Reface AI
Below is a revised and more detailed version of the privacy policy for DMFINITY Teknoloji A.Ş., incorporating different keywords and expanding on the details while maintaining the structure and intent of the original policy. The policy aligns with the principles of Law No: 6698 on Personal Data Protection and includes additional clarity and specificity.
# Privacy Policy of DMFINITY Teknoloji A.Ş.
## 1. Objective
DMFINITY Teknoloji A.Ş. ("DMFINITY" or "the Company") is committed to safeguarding the privacy of its users and ensuring compliance with applicable data protection laws, including but not limited to the Law on Personal Data Protection No. 6698 ("Law No: 6698") and other relevant regulations. This Privacy Policy outlines how DMFINITY, as a Data Controller, collects, processes, stores, protects, and shares personal data provided by or obtained from users through various channels.
DMFINITY processes personal data:
- In a manner consistent with the purpose for which it was collected, ensuring proportionality and relevance.
- By ensuring the accuracy and currency of data as provided or updated by users.
- By recording, storing, maintaining, restructuring, or transferring data to authorized institutions as required by law or to third parties, both domestically and internationally, under conditions permitted by legislation and, where necessary, with explicit user consent.
- In accordance with other procedures and methods stipulated by applicable laws.
This Privacy Policy aims to ensure transparency regarding the collection, use, storage, protection, and sharing of personal data, as well as users' rights to withdraw consent, correct, or delete their data. Capitalized terms used herein shall have the meanings defined in DMFINITY’s Terms and Conditions unless otherwise specified.
## 2. Collection of Personal Data and Methods
DMFINITY collects and processes personal data for purposes outlined in this Privacy Policy. The data collected includes, but is not limited to:
### Data Categories and Types
| Category | Data Types |
|----------------------------|--------------------------------------------------------------------------------|
| Identity Information | Full name (first and last name) |
| Contact Information | Email address |
| Process Security | IP address, network activity logs (e.g., browsing history, time/date of access), device identifiers (e.g., device name, operating system), in-app purchase history, notification Token ID (if notifications are enabled), Identifier for Advertisers (IDFA), Identifier for Vendors (IDFV) |
| Visual and Audio Data | Photos or images uploaded by users to the DMFINITY application |
| Customer Transaction | Order details, payment information, subscription details |
| Marketing Data | IDFA, IDFV, user preferences for targeted advertising |
### Collection Methods
DMFINITY collects personal data through:
- Direct Interaction: Information provided when users contact DMFINITY, register for an account, or make in-app purchases.
- Automated Technologies: Data collected via mobile devices, applications, or third-party platforms (e.g., Apple App Store, Google Play Store, collectively referred to as "App Stores").
- Third-Party Sources: Data obtained through integrated services such as Firebase Analytics, Adjust, or social media SDKs (e.g., Facebook SDK).
- Log Data: Automatically collected data, including IP addresses, device specifications, operating system versions, app usage timestamps, and other analytics metrics.
The data is collected to comply with legal obligations, improve service quality, facilitate seamless navigation, and enhance user experience.
### General Principles of Data Processing
DMFINITY adheres to the following principles when processing personal data:
- Lawfulness and Fairness: Processing is conducted in compliance with applicable laws and with transparency.
- Accuracy: Data is kept accurate and updated as needed, based on user-provided information.
- Purpose Limitation: Data is processed only for specific, explicit, and legitimate purposes.
- Data Minimization: Only data necessary for the intended purpose is collected and processed.
- Storage Limitation: Data is retained only for the duration required by law or the purpose of processing.
## 3. Purposes and Legal Basis for Processing Personal Data
DMFINITY processes personal data in accordance with Articles 5 and 6 of Law No: 6698, which permit processing when explicitly allowed by law, necessary for contract execution, or in pursuit of legitimate interests, provided users' fundamental rights and freedoms are not compromised.
### 3.1 Purposes of Processing
Personal data is processed for the following purposes:
- Identity and Contact Information:
- Fulfilling legal and regulatory obligations.
- Managing customer support and after-sales services.
- Facilitating communication with users.
- Executing and auditing business operations.
- Processing contracts and agreements.
- Enhancing customer satisfaction and user experience.
- Process Security:
- Ensuring the security of IT systems and networks.
- Conducting audits and monitoring for compliance and ethical standards.
- Maintaining business continuity.
- Providing data to authorized public institutions as required.
- Customer Transaction:
- Processing orders, payments, and subscriptions.
- Conducting after-sales support and customer satisfaction initiatives.
- Managing contractual obligations.
- Visual and Audio Data:
- Supporting application features such as AI-driven image editing or profile customization.
- Ensuring compliance with legal and contractual requirements.
- Maintaining archives and ensuring business continuity.
- Note: Facial data, if processed, is used solely for AI training or image editing purposes and will be deleted after the purpose is fulfilled.
- Marketing Data:
- Conducting market research and analysis.
- Delivering personalized advertisements, campaigns, and promotions.
### Additional Purposes
DMFINITY may process data to:
- Create and manage user accounts.
- Personalize services based on user preferences.
- Provide updates on new products, services, or features.
- Process digital subscriptions and in-app purchases, including auto-renewable subscriptions.
- Ensure information security and comply with legal obligations.
- Respond to requests and complaints from users or authorities.
- Conduct strategic planning and financial operations.
