Privacy & Security Policy

1. Data Controller Information

The data controller for your personal data under this Privacy Policy is:

[YOURSIZER Company Name/Title] [Your Address] [Your Email Address] [Your Phone Number]
If you have any questions or concerns about your privacy, please do not hesitate to contact us using the contact information above.

2. Personal Data We Collect and Purposes of Processing

To provide and improve our Services, we collect various types of personal data. The data we collect and our purposes for processing it are described below:

2.1. Data You Directly Provide

• Account Registration Information: When you register or create an account with our Service, we collect information such as your name, surname, email address, age, and gender.
  Purpose: To manage your account, communicate with you, personalize the Service, and offer you tailored services.
• Body Measurements: We collect specific body measurements such as height, leg length, waist circumference, and shoulder width. This data is considered "biometric data" as it allows us to uniquely distinguish your personal body shape.
  Purpose: To create your personalized 3D body avatar, provide you with accurate size recommendations through these avatars, and improve our algorithms. Explicit consent is required for the processing of this data.
• Payment Information: If you make a paid transaction through our Service, we collect your payment information (e.g., the last four digits of your credit card, billing address). Full payment information is processed and stored directly by our payment service provider; we do not have full access to this information.
  Purpose: To facilitate billing and payment transactions.
• Coummnication and Support Information : We collect information you provide when you contact us or submit a support request.
  Purpose: To respond to your inquiries, provide support, and improve our service quality.

2.2. Derived Data

• 3D Body Avatars: Your digital 3D body avatars created using the body measurements you provide. These avatars are unique digital representations resulting from the processing of your biometric data.
  Purpose: To provide you with personalized size recommendations, enable the core functionality of the Service, and conduct anonymized/aggregated research and algorithmic improvement.
• Size Recommendations: Size recommendations provided to you as a result of comparing your 3D avatars with brand size data.
  Purpose: To personalize your online shopping experience and help you choose the correct size.

As YOURSIZER's core function is a recommendation system, our privacy policy is committed to being highly transparent about how user body data and avatars are analyzed to generate recommendations, what inferences might be drawn (e.g., body shape types), and how this data is used beyond immediate recommendations (e.g., as aggregated data for statistical analysis). Transparency will be enhanced by a high-level explanation of the algorithms or methods used for size recommendation (without revealing our proprietary secrets), increasing user trust by addressing concerns related to "profiling."

2.3 Automatically Collected Data (Usage Data and Cookies)

When you use our Service, certain information is collected automatically:

• Device and Connection Information: We collect information such as your IP address, browser type and version, device type, operating system, language preferences, and date/time stamps of your access to our Service.
  Purpose: To ensure the technical operation of the Service, enhance security, improve user experience, and analyze Service performance.
• Usage Data: Information about how you interact with our Service, such as pages visited, time spent, items clicked, and your preferences within the Service.
  Purpose: To improve the functionality and usability of the Service, understand user behavior, and personalize the Service.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies (e.g., web beacons) on our website and Service. Cookies are small text files stored on your device.
  Purpose: To remember your preferences, maintain your session, analyze Service performance, provide personalized content, and measure the effectiveness of our advertising campaigns. For more information about our cookie policy, please refer to the "Cookie Policy" section below.

3. Our Legal Bases for Processing Personal Data

We process your personal data based on the following legal bases:

• Explicit Consent: We obtain your explicit and informed consent, especially for the processing of your biometric data, such as your body measurements and 3D avatars. We may also obtain separate consent for additional uses, such as marketing communications. You have the right to withdraw your consent at any time.
• Performance of a Contract: We process your personal data that is necessary to provide our Service to you (e.g., creating your account, generating your 3D avatar, and providing size recommendations).
• Legal Obligation: We may process your personal data to comply with legal obligations (e.g., tax and accounting requirements) or respond to legal requests.
• Legitimate Interests: We may process your personal data based on our legitimate interests, such as improving our Service, ensuring security, preventing fraud, personalizing the user experience, and conducting our business operations. In such cases, we balance your interests and rights against our legitimate interests.
• Establishment, Exercise, or Defense of Legal Claims: We may process your personal data to establish, exercise, or defend our legal rights.

4. Data Sharing and Third Parties

We may share your personal data with third parties in the following situations and for the following purposes:

• Service Providers: We may share your data with third-party service providers who help us deliver our Service (e.g., cloud hosting, data analytics, payment processing, customer support, email delivery). These providers are obligated to process your data only on our behalf and in accordance with our instructions.
• Brands and Retailers: To provide you with size recommendations, your 3D avatar data and related measurements may be shared with our brand and retailer partners in an anonymized or pseudonymized form for comparison with brand size data. This sharing is essential for the core functionality of the Service.
• Legal Obligations and Security: We may disclose your personal data if required by law, court order, or official request, or to protect our rights, property, or safety.
• Business Transfers: In the event that our Company, or a portion of it, is involved in a business transfer such as a merger, acquisition, or asset sale, your personal data may be transferred to the relevant third party.
• With Your Explicit Consent: We may share your personal data with other third parties with your explicit consent.

