1. How We Collect Personal Data

What personal data we collect depends largely on the interaction that takes place between you and MaiNext, most of which can be categorized under the following:

• When you use MaiNext Service or interact with an entity that uses MaiNext. When you use MaiNext, we store all the content you provide, including information related to you as a customer or an end user of the Service. We gather this information from you directly when you enter it, or from integrations that you linked to the Service (WhatsApp, Meta, etc.). When you ask us to sign agreements or other documents, we also receive data about you and your representatives. In some cases, we can receive information from third parties, e.g. from a payment service provider on whether your payment was successful.
• When you join our communities. When you join our social media groups or accounts, we can see data in your profile and process comments you posted in our groups.
• When you use the Site. When you use the Site, we collect certain information, as described in more detail below that may, alone or in combination with other information, constitute personal data (e.g. cookie files).
• When you submit forms on the Site or participate in our events. When you complete forms on the Site (contact us, subscription, demo request, event registration, etc.) we collect your contact details and information you complete in the form. If we arrange joint events together with our partners, we can receive information from our partners.
• When you send us emails or message us. When we receive emails or messages from you in the chat, we can store the content of such emails, attachments as well as your contact details.

2. What Types of Personal Data We Process

We collect and process the following personal data:

• Customer Content. As you use our Service or interact with our Service, you may import into our system personal data you have collected from your users, customers, prospective customers, messaging platform contacts (collectively "Subscribers") or other individuals. Customer Content also includes any "User Generated Content," as defined in our Terms of Service. We process this data only on your behalf as our customer. You are responsible for making sure you have the appropriate permission and legal basis for us to collect and process information about those individuals and that you have informed those individuals about the collection of personal data by the Service.
• Website cookies and similar technologies. We use cookie technology on the Site. See details in our cookie practices.
• Usage data, logs and other technical data. When you interact with the Service, metadata and log data are collected automatically. Log data may include the Internet Protocol (IP) address, your browser type and settings, the date and time you used the Service, information about browser configuration plugins, language preferences, the pages or features which you browsed, time spent on those pages or features, the frequency of pages and functions use, the links clicked on or used. If you use the Service from your phone, this may also include the type of device, operating system, device settings and device identifiers.
• Requests, messages and submitted forms details. We receive and process your messages, support requests, emails and information you share with us via online forms or social media accounts. This includes the content of such communications as well as your contact details if any.
• Contact details and business data. We receive information about our customers and potential customers for cooperation and communication purposes. This includes full name, title, company, email or other contact details as may be necessary.
• Financial information. To process your payments for the Service subscription, we need your credit card details (last four digits of the card number), account details and payment information.
• Customer account details. To create or update your account and provide the Service we collect from you and third-party integrations (e.g. WhatsApp, Meta) information about you, as a customer or end-user of the Service. This includes id, name, email, status, linked pages and accounts, products in use, location, etc.

We ask that you not send or disclose to us any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, data regarding health or sexual life, criminal background, union membership) on or through the Service or otherwise.

3. For Which Purposes We Use Personal Data

We collect and process your personal data for the following purposes:

• For compliance and safety. We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Service; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
• To negotiate, enter and perform agreements. We have to collect and process information about our counterparties and their representatives to negotiate and enter into legally valid agreements and cooperate with them.
• To comply with law. We use your personal data as necessary to comply with applicable laws, including sanction requirements, accounting and tax obligations, legal processes or audits, to respond to subpoenas or legally binding requests from government authorities.
• To conduct events and communicate with you. We use your personal data, which you provided while registering for the event, to send you reminders about the event, communications related to the event and MaiNext-related services. In all such communications, we provide the possibility to opt-out.
• To communicate with you and inform you about the Service. If you request information from us, register for the Service, complete a form or feedback on a Site, or participate in our surveys, promotions or events, we may send you MaiNext-related marketing communications if permitted by law. In all such communications, we will provide you with the possibility to opt-out.
• To provide the Service. We process Customer Content information on your behalf as a customer.
• To operate the Service. We use data to enter into the agreement with you as a customer and operate, maintain and administer your account in the Service, as well as to communicate with you regarding the account (sending announcements, technical notices, updates, security alerts, and support and administrative messages) and to respond to Service-related requests, questions and feedback. We also use your data to perform our billing obligations.

