PRIVACY POLICY

Effective Date: 01.01.2020

This Privacy Policy applies to the One Dose – Health mobile application and website operated by One Dose Health Technologies Inc. (“One Dose” or “Company”). We are committed to safeguarding your privacy and ensuring that your personal data is protected.

Pursuant to the Law on the Protection of Personal Data No. 6698 (“KVKK“) published in the Official Gazette dated 07.04.2016 and numbered 29677, the Regulation on Personal Health Data published in the Official Gazette dated 21.06.2019 and numbered 30808, the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation published in the Official Gazette dated 10.03.2018 dated 10.03.2018 and numbered 30356 published in the Official Gazette dated 21.06.2019 and numbered 30808, Communiqué on the Procedures and Principles to be Followed in Fulfillment of the Disclosure Obligation and other legislation, our company One Dose Sağlık Teknolojileri Anonim Şirketi (“Company” or “One Dose“), as the “Data Controller“. KVKK 10 as One Dose. article, we would like to inform and enlighten you about our personal data processing activities within the scope of remote health services we provide through our website and application One Dose – Health.

Introduction

This Privacy Policy explains how we collect, use, share, and protect personal data obtained through our mobile application and website. By using our services, you agree to the terms outlined in this Privacy Policy.

1. Data Controller

Pursuant to the LPPD, One Dose, as the data controller, will be able to process, record, store, classify, update your personal data in an accurate and up-to-date manner in connection with the purposes described below, in a limited and measured manner, in accordance with the law and good faith, and where permitted by the legislation and / or limited to the purpose for which they are processed. we will be able to explain/transfer to people.

The term “Personal Data” means any information relating to an identified or identifiable natural person.

The term “Sensitive Personal Data” refers to data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

By the term “processing“; all kinds of operations performed on personal data, including but not limited to those regulated in the KVKK, such as obtaining, recording, storing, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automated or non-automated means, provided that it is part of any data recording system. Authorized personnel within the Company will be able to process your personal data.

Data Controller Information

  • Entity Name: One Dose Health Technologies Inc.
  • Address: Konutkent Mahallesi 3028 Sokak No: 8/D/27, Elmar Towers, Çankaya/ANKARA, Turkey
  • Contact Information:
    • Phone: +90 850 450 06 06
    • Email: info@onedose.io
    • Mersis No: 0544128049300001

2.Processed Personal Data

We will be processing your personal data in the following categories of personal data, including the data you share with us during registration for the One-Dose application and subsequently during remote service provision.

  • Identity Data: Name, surname, Turkish ID number, gender, date of birth.
  • Contact Data: Email address, phone number, mailing address.
  • Customer Transaction Data: Appointment details, service history.
  • Health Data: Medical history, examination results, health records (including height, weight, medications).
  • Transaction Security Data: Device details (IP address, OS, logs).
  • Insurance Data: Social Security Institution data, private health insurance data.
  • Financial Data: Bank account details, credit card information.

3.Purpose of Prosessing Personal Data

Your personal data is collected by our Company through electronic communication channels and on the basis of the above-mentioned purposes in order to carry out the above-mentioned purposes.

Categories of Processed Personal Data

Identity Data, Contact Data, Customer Transaction Data

4. Purpose of Data Processing

  • Realization of user registrations through the application,
  • Realization of users’ appointment registrations through the application,
  • Fulfillment of the necessary obligations in terms of the Regulation on the Provision of Remote Health Services and other legislation,
  • Execution of the processes related to the sale, presentation and performance of the products and services offered by the Company, and in this context, the provision of medical diagnosis, treatment and care services by physicians and health institutions registered in our system,
  • Carrying out storage and archiving activities,
  • Financing and planning of health services,
  • Sharing requested information with private insurance companies,
  • Ensuring the security of data controller operations,
  • Execution of service operation and organization processes,
  • Realization of mediation activities within the scope of distance health services,
  • Execution of finance and accounting transactions.

5. Legal Basis for Processing

  • Article 5/2 (ç) of the LPPD: “It is mandatory for the data controller to fulfill its legal obligation”,
  • Article 5/2 (c) of the LPPD: “Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract”,
  • Article 5/2 (f) of the LPPD: “Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject”,
  • Open Consent.

6. Transfer of Your Personal Data

Your personal data processed within the scope of the purposes described above; In accordance with the basic principles stipulated in the KVKK and in accordance with Article 8 of the KVKK. Within the scope of the personal data processing conditions and purposes specified in the articles, personal data may be transferred to, shared with and/or given access to your personal data to the following persons:

