1. Data Processing

Pursuant to the applicable personal data protection legislation (“Applicable Law”), personal data of end-users benefiting from the services provided via the cloud-based web application (“Application”) (“End User(s)”) shall be processed by Witwiser (“Company”) within the scope of the purposes and conditions specified in this Privacy Policy. Company may act as a data controller or as a data processor depending on the use of Application and on the Applicable Law. This Privacy Policy shall apply to all data processing activities conducted by the Company acting as a data controller.

If the End User is below the age of 15, Company highly recommends End User’s parents/legal guardians to read this Privacy Policy and contact the Company for any clarification with respect to protection of child End User’s personal data.

Company does not guarantee the compliance of the relevant customer which acts as a data controller with respect to the specific End User (“Customer”) with the Applicable Law and shall not be collectively liable with the Customer within this scope.

Company carefully processes and protects End Users’ personal data and maintains technical and administrative security measures. Company shall notify affected End Users and Customer of a data security breach without unreasonable delay and in compliance with the Applicable Law.

2. The Purposes of the Processing of Personal Data

End Users’ personal data shall be processed with the following purposes (“Purposes”) within the scope of the provision of Company’s services and use of the Application, within the personal data processing conditions indicated in the Applicable Law.

• Recording log data during the use of the Application,
• Saving and transmitting the recording of End Users’ use of the Application to the Customer,
• Gathering and transmitting Application usage data to the Customer,
• Administering and improving Company’s Application and services and protecting the integrity of the Application,
• Responding to lawful requests by public authorities and authorized private entities,

Company retains End Users’ personal data for as long as necessary to; (i) perform the services; (ii) perform the contract executed with the Company, (iii) comply with legal requirements.

3. The Recipients and the Purposes of the Transfer of Personal Data

End Users’ personal data; within the scope of the provision of Company’s services and use of the Application, in line with the abovementioned Purposes, may be transferred to Customer, Company’s service providers, statutory authorities and legally authorized private persons in accordance with the Applicable Law.

4. The Method and Legal Reason of the Collection of Personal Data

End Users’ personal data are collected by the Company, within the scope of the provision of Company’s services where necessary to perform a contract, where doing so is in our legitimate interests or if required by law, in the electronic environment through Application where the personal data is provided directly by the End Users them-selves, by the relevant customer acting as the data controller with respect to the specific End User, browser extension and/or via cookies.

5. End Users’ Rights as the Data Subject

End Users as the data subjects have the following rights:

• To learn whether personal data is processed,
• If processed, to request related information,
• To learn the purposes of the personal data processing activities and whether they have been used accordingly,
• To learn which third parties domestic or abroad personal data has been transferred to,
• To demand correction in case personal data has been processed deficiently or in a wrong way and to demand operations in this regard be reported to third parties personal data has been transferred to,
• To demand the erasure or annihilation of personal data in case the reasons necessitating the processing have disappeared even though it was processed in accordance with the Applicable Law and other relevant provisions and to demand the operations in this regard be reported to third parties personal data has been transferred to,
• To object in case outcomes to the detriment of End-User occur from the analysis of the personal data solely via automated systems,
• To demand indemnification in case of suffering damages occurring from the unlawful processing of personal data.

End Users can convey their applications concerning above-listed rights to their Institution. Depending on the nature of the requests, applications will be concluded at the soonest time possible and in accordance with the Applicable Law.

Company may update this Privacy Policy from time to time.