CLARIFICATION TEXT OF THE PERSONAL DATA PROTECTION LAW NO.6698
MAP2HEAL Information Technologies and Software Inc. in Turkey (briefly referred to as MAP2HEAL below) as a data controller, as a remote patient monitoring system firmware (shortly referred to as DAKIK) as a data entry and storage platform;
MAP2HEAL takes the highest level of security measures possible to ensure that your data is collected, stored, and shared by the law and to protect your privacy.
We aim to inform you most transparently about how your data is collected, the purposes of the processing, the shared people, the legal reasons, and your rights under Article 10 of the Personal Data Protection Law No.6698 and to ensure user satisfaction.
1. Data Supervisor; as the Data Supervisor, MAP2HEAL collects and processes your data by the Personal Data Protection Law No.6698, "Law No.6698" as soon as you download this application on your mobile phone.
2. Purpose of Processing Personal Data; customers, employees, potential customers, employee candidates, official institution representatives and employees, business partners and suppliers, users who downloaded the application, cookies (name, surname, mobile phone number, e-mail address, date of birth, gender, height and weight information, registered physician and institution information, photograph, health data, and information entered into the system), operating system version of the mobile device used, MAC address obtained from the mobile device used, date/time stamp and membership password) are collected by MAP2HEAL.
Collected personal data will be processed to;
Provide MAP2HEAL products and services, fulfill obligations, organize records and documents, comply with information storage, reporting, information, tax, and other obligations stipulated by local and international legal legislation,
Provide you with special advertisements, campaigns, advantages, and benefits for sales and marketing activities to increase the quality of services and products,
Communicate with you to provide the necessary information regarding the information processing requirements, system structure, the necessity of the information processing support services received, and these services and products,
Provide the methods and systems necessary for you to be in contact with your physician,
Provide the methods and systems that are necessary for being in contact with the physician,
- Remind the measurement time with medical measurement devices, which have been recorded by the necessary regulations, and to share the measurement result with your physician,
- Analyze the data obtained from medical device measurements and for transferring them to your physician,
- Conduct measurements, statistical analysis, segmentation/profiling, and CRM studies for sales and marketing activities,
- Evaluate and increase customer satisfaction, complaint management, getting your opinions and suggestions about new services and products, receiving your problem-error notifications, informing you about products and services upon complaints or requests,
- Recommend products and services that you are interested in, online behavioral advertising and marketing, customer portfolio management, measurement and development of service quality, communication, optimization, audit, risk management and control, promotion, analysis, interest determination, scoring, profiling, marketing, sales , advertisement, communication, introduction of new services, products and advantages received within the scope of the application, statistical studies, to comply with the information storage, reporting, information obligations stipulated by the official institutions, to fulfill the requirements of the contract and to conduct legal requirements of MAP2HEAL with regard to benefit from these services, to manage financial operations, communication, market research, social responsibility activities, purchasing operations, (request, offer evaluation, order, budgeting, contract) internal system and application management operations, legal operations that are conducted by MAP2HEAL.
3. To Whom and For What Purpose the Processed Personal Data Can Be Transferred;
Limited or all collected personal data will be used to carry out the specified processing purposes.
The data will be transferred to:
- MAP2HEAL business partners, shareholders, affiliates,
- Tax Procedure Law, the Social Security Institution legislation, the Court of Accounts, the Law on the Prevention of Laundering Proceeds of Crime, the Law on the Prevention of Money Laundering, the Turkish Commercial Code, the Code of Obligations, and people or organizations permitted by the other legislations,
- Legally authorized public institutions and organizations, administrative authorities and legal authorities,
- Foreign business partnerships and affiliates,
- For product/service comparison, analysis, evaluation, advertisement, and to the real or legal persons that we cooperate for the realization of the above-mentioned purposes, the program partner institutions and organizations, the institutions we have contracted to send the messages we send to our customers, and the courier companies that deliver the orders to you.
