Personal Data Protection and Privacy Policy (PDF)Personal Data Protection Application Form(PDF)
In accordance with Law No. 6698 on the Protection of Personal Data (“Law”), published in the Official Gazette dated 07/04/2016 and numbered 29677, Mars Sportif Tesisler İşletmeciliği A.Ş. (“Mars Sportif”), in order to fulfill its obligation of disclosure arising from Article 10 of the Law, presents the following matters for the information and examination by its members and customers along with this Clarification Text.

This Clarification Text applies to all visitors (“Visitors”) who use Mars Sportif’s website(s) (“Site”) and Mars Sportif’s services, as well as all persons who request to benefit from our Company’s services by approving the Mars Sportif Membership and Subscription Agreement, Distance Sales Agreement, and Preliminary Information Form (“Members”, “Customers”) and all personal data thus provided to our Company.

Apart from this Clarification Text, hereby, you can access Mars Sportif’s Personal Data Protection and Privacy Policy from our website page and obtain detailed information on the subject.

1.  Clarification by Data Controller

Your name, surname, date of birth, TR Identity Number (Passport Number for non-TR Citizens), mobile phone number, e-mail address, gender, address data that you have shared during membership, if connected to your social media accounts, information which you have approved to be shared through social media channels, your personal data contained in identification documents such as ID, passport, driver’s license, in cases where identification is required, and your club entry and exit information during the membership period, are stored and processed by our Company as the data controller.
 
Our company attaches importance to your privacy and protection of your personal data while providing Mobile Application services; in accordance with the Law, your personal data obtained/to be obtained by our Company under the title Data Controller or data shared or to be shared with our Company by you; will only be processed by the Company within the scope described below and in the manner stipulated in the Law.

2.  The Method of Collecting And Processing Your Personal Data

Your personal data may be collected verbally, in writing or electronically in accordance with the Law through channels such as our Company’s websites, social media accounts, mobile applications, branches/clubs, sales and marketing units, customer forms, channels such as digital marketing, contracts, applications, forms, offers, cookies used in “website” visits.
 
Furthermore, as described further below, camera recordings are made at our Company’s gyms for security purposes, and these recordings are retained only temporarily.
 
Your personal data collected in writing, verbally or electronically by our Company and our branches/clubs, affiliated companies or through websites on behalf of our Company as the data controller, under the law and other legislation, can be recorded, stored, retained, preserved, changed in the ways stipulated in the Law; can be shared due to legal  justifications, due to law or in line with the requirements of the services provided by our Company with other persons deemed appropriate and/or with third party legal and/or real persons domestically and/or outside of Turkey, can be processed, including transferring it abroad.

3.  Purposes and Legal Reasons for the Processing Your Personal Data

Our Company, as Data Controller, stores and processes your personal data based on the legal grounds that “explicitly stipulated in the Laws” pursuant to Article 5/2a of the Law; and “processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract” pursuant to Article 5/2c. . In this context, to carry out subscription/membership and distance sales transactions;
 
Are processed and preserved until notified by you and until the legal period and justifications expire based on the legal grounds that “explicitly stipulated in the Laws” pursuant Consumer Protection Law No. 6502, Regulation on Distance Contracts and Regulation on Subscription Contracts; in order to carry out the invoice process and accounting transactions within the framework of the consumer relationship between the parties in accordance with the Tax Procedure Law No. 213 and the Turkish Commercial Code No. 6102
 
In addition, your personal data, are processed and preserved until notified by you and until the legal period and justifications expire based on the legal grounds “processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract” pursuant to Article 5/2c; In order to ensure the uninterrupted continuity and efficiency of the membership and membership relationship, to inform about changes, renewals and similar issues that may occur in club and membership conditions; and/or with the purpose of creating and arranging a member’s personal account, managing membership transactions through the personal account since it is directly related to the execution or performance of the subscription/membership and distance sales contract and collection transactions to be made within this scope;
 
Besides, if approval has been given within the scope of the Law on the Regulation of Electronic Commerce No. 6563, within the scope of this law, personal data is processed and preserved until notified by you and until the legal period and justifications expire by Mars Sportif as Data Controller to inform the members, customers and members about campaigns and opportunities, or to offer prices, marketing, other opportunities, offers and information regarding the service, to communicate effectively with members and customers or to control the systems on which services are provided and to develop these systems, to prevent the illegal use of services;
 
At the same time, your personal data is processed and stored by our Company until you are notified and the legal period and reasons expire in accordance with Article 5/2.e of the Law in order to use the selected membership type and the rights, benefits and advantages provided within the scope of this membership type.
 
You can find detailed information concerning the legal grounds that “explicitly stipulated in the Laws” pursuant to Article 5/2.a of the Law and “processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract” pursuant to Article 5/2c of the Law from the Personal Data Protection and Privacy Policy set out below.

4. Persons and/or Organizations to Which Your Personal Data Can Be Transferred

Within the scope of the Law, for the purposes specified in the Law and this Clarification Text; persons/organizations to whom your personal data that you share with the Company can be transferred are;
 
All kinds of official authorities and institutions, the Company’s shareholders and direct/indirect domestic/foreign subsidiaries, software program-service partner individuals and organizations that the Company receives services from/cooperates with to carry out its activities, banks for collection purposes and/or authorized institutions to make collections, and domestic/foreign organizations working to carry out activities related to these purposes; other relevant third party companies and persons who will provide rights, benefits and advantages to the member within the scope of the membership type selected by the member.

5.  Usage of Apple Health Kit and Google Health Connect from MAC+

Apple Health Kit
 
We use the HealthKit framework from Apple (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”), which provides a central storage location for health and fitness data on the iPhone or Apple Watch and – with the express consent of the user – allows apps to communicate with the HealthKit store in order to access and share these data.
If you activate the HealthKit framework in your iPhone’s or Apple Watch settings, MAC+ is able to send, with your approval, certain information, such as the calories burned by the activity, route (walking and running), as well as your workouts (start and end of training [date], training duration, type of training, indoor or outdoor) to Apple, so that you can track and display your health and fitness activity.

Only with your explicit consent, MAC+ will also process additional training information and fitness activities from third-party providers. If you have given us your consent, we will process your heart rate and workout information (workout start and end [date], workout duration, type of workout, indoor or outdoor, cadence) obtained through the HealthKit framework.

We use your health and fitness data to provide you with personalized insights, to track and display your progress, and to help you achieve your fitness goals. MAC+ will not use the information obtained through the use of the HealthKit framework for advertising or similar services. We do not store your data on our servers; we only process the data that Apple HealthKit provides us to display the relevant data. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

New data attributes can be added to the HealthKit framework, which are then displayed in the product and must be approved. You can prevent Apple from accessing your data at any time, and thus prevent it from being shared, by changing your mobile device settings. You can find more information about HealthKit here.

Google Health Connect

We use Google Health Connect from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; “Google”), which provides a central storage location for health and fitness data on your Android phone and – with the express consent of the user – allows apps to communicate with Google Health Connect in order to access and share these data.

If you activate the Google Health Connect in your device settings, MAC+ is able to send, with your approval, certain information, such as the calories burned by the activity, route (walking and running), as well as your workouts (start and end of training [date], training duration, type of training, indoor or outdoor) to Google Health Connect, so that you can track and display your health and fitness activity.

Only with your explicit consent, MAC+ will also process additional training information and fitness activities from third-party providers. If you have given us your consent, we will process your heart rate and workout information (workout start and end [date], workout duration, type of workout, indoor or outdoor, cadence) obtained through Google Health Connect.
We use your health and fitness data to provide you with personalized insights, to track and display your progress, and to help you achieve your fitness goals. MAC+ will not use the information obtained from Google Health Connect for advertising or similar services. We do not store your data on our servers; we only process the data that Google Health Connect provides us to display the relevant data. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

New data attributes can be added to Google Health Connect, which are then displayed in the product and must be approved. The use of information received from Google Health Connect will adhere to the Google Health Connect Permissions policy, including the Limited Use requirements.
You can prevent Google from accessing your data at any time, and thus prevent it from being shared, by changing your mobile device settings. You can find more information about Google Health Connect here.

