and
Event Management” system. This system alerts the responsible staff when a security
threat occurs and allows them to respond immediately to the threat.
Encryption. Sensitive data is stored with cryptographic methods and if required,
transferred through environments encrypted with cryptographic methods and
cryptographic keys are stored in secure and various environments.
Logging. All transaction records regarding sensitive data are securely logged.
Two-factor authentication. Remote access to sensitive data is allowed through at least
two-factor authentication.
Penetration test. Periodically, penetration tests are performed on servers in the The
Company system. The security gaps created as a result of this test are closed and a
verification test is performed to show that the relevant security gaps have been closed.
Besides, Information Security Threat and Event Management System automatically
performs penetration tests. Test results are recorded.
Information Security Management System (ISMS). At the ISMS meetings made within
The Company, the topics contained in the control forum are audited monthly by the
director of information technology and the director of financial operations.
Training. In order to increase the awareness of The Company employees against various
information security violations and to minimize the impact of the human factor in
information violation incidents, trainings are provided to employees at regular intervals.
Physical data security. It ensures that personal data on papers is necessarily stored in
lockers and accessed only by authorized persons. Adequate security measures (for
situations such as electric leakage, fire, deluge, thievery etc.) are taken based on the nature
of the environment where sensitive data is stored.
Backup. The Company periodically backs up the data it stores. As a backup mechanism,
it uses the backup facilities provided by the cloud infrastructure providers, as well as the
backup solutions it develops when deemed necessary, provided that it is in compliance
with relevant legislation and provisions of this Policy.
Non-disclosure agreement. Non-disclosure agreements are concluded with employees
taking part in sensitive personal data processing.
Transfer of sensitive personal data. If transfer of sensitive personal data is required
through email; such transfer is done through (i) encrypted corporate email or (ii)
Registered E-mail.
In the event that the personal data is damaged as a result of attacks on the Application or
on the The Company system, despite The Company taking the necessary information
security measures, or the personal data is obtained by unauthorized third parties, The
Company notifies this situation to Users immediately and, if necessary, to relevant data
protection authority and takes necessary measures.
4. Age Limitation
We do not permit the use of our application by children under the age of 16.
We do not knowingly collect or process personal data from anyone under the age of 16. If
you learn that someone under the age of 16 has provided us with personal information,
please contact us at muscle@visionwizard.co. Users under 18 must have permission from
their parents or legal guardians to use our Services.
5. Transferring Personal Data to Third Parties
The procedures and principles to be applied for transferring of personal data are
regulated in articles 8 and 9 of the PDP Law, and the personal and special categories of
data of the supplier may be transferred to third parties within the country or abroad since
we may use servers and cloud systems located abroad.
Your personal data may be transferred abroad for the following reasons:
Conducting storage and archive activities
Conducting business activities
Conducting after-sales support services for goods/services
Managing customer relationship management processes
The Company may also transfer your personal data to services providers of our Company,
third parties such as Facebook SDK, Adjust and Firebase Analytics which are embedded
into our service for the following purposes:
Sharing identity, communication and transaction security information with
authorized public institutions and organizations for the purpose of execution of
activities in compliance with legislation, monitor and execution of legal affairs,
informing authorized persons, institutions and organizations.
Sharing identity and contact information to manage after-sales support services,
conduct business activities and manage customer relationship management
processes.
6. Your Rights as the Data Subject
Pursuant to Article 11 of the PDP Law, you may request the following regarding your
personal data by applying to The Company:
Learn whether or not your personal data have been processed;
Demand for information as to if your personal data have been processed;
Learn the purpose of the processing of personal data and whether data are used in
accordance with their purpose;
Know the third parties in the country or abroad to whom your personal data have
been transferred;
In case the personal data is processed incompletely or inaccurately; requesting
notification of the transactions made under this scope to third parties to whom
personal data have been transferred;
Request deletion, destruction or anonymization of personal data if the reasons for
the processing have disappeared and request notification of the transactions made
under this scope to third parties to whom personal data have been transferred;
Object to occurrence of any result that is to your detriment by means of the
analysis of personal data exclusively through automated systems;
Request compensation for the damages in case you incur damages due to unlawful
processing of your personal data.
Where General Data Protection Regulation (GDPR) is applicable, data subjects have the
following rights:
Right of access - Learning whether personal data is being processed and, if so,
accessing your personal data and the information regarding the processing of your
personal data,
Right to correction -To request the correction of information that you believe is
inaccurate or the completion of information that you believe is incomplete by The
Company,
Right to delete To request deletion of personal data under the conditions
stipulated in GDPR,
The right to restrict processing - To request the restriction of the processing of
personal data under the conditions stipulated in the GDPR,
Right to object to processing - To object to the processing of personal data under
the conditions stipulated in the GDPR,
Right to data portability - To request the data collected by The Company to be
transferred directly to another organization or under certain conditions,
Objection to the occurrence of a result against the person himself/herself, by
analyzing the processed data exclusively through automatic systems, including
profiling.
In the application that includes your explanations about the right you have as the data
subject and exercise your rights stated above and that you request to exercise; your
request must be explicit and understandable, if the subject of your request is related to
you or if you are acting on behalf of someone else, you must be specially authorized in this
regard and your authority must be documented, the application must contain identity and
address information and documents proving your identity must be attached to the
application. Our Company will enable you to file such requests through the “Data Subject
Application Form” at muscle@visionwizard.co . In accordance with Article 13 of the PDP
Law, our Company will finalize your requests, free of charge, within 30 (thirty) days at the
latest depending on the nature of the request. In case the request is rejected, the reason
or reasons for the rejection will be notified in writing or electronically along with its
justification.
If you believe that we or someone with whom we have transferred your data is violating
your rights, you can file a complaint to the data protection authority in your country and
to other competent supervisory authorities.
This Privacy Policy may be revised by our Company when deemed necessary. If you
continue to access the Application and use or access the Application without benefiting
from the Services offered by The Company after the notification period, you shall be
deemed to have allowed the changes in this Privacy Policy.
Company Title:
Address:
E-mail:
Tel: