Cool ID – Mobile Application Terms of Use

1) Definitions and Scope

This agreement governs the use of the Cool ID mobile application and related web-based services provided by Cool NFC Bilgi Teknolojileri A.Ş. (“Cool ID”). By downloading, creating an account, or using the app, you accept these terms.

Definitions

  • User: A natural person accessing the app or a representative of a corporate user.
  • Enterprise Customer: A legal entity that has a commercial agreement with Cool ID.
  • Subscription Plan: A free or paid plan with defined features, term, and quotas.
  • Authorized User: A person granted access by the Enterprise Customer.

2) Scope of Services

Cool ID provides digital identity creation, network management, interaction measurement at events, analytics dashboards, integrations (e.g., CRM), and an admin console. White-label and custom domain support may be offered to enterprise customers.

3) License and Authorized Use

We grant you a limited, non-exclusive, non-transferable right to use the Services for your own use. Enterprise Customers are responsible for ensuring that their Authorized Users comply with these terms.

4) Account and Security

Keep your account information up to date. You are responsible for maintaining the confidentiality of your password. Notify us immediately if you suspect any unauthorized use.

5) Acceptable Use

Do not use the Services for spam, malware, harassment, IP infringement, illegal content, unauthorized sharing of personal data, unauthorized access, or overloading the service. Do not use third-party email lists without authorization. Collecting data from children under 13 is prohibited.

Examples of Prohibited Information: card data, government IDs, biometric data, sensitive health data, precise real-time location, passwords, export-controlled data.

6) Subscriptions, Fees, and Taxes

We may offer free and paid plans (Pro/Pro+). Paid plans are billed in advance and renew automatically at the end of the term. In-app purchases are subject to Apple App Store/Google Play terms. Overages may incur additional fees. Fees are non-refundable. Prices may change with notice. Applicable taxes are the user’s responsibility.

7) Integrations and Third Parties

The Services may connect to third-party products and sites. Those services are governed by their own terms. We are not responsible for their accuracy, availability, or security.

8) Privacy and Data Protection

Cool ID complies with KVKK and GDPR. We process personal data to deliver and improve the Service, provide security, and meet legal obligations. See our Privacy Policy and Data Processing Addendum (DPA) for details. Data may be processed and stored in Türkiye, the EU/EEA, or on secure servers elsewhere. Aggregated and anonymized data may be used to improve the product.

Data Subject Rights: You can submit requests for access, rectification, deletion, objection, restriction, or portability through the app or our support address.

9) Maintenance, Support, and Beta

We aim to respond to weekday support requests within a reasonable time. Features may change over time. Beta features are provided “as is” and may never become generally available.

10) Intellectual Property

The app, software, designs, content, and trademarks are owned by Cool NFC Bilgi Teknolojileri A.Ş. You may not copy, distribute, or modify them without authorization.

11) Disclaimer of Warranties

The Services are provided “as is” and “as available.” We do not warrant fitness for a particular purpose, uninterrupted service, or error-free operation.

12) Limitation of Liability

We are not liable for indirect, special, or consequential damages. Our total liability is limited to the total fees you paid in the 12 months preceding the claim date.

13) Indemnity

You agree to indemnify Cool ID against claims arising from your use of the Services, your breach of these Terms, or your infringement of third-party rights.

14) Confidential Information and Feedback

Each party uses and protects confidential information only for the purposes of the agreement. We may use feedback for product improvement without attribution or compensation.

15) Assignment, Governing Law, and Disputes

These Terms are governed by the laws of the Republic of Türkiye. The Courts and Enforcement Offices of Istanbul have exclusive jurisdiction. Assignment of rights and obligations requires written consent, except in cases of business transfer/merger.

16) Termination

We may suspend or terminate access for breach of the Terms, non-payment, security risk, or unlawful use. Termination does not affect provisions that are intended to survive (IP, confidentiality, limitation of liability, etc.).

17) Notices

Official notices must be in writing and sent via registered email or mail. In-app announcements are for information purposes.

18) Contact

For questions: [email protected]
Mailing address: İTÜ ARI Teknokent, Istanbul, Türkiye (insert current registered address)

Appendices: Privacy Policy · Data Processing Addendum (DPA) · Cookie Policy
Add publication date and version number at the bottom.

Cool ID – Data Protection Addendum (DPA)

This DPA is an integral part of the Service Agreement between Cool NFC Bilgi Teknolojileri A.Ş. (“Company”, “Cool ID”) and the Customer. It sets rules for data protection and information security when Cool ID processes personal data on behalf of the Customer.

1. Definitions

1.1 Data Protection Laws: All applicable laws on personal data processing, including Turkish Law No. 6698 (KVKK), GDPR, the e-Privacy Directive, the UK Data Protection Act, Swiss FADP, and other relevant national rules.
1.2 Standard Contractual Clauses (SCC): The European Commission’s model clauses under Decision (EU) 2021/914.
1.3 Controller, Processor, Personal Data, Data Subject, Processing, Sub-processor: As defined under applicable law.
1.4 Industry Best Practice: The skill, care, and quality reasonably expected for similar services.

