Welcome to iWatch Faces & Watch Wallpaper our iOS application (our “App”). At Appstun Digital Solutions, we take the protection of your data very seriously, and in the below we explain what data we collect when you use our App and how it is used.
General Information
a) What law applies?
In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular Turkey`s Data Protection Law 6698 (“DPL ”) and the EU’s General Data Protection Regulation (“GDPR”).
b) Who is responsible for data processing?
The responsible party within the meaning of the DPL and the GDPR is Appstun Digital Solutions of Istanbul, Turkey (“Appstun Digital Solutions“, “we”, “us”, or “our”).
If you have any questions or if you wish to exercise your rights, please feel free to email hi@appstun.com or write to us at the above address.
c) What is Personal Data?
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data.
d) What is processing?
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
e) What are the legal bases of processing?
In accordance with the DPL and the GDPR, we have to have at least one of the following legal bases to process your Personal Data:
● you have given your consent,
● the data is necessary for the fulfillment of a contract / pre-contractual measures,
● the data is necessary for the fulfillment of a legal obligation, or
● the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
Data we collect automatically
a) Downloading the App
The App can be downloaded from the Apple “App Store” a service of Apple Inc. Downloading it may require prior registration with the Apple App store and/or installation of the Apple App store software.
b) Installing the App
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
c) Device information
Apple may collect information from and about the device(s) you use to access the App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.
d) Authorisations and Access
We may request permission to access your Internet Connection, push notifications and Apple Watch wallpaper settings. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.
e) Push Notifications
When you use our App, you will receive so-called push notifications from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your device. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.
f) Firebase
For push notifications we use the Google Firebase services Firebase Cloud Messaging provided by Google LLC and Google Ireland Limited (“Google LLC”). By integrating Google services, Google may collect and process information (including personal data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase’s key security and privacy information can be found here: https://firebase.google.com/support/privacy. The legal basis is our legitimate interest and the provision of our contract.
g) RevenueCat
For the management and analysis of in-app purchases, the App uses the product RevenueCat from Revenue Cat, Inc. We cannot influence which data RevenueCat collects and processes. The legal basis is our legitimate interest and the provision of our contract.
h) Purchases
When you make In-app purchases for either subscription and one-time lifetime purchases, we (Apple on our behalf) may collect the following data from you to process the purchase: a) Apple ID, b) Email address, c) Payment confirmation from the payment data collected by Apple; and d) Device IP and device serial number to link the story history to the device.
Data we collect directly
When designing the App, we have made sure that as little as possible information that directly identifies you is collected. If you contact us, in addition to your name, and e-mail address, telephone number, if provided, we usually collect the context of your message which may also include certain Personal Data. In instances where your message relates to a technical support request, we may also ask you for your device name, ios version and device model.The Personal Data collected when contacting us is to handle your request and the legal basis is both your consent and contract.
We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.
Principles of processing Personal Data
a) Storage and Retention
If we directly process and store Personal Data, we do so only to achieve the respective processing purpose or for as long as a legal retention period exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
b) Security
We use SSL or TLS encryption to ensure the security of data processing and to protect the transmission of all content. We have also implemented numerous security measures (“technical and organizational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through this website.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
c) Special Category Data
Unless specifically required and explicit consent is obtained for that service, we do not process special category data. Please Note! For certainty and in light of recent events, we provide bespoke Watch Faces, we do not process Face Data or Special Category Data of any kind. In particular, our App does not permit uploading custom images nor relies on functions that would in any way require you to upload Face Data or Special Category Data of any kind.
d) Minors
We do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.
e) Automated decision-making
Automated decision-making is the process of making a decision by automated means without any human involvement. Automated decision-making including profiling does not take place.
f) Do Not Sell
We do not sell your Personal Data.
g) Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is i) necessary for the performance of our services including with the third parties mentioned above, ii) you have consented to the disclosure, iii) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings including the sale of our business in whole or in part; or proceedings at home or abroad or to fulfill our legitimate interests.
h) International Transfer
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
Your Rights and Privileges
a) Privacy rights
Under the DPL and GDPR, you can exercise the following rights:
● Right to information
● Right to rectification
● Right to object to processing
● Right to deletion
● Right to data portability
● Right of objection
● Right to withdraw consent
● Right to complain to a supervisory authority
● Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
b) Updating your information
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us or use the relevant functions offered in your user account.
c) Withdrawing your consent
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
d) Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
e) Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in Turkey is the Personal Data Protection Authority (KVKK). The KVKK is located at Nasuh Akar Mahallesi Ziyabey Caddesi, 1407 Sokak No:4 06520, Çankaya , Ankara, Türkiye, and online at www.kvkk.gov.tr.
Validity and questions
This Privacy Policy was last updated on Monday, 18th of September 2023, and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this policy may be necessary.
If you have any questions or if you wish to exercise your rights, please feel free to email hi@appstun.com or write to us at the above address.