Skip to content

Privacy Policy

Version: ENG.01  |  Last Update: 14 August 2024

1. Definitions and Interpretations

1.1 Definitions

Terms with initial capital letters have meanings assigned in the Owner's General Terms, unless stated otherwise.

General Terms available at: www.myturn.me/terms-and-conditions

1.2 Interpretations

References to "third party" or "third parties" mean any party other than the Owner or Data Subjects. Gender usage includes all genders; plural includes singular and vice versa. Section headings are for clarity only and don't affect interpretation.

2. Subject of the Privacy Policy

2.1 Objectives

The Owner respects privacy of existing/potential Application Users, partners, investors, and website/Application visitors ("Data Subjects").

This Privacy Policy informs Data Subjects about data processing activities per Data Protection Law and Applicable Laws.

2.2 Purpose

The Privacy Policy provides:

  • General information about personal data processing of Data Subjects; and
  • Establishes a mechanism for Data Subjects to contact the Owner regarding personal data access and management.

Specifically, it addresses:

  • Manner of collecting and processing personal data;
  • Rights and obligations of entities involved; and
  • Obligations regarding collection, processing, and storage.

3. Data Subject Rights

3.1.1 Exercisable Rights

Right to access personal data: Data Subjects may access processed data and processing actions. Upon written request, after identity verification, the Owner provides information within 15 days regarding whether personal data is being processed.

Right to withdraw consent: Data Subjects may withdraw consent for processing where data collection is solely consent-based. Prior processing remains valid.

Right to rectification and supplementation: Data Subjects may request correction or supplementation of personal data.

Right to erasure of personal data: Data Subjects may request data deletion.

Right to restriction of processing: Data Subjects may request limited processing when accuracy, legality, or necessity is doubtful, or when objecting to processing.

Right to data portability: Data Subjects receive personal data in "structured, commonly used, and machine-readable format." The Owner transfers data directly to third parties if requested and technically feasible.

Right to object: Data Subjects may object to Owner's data processing actions or decisions.

Right to unsubscribe from marketing: Application Users may opt out of marketing communications.

3.1.2 Minors' Rights

When Data Subjects are minors (Children), Parents or legal guardians exercise these rights.

3.1.3 Exercise of Rights

Data Subjects exercise rights free of charge anytime by contacting the responsible data processing officer.

3.1.4 Violation Complaints

Data Subjects believing the Owner violates Personal Data Protection Act or their rights may contact the responsible data processing officer anytime.

3.1.5 Limitations

Exercise of certain rights may be legally or technically impossible (e.g., requesting data deletion while continuing Application use).

3.2 Controller of Personal Data

3.2.1 Identity

Data controller is the Owner: Društvo sa ograničenom odgovornošću "MyTurn" Podgorica, established per Montenegro law, registered in Podgorica at Bulevar Svetog Petra Cetinjskog 104, registration no: 51200505, TIN: 03624293.

3.2.2 Protection Measures

The Owner provides technical, personnel, and organizational measures protecting personal data during collection and processing, preventing loss, destruction, unauthorized access, alteration, disclosure, and misuse.

3.2.3 Data Sharing

Per Applicable Laws, the Owner shares Data Subjects' personal data with affiliated entities and partner organizations facilitating service provision, rewards, and promotional offers.

3.2.4 Record Keeping

The Owner maintains records of personal data collections. Before establishing automated collection, notification goes to the Agency for Personal Data Protection and Free Access to Information. Notice is provided for significant processing changes.

3.2.5 Data Processors

The Owner may entrust processing tasks to data processors via written agreements. Processors must meet technical, personnel, and organizational protection requirements per Law on Personal Data Protection and Applicable Laws.

4. Processing and Storage of Personal Data

4.1 Purpose of Personal Data Processing

4.1.1 Processing Purposes

The Owner processes personal data for:

  • Legal purposes;
  • Contractual purposes;
  • Security purposes;
  • Statistical and research purposes;
  • Marketing and commercial purposes; and
  • Non-marketing purposes.