2. Role and Scope

2.1 Roles: The Customer is the Controller. Cool ID acts as the Processor when providing the Services.
2.2 Scope: Details of processing, data categories, and data subjects are set out in Annex 1.
2.3 Duration: Processing continues until Cool ID stops providing the Services to the Customer.

3. Processing Principles and Security

3.1 Instructions: Cool ID processes Personal Data only in accordance with the Customer’s written instructions and applicable law. Where legally required to process data, Cool ID informs the Customer in advance.
3.2 Extent: Processing is limited to what is necessary to provide the Services. Cool ID rectifies, deletes, or blocks data upon the Customer’s instruction.
3.3 Technical and Organizational Measures: Cool ID implements appropriate measures to protect data against unauthorized access, disclosure, loss, and alteration. Minimum measures are listed in Annex 2.
3.4 Access and Sub-processors: Cool ID may engage Sub-processors. The current list is maintained in Annex 3 or on the Company’s Sub-processor page. The Customer may raise reasonable objections. Cool ID binds Sub-processors to equivalent obligations and remains liable for their acts and omissions.
3.5 Personnel: Personnel with access are trained, authorized, and bound by confidentiality.
3.6 Assistance: Cool ID reasonably assists the Customer in meeting obligations, including data subject requests, breach notifications, DPIAs, and supervisory authority communications.
3.7 Retention: Data are stored for no longer than necessary. At the end of the Services, data are securely returned or destroyed per the Customer’s instruction.
3.8 Transfers: Data originating from the EEA/UK/Switzerland may be transferred to Türkiye, the EU/EEA, or third countries. SCCs or equivalent safeguards apply for third-country transfers.
3.9 Audit: Subject to reasonable notice and frequency, the Customer may audit Cool ID’s processing or review independent audit reports. Scope may be reasonably limited for confidentiality and security.

4. Incidents and Breach Response

4.1 Breach Notice: In case of unauthorized access, loss, disclosure, or alteration of Personal Data, Cool ID notifies the Customer without undue delay and no later than 72 hours. The notice includes the nature of the incident, affected data types, likely consequences, and measures taken.
4.2 Mitigation: Cool ID promptly investigates, mitigates, and remediates the incident.
4.3 Compliance: Cool ID performs its obligations so as not to cause the Customer to breach Data Protection Laws. If an instruction appears unlawful, Cool ID informs the Customer.

5. Responsibilities

5.1 The Customer is responsible for the lawfulness of instructions, transparency, and consent where required.
5.2 Cool ID complies with this DPA and the Service Agreement.
5.3 The parties cooperate on any third-party requests related to Personal Data.

6. Effective Date, Changes, Governing Law

6.1 Effectiveness: This DPA takes effect on the Service Agreement’s effective date and remains in force during the term.
6.2 Changes: Cool ID may update this DPA to reflect legal changes or regulatory guidance. Material changes will be notified in advance within a reasonable time.
6.3 Law and Jurisdiction: Governed by Turkish law. The Courts of Istanbul have exclusive jurisdiction.

Annex 1 – Subject Matter and Processing Details

A. Subject Matter: Digital identity and network management, including profile creation and sharing, interaction measurement, integrations, and reporting.

B. Data Subjects: Customer employees and representatives; business contacts shared by the Customer; event participants.

C. Personal Data Categories:

  1. First and last name
  2. Corporate email address
  3. Corporate phone and extension
  4. Job title, department, location
  5. Company name
  6. Profile photo and other images
  7. Social media usernames and profiles
  8. Digital card contents and links
  9. IP address, device information, session logs
  10. Sharing and interaction records, event participation data
  11. Optional pronoun preference
  12. Integration mapping fields and CRM field values

D. Special Category Data: Cool ID does not request special category data. The Customer should not upload such data.

E. Purposes:

  1. Digital profile creation and sharing
  2. Networking at events and interaction measurement
  3. Integrations with CRM and other systems
  4. Security, debugging, and performance
  5. Reporting and product improvement
  6. Compliance with legal obligations

F. Retention: For the term of the agreement and any mandatory legal periods.

G. Recipients and Transfers: Integrated systems and approved Sub-processors. SCCs apply to international transfers where required.

Annex 2 – Technical and Organizational Security Measures

  1. Policies & ISMS · 2) Access Control · 3) Encryption (in transit TLS; at rest where appropriate) · 4) Network Security · 5) Logging & Monitoring · 6) Secure Development (SDLC, reviews, testing) · 7) Vulnerability Management · 8) Backups & Continuity · 9) Physical Security (cloud DC controls) · 10) People & Awareness · 11) Supplier/Sub-processor Management.

Annex 3 – Sub-processors

Current list and purposes: (insert link or table to your up-to-date Sub-processor list)
Typical categories: cloud infrastructure, email/notifications, analytics, log management, security monitoring, file storage, customer support.

Contact

For data protection requests and breach notifications:
Email: [email protected]
Address: Reşitpaşa Mah. Katar Cad. İTÜ ARI Teknokent 4 Binası No:2/50 İç Kapı No:6 Sarıyer- İstanbul