4. Method of Collecting Personal Data and the Legal Reason
Your Personal Data is collected, both with fully or partially automatic methods, and with manual methods that are part of the data recording system; with applications made through contracted websites, by MAP2HEAL staff, institutions we provide/receive support services, real and/or legal persons who are transacted under any legislation or contract, and direct automated systems (our website and mobile application, call centers, social media accounts) in verbal, written or electronic media;
As referred to in Article 5 and 6;
- It is foreseen in the laws,
- It is compulsory for our company to fulfill its legal obligation,
- It is directly related to the establishment or execution of the contract and the processing is necessary,
- Processing is required for the legitimate interest of our Company, provided that it does not harm your fundamental rights and freedoms,
- It has been made public by you,
- Processing is required for the establishment, use, or protection of a right,
- Having your explicit consent
- The data is collected based on the above legal reasons.
5. Rights of the Personal Data Owner as referred to in Article 11 of Law No. 6698 as being personal data owners, if you submit your requests regarding your rights through the methods set out below, MAP2HEAL will finalize the request as soon as possible and within thirty days at the latest.
In this context, personal data owners have the following rights;
- Learning whether personal data is processed,
- To request information about the data if their data has been processed,
- Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
- To know the national or international third parties to whom personal data is transferred,
- To request correction of personal data in case of incomplete or incorrect processing, and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred,
Although it has been processed under the provisions of Law No. 6698 and other relevant laws, personal data owners have the right to request the deletion or destruction of personal data if the reasons for its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred,
- Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- Right to demand the compensation of the damage in case of damage due to the unlawful processing of personal data.
Under paragraph 1 of Article 13 of Law No. 6698, law no 30356 and Data Supervisor Application Procedures and Principles Declaration dated 03.10.2018, you can request using your above-mentioned rights by using an electronic signature, mobile signature, or the electronic mail address previously notified to MAP2HEAL and registered in our system. In the applications, only information about the applicant will be given, and it will not be possible to get information about other family members and third parties.MAP2HEAL reserves the right of identity validation before answering.
You can submit your written applications to the address of our Company MAP2HEAL as the data controller by adding the necessary documents. You can access the application form through a mobile application, website, or by sending an e-mail to [email protected] e-mail address. Information and documents that will allow identification according to the nature of your request must be provided to us completely and accurately. If the requested information and documents are not provided properly, there may be problems in the full and qualified execution of the investigations by MAP2HEAL based on your request. In this case, MAP2HEAL declares that it reserves its legal rights. For this reason, your application must be sent completely including the requested information and documents, depending on the nature of your request.
Our company will finalize the request free of charge within thirty days at the latest depending on the nature of the request. However, if the transaction requires an additional cost, we will charge the fee in the directions determined by the Personal Data Protection Board.
6. Cookies and other technologies;
- MAP2HEAL products can help you understand and manage your health data. These services include devices compatible with DAKIK, mobile applications, and other related services. DAKIK helps your physician and you to monitor data such as electrocardiography and glucose measurement. Dakik Remote Patient Monitoring application sends data to MAP2HEAL servers and provides data management and control. The application provides a channel for other applications on the mobile phone to send notifications to the physician. DAKIK is a personal health platform that allows you to collect, organize, add, store and share your data online. With DAKIK, your health data can only be shared with your consent. With MAP2HEAL products, you can check your health records.
DAKIK services collect and use your data to provide services that include improving and personalizing your experiences. The health data you provide to DAKIK Mobile Application through DAKIK services are not combined with the data received for other MAP2HEAL applications or used for other purposes without explicit permission.
DAKIK and DAKIK Mobile Application can help you understand and manage your health data. The collected data depends on the services and features you use and these include:
- Profile Data. When you create a profile, you must enter data such as height, weight, gender, and age to be used to calculate your activity results.