4.2 Legal Base

4.2.1 Legal Processing Grounds

The Owner processes personal data for:

  • Detecting and investigating fraud and potential criminal activities against the Application and Users;
  • Complying with Applicable Laws requiring data retention; and
  • Filing/defending legal actions.

4.2.2 Data Usage Rights

The Owner may use all data from Data Subjects or resulting from their Application activities for:

  • Filing/defending claims and legal actions; and
  • Managing incidents arising from Application use.

4.3 Contractual Purposes

4.3.1 Contractual Processing

The Owner processes personal data to:

  • Enable Application use;
  • Provide services and features;
  • Facilitate incentives and rewards;
  • Enable filters and algorithms for full potential and smooth operation;
  • Enhance user experience;
  • Facilitate communication, data exchange, notifications, and documentation; and
  • Provide technical support.

4.4 Security Purposes

4.4.1 Security Processing

The Owner processes personal data to:

  • Prevent and detect malicious and unsafe activities against Application operation, Owner, Users, or third parties, by collecting device, location, and Account data; and
  • Detect/track activities constituting criminal offenses for sharing with competent state authorities per Applicable Laws.

4.5 Statistical and Research Purposes

4.5.1 Statistical Processing

The Owner processes personal data to:

  • Analyze behavioral patterns, preferences, and habits of Application Users; and
  • Enhance user experience.

4.6 Marketing and Commercial Purposes

4.6.1 Marketing Processing

The Owner processes personal data to:

  • Conduct marketing, communication, research, and development;
  • Analyze and research Application improvement based on user experience data;
  • Create and offer promotions; and
  • Use materials Data Subjects post on social media mentioning the Owner or Application.

4.7 Non-Marketing Purposes

4.7.1 Non-Marketing Processing

The Owner processes personal data for:

  • Sending notifications about incidents, technical disruptions, or Application interruptions;
  • Sending notifications about recommended Tasks or Rewards by age; and
  • Sending notifications about General Terms, Cookies Policy, Privacy Policy, and other relevant documentation changes.

4.7.2 Push Notifications

The Owner uses push notifications on Application User mobile devices for non-marketing notifications about household Tasks and Rewards management.

Users disabling push notifications won't receive notifications about Task assignments, progress updates, or Rewards for Child activities.

4.8 Types of Personal Data

4.8.1 Data Sources

The Owner stores data provided directly and indirectly by Data Subjects.

4.8.2 Direct Data

(i) Registration data include information provided during Registration.

(ii) User Account data include all information provided while setting up User Account or subsequently published.

(iii) Additional data include additional information (especially photographs) published or used on the Application.

(iv) Data about previous communication include all information provided through Communication Channels.

(v) Data about conversations include transcripts and recordings generated during Communication Channel use, stored to guarantee and improve Application quality.

(vi) Communication data represent data arising from communication between Application Users using Application communication tools.

4.8.3 Indirect Data

(i) Data resulting from Application use encompass all data arising from Application User interaction with the Application.

(ii) Data about applications and devices include all data about devices and applications Users use, including:

  • IP address;
  • Information about computer, tablet, or mobile phone such as internet connection, browser type/version, operating system, and device type;
  • Entire URL character sequence with date and time;
  • Phone/computer data including feedback/comments; and
  • Preferred settings.

(iii) User-originated data are data arising when Data Subjects arrive at the Application via external sources like links from other websites or social media.

(iv) Data resulting from managing operation issues arise when Application Users contact the Owner to resolve technical or other issues via Communication Channels.

(v) Data resulting from cookies refer to data arising from Owner's own cookies and third-party cookies related to the Application.

(vi) Data resulting from third parties include:

  • Personal data third parties authorized by Application Users share with the Owner (e.g., from Google LLC, Meta Platforms, Inc); and
  • Personal data Application Users or third parties share through social media or similar methods.

4.9 Children Data

4.9.1 Data Minimization

The Owner adheres to data minimization principles, collecting only personal data necessary for functionality and Application enhancement.

4.9.2 Parental Consent

Children data is collected from Parents or legal guardians providing verifiable parental consent for data processing.

