Codeway Dijital Hizmetler Anonim Şirketi
Privacy Policy and Personal Data Text
“TypeAI”
Update Date: 8 May 2023
1. Objective
Codeway Dijital Hizmetler Anonim Şirketi (“Codeway” or “Company”), aims to process the
personal data of users in accordance with general principles of privacy and the provisions of
the applicable data protection legislation to the relevant person, particularly Law on Personal
Data Protection No. 6698, (“PDP Law”) and other applicable legislation.
Your personal data, which you provided/will provide to our Company and/or obtained by our
Company by any external means, may be processed by our Company as “Data Controller”;
In the context of the objective of processing your personal data and in connection
with this purpose, in a limited and measured manner,
By maintaining the accuracy and up-to-date version of the personal data as reported
or notified to our Company,
May be recorded, stored, preserved, reorganized and be transferred to the institutions
authorized to request such personal data by law and shall be transferred, classified
and shared with third parties within the country or abroad under the conditions
stipulated by legislation and upon your explicit consent if necessary, and they may be
processed by other means listed under the legislation and be subject to other
procedures set forth in the legislation.
This Privacy Policy is adopted for the continuance and improvement of the activities carried
out by Codeway in line with the principles set forth in the PDP Law.
This Privacy Policy describes which data we collect, how we intend to use, store, protect and
share the data we collect, how you can withdraw your consent for the processing of these
data and how you can correct and revise the data.
Capitalized terms in this Policy shall have the meanings specified in the Terms and
Conditions unless defined separately in this Policy.
2. Collection of Personal Data and Method
Codeway may process your personal data for the purposes specified in this Privacy Policy.
The personal data of users collected and used by Codeway in particular, are as follows: your
name and surname, e-mail address and phone number which we will receive once you
contact Codeway, your order information if you make a purchase through in-app purchase,
text which you have uploaded or transmitted to TypeAI application (TypeAI or TypeAI App)
and identifier for advertisers designated in your mobile device used in accessing our services
(The Identifier for Advertisers-IDFA), identifier for vendors/developers designated your mobile
device (The Identifier for Vendors-IDVF) and Internet Protocol Address-IP Address. We
collect your username, password and e-mail address information only when you sign up to
Keyboard and become a member through Registration.
Data Categories and Data Typesa
Identity Information
Name and surname
Contact Information
Phone number, e-mail address
1
We may collect your abovementioned data directly from you through electronic or physical
mediums, your mobile device, third party applications or third party sources which you can
access our application through these mediums such as Apple App Store, Google Play App
Store (similar platforms together with “App Stores”), for the purposes of compliance with legal
obligations, enhancing our services, administering your use of our services, as well as
enabling you to enjoy and easily navigate our services.
We may collect your log data generated while you are using our services/applications
(through our products or third party products). This log data may include information such as
your device’s Internet Protocol (“IP”) address, device name, operating system version, the
configuration of the app when utilizing our service/application, the time/date of your use of
the service/application, and other statistics.
General Principles Regarding Personal Data Processing
In accordance with this Privacy Policy, personal data are processed by Codeway as a data
controller in line with the basic principles named here: (i) being in accordance with law and
good faith, (ii) being accurate and, where necessary, up-to-date, (iii) being processed for
specific, explicit and legitimate purposes, (iv) being limited for the purpose for which they are
processed and data minimization; and (v) being stored for the period stipulated in the
relevant legislation or required for the purpose for which they are processed.
3. Purposes of Processing Personal Data and Legal Reasons
Your personal data will be processed via automatic or non-automatic means for the purposes
stated below, in accordance with the applicable legislation and articles 5 and 6 of the PDP
Law where it is expressly permitted by the laws, the establishment of a contract or direct
relation to the execution or performance of the contract and for the legitimate interests of
Codeway provided that your fundamental rights and freedoms are protected.
a) Purposes of Processing Personal Data
Process Security
Internet traffic data (network movements, IP
address, visit data, time and date
information), device name, In-app purchase
history, Token ID (when you allow
notifications through your device), identifier
for advertisers designated in your mobile
device used in accessing our services (if you
give a permission, the Identifier for
Advertisers-IDFA), identifier for vendors/
developers designated your mobile device
(The Identifier for Vendors-IDVF)
User content
The texts, words, information, phrases,
entries, material and any kind of data that
you provide, upload, transmit, create, store,
use, edit or share with or through TypeAI
and/or with or through keyboard extension of
TypeAI.