- Activity Health Data. DAKIK Mobile Application helps you monitor your activity and health status by collecting data such as your heart rate, steps, Electrocardiography, Oxygen Saturation, Body temperature, Blood glucose, Heart Rate Variability Data, and your sleep. Examples of activities include running, exercises, and sleeping.
- Usage Data. To provide you with the best service, we collect and automatically upload statistics about your performance, DAKIK, and DAKIK Mobile Application performance, and your usage. DAKIK has the right to use its servers or other contracted domestic or foreign servers to analyze Heart Rate Variability Data and Holter ECG Data in the best way. Users give full authority to perform these analyzes to Dakik Patient Monitoring Systems with this contract.
You can view and manage your data in DAKIK. You can delete specific event details in the DAKIK app. When you delete an activity, it is deleted from the DAKIK service too, you can delete your MAP2HEAL account at any time.
MAP2HEAL Products can only be used as an R&D platform for e-Health, Fitness, Wellness, or Biometric products and software; Therefore, it can be used for research, product development and education purposes, and statistical analysis. By using these products, PATIENTS acknowledge that they will contribute to Research and Development and that the data will be used anonymously after it is deleted.
DAKIK Account and Health-Related Records:
To create a new DAKIK Patient Monitoring Systems account, you must enter your data such as name, date of birth, e-mail address, mobile phone number, postal code, and country/region. Depending on the features you use, you may be asked for additional information. DAKIK account allows you to manage one or more health records with the accounts you have created for yourself and shared with multiple physicians. You can add or delete data from a health record you manage at any time.
One of the important features of DAKIK is to ensure that you can share your health data with people and services that can help you reach your health goals. By default, you are the registrar of the records you create. Recordkeepers have the highest level of access to health records. As a record keeper, your health data can only be shared with your physicians registered in the system with your written consent. Accessing your account by inappropriate or unauthorized persons may compromise your privacy and even prevent you from accessing your records, so you need to take technical precautions and be careful about access to your records.
You can choose to share specific data (or all of the data) in a health record with other services. Unless an authorized user grants access over DAKIK, services cannot access your data over DAKIK. DAKIK allows you to control access by accepting or rejecting requests. For each service allowed access, you can choose what health information in a particular health record is shared and what actions the services can take with health information.
DAKIK will wait 24 hours before permanently deleting your data to help prevent accidental or malicious deletion of your health data. MAP2HEAL stores the entire history of each access, change, or deletion action performed by users and services, including the date, action, and name of the person or service.
We use the phone number you provided when you created your DAKIK account to send you an SMS asking you to verify your phone, add it to MAP2HEAL sharing invitations, and send service notifications such as SMS notifications that the information may be added to your MAP2HEAL Patient Monitoring records. You are responsible for the correctness of the contact information, in case of a change, our company must be informed via e-mail within 24 hours at the latest.
MAP2HEAL regularly sends out the newsletter to keep you informed of the latest improvements. MAP2HEAL also regularly sends out an email summarizing your recent account activities. Depending on your communication preferences, we also use your e-mail addresses to send you promotional e-mails. You can stop receiving these emails at any time.
MAP2HEAL products and DAKIK are not treatment / consultation, / medical prediction / medical guidance systems in any way, and MAP2HEAL is a data-sharing system between you and your physician, data storage, treatment/medication reminder system, and MAP2HEAL cannot be held responsible for any medical consequences that may be experienced by you.
This information text is PDPL and Privacy Statement, and we hereby submit to you as an Informed Consent that it is subject to your approval and consent.
USER CLARIFICATION TEXT
a) Data Supervisor
As Map2heal Information Technologies and Software Inc. (hereinafter referred to as the "Company"), we inform you that we are processing personal data belonging to our users in the capacity of data controller within the scope of the Personal Data Protection Law No.6698 (hereinafter referred to as "PDPL") and other related legislation.
b) Purpose of Processing Personal Data and the Legal Reason
· Conducting Training Activities
· Execution of Health Follow-up Processes
· Implementation of Support Processes by Healthcare Professionals
· Execution of Contract Processes
Your data will be processed for the above-mentioned purposes, within the legal reason "c) It is necessary to process personal data belonging to the parties of the contract, provided that it is directly related to the establishment or execution of a contract" specified in Article 5 (2) of the PDPL.
