This privacy notice (the “Notice”) applies to the processing of personal data (hereinafter, “Personal Data”) of the users (hereinafter, the “User/s” or the “Data Subject/s”) carried out by Imagen Software, based in Istanbul Turkey (hereinafter, the “Data Controller” or the “Company”) through its Avmix application (hereinafter, the “App”) in accordance with Regulation (EU) no. 679 of 27 April 2016 – General Data Protection Regulation or the “GDPR”.
I. Data Controller’s contact details
The Data Controller is Imagen Software, Istanbul Turkey
II. Categories of the processed Personal Data, purposes and legal basis for the processing
The Company processes the following categories of Personal Data, for the purposes and on the legal basis indicated below.
|Purpose||Legal basis||Categories of processed data|
|To enable Users to use the Apps, that provide for photo and video editing (e.g. to allow the User to use the Apps, to send technical information about how the Apps work).||The legal basis for the processing is the performance of a contractual relationship with the User (art. 6(1)(b) of the GDPR).||Basic Data (i.e. IDFA, device model and type, country as set by the user in the device settings, device language, device name, OS version, IP address, app usage (screenshots accessed, buttons pressed, etc.), unique identifier assigned to Users by the Company), videos, music library, microphone recordings|
|To fulfill Company’s legal obligations and any other obligation eventually arising from the authorities’ instructions.||The legal basis for the processing is the compliance with a legal obligations to which the Data Controller is subject (art. 6(1)(c) of the GDPR).||Any information which may be requested by law or under authorities’ instructions.|
|To process any request for information and/or clarification raised by the Data Subjects (also by allowing them to contact our support staff).||The legal basis for the processing is the legitimate interest of the Data Controller (art. 6(1)(f) of GDPR).Legitimate interest of the Data Controller is to process and give a proper feedback to any request raised by the Data Subject.||Identification and contact information as disclosed by the Data Subject submitting the request (such as name, email address).Eventual further information inserted within the contents of Data Subject’s request.|
When the processing of Personal Data requires the User’s consent, the Data Subject may give his/her consent only if aged at least 16 years (see art. 8 of the GDPR).
The Company’s apps and services are not for children under the age of 16. The Company do not knowingly collect personal data from children. If you believe we have received personal data from children under the age of 16, please email us at email@example.com.
If the Data Subject is under the age of 16, the consent must be given by a parent or other holder of parental responsibility (in the latter case, the Data Controller shall make every reasonable effort to verify that consent is given or authorized by the holder of parental responsibility).
Should the Data Controller realize that some Users are aged below 16 and consents have not been given by parents (or holders of parental responsibility), it shall immediately delete the processed data and close the related account forthwith.
III. Data retention of User’s Personal Data
Personal Data may processed by both paper and electronic means.
The Data Controller adopts all technical and organizational measures for preventing the loss, improper use and alteration of Data Subjects’ Personal Data, and, in some cases, may adopt data encryption measures, too.
Personal Data processed to fulfill the purposes referred to under Section II above (legal obligations and obligations related to the use of the Apps) will be kept for a period not exceeding the one necessary for the said purposes and, in each case, for no more than 10 (ten) years from the termination of the agreement (i.e., after the cancellation of the Apps’ account) except for any legal obligation that set a longer data retention period. At the end of this period, the processed data will be deleted or anonymized.
IV. Mandatory or optional nature of the supply of Personal Data and consequences of the refusal to answer
The provision of User’s Personal Data for the purposes referred to in points II.a) and II.b) above is mandatory. Any refusal to provide the requested data could make it impossible to enjoy the Apps’ services.
The processing of User’s Personal Data for the purpose referred to in point II.c) above is necessary to comply with the Data Subjects’ requests and occurs on the basis of the legitimate interest of the Data Controller, pursuant to art. 6(1)(f) of the GDPR. In any case, Data Subjects can at any time exercise the rights referred to in point no. VII to have such processing ceased.
V. Recipients of Personal Data
Personal Data may be disclosed to the following categories of recipients:
- public, judicial or police authorities, within the limits established by applicable laws and regulations;
- third parties carrying out activities that are related or instrumental to the Data Controller’s activities, as outsourced data processors duly appointed in writing by the Company in accordance to the Applicable Privacy Laws or acting as autonomous data controllers (such as, by way of example only, suppliers providing IT maintenance and development services, IT or filing services providers).
The complete and updated list of such entities is available for consultation, upon request, at the Company’s headquarters or by sending an email to firstname.lastname@example.org.
Users’ data will not be disclosed, unless such disclosure is deemed necessary for the fulfillment of legal obligations and/or regulations.
The Company will not share the Personal Data with other third parties for any reason other than those stated above.
VI. Transfer of Personal Data outside EEA
The Company may also transfer personal data of the Data Subjects to countries located outside the European Economic Area (EEA). In such cases, the Company will make sure that such transfer is based on appropriate safeguards listed in the GDPR, including (a) the standard contractual clauses developed by the European Commission; (b) the decisions of adequacy of the European Commission concerning the States in which the addressees are based; (c) binding corporate rules adopted by the Company and approved by the competent authorities or that are parties of agreements with the Company in this regard.
Copies of appropriate warranties are available on request at the Company’s headquarters or by sending an email to email@example.com.
VII. Rights of the Data Subjects
The Users, at any time and free of charge, can have and/or exercise the following rights, as specified in the GDPR:
- the right to be informed on the purposes and methods of the processing;
- the right of access;
- the right to obtain a copy of the data held overseas and obtain information concerning the place in which such data are kept;
- the right to ask for updating, rectification or integration of the data;
- the right to request the cancellation, anonymization or blocking of the data;
- the right to restrict the processing;
- the right to object to the processing, wholly or partly, also where it is carried out through automated individual decision-making, including profiling;
- the right to withdraw the consent to the processing of the data freely and at any time – in such a case, the processing carried out before withdrawal of consent shall remain valid;
- the right to data portability, (i.e. to receive an electronic copy of User’s personal data, if the User would like to port his/her personal data to himself or a different provider);
- the right to limitation of the processing.
Data Subjects also have the right to lodge a complaint before the competent national data protection or judicial authority.
If Data Subject is under the age of 18 in California, in certain circumstances, he/she may request and obtain removal of Personal Data or content shared by him/her and posted on the Apps. This would not ensure complete or comprehensive removal of the content or information posted on the Apps by the User. To make any request pursuant to California privacy law, please contact firstname.lastname@example.org.
VIII. Automated decision-making
No entirely automated decision-making is carried out within the processing of the Users’ Personal Data (there included profiling under Article 22(1) and 22(4) of GDPR).
IX. Face morph data usage
- The App detects eyes, nose, lips and face border points from the selected images or videos for Face Morph Transition.
- The App uses these points only for displaying Face Morph Transition effect at runtime on local device.
- The Company does not collect, store or upload these points.
- The Company does not share these points with third parties.
X. Third party websites and apps
The Apps may include links to other websites or apps operated by third parties. The practices described in this Notice do not apply to data gathered through these third party websites and apps. The Company has no control over, and is not responsible for, the actions and privacy policies of third parties and other websites and apps.
XI. Changes and updates of this Notice
The Company may modify, integrate and/or update, in whole or in part, this Notice, also in view of future changes that may involve the Applicable Privacy Laws and in case of new apps that shall be considered processing personal data as described by this Notice. It is understood that any modification, integration or update will be communicated to the Data Subjects promptly and on time via email or at the time of the start of the Apps. In this regard, it could be required to the User to read the new version of the Notice and to accept it before continuing to use the Apps.
Date of last amendment: 23 May 2021