4.9.3 Children Data Collected

Data collected from Parents/legal guardians regarding Children includes:

(i) Name and surname or nickname used for account creation;

(ii) Date of birth primarily used for task, reward, and incentive recommendations appropriate to Child age; and

(iii) Gender primarily used for collecting statistical data.

4.9.4 Data Provision and Encryption

The Owner receives specified data from Parents/legal guardians during Child User Account setup. All Children data is encrypted.

4.9.5 Profile Pictures

Parents/legal guardians may discretionarily include or exclude a Child's profile picture when setting up User Account. Pictures can be added or removed later through Application User Account settings.

4.9.6 Task Verification Pictures

When Parents/legal guardians request Child pictures for Task completion verification, pictures are automatically deleted immediately after Parent/legal guardian verification.

4.9.7 Information Access

Upon request, Parents/legal guardians are informed about specific Children data types collected, usage, and how to review or request deletion of provided information.

4.9.8 Consent Requirement

The Owner seeks verifiable parental consent before collecting any Child personal information.

4.10 Data Recipients

4.10.1 Third-Party Obligations

All commercial partners, technicians, suppliers, or independent third parties with whom the Owner shares personal data are contractually bound to handle data per the Privacy Policy and Applicable Laws requirements.

4.10.2 No Unauthorized Disclosure

The Owner won't disclose personal data to third parties not complying with specified instructions. No notice implies selling, renting, sharing, or disclosing Application User personal data for commercial purposes.

4.10.3 Data Recipients

Personal data may be shared with:

  • Owner employees and associates;
  • Affiliated entities or partner organizations;
  • Relevant government authorities;
  • Call centers and customer service providers;
  • Third parties providing incident and risk management services;
  • Insurers and insurance agents; and
  • Entities conducting satisfaction surveys.

4.10.3.1 Disclosure Conditions

Personal data disclosure requires:

  • Necessity/advisability for Application smooth operation;
  • Explicit Data Subject consent;
  • Competent government authority requirements; or
  • Applicable Laws provisions.

4.10.3.2 Record Maintenance

The Owner keeps records of:

  • Third parties or data users;
  • Data type and scope provided;
  • Provision purpose;
  • Legal basis; and
  • Usage duration.

Records are maintained for 10 years, then deleted.

4.11 Data Retention Period

4.11.1 Retention Duration

The Owner retains data strictly necessary to achieve the given purpose.

4.11.2 Post-Purpose Handling

After achieving processing purpose, the Owner stores and protects personal data per mandatory retention periods under Applicable Laws, if existing. Otherwise, personal data is destroyed immediately upon purpose achievement.

4.12 Transfer of Data to Other Countries and International Organizations

4.12.1 International Transfers

The Owner may transfer personal data outside Montenegro and European Economic Area borders. Before sending, the Owner ensures recipients meet minimum security standards per Applicable Laws.

4.12.2 Third-Party Collection

Third parties may only collect, process, or use data per contracts with the Owner.

4.12.3 Export Records

The Owner keeps records of personal data containing export information from Montenegro, indicating destination countries, international organizations, or foreign data users.

4.13 Classification of Application Users

4.13.1 User Classification

The Owner may classify Application Users into categories based on collected personal data.

4.13.2 Classification Purpose

Classifications are used solely to improve user experience and Application functioning.

5. Miscellaneous

5.1 Amendments and Supplements

5.1.1 Amendment Rights

The Owner reserves the right to periodically change (partially or entirely) and update the Privacy Policy.

5.1.2 Amendment Notification

The Owner notifies Data Subjects of Privacy Policy changes and amendments per Applicable Laws.

5.1.3 Implied Consent

Application use after Privacy Policy updates constitutes consent to changes and amendments, to the extent permitted by Applicable Laws.

5.2 Contact Information

5.2.1 Contact Details

Questions or concerns regarding the Privacy Policy, data collection and processing methods should be addressed to:

Name and surname: Ivana Gazivoda
Address: Bulevar Svetog Petra Cetinjskog 104, 81000 Podgorica, Montenegro
E-mail: contact@myturn.me