4. How We Share Personal Data

We do not sell your data to third parties for commercial or advertising purposes. We share your data as described in this Privacy Policy or upon obtaining your consent for such data sharing.

We disclose personal data to third parties under the following circumstances:

• Corporate Affiliates. We may share personal data with our corporate affiliates.
• Compliance with Laws and Law Enforcement. We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes; (b) enforce the terms and conditions that govern the Service; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
• Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.
• Third-party Applications and Integrations. For the provision of the Service we receive and share data with integrations and apps linked by customers (WhatsApp, Meta, Stripe, PayPal, etc.).
• Professional Advisors. We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
• Service Providers. We employ third-party companies and individuals to help us with performance of certain activities, e.g. payment service providers. We also use third-party software to process data (e.g. CRM, email agent, cloud storage solutions, etc.). These third parties are permitted to use personal data about you only to perform these tasks for lawful business purposes and for no other purpose.

5. Your Data Protection Rights & Choices

You, including any data subject that has its personal data processed by us in our capacity of data controller, may have the following rights depending on the applicable legislation in your jurisdiction:

• You have the right to complain to a data protection authority about our collection and use of your personal data.
• You have the right to obtain additional information about international transfers of your Personal Data.
• You have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.
• If you are in the EEA, the UK, Turkey or Switzerland, and provided we have collected and processed your personal data under your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
• If you are in the European Economic Area ("EEA"), the UK, Turkey or Switzerland, you can object to processing of your personal data, ask us to restrict processing of your personal data processed with consent, or request portability of your personal data where it is technically possible.
• You have the right to request information about data sharing and with whom it is shared.
• You can contact us to update, correct incomplete, inaccurate, or outdated data or delete information in your account.
• If you wish to confirm the existence of processing of your personal data or access your personal data that we collect, you can do so at any time by contacting us.

You may submit your request via our contact form or by sending an email to hello@muyki.com. We will respond to all requests in accordance with applicable data protection laws.

Access to Data Controlled by our Customers. We don't have any direct contractual relationships with customers' Subscribers. An individual who seeks access, or who seeks to correct, amend, or delete personal data processed in the Service by our customers is advised to initially direct their request to the Customer directly.

6. For How Long We Retain Personal Data

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or otherwise processed, and in accordance with applicable laws and legitimate business requirements.

For example, we will retain and process personal data within the Service until you terminate the Agreement with us, or your user account is terminated either at your explicit request or due to prolonged inactivity, as set forth in our Terms of Service. Once your account is deleted or deactivated, we will securely delete or anonymise your personal data, unless a longer retention period is required by law or necessary to establish, exercise, or defend legal claims.

We may also store some data during a retention period required by law or timeframe necessary to resolve disputes, prevent abuse, and enforce our agreements.

7. International Data Transfers

We implement preventive and protective controls for international data transfers, including the use of Standard Contractual Clauses (SCCs) approved by competent authorities such as the European Commission or other relevant regulatory bodies and, where applicable, other contractual or organisational safeguards that ensure an adequate level of data protection.

In all such cases, we take steps to ensure that personal data receives a level of protection consistent with applicable data protection laws. We collect and use your personal data as described herein and in accordance with the data protection laws of the countries in which we have facilities or in which we engage service providers, which may be different and may be less protective than those in your country.

In the event that transfers to non-adequate jurisdictions are necessary, we will take reasonable steps to ensure that the information is processed with the same level of security. These steps include but are not limited to standard contractual clauses approved by the data privacy supervisory authority located in your jurisdiction, specific contractual clauses and global corporate standards.

