Information Text
MAGNUS USER INFORMATION TEXT
This information text has been prepared by FUTURASTIC LTD. ("MAGNUS") as the data controller in order to inform you, our users, in accordance with Article 10 of the Personal Data Protection Law No. 6698 ("Law") and the Communiqué on the Procedures and Principles for Fulfilling the Obligation to Inform, about how your personal data is collected, processed, for what purposes, to whom it is transferred, and your rights regarding this matter.
### I. DATA CONTROLLER
In accordance with the Law, your personal data is processed by MAGNUS as the data controller, in accordance with the law and principles of honesty, within the scope and for the purposes explained in this text, and transferred to third parties where permitted by legislation and limited to the purposes for which they are processed.
### II. COLLECTION AND LEGAL BASIS OF PERSONAL DATA
Your personal data is collected automatically through electronic methods via the MAGNUS mobile application ("Application") in connection with the services ("Services") provided through the Application, in accordance with the fundamental principles stipulated by the Law.
The personal data obtained through the methods mentioned above is processed by MAGNUS as the data controller based on the legal reasons of being publicly available by the relevant individual as stipulated in Article 5 of the Law, and for the necessity of data processing for the legitimate interests of MAGNUS, provided that it does not harm your fundamental rights and freedoms.
### III. PROCESSING OF PERSONAL DATA DURING THE PROVISION OF SERVICES
a) **Personal Data Processed**
Our users can visit the Application without having to fill out any membership form. If they wish to become members, the Application allows them to complete the membership process through Facebook, Google, or their email address.
**I)** If the membership process is initiated through Facebook or Google platforms, personal data such as Name, Surname, Email Address, and Date of Birth will be transferred from the selected platform to the Application following the user's consent for both the Application and the relevant platform. Membership will be completed, and the membership will become active upon this transfer of data.
**II)** If the membership process is initiated by entering an email address, the personal data "Email Address" will be transmitted by the relevant individual through the Application. Following this, a confirmation email will be sent to the specified email address, and the membership will be completed once the individual clicks on the link in the email.
**III)** Regardless of how the membership process is initiated, the personal information that a member can input into the Application includes:
- Name, Surname, Email Address, Marital Status, Relationship Information, Gender, Sexual Life Information (Special Category of Personal Data), and Occupation Information.
**IV)** When using the Application, the automatically processed data includes:
- Device ID Information, Cookie Information.
- Additionally, data processed within the Application, based on your choices, include:
- Name, Surname, Gender, Date of Birth, Occupation Information, Relationship Information, and Sexual Life Information (Special Category of Personal Data).
b) **Purposes of Processing Personal Data**
All the data mentioned above is processed for the following purposes:
- Execution of Information Security Processes
- Management of Access Rights
- Execution of Loyalty Processes for Company/Products/Services
- Execution of After-Sales Support Services
- Execution of Service Sales Processes
- Execution of Communication Activities
- Creation and Follow-up of User/Visitor Records
- Execution of Customer Relationship Management Processes
- Execution of Customer Satisfaction Activities
- Execution of Marketing Analysis
- Execution of Advertising/Campaign/Promotion Processes
- Follow-up of Requests/Complaints
- Execution of Marketing Processes for Products/Services.
c) **Transfer of Personal Data**
During the membership process, personal data such as Name, Surname, Email Address, and Date of Birth are transferred from Facebook and Google to the Application. Apart from technical infrastructure providers, such as the cloud server used, no further transfers are made from the Application to third parties.
### IV. PROCESSING OF PERSONAL DATA DURING OTHER ACTIVITIES
1. **CAMPAIGN PARTNERS**
MAGNUS occasionally organizes joint marketing activities/campaigns with business partners based in Turkey and/or abroad. As part of this, the data processed during the provision of services may be partially or entirely transferred to these campaign partners. Information related to this will be provided in the relevant campaign pages within the Application.
This processing activity is based on the legal reason of "necessity for the legitimate interests of the data controller MAGNUS, provided that the fundamental rights and freedoms of the relevant users are not harmed," for the purpose of executing the processes and marketing activities within the Application.