Your personal data will not be sold or rented to third parties without your explicit permission. We emphasize that all agreements with third parties will ensure compliance with data protection standards.

5. International Data Transfers

Your personal data may be processed and stored on servers or with third-party service providers located outside your country (e.g., outside the European Economic Area). Data protection laws in these countries may differ from the laws in your own country.

When transferring your personal data outside of Turkey, we implement adequate safeguards in accordance with applicable data protection laws, such as the Personal Data Protection Law (KVKK) of Turkey and the European Union General Data Protection Regulation (GDPR). These safeguards may include:

• Explicit Consent: Obtaining your explicit consent for the data transfer.
• Standard Contractual Clauses (SCCs): Using contractual clauses approved by the European Commission that require data recipients to provide adequate data protection safeguards.
• Binding Corporate Rules (BCRs): Implementing these rules if we have a group company structure.
• Written Undertaking and Board Approval: For countries that do not provide adequate protection under KVKK, obtaining a written undertaking and permission from the KVKK Board.

We adhere to the latest legal requirements and best practices for international data transfers to ensure the security of your data. We particularly consider evolving regulations, such as the new U.S. Department of Justice rule that includes a definition of "sensitive personal data" and can apply even to anonymized/pseudonymized data, and we meticulously review the data processing practices of all our third-party service providers.

6. Data Retention and Deletion

We retain your personal data for as long as necessary for the purposes for which it was collected or for as long as required to fulfill our legal obligations. Retention periods vary depending on the type of data, the purpose of processing, and relevant legal requirements.

• Your account information is retained as long as your account is active.
• Your body measurements and 3D avatars are retained as long as you continue to use the Service and as long as necessary to provide you with personalized recommendations.
• We may retain data for longer periods where required by our legal obligations (e.g., for tax records).

When your data is no longer needed or upon request, it is securely deleted or anonymized. Anonymization is the process of transforming data so that it can no longer identify you, and such data is no longer considered personal data.

7. Cookie Policy

We use the following types of cookies on our website and Service:

• Strictly Necessary Cookies: Essential for the basic functionality of the website. Without these, the Service may not function properly.
• Performance Cookies: Collect anonymous information about how the website is used (e.g., pages visited, error messages). These cookies help us improve our Service.
• Functional Cookies: Remember your preferences (e.g., language selection, avatar settings) and provide you with a more personalized experience.
• Targeting/Advertising Cookies: Used to deliver advertisements more relevant to your interests.

When you first visit our website, you can manage your cookie preferences through a cookie consent mechanism. You can also manage or disable cookies through your browser settings. However, please note that disabling strictly necessary cookies may affect the functionality of certain parts of the Service.

8. Your Data Subject Rights

You have the following rights regarding your personal data:

• Right to Information: The right to obtain information about which of your personal data is being processed, why it is being processed, and with whom it is shared.
• Right of Access: The right to request a copy of your personal data that we process.
• Right to Rectification: The right to request the correction of inaccurate or incomplete personal data. This right is particularly important for data that can be updated, such as your body measurements.
• Right to Erasure ("Right to Be Forgotten"): The right to request the deletion of your personal data under certain conditions (e.g., when the purpose of processing ceases or when you withdraw your consent).
• Right to Restriction of Processing: The right to request the restriction of processing of your personal data in certain circumstances.
• Right to Data Portability (under GDPR): The right to receive the data you have provided in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller.
• Right to Object: The right to object to processing based on our legitimate interests or for direct marketing purposes.
• Right Not to Be Subject to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. While YOURSIZER's size recommendations are generated automatically, these recommendations are merely advisory and do not produce "legal effects" on you.

To exercise these rights, please contact us using the contact information provided at the beginning of this Privacy Policy. We will respond to your requests in accordance with applicable laws. We may need to verify your identity to fulfill your requests.

9. Security Measures

We implement appropriate technical and organizational measures to ensure the security of your personal data. These measures include:

• Encryption: Encrypting sensitive data (including biometric data) both at rest and in transit.
• Access Controls: Implementing role-based access control (RBAC) and multi-factor authentication (MFA) to limit access to sensitive data to authorized personnel only.
• Secure Storage: Storing biometric data in cloud systems using cryptographic methods and storing derived data in a way that prevents the re-extraction of the original biometric feature.
• Regular System Testing: Conducting periodic internal and external audits and tests to identify security vulnerabilities and ensure compliance.
• Personnel Training: Providing regular training to all employees who process personal data on data protection and security best practices.
• Data Breach Response Plan: Establishing procedures to respond quickly and effectively in the event of a data breach, and promptly notifying relevant authorities (e.g., the KVKK Board within 72 hours) and affected data subjects.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. If we make any significant changes, we will notify you by posting the updated policy on our website or by email. Changes to the policy will be effective as of the date they are published. Please review this policy regularly to stay informed of updates.

10. Contact Information

For any questions, suggestions, or requests regarding this policy or your data, please contact us at contact@yoursizer.com.