Privacy Policy

As XStudios, we are creating apps crafted in house, launched on our terms, and grown for success. As XStudios (“Company/We/Services”), we are committed to protecting your privacy and personal data. This Privacy Policy (“Policy”) explains how your personal information is collected, used, and processed by XStudios.

This Privacy Policy applies to our website www.xstudios.com.tr, its mobile version, official social media accounts and its associated subdomains (collectively, our “Service”) alongside our applications. By accessing or using our Service, you declare that you have read, understood, and agree to the processing of your personal information as described in this Privacy Policy.

By using XStudios or contacting us directly, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, you should not engage with our website, or use our services. Continued use of the website, direct engagement with us, or following the posting of changes to this Privacy Policy that do not significantly affect the use or disclosure of your personal information will mean that you accept those changes.

Although this Policy draws a broad framework for apps under XStudios, please review the policies and terms presented within the apps regarding the data collection and data protection. Personal data collected and processed and their purposes vary according to app features and are subject to different conditions.

Collection of Information and Processing Purposes

We may collect the following information and personal data when you access XStudios, or otherwise utilize (“use”) the Website, and/or the Services:

1) Information Automatically Collected

We automatically collect your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device type, country, location, information about when you use our platform. This information is primarily needed to maintain the security and operation of our platform, and for our internal analytics of visits, carrying out the activity in accordance with the legislation and technical data security.

2) Information Collected When You Contact Us

Once you contact us from the contact section, we receive your e-mail address and the information that you choose to voluntarily disclose. Please note that we require nothing more than an e-mail address, as this is necessary to respond to your request.

3) Updating Your Information

Your above-listed information is stored only for the legal period and proportionate to interest and is then anonymized. You may contact us in order to (1) update or correct your information, (2) change your preferences with respect to communications and other information you receive from us, or (3) receive a record of the information relating to you. Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion.

4) Transfer of Personal Data

None of your personal data collected by XStudios is sold, shared for commercial purposes, or disclosed to third parties in a scope not included in this policy. In cases where your personal data is transferred, adequate data security measures stipulated in the legislation are taken.

Your personal data may be shared with Xstudios' affiliates and group companies, public institutions and organizations legally authorized to obtain personal data, and legal and tax consultants. Personal data continues to be processed within the scope of its purpose even after the transfer.

For purposes of this Privacy Policy, "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by or is under common control with ScaleUp, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

Sale of Business

We reserve the right to transfer information to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of XStudios or any of its group companies to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, only when provided that the third party agrees to adhere to the terms of this Privacy Policy.

Governing Law

This Privacy Policy is governed by the laws of Turkey without regard to its conflict of laws provision. All disputes arising out of or in connection with the policy terms shall be finally settled by arbitration before ISTAC pursuant to the ISTAC Arbitration Rules. The language of the arbitration shall be English. Place of arbitration shall be İzmir/Türkiye. The applicable law to the merits of the dispute shall be Turkish law.

Links to Other Websites

The Services may contain links to other websites not operated or controlled by ScaleUp. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a third party link to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our platform, is subject to that website’s own terms and policies. Such third parties may use their own cookies or other methods to collect information about you.

Cookies

XStudios uses "Cookies" to identify your visits and the areas of our website that you have visited. A cookie is a small piece of data stored on your computer or mobile device by your web browser. We use technical and functional cookies to enhance the performance and functionality of our website. Please note that you can always disable cookies with your web browser. However, certain functionality may become unavailable in this case. Additionally, we use no targeting or marketing cookies on the website. The apps may have different terms and processing, thus you should review their own policies available on the app.

Kids' Privacy

Our services and apps are created for people above the age of 13. Please contact us if you are a parent or guardian, and you become aware that your child is using our services. We will take necessary steps to remove the data provided from our servers.

Changes To Our Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our services and legal requirements. We encourage you to review the Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data. If any changes require your consent, we will notify you and ask for your approval before proceeding.

