Updated Date: 5 May 2023
The objective of Herogram (also referred to as "the Company") is to manage personal data of its users in accordance with standard privacy principles and pertinent data protection regulations, including the Personal Data Protection Law No. 6698 (PDP Law) and other applicable legislation. If you have already shared or plan to share your personal information with our Company, or if we have acquired it through external sources, we may process it as the "Data Controller".
Our Company aims to process your personal data with due care and in compliance with this objective, we will undertake appropriate actions to ensure the accuracy and timeliness of the personal information shared or reported to us. These measures may include recording, storing, preserving, reorganizing, and sharing the data with authorized institutions as required by law. Additionally, we may transfer, classify, and disclose the data to third parties within or outside the country, in accordance with relevant legislation and your explicit consent if necessary. It is important to note that the personal information may also be subject to other processing methods and procedures as outlined by the legislation.
Please note that capitalized terms used in this Policy have the same meaning as specified in the Terms and Conditions, unless defined separately in this Policy.
As part of our services, Herogram collects and uses certain personal data of its users. This includes order information when making an in-app purchase, as well as the Identifier for Advertisers (IDFA), Identifier for Vendors/Developers (IDVF), and Internet Protocol Address (IP Address) associated with the mobile device used to access our services.
|Data security measures for processing personal information
|The following information may be collected by Herogram in connection with your use of our services: internet traffic data (network movements, IP address, visit data, time and date information), device name, in-app purchase history, Token ID (if notifications are allowed through your device), Identifier for Advertisers (IDFA) designated on your mobile device (if you have given permission), and Identifier for Vendors/Developers (IDVF) designated on your mobile device.
|Customer data associated with transactions
We may collect the aforementioned data directly from you, through electronic or physical mediums, your mobile device, third-party applications, or third-party sources that you can access our application through (such as Apple App Store and Google Play App Store). The purpose of this data collection includes compliance with legal obligations, improving our services, administering your use of our services, and enabling you to easily navigate and enjoy our services.
We may also collect log data generated while you use our services or applications (through our products or third-party products). This log data may include your device's Internet Protocol (IP) address, device name, operating system version, the configuration of the app when utilizing our service/application, the time/date of your use of the service/application, and other relevant statistics.
We will process your personal data in compliance with applicable laws and regulations, as well as articles 5 and 6 of the PDP Law. Such processing will be carried out through automated or non-automated means, provided that it is expressly permitted by laws, necessary for the performance of a contract, or for the legitimate interests of Herogram, with your fundamental rights and freedoms being protected.
Following the above-mentioned general conditions, we process your personal data for the following purposes:
Furthermore, the reasons for processing personal data are subject to change according to our responsibilities under relevant laws and corporate policies. These include but are not limited to:
Ask Brain2 App (Ask Brain2) may contain links to third-party websites and applications whose content is not controlled by Herogram. These linked websites may have different terms and conditions than Herogram, and as such, Herogram cannot be held responsible for the use or disclosure of information that these websites may process. Additionally, Herogram will not be responsible for any links from other sites provided to Ask Brain2, which is owned by Herogram.
We collect information in a fair and lawful manner with your knowledge and consent, and we will inform you of the reason for collecting your data and how it will be used. Please note that you have the right to refuse our request for this information. However, this may impact our ability to provide you with some of the services you desire.
Cookies are small text files that are placed on your computer or mobile device's browser or hard drive when you visit a webpage or application. They enhance the browsing experience by allowing websites to function more smoothly and display tailored web pages that meet your specific needs and preferences. Cookies do not collect any personal information or files from your device; they only record information about your online website visit history.
Most internet browsers are set to accept cookies by default. However, cookie management varies from browser to browser. You can find more information on how to manage cookies by referring to the help menu of your browser or program.
Herogram's mobile applications may occasionally send you push messages about updates or service alerts. You can modify or opt-out of these notifications at any time through your device's settings. We will retain your data for as long as required by applicable laws or until the processing is no longer necessary. In certain circumstances, we may continue to store your personal data even after its intended purpose has expired, but only if required by other laws or with your explicit consent. If you give consent for us to store your personal data for additional time, we will promptly delete, destroy, or anonymize it when that time expires or when the processing purpose is no longer relevant.