Customer Transaction
Order information
Marketing Data
IDFA, IDVF
2
In accordance with this text, your personal data is processed for the following purposes in
accordance with the above general conditions:
Besides, the purposes of processing personal data may be updated in line with our
obligations arising from our company policies and legislation; in particular,
Creating user accounts for the service recipients/application users,
Customizing our Services, understanding our users and their preferences to enhance
user experience and enjoyment using our Services and improve our users’
experience,
Informing about new products, services and applications and delivering you
information regarding advertisements and promotions,
Carrying out a digital subscription and in-app purchase processes of service
recipients,
Carrying out the auto-renewable subscriptions for giving users access to content,
services, or premium features in our service,
Carrying out the processes of information security,
Conducting activities in accordance with legislation,
Fulfilling the demands of competent authorities,
Conducting the processes of finance and accounting transactions,
Identity Information
Contact Information
execution of activities in compliance with legislation
execution of company/product/service commitment
operations
execution of communication activities
execution/auditing of business activities
conducting after-sales support services for goods/
services
execution of goods/services sales processes
conducting storage and archive activities
execution of agreement processes
Process Security
execution of information security processes
conducting audit/ethical activities
execution/audit of business activities
conducting activities to ensure business continuity
providing information to authorized persons,
institutions and organizations
Customer Transaction
execution/auditing of business activities
conducting after-sales support services for goods/
services
execution of goods/services sales processes
conducting activities for customer satisfaction
execution of agreement processes
User Content
operation of our product, e.g., to display writing
suggestions
execution of activities in compliance with legislation
execution of agreement processes
conducting storage and archive activities
execution/auditing of business activities
conducting activities to ensure business continuity
execution of activities for customer satisfaction
Marketing Data
conducting marketing analysis studies
execution of advertising/campaign/promotion
processes
3
Conducting communication activities,
Conducting the processes of contracts,
Carrying out strategic planning activities,
Following up requests and complaints.
b) Legal Reasons
Third Party Websites and Applications
TypeAI; may contain links to other websites or apps that are unknown to Codeway and
whose content is not controlled. These linked websites or apps may contain terms and
conditions other than Codeway texts. Codeway cannot be held responsible for the use or
disclosure of information that these websites or apps may process. Likewise, Codeway shall
not have any responsibility for any links from other sites or apps provided to TypeAI owned
by Codeway.
We collect information by fair and lawful means, with your knowledge and consent. We also
let you know why we’re collecting it and how it will be used. You are free to refuse our
request for this information, with the understanding that we may be unable to provide you
with some of your desired services without it.
While using the TypeAI App, you may provide information through third party websites and
apps to Codeway, please be aware that your liability and obligations against third party apps
Identity Information
Contact Information
Customer Transaction
It is necessary to process your personal data, provided
that we establish a contractual relationship with you, or
that it is directly related to our performance obligation
arising from this contract
We have to process data in order to establish a right
for you, to exercise and protect this right
User Content
It is necessary to process your personal data, provided
that we establish a contractual relationship with you, or
that it is directly related to our performance obligation
arising from this contract
We have to process data in order to establish a right
for you, to exercise and protect this right
Processing is necessary for our legitimate interests,
provided that your fundamental rights and freedoms of
are not harmed
Process Security
The law explicitly stipulates the process by which we
process your personal data
Conditions that are necessary in order to fulfill our
legal obligation
It is necessary to process your personal data, provided
that we establish a contractual relationship with you, or
that it is directly related to our performance obligation
arising from this contract
Marketing Data
Your explicit consent (acquired via Apple and/or
Google)
4
5
VPN. Suppliers can access Codeway servers or systems through SSL-VPN defined on
Firewalls. A separate SSL-VPN identification has been made for each supplier; with the
identification made, the supplier only provides access to the systems that it should use or is
authorized to use.
User identifications. Codeway employees' authorization to Codeway systems is limited only
to the extent necessary by job descriptions; in case of any change of authority or duty,
systemic authorizations are also updated.
Information security threat and event management. Events that occur on Codeway
servers and firewalls, are transferred to the “Information Security Threat and Event
Management” system. This system alerts the responsible staff when a security threat occurs
and allows them to respond immediately to the threat.
Encryption. Sensitive data is stored with cryptographic methods and if required, transferred
through environments encrypted with cryptographic methods and cryptographic keys are
stored in secure and various environments.
Logging. All transaction records regarding sensitive data are securely logged.
Two-factor authentication. Remote access to sensitive data is allowed through at least two-
factor authentication.
Penetration test. Periodically, penetration tests are performed on servers in the Codeway
system. The security gaps created as a result of this test are closed and a verification test is
performed to show that the relevant security gaps have been closed. Besides, Information
Security Threat and Event Management System automatically performs penetration tests.
Test results are recorded.
Information Security Management System (ISMS). At the ISMS meetings made within
Codeway, the topics contained in the control forum are audited monthly by the director of
information technology and the director of financial operations.
Training. In order to increase the awareness of Codeway employees against various
information security violations and to minimize the impact of the human factor in information
violation incidents, trainings are provided to employees at regular intervals.
Physical data security. It ensures that personal data on papers is necessarily stored in
lockers and accessed only by authorized persons. Adequate security measures (for
situations such as electric leakage, fire, deluge, thievery etc.) are taken based on the nature
of the environment where sensitive data is stored.