Your health data will be processed following your explicit consent by PDPL 6 (2) to carry out health follow-up and support processes.
c) Method of Collecting Personal Data
Your data is acquired to fulfill the purposes specified in paragraph (b) of this text, based on the legal reasons set out in Article 5 (2) of the PDPL, by you (using the system and/or tracking device, transmitting personal data to healthcare professionals through the system, using automatic or non-automatic methods. , registration in the system) verbally, in writing or electronically.
d) To Whom and For What Purpose the Processed Personal Data Can Be Transferred
Your data will be transferred without your explicit consent under Articles 8 (2) (a) of the PDPL for the following purposes:
· It will be shared with the relevant public institutions and organizations to fulfill the legal obligations following the relevant legislation.
e) Your Rights Under Article 11 of PDPL
As a personal data owner, we declare that you have the following rights following Article 11 of the Law:
•Learning whether your data is being processed,
•If your data has been processed, to request information regarding this,
•Learning the purpose of processing your data and whether your data is used by the purpose of processing,
• To know the third parties in the country or abroad to whom your data has been transferred,
• To request correction of your data if it is incomplete or incorrectly processed,
• Requesting the deletion or destruction of your data within the framework of the conditions stipulated in the relevant legislation,
• Request notification of the correction, deletion, and destruction processes made under the relevant legislation to third parties with whom your data is shared,
• Object to the occurrence of a result against you by analyzing your processed personal data exclusively through automated systems,
• To request compensation for the damage in case you suffer damage due to unlawful processing of your data.
Your requests regarding these rights within the scope of Article 11 of the PDPL, by filling in all the information specified in the Relevant Person Application Form, under the Article 11 and paragraph 1 of Article 13 of the PDPL and the Communiqué on Application Procedures and Principles to the Data Officer,
• By coming personally to our company at the address "[specify the address.]",
• Via our registered e-mail (REM) address which is “[email protected]”,
• To determine your identity and not to inform the wrong people, in writing, through a notary public or by registered mail,
• By sending an "e-mail to inf[email protected] com.tr" address using a secure electronic signature, mobile signature, or (if any) the e-mail address already notified by you to our Company and registered in our systems.
or by other methods to be determined by the Board in the future.
The mentioned Clarification Text is a sample text and it is the responsibility of the Data Officer to fulfill the obligation of disclosure and to determine its content in this context.
In this context:
- Identity of the Data Supervisor
- For What Purpose Personal Data Will Be Processed
- Collection Method of Personal Data and Legal Reason
- To Whom and For What Purposes The Processed Personal Data Will Be Transferred
If it is not desired to be edited, this reasonably prepared clarification text can be used by filling the empty spaces with their information.
Medical Liability Refusal Declaration
Dakik Remote Patient Monitoring System is a digital communication bridge established between healthcare professionals and patients. All content shared or to be shared within this system remains only between the patient and associated healthcare professionals. The contents published in the Dakik Remote Patient Monitoring System or the contents produced by physicians do not constitute suggestions or recommendations, nor do they have the quality of examination, treatment method, or diagnosis. The application ensures that only the collected data and messages are transferred to the parties accurately. It is deemed to have accepted that the user himself is primarily responsible for the incorrect or damaged use of any features and equipment that you can benefit from in the system.
All functions of the program provide simultaneous and integrated data sharing between the patient and associated healthcare professionals. Relevant Personal Data is kept encrypted from end to end by PDPL provisions in DAKIK servers in Turkey. When using the Dakik Remote Patient Monitoring System, the users are solely responsible for all risks related to the use or sharing of the information provided.