Herogram will keep the personal data it handles in accordance with applicable laws for as long as it is necessary to fulfill the processing requirements. Herogram is committed to taking all necessary administrative and technical measures and exercising appropriate care to ensure the security, privacy, and confidentiality of personal data. To prevent unauthorized access, disclosure, alteration, or destruction of data, Herogram takes necessary precautions. As a result, the following technical and administrative safeguards are implemented by Herogram for the personal data it processes:
Herogram installs anti-virus applications on all computers and servers within its information technology infrastructure, which are periodically updated.
The servers hosted in Herogram's data center and disaster recovery centers are safeguarded by periodically updated software-loaded firewalls. The relevant next-generation firewalls manage the internet connections of all staff and provide protection against viruses and other similar threats during this process.
Herogram allows suppliers to access its servers or systems through SSL-VPN, which is defined on Firewalls. A unique SSL-VPN identification has been created for each supplier, allowing them to access only the systems they are authorized to use.
User access: Herogram limits the access of its employees to its systems based on their job descriptions. If there is any change in their authority or duties, the system authorizations are updated accordingly.
Information security threat and event management: Herogram transfers the events occurring on its servers and firewalls to the "Information Security Threat and Event Management" system. The responsible staff is alerted through this system in case of any security threat and can respond immediately.
Encryption: Herogram stores sensitive data with cryptographic methods and transfers it through encrypted environments as required. The cryptographic keys are stored in secure and diverse environments.
Herogram securely logs all transaction records related to sensitive data.
Two-factor authentication: Access to sensitive data through remote means requires at least two-factor authentication.
Penetration testing: Herogram periodically conducts penetration tests on its servers. The security gaps identified are promptly addressed, and verification tests are performed to ensure the identified gaps are closed. Additionally, the Information Security Threat and Event Management System automatically performs penetration tests, with results recorded.
Information Security Management System (ISMS): The director of information technology and the director of financial operations audit the topics contained in the control forum during monthly ISMS meetings.
Moreover, regular training is provided to Herogram employees to enhance awareness of various information security violations and to reduce the impact of the human factor in information violation incidents.
Physical data security: Sensitive data stored on paper is secured in lockers and accessed only by authorized personnel. Adequate security measures are taken to protect against situations such as electric leakage, fire, deluge, and theft, based on the nature of the environment where sensitive data is stored.
Backup: Herogram periodically backs up the data it stores, using backup facilities provided by cloud infrastructure providers or developing its own backup solutions when necessary, provided that they comply with relevant legislation and this Policy.
Non-disclosure agreement: Employees involved in processing sensitive personal data are required to sign non-disclosure agreements.
When transferring sensitive personal data, Herogram uses encrypted corporate email or Registered E-mail.
Herogram promptly informs users and the relevant data protection authority, if needed, and takes appropriate measures if personal data is compromised due to an attack on Ask Brain2 or the Herogram system, despite Herogram having implemented necessary information security measures. This also includes instances where personal data is accessed by unauthorized third parties.
compliance with articles 8 and 9 of the PDP Law, which define the procedures and principles to be observed during personal data transfer, suppliers are permitted to transfer personal and special categories of data to third parties both domestically and internationally. This is due to the use of servers and cloud computing systems located outside of the country.
Personal data may be transferred abroad for the following reasons:
Herogram reserves the right to transfer your personal data to our Company's service providers, as well as third-party entities such as Facebook SDK, Adjust, and Firebase Analytics, which are integrated into our service. This may be done for the following purposes:
In accordance with Article 11 of the PDP Law, you, as the data subject, have certain rights regarding your personal data. You may exercise these rights by contacting Herogram and requesting the following:
In situations where the General Data Protection Regulation (GDPR) is applicable, data subjects possess certain rights. These rights include:
In order to make a request related to your personal data, you must be authorized and provide proper documentation if you are acting on behalf of someone else. The application must also include your identity and address information and supporting documents. To file a request, you can use the "Data Subject Application Form" provided by our company at [email protected]. We will finalize your request within a maximum of 30 (thirty) days, depending on its nature, free of charge, in accordance with Article 13 of the PDP Law. If your request is rejected, we will provide the reason(s) for the rejection in writing or electronically, along with its justification.
If you believe that our company or anyone we have transferred your data to is violating your rights, you have the right to file a complaint to the data protection authority in your country or other competent supervisory authorities.
|Herogram FZ LLC
|Dubai, United Arab Emirates