2. **PUSH NOTIFICATIONS**
During the use of the services within the Application and/or the execution of marketing activities, instant push notifications may be sent via the mobile phone on which the Application is downloaded, based on the legal reason of "necessity for the legitimate interests of the data controller MAGNUS, provided that the fundamental rights and freedoms of the relevant users are not harmed," for the purpose of executing the processes and marketing activities within the Application.
If users do not wish to receive push notifications sent by MAGNUS, they can disable this feature entirely through the user preference settings on Android and iOS devices.
3. **PAYMENT PROCESS**
MAGNUS does not process, store, or view your payment information (such as credit card, bank account details, etc.). Additionally, we do not have access to your financial payment information. Payments made while benefiting from the Services are carried out via payment system providers that are licensed by the Banking Regulation and Supervision Agency (BDDK) and have taken all technical and administrative measures to protect personal data and ensure data security.
### V. RETENTION AND DESTRUCTION OF PERSONAL DATA
MAGNUS retains the personal data it processes for the durations stipulated by legislation. If no specific duration is determined by legislation, the personal data is retained for as long as necessary for the provision of services associated with the Application and the commercial life of MAGNUS, and thereafter, only for as long as necessary for legal disputes. Once these durations expire, the relevant personal data is deleted, destroyed, or anonymized.
### VI. SECURITY OF PERSONAL DATA
MAGNUS, in accordance with Article 12 of the Law, takes the necessary measures and controls to ensure the appropriate level of security for the prevention of unlawful processing, unauthorized access, and preservation of personal data. MAGNUS also conducts or arranges for the necessary audits in this regard.
In accordance with Article 12 of the Law, MAGNUS operates a system that ensures the notification of the relevant data owner and the Personal Data Protection Board ("Board") as soon as possible (within 72 hours) if personal data is obtained unlawfully by third parties.
### VII. RIGHTS OF OUR USERS AS DATA OWNERS
Article 20 of the Constitution stipulates that everyone has the right to be informed about personal data concerning them, and Article 11 of the Law includes the right to "request information" as one of the rights of personal data owners. In this regard, personal data owners have the following rights:
- To learn whether their personal data is processed,
- To request information if their personal data has been processed,
- To learn the purpose of processing and whether their personal data is used in accordance with its purpose,
- To know the third parties to whom personal data is transferred in Turkey or abroad,
- To request the correction of incomplete or incorrect personal data,
- To request the deletion or destruction of personal data,
- To request that the corrections, deletions, or destruction be communicated to third parties to whom the data has been transferred,
- To object to a result arising against them through the exclusive processing of data via automated systems,
- To request compensation for any damage incurred due to the unlawful processing of personal data.
According to Article 28 of the Law, the following cases are excluded from the Law's scope, and personal data owners cannot claim the rights listed above in these cases:
- When processing personal data is necessary to prevent a crime or for a criminal investigation,
- When personal data is made public by the personal data owner,
- When processing personal data is required for auditing or regulation tasks by authorized and competent public institutions or professional organizations with public institution status, based on the authority granted by law,
- When processing personal data is necessary for protecting the economic and financial interests of the State in relation to budget, tax, and financial matters.
### VIII. APPLICATIONS OF DATA OWNERS/RELATED PERSONS
As a personal data owner, you can submit your rights mentioned above by emailing us in Turkish at info@magnusapp.tech.
The following information must be included in the application:
- Name, surname, and signature if the application is in writing,
- For Turkish citizens, a T.C. identity number; for foreigners, nationality, passport number, or identification number if available,
- Residence or workplace address for notification,
- The email address, phone number, or fax number for notification, if available,
- The subject of the request.
If someone else is making the application on behalf of the personal data owner, a special power of attorney issued by the personal data owner authorizing the representative must be submitted to MAGNUS along with the information listed above.
Requests submitted to MAGNUS in a valid manner will be processed within a maximum of 30 (thirty) days. In cases where it is necessary to verify whether the applicant is the personal data owner, MAGNUS may ask the personal data owner questions regarding their application.
### IX. DATA CONTROLLER AND REPRESENTATIVE
Data Controller: FUTURASTIC LTD.
Contact: info@magnusapp.tech
### X. UPDATES AND ENFORCEMENT
MAGNUS reserves the right to amend this text. This Information Text is dated 01.04.2022, and in case