### 3.2 Legal Basis
- Contractual Necessity: Processing is necessary to establish or perform a contract with the user (e.g., for account creation, subscription management).
- Legal Obligations: Processing is required to comply with applicable laws or regulations.
- Legitimate Interests: Processing is conducted for DMFINITY’s legitimate interests, such as improving services or ensuring security, provided it does not harm users' rights.
- Explicit Consent: Where required (e.g., for marketing data or certain data transfers), processing is based on users’ explicit consent, such as permissions granted via App Stores.
## 4. Third-Party Websites and Applications
DMFINITY’s application may include links to third-party websites or services not controlled by DMFINITY. These third parties may have their own privacy policies, and DMFINITY is not responsible for their data practices or content. Similarly, DMFINITY is not liable for links to its application from external sites.
## 5. Cookies and Similar Technologies
### Cookies
Cookies are small text files stored on your device to enhance website functionality and user experience. DMFINITY may use cookies to:
- Ensure smooth operation of services.
- Improve performance and functionality.
- Deliver personalized content, including advertisements.
Users can manage cookie preferences through their browser settings, including deleting existing cookies or disabling future ones. Note that disabling cookies may limit certain features of DMFINITY’s services.
### Push Notifications
DMFINITY may send push notifications about updates, promotions, or service-related information. Users can opt out of notifications via their device settings.
## 6. Data Retention
Personal data is stored for the duration required by applicable laws or until the purpose of processing no longer exists. If users provide explicit consent for extended retention, data will be retained for the agreed period. Upon expiration of the retention period or purpose, data is deleted, destroyed, or anonymized in accordance with legal requirements.
## 7. Technical and Administrative Safeguards
DMFINITY implements robust measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:
- Anti-Virus Software: Regularly updated anti-virus programs on all systems.
- Firewalls: Next-generation firewalls protect data centers and disaster recovery sites.
- VPN Access: Secure SSL-VPN access for suppliers, limited to authorized systems.
- User Access Controls: Role-based access restrictions for employees, updated with job changes.
- Threat Management: Real-time monitoring and alerts for security threats.
- Encryption: Sensitive data is encrypted during storage and transfer, with keys stored securely.
- Logging: All transactions involving sensitive data are logged securely.
- Penetration Testing: Regular tests to identify and address security vulnerabilities.
- Information Security Management System (ISMS): Monthly audits by IT and financial operations directors.
- Employee Training: Regular training on data security and privacy.
- Physical Security: Paper-based data is stored in secure lockers with restricted access.
- Backups: Data is backed up using cloud infrastructure and proprietary solutions, compliant with regulations.
- Non-Disclosure Agreements: Signed by employees handling sensitive data.
- Secure Data Transfer: Sensitive data is transferred via encrypted corporate email or registered email.
In case of a data breach despite these measures, DMFINITY will promptly notify affected users and, if required, the relevant data protection authority, taking immediate steps to mitigate the issue.
## 8. Transfer of Personal Data to Third Parties
In accordance with Articles 8 and 9 of Law No: 6698, DMFINITY may transfer personal data to third parties, including international servers or cloud systems, for purposes such as:
- Storage and archiving.
- Business operations.
- After-sales support.
- Customer relationship management.
Data may be shared with:
- Authorized public institutions for legal compliance.
- Service providers (e.g., Firebase Analytics, Adjust, Facebook SDK) for analytics, customer support, or marketing purposes.
All transfers comply with legal requirements and, where necessary, are based on explicit user consent.
## 9. Rights of Data Subjects
Under Article 11 of Law No: 6698, users have the following rights regarding their personal data:
- Confirm whether their data is being processed.
- Request information about data processing.
- Learn the purpose of processing and whether data is used accordingly.
- Identify third parties (domestic or international) to whom data is transferred.
- Request correction of incomplete or inaccurate data and notification of such corrections to third parties.
- Request deletion, destruction, or anonymization of data when the purpose of processing ceases, with notification to third parties.
- Object to adverse outcomes from automated data processing.
- Seek compensation for damages due to unlawful data processing.
Where the General Data Protection Regulation (GDPR) applies, additional rights include:
- Right of Access: Access to personal data and processing details.
- Right to Rectification: Correction or completion of inaccurate or incomplete data.
- Right to Erasure: Deletion of data under GDPR conditions.
- Right to Restrict Processing: Limitation of data processing under GDPR conditions.
- Right to Object: Objection to data processing, including profiling.
- Right to Data Portability: Transfer of data to another organization under certain conditions.
### Exercising Your Rights
To exercise these rights, users can submit requests via the Data Subject Application Form at info@dmfinity.com. Requests must include:
- A clear and specific description of the request.
- Proof of identity and address.
- Documentation of authorization if acting on behalf of another person.
DMFINITY will respond to requests within 60 days, free of charge, unless the request incurs significant costs. If a request is rejected, DMFINITY will provide a written or electronic explanation. Users may file complaints with the relevant data protection authority if they believe their rights are violated.
## 10. Policy Updates
DMFINITY reserves the right to revise this Privacy Policy as needed. We may update this Privacy Policy according to changes in our service functions and measures concerning the protection of Personal Information. If we make changes to this Privacy Policy, we will update it through our App. Thus, you are advised to review this page periodically for any changes.
For questions or concerns, contact DMFINITY at info@dmfinity.com.