8. Children's Information

We believe it is important to provide added protection for children online. We encourage parents and guardians to spend time online with their children to observe, participate in, and/or monitor, and guide their online activity. The Site and/or the Service are not intended for use by anyone under the age of 18, nor do we knowingly collect or solicit personal data from anyone under the age of 18.

If you are under 18, you may not attempt to register for the Service or send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we confirm that we have collected personal data from someone under the age of 18 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 18 and believe that we might have any information from or about such a child, please contact us. We do not sell any Personal Data of our customers, including those aged between 13 and 18.

9. Security

We take reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data.

While we make every effort to store personal data collected through the Site and the Service in a secure, access-controlled environment, please note that no system or transmission of data over the internet can be guaranteed to be 100% secure. Accordingly, although we strive to protect the integrity and confidentiality of personal data, we cannot absolutely ensure or warrant its security against unauthorised access, use, or disclosure.

The credit card processing vendor we work with uses security measures to protect your information both during the transaction and after it is complete.

Notice of Breach of Security. In the event of a security incident that results in unauthorised access to personal data and is likely to result in a risk to your rights and freedoms, we will notify you without undue delay after becoming aware of the breach. We will also provide information about the nature of the breach, measures taken to mitigate its effects, and actions implemented to prevent recurrence.

If you have any questions about the security of your personal data, you may contact us by email at hello@muyki.com.

10. Legal Basis for Processing Your Personal Data (EEA, UK, Turkey Visitors/Customers Only)

If you are a person located in the EEA, the UK or Turkey, our legal basis for collecting and using the personal data described above will depend on the purpose of processing and personal data concerned.

We process data based on our legitimate interest in the following cases: for compliance and safety; to conduct events; to communicate with you and inform about our Service.

If we ask you to provide personal data to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).

You are not obliged to provide your personal data to us. However, if we need personal data in order to enter and perform the contract with you and you do not provide this data, we may not be able to perform the contract we have or are trying to enter into with you.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, you may contact us by email at hello@muyki.com.

11. For California Residents

If you are a resident of California, California Civil Code Section 1798.83 permits you to request information regarding how we disclosed your personal data to third parties for such parties' direct marketing purposes during the preceding calendar year. To request the above information, please contact us at hello@muyki.com. We will respond to such requests for information access within 30 days following receipt.

California Data Protection Laws (California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020) give you the following specific rights as a California resident:

• Requests to Know. You have the right to request that we disclose the specific pieces of personal data collected, the categories of personal data sold or shared (if any), the business or commercial purposes for selling, sharing or collecting personal data, the categories of sources from which we have collected personal data, and the categories of personal data we have collected about you.
• Requests to Delete. You have the right to request that we delete any personal data about you that we have collected. Upon receiving a verified request to delete personal data, we will do so unless otherwise required or authorized by law.
• Right to Non-Discrimination. You have the right not to be discriminated against for the exercise of your California privacy rights.

You may submit a request via our contact form or by email at hello@muyki.com. Upon receipt of a request, we may ask you for additional information to verify your identity. We will acknowledge the receipt of your request within ten (10) business days of receipt. Subject to our ability to verify your identity, we will respond to your request within 45 calendar days of receipt.

12. Changes to Our Privacy Policy

We may need to change this Privacy Policy from time to time to reflect legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you before its entry into force, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by data protection laws applicable to us.

You can see when this Privacy Policy was last updated by checking the "EFFECTIVE DATE" displayed at the top of this Privacy Policy. The new Privacy Policy will apply to all current and past users of the website and will replace any prior notices that are inconsistent with it.

13. How to Contact Us

If you require any more information or have any questions about our privacy policy, please feel free to contact us:

Muyki Teknoloji Anonim Şirketi
Esentepe Mh, Talatpaşa Cd, No: 5/1, Kolektif House, Şişli, İstanbul, 34394, Turkey
Tax Office (Vergi Dairesi): Zincirlikuyu
Tax Number (Vergi Numarası): 6269762442
Phone: +90 212 909 8950
Email: hello@muyki.com (general) / law@muyki.com (legal)

Or via our contact form.