Healtius

KVKK Information Notice for Service Requesters

Healtius Teknoloji Anonim Şirketi ("Company") places great importance on processing your personal data lawfully, fairly, securely, and transparently. This Disclosure Text has been prepared to explain how and for what purposes your personal data is processed and how you can manage your preferences in this regard.

Pursuant to the Law No. 6698 on the Protection of Personal Data ("Law"), detailed explanations are provided below regarding the purposes of processing your personal data by the Company, the data controller, as well as to whom it is transferred and your rights concerning your personal data.

1. Primary Personal Data Processed by the Company and Processing Purposes

Below are the categories of user data being processed and sample data included to clarify the categories:

  • Identity Data: Your name, surname, date and place of birth, gender, marital status, nationality, etc.
  • Contact Data: Your email address, mailing address, mobile phone number, etc.
  • Financial Data: Your payment details and other financial data, etc.
  • Transaction Security Data: Your password, login times/frequency, last update date, last message date, IP, Device ID, device information, etc.
  • Health Data: Your blood type, medical history, surgeries, medications, general health measurements (height, weight, blood pressure, total cholesterol, BMI, etc.), vaccinations, etc.
  • Visual and Audio Data: Photographs and audio recordings of the individual, etc.
  • Other: Lifestyle data (smoking, alcohol use, dietary restrictions, etc.), files and messages shared via the app's messaging section, complaint and suggestion data.

The above personal and sensitive personal data is processed by the Company in compliance with the general principles of data processing in Article 4 of the Law and under the data processing conditions set out in Articles 5 and 6, for the following purposes:

  • Execution of the user agreement you accepted as a member,
  • Management of request/complaint tracking processes,
  • Execution of data storage and archiving activities,
  • Execution of product/service sales processes,
  • Execution of communication activities,
  • Execution of finance and accounting activities,
  • Execution of post-sales support services,
  • Conducting service-related analysis and app improvement efforts,
  • Forwarding the data you submitted via the Healtius platform and other channels to the relevant healthcare institution or organization,
  • Collection of fees for services received from the healthcare institution or organization,
  • Execution and audit of business activities,
  • Follow-up of legal affairs and exercising the right of defense when necessary.

2. Purposes of Data Transfer and Parties to Whom Data May Be Transferred

The personal data processed may be transferred domestically under Article 8 of the Law to the relevant healthcare institutions or organizations with which the user has contracted, the doctor providing the online consultation, legally authorized public institutions and organizations, and third parties appointed as data processors who have committed to taking necessary precautions. Transfers are made for the following purposes:

  • Cloud storage systems for performing application and storage activities,
  • Digital Wallet applications to conduct secure payment transactions in accordance with international standards,
  • Third-party applications using end-to-end encryption for video communication purposes.

Additionally, data transfers abroad are carried out under the conditions specified in Article 9 of the Law.

3. Methods and Legal Grounds for Collecting Personal Data

Your personal data processed for the purposes mentioned above are collected automatically through your logins to the Healtius platform, comments, participation in surveys, and all kinds of data entries/document uploads via the app. Additionally, they are collected non-automatically through verbal communication, printed or signed documents submitted to the Company, or emails sent to the Company.

Your collected personal data is processed based on the following legal grounds specified in Article 5 of the Law:

  • Obtaining explicit consent,
  • It is necessary for the establishment or performance of a contract,
  • It is mandatory for the data controller to fulfill its legal obligation,
  • It has been made public by the data subject,
  • Provided that it does not harm the fundamental rights and freedoms of the data subject, it is necessary for the legitimate interests of the data controller.

Sensitive personal data as defined in Article 6 is processed solely based on explicit consent. If the User deletes their account, the Company will assume that the consent has been withdrawn and will either destroy the data as per legislation and regulatory guidelines or continue to use the data in anonymized form. You may consult the Personal Data Retention and Destruction Policy published on our website for more information about anonymization.

4. Rights of Data Subjects and How to Exercise Them

As a personal data subject, you have the following rights under Article 11 of the Law:

  • To learn whether your personal data is processed,
  • To request information if your data has been processed,
  • To learn the purpose of the data processing and whether it is used in accordance with its purpose,
  • To know the third parties to whom data is transferred domestically or abroad,
  • To request correction of your personal data if it is incomplete or inaccurate, and to request notification to third parties to whom data was transferred,
  • To request the deletion or destruction of your personal data if the legal grounds for processing no longer exist, and to request notification to third parties,
  • To object to any result that is to your detriment due to the exclusive analysis of your data by automated systems,
  • To claim compensation if you suffer damage due to unlawful processing of your personal data.

You can submit your requests related to the rights listed above either in writing to the Company or by filling out the Data Subject Application Form available at www.healtius.com. Your request will be answered free of charge as soon as possible and at the latest within 30 (thirty) days. However, if processing requires an additional cost, a fee may be charged according to the tariff set by the Personal Data Protection Board.

5. Identity of the Data Controller

The data controller is Healtius Teknoloji Anonim Şirketi, located at Üniversiteler Mah. 1596 Cad. 6. AR-GE C Blok Bina No:6C Office No:11 06800 Ankara/Türkiye. You can submit your applications via email to info@healtius.com, to our registered email (KEP) address, or by mail to our company address.

For more detailed information regarding the processing and retention of your personal data, you may review the Personal Data Protection and Processing Policy and the Personal Data Retention and Destruction Policy published in the KVKK section on our website at www.healtius.com.