Backup. Codeway periodically backs up the data it stores. As a backup mechanism, it uses
the backup facilities provided by the cloud infrastructure providers, as well as the backup
solutions it develops when deemed necessary, provided that it is in compliance with relevant
legislation and provisions of this Policy.
Non-disclosure agreement. Non-disclosure agreements are concluded with employees
taking part in sensitive personal data processing.
Transfer of sensitive personal data. If transfer of sensitive personal data is required
through email; such transfer is done through (i) encrypted corporate email or (ii) Registered
E-mail.
In the event that the personal data is damaged as a result of attacks on TypeAI or on the
Codeway system, despite Codeway taking the necessary information security measures, or
6
the personal data is obtained by unauthorized third parties, Codeway notifies this situation to
Users immediately and, if necessary, to relevant data protection authority and takes
necessary measures.
4. Transferring Personal Data to Third Parties
The procedures and principles to be applied for transferring of personal data are regulated in
articles 8 and 9 of the PDP Law, and the personal and special categories of data of the
supplier may be transferred to third parties within the country or abroad since we may use
servers and cloud systems located abroad.
Your personal data may be transferred abroad for the following reasons:
Conducting storage and archive activities
Conducting business activities
Conducting after-sales support services for goods/services
Managing customer relationship management processes
Codeway may also transfer your personal data to services providers of our Company, third
parties such as Facebook SDK, Adjust and Firebase Analytics which are embedded into our
service for the following purposes:
Sharing identity, communication and transaction security information with authorized
public institutions and organizations for the purpose of execution of activities in
compliance with legislation, monitor and execution of legal affairs, informing
authorized persons, institutions and organizations.
Sharing identity and contact information to manage after-sales support services,
conduct business activities and manage customer relationship management
processes.
5. Your Rights as the Data Subject
Pursuant to Article 11 of the PDP Law, you may request the following regarding your personal
data by applying to Codeway:
Learn whether or not your personal data have been processed;
Demand for information as to if your personal data have been processed;
Learn the purpose of the processing of personal data and whether data are used in
accordance with their purpose;
Know the third parties in the country or abroad to whom your personal data have
been transferred;
In case the personal data is processed incompletely or inaccurately; requesting
notification of the transactions made under this scope to third parties to whom
personal data have been transferred;
Request deletion, destruction or anonymization of personal data if the reasons for the
processing have disappeared and request notification of the transactions made under
this scope to third parties to whom personal data have been transferred;
Object to occurrence of any result that is to your detriment by means of the analysis
of personal data exclusively through automated systems;
Request compensation for the damages in case you incur damages due to unlawful
processing of your personal data.
Where General Data Protection Regulation (GDPR) is applicable, data subjects have the
following rights:
7
Right of access - Learning whether personal data is being processed and, if so,
accessing your personal data and the information regarding the processing of your
personal data,
Right to correction -To request the correction of information that you believe is
inaccurate or the completion of information that you believe is incomplete by
Codeway,
Right to delete To request deletion of personal data under the conditions stipulated
in GDPR,
The right to restrict processing - To request the restriction of the processing of
personal data under the conditions stipulated in the GDPR,
Right to object to processing - To object to the processing of personal data under the
conditions stipulated in the GDPR,
Right to data portability - To request the data collected by Codeway to be transferred
directly to another organization or under certain conditions,
Objection to the occurrence of a result against the person himself/herself, by
analyzing the processed data exclusively through automatic systems, including
profiling.
In the application that includes your explanations about the right you have as the data
subject and exercise your rights stated above and that you request to exercise; your request
must be explicit and understandable, if the subject of your request is related to you or if you
are acting on behalf of someone else, you must be specially authorized in this regard and
your authority must be documented, the application must contain identity and address
information and documents proving your identity must be attached to the application. Our
Company will enable you to file such requests through the “Data Subject Application Form”
at support@codeway.co. In accordance with Article 13 of the PDP Law, our Company will
finalize your requests, free of charge, within 30 (thirty) days at the latest depending on the
nature of the request. In case the request is rejected, the reason or reasons for the rejection
will be notified in writing or electronically along with its justification.
If you believe that we or someone with whom we have transferred your data is violating your
rights, you can file a complaint to the data protection authority in your country and to other
competent supervisory authorities.
This Privacy Policy may be revised by our Company when deemed necessary. If you
continue to access TypeAI and use or access TypeAI without benefiting from the Services
offered by Codeway after the notification period, you shall be deemed to have allowed the
changes in this Privacy Policy.
Company Title:
Codeway Dijital Hizmetler Anonim Şirketi
Address:
Esentepe Mahallesi Büyükdere Cad. Ferko Apt. No: 175/141 Şişli/
İstanbul
E-mail:
support@codeway.co
Tel:
+90-212-807-0096
8