4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

4.1 Consent

We process your data when you have given clear, specific, and informed consent for specific purposes.

4.2 Contract Performance

We process your data to provide the services you have requested and to fulfill our contractual obligations.

4.3 Legitimate Interests

We process your data for our legitimate business interests, including:

• Improving our services and user experience

• Preventing fraud and ensuring security

• Marketing and business development (with opt-out rights)

• Network and system administration

4.4 Legal Obligations

We process your data to comply with applicable laws, regulations, and legal processes.

5. How We Use Your Information

We use your information for the following purposes:

5.1 Service Provision

• To provide and maintain our networking platform

• To process your registration and manage your account

• To enable networking features and connections

• To facilitate club and event management

• To provide customer support and technical assistance

5.2 Communication

• To send you service-related notifications

• To respond to your inquiries and support requests

• To send important updates about our service

• To provide networking opportunities and recommendations

5.3 Improvement and Analytics

• To analyze usage patterns and improve our service

• To develop new features and functionality

• To conduct research and analytics

• To optimize app performance and user experience

5.4 Security and Compliance

• To prevent fraud, abuse, and security threats

• To ensure compliance with applicable laws

• To enforce our Terms of Service

• To protect our rights and the rights of our users

5.5 Marketing (with consent)

• To send promotional communications (with opt-out rights)

• To provide personalized content and recommendations

• To conduct marketing research and analysis

6. Data Sharing and Disclosure

6.1 With Other Users

• Profile information you choose to share

• Contact information (based on your privacy settings)

• Club and event participation (as part of networking features)

6.2 With Service Providers

We share data with trusted third-party service providers who assist us in:

• Cloud hosting and infrastructure (Google Cloud Platform)

• Analytics and monitoring services

• Payment processing

• Customer support tools

• Email and communication services

All service providers are bound by strict confidentiality agreements and data protection obligations.

6.3 Legal Requirements

We may disclose your information when required by law, including:

• To comply with legal processes or government requests

• To protect our rights, property, or safety

• To investigate potential violations of our Terms of Service

• To prevent fraud or security threats

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to the same privacy protections.

6.5 Aggregated Data

We may share aggregated, anonymized, or de-identified data for research, analytics, or business purposes that does not identify individual users.

7. Data Security

We implement comprehensive technical and organizational security measures to protect your personal data:

7.1 Technical Measures

• Encryption of data in transit and at rest

• Secure authentication and access controls

• Regular security assessments and penetration testing

• Firewall and intrusion detection systems

• Secure development practices and code reviews

7.2 Organizational Measures

• Employee training on data protection

• Access controls and role-based permissions

• Regular security audits and compliance reviews

• Incident response procedures

• Data breach notification protocols

7.3 Data Retention

We retain your personal data only as long as necessary to:

• Provide our services

• Comply with legal obligations

• Resolve disputes

• Enforce agreements

• Maintain business records

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data, subject to legal obligations and legitimate interests.

8.4 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format and transfer it to another controller.

8.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

You have the right to withdraw consent at any time where processing is based on consent.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)

• Adequacy decisions by the European Commission

• Binding corporate rules

• Other appropriate safeguards

10. Cookies and Tracking Technologies

10.1 Types of Cookies

We use the following types of cookies:

• Essential Cookies: Required for basic functionality

• Analytics Cookies: To understand usage patterns

• Functional Cookies: To remember preferences

• Marketing Cookies: For personalized content (with consent)

10.2 Cookie Management

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect service functionality.

11. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours

• Notify affected users without undue delay

• Provide information about the breach and mitigation measures

• Take immediate steps to contain and remediate the breach

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website

• Sending email notifications

• Displaying in-app notifications

• Updating the "Last Updated" date

Continued use of our Service after changes constitutes acceptance of the updated policy.

14. Contact Information

For questions, concerns, or to exercise your rights regarding this Privacy Policy, please contact us:

info@getsociocap.com

EU Representative: [If required under GDPR Article 27]

15. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority. For EU users, you can find your authority at: https://edpb.europa.eu/about-edpb/board/members_en

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Republic of Türkiye, without regard to conflict of law principles.