6.  Information About Security Cameras

With the exception of dressing rooms and restrooms, security cameras in areas determined by our firm in our clubs to ensure security make video recordings.
 
According to Article 5 of the Law, the personal data in question is processed automatically on the legal grounds of “it is necessary for compliance with a legal obligation to which the data controller is subject” and “processing of data is necessary for the legitimate interests pursued by the data controller provided that this processing does not violate the fundamental rights and freedoms of the data subject.” In compliance with applicable legislation, these personal data may be transferred to judicial authorities or competent law enforcement agencies upon request. These data are not otherwise transferred or shared with any third parties by our Company. These data are stored for a period of no more than one month, depending on the hard disk capacity of the relevant club, and will be deleted at the conclusion of this period due to the overwriting of existing images as long as any official authority or law enforcement agency has not requested them.
 
The processing of this personal data is carried out automatically based on the legal grounds outlined in Article 5 of the Law, which include “being necessary for the data controller to fulfill its legal obligations” and “being necessary for the data controller’s legitimate interests, provided that it does not harm the data subject’s fundamental rights and freedoms.”
 
On request, these personal data may be shared to judicial authorities or appropriate law enforcement agencies in line with applicable legislation. Our organization does not transfer or share this information with third parties in any other way. These data are stored for a maximum of one month, depending on the hard disk capacity of the relevant club, and are then deleted.

7.   Circumstances where the Company may process Your Personal Data without your explicit consent under the Law

Pursuant to Article 5 of the Law, the Company may process the above-mentioned personal data that it has received in accordance with the law, without your explicit consent, in the following cases:
 
·       In cases where it is expressly stipulated in the laws,
·       In cases when it is necessary to process your personal data for the protection of your or someone else’s life or physical integrity such as when as the data owner you are unable to express your consent due to actual impossibility, or in cases where your consent is not legally valid,
·       In case it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
·       If it is necessary for the Company to fulfill a legal obligations,
·       If your personal data has been made public by you,
·       If data processing is necessary for the establishment, exercise or protection of a right,
·       In case data processing is necessary for the Company’s legitimate interests, provided that it does not cause harms to your fundamental rights and freedoms.

8.  What Are Your Rights Under the Law?

By applying to our Company in accordance with Article 11 of the Law you have rights;
a.     to learn whether your personal data is processed or not,
b.     to request information if your personal data has been processed,
c.     to learn the purpose of processing your personal data and whether they are used in accordance with the purpose,
d.     to know the third parties to whom your personal data is transferred, in the country or abroad,
e.     to request correction of your personal data if it is incomplete or incorrectly processed,
f.      to request the erasure or destruction of your personal data within the framework of the conditions stipulated in Article 7 of the Law,
g.     to request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom your personal data has been transferred,
h.     to object to the processing, exclusively by automatic means, of your personal data, which leads to an unfavorable consequence for the data subject,
i.      to request the compensation of the damage in case you suffer damage due to the unlawful processing of your personal data,
 
As of the effective date if the regulation that is as of 07/10/2016, it is possible to exercise your rights under this article and your requests for updating and changing your personal data, through a notary public and/or by personally applying to the company headquarters, provided that the identity verification has been made.
 
In addition, after the other methods to be determined by the Board are announced, the Company will announce how the applications will be received through these methods. The Company will conclude your request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the requested transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by us within the scope of Article 13 of the Law.

MARS SPORTİF TESİSLER İŞLETMECİLİĞİ A.Ş.

Beşiktaş Vergi Dairesi Vergi Kimlik No: 6120525594
Mersis No: 0612052559400010
Dereboyu Cad. Ambarlıdere Yolu No: 4 Kat: 1 Ortaköy Beşiktaş/İstanbul
Telefon no: 0212 970 19 00