Storage of Information

We are committed to ensuring that your personal data is stored securely and in compliance with applicable laws and regulations.

Retention Period: We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, and in accordance with the legal storage periods established by relevant regulations. Once the retention period has expired, we will take appropriate measures to securely dispose of or anonymize your data.

Access Control: Access to your personal data is restricted to authorized personnel who require this information to perform their job responsibilities. We implement strict access controls and security measures to safeguard your data from unauthorized access, use, or disclosure.

Data Destruction and Anonymization: When personal data is no longer necessary or the retention period has expired, we will either securely delete or destroy the data to prevent unauthorized access or retrieval, or we will anonymize the data. Anonymization involves processing the data in such a way that it can no longer be attributed to you, ensuring that it can be used for analytical or research purposes without compromising your privacy. Once data is anonymized, it is irreversibly altered and cannot be traced back to any individual.

Security Measures

We take the security of your personal data very seriously and implement measures to ensure protection as of the General Data Protection Regulation (GDPR). Our key principles include:

  • Safety Measures: Personal data is processed within the company only by authorized personnel, in a way that is not publicly accessible, and verification or additional confidentiality declarations required in processing special data categories if available.
  • Access Controls: Access to personal data is restricted to authorized personnel only, ensuring that only those who need to access your information can do so.
  • Regular Security Audits: We conduct regular audits and assessments of our security practices to identify and address potential vulnerabilities.
  • Data Minimization: We only collect and retain personal data that is necessary for the purposes specified.
  • Incident Response Plan: We have established an incident response plan to quickly address any potential data breaches or security incidents.

While we strive to maintain a secure digital environment, yet no digital environment can be fully secure, we encourage users to take their own precautions when accessing and using the app, including utilizing relevant antivirus software, implementing a secure firewall, accessing the app over a safe Wi-Fi connection, and ensuring that the device used to access the app is secure and up to date.

In the event of any potential data breach or security incident, users are encouraged to inform HubX immediately. We will analyze the situation to determine if there is a security problem and take necessary measures to mitigate any risks. Your security and privacy are our top priorities, and we are committed to maintaining adequate standards of data protection as required by relevant legislation.

Rights Under GDPR

The General Data Protection Regulation No. 2016/679 (GDPR) establishes a comprehensive framework for the protection of personal data within the European Union and the European Economic Area. Under GDPR, users have the following rights regarding their personal data as data subjects:

  • Right to Access: Obtain confirmation and access to personal data being processed.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data under certain conditions.
  • Right to Restrict Processing: Request limitation of data processing in specific situations.
  • Right to Data Portability: Receive personal data in a machine-readable format and transfer it to another controller.
  • Right to Object: Object to the processing of personal data, especially for direct marketing.
  • Rights Related to Automated Decision-Making: Not to be subject to decisions based solely on automated processing, unless certain conditions apply.

To exercise these rights, users must send an email or petition clearly stating the right they wish to enforce, along with their name and accurate contact details. A response will be provided within the legal time period.

Rights Under CCPA / CPRA

The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), give California residents the right to access, delete, and opt-out of the sale of their personal data. They also require businesses to be transparent about data collection and usage, while enhancing privacy protections and consumer control. Below are the rights listed:

  • Right to limit the use and disclosure of sensitive personal information collected,
  • Right to opt-out of the sale or sharing of your personal data,
  • Right to correct inaccurate personal information,
  • Right to know which personal information collected,
  • Right to be protected against discrimination for exercising privacy rights,
  • Right to request the deletion of your personal data.

Contact

This privacy policy constitutes the entire understanding between you and us regarding the collection, use, and protection of your personal data. If you have any questions or concerns regarding this policy or our data practices, please contact us:

Company: XStudios Bilisim Teknolojileri Reklamcilik Anonim Sirketi

Address: İnciraltı Mah. Mithatpaşa Cad. Morfoloji No: 56-20 İç Kapı No: Z Balçova / İzmir

E-mail: [email protected]