  • Your identity, communication, customer transaction data, to carry out the processes related to the sale, provision and performance of the products and services offered by the Company, in this context, to provide medical diagnosis, treatment and care services by physicians and health institutions registered in our system, to carry out storage and archiving activities, Since our Company is obliged to record the transactions related to remote health services in the central health system in accordance with the relevant legislation, with the Ministry of Health based on the legal reason “It is stipulated in the laws” in accordance with Article 5/2(a) of the KVKK, and based on the legal reason “It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract” in accordance with Article 5/2(c) of the KVKK,
  • Your Health Data with physicians and health institutions subject to the confidentiality obligation registered in our system based on your explicit consent in order to evaluate the patient, to carry out the processes related to the necessary tests and examinations, to carry out activities within the scope of diagnosis and treatment studies regarding the patient, to transfer health data to physicians and health institutions for the performance of services, to plan and execute patient relationship management processes, to provide medical diagnosis, treatment and care services;
  • Your Health Data may be shared with insurance companies contracted by the insured patient based on your explicit consent for the purpose of financing and planning of health services and sharing information requested by private insurance companies;
  • Your identity, contact, insurance and financial data, financing and planning of health services, confirming your relationship with the institutions contracted with our hospital, sharing the information requested with private insurance companies within the scope of the eligibility query with the insurance company and support and consultancy service providers contracted by the insured patient based on the legal reason “Data processing is mandatory for the establishment, use or protection of a right” in accordance with Article 5/2 (e) of the KVKK,
  • Your identity, communication, customer transaction, transaction security data with our cloud service provider and with the identity verification sharing service of the Ministry of Interior based on the legal reason that “It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract” and “It is mandatory for the data controller to fulfill its legal obligations for the purpose of identity verification verification” in accordance with Articles 5/2(c) and 5/2(ç) of the KVKK in order to carry out the processes related to the sale, presentation and performance of the products and services offered by the Company;
  • Your identity, contact, customer transaction, and financial data are shared with our contracted accountants for the purpose of carrying out financial and accounting transactions, based on the legal grounds that “it is mandatory for the data controller to fulfill its legal obligations” in accordance with Article 5/2(ç) of the KVKK;
  • Your identity, communication, and customer transaction data are used to carry out the processes related to the provision and performance of the products and services offered by the Company, to plan and execute the activities necessary to recommend the products and services offered by the Company to the relevant persons by customizing them according to the tastes, usage habits and needs of the relevant persons, to respond to all kinds of questions and complaints regarding our health services, to evaluate our services, to carry out marketing processes regarding the services offered by the Company and to carry out advertising / campaign / promotion processes in accordance with Article 5/2 (f) of the KVKK “With our contracted service providers that provide support, maintenance and repair services to the CRM system based on the legal reason that “data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject“;
  • Your health data will be used for the execution of the processes related to the provision and performance of the products and services offered by the Company, the planning and execution of the activities necessary for the recommendation of the products and services offered by the Company to the relevant persons by customizing them according to the tastes, usage habits and needs of the relevant persons, and to respond to all kinds of questions and complaints regarding our health services, With the contracted service provider due to the fact that the CRM system can be accessed by our contracted service providers providing support, maintenance, repair services based on your explicit consent for the purpose of evaluating our services, conducting marketing processes regarding the services offered by the Company and conducting advertising / campaign / promotion processes;
  • Your contact data Regarding the commercial electronic messages that we will send to you in line with your consent, the Company is obliged to register your contact address in a national Commercial Electronic Message Management System (IYS) established by the Ministry of Trade in accordance with the provisions of the relevant legislation.Since the Company is obliged to register your contact address in a national Commercial Electronic Message Management System (IYS) established by the Ministry of Commerce, in order to fulfill our obligation arising from the law, it will be registered in the Commercial Electronic Message Management System (IYS) based on the legal reason“It is mandatory for the data controller to fulfill its legal obligation” in Article 5/2 (ç) of the KVKK, without the requirement of explicit consent in order to fulfill our obligation arising from the law.
  • Since your identity and contact data are provided through the relevant software/portal for the purpose of tracking your electronic commercial message permissions and your explicit consents for personal data processing, sharing, transferring and tracking permissions within the scope of IYS integration, without seeking your explicit consent, based on the legal reason“It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject” in Article 5/2 (f) of the KVKK, without seeking your explicit consent with the contracted company

It will be shared.

Our Company undertakes to keep personal information strictly private and confidential, to take all necessary measures and to exercise due diligence to prevent unauthorized use or disclosure of personal information to a third party.

7. Data Retention and Deletion

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. You may request the deletion of your data once the legal retention period has expired. If a deletion request cannot be fulfilled due to legal or regulatory obligations, we will inform you about the reasons for this.

8. Data Security

We implement industry-standard measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All sensitive data, including health and financial information, is encrypted during transmission and storage to ensure confidentiality.
  • Access Controls: Only authorized personnel with specific roles can access your data, and this access is strictly monitored.
  • System Monitoring: Regular security audits and monitoring to identify and mitigate potential risks.
  • Data Backup: Routine backups are performed to prevent data loss in case of system failures or other incidents.
  • Incident Response: A dedicated response team to address any potential breaches promptly.

9. Your Rights as a Relevant Person Pursuant to Art.

You can submit your requests regarding your rights in writing as personal data owners and together with the documents identifying your identity, together with the KVK Application and Information Request Form containing your explanations regarding the right you want to use. Konutkent Mahallesi 3028 Sokak No: 8/D/27 Elmar Towers Çankaya/ANKARA in person or by registered letter with return receipt or info@onedose.io e-mail address, your request will be evaluated by our Company and finalized within 30 (thirty) days at the latest as stipulated within the scope of KVKK. Although it is essential not to charge any fee for the requests, our Company reserves the right to charge a fee based on the fee tariff determined by the Personal Data Protection Board.

Article 28 of the LPPD titled “Exceptions” Without prejudice to the cases stipulated in the article, by applying to our Company, your personal data; to learn whether it has been processed; if processed, to request information about it; to learn the purpose of processing and whether it is used in accordance with its purpose; to know the third parties to whom it is transferred domestically or abroad; to request notification of the transactions made by the third parties to whom it is transferred; to request correction in case of incomplete or incorrect processing; to request deletion or destruction in case the reasons requiring its processing disappear; to request notification of the transactions made to third parties to whom your personal data is transferred; to object to the occurrence of a result against you by analyzing it exclusively through automated systems and to demand the compensation of the damage in case you suffer damage due to processing in violation of the KVKK.

10. Contact and Complaints

If you have questions or concerns about this Privacy Policy or your personal data, please contact:

For unresolved complaints, you may contact the Turkish Personal Data Protection Authority (KVKK) at their official website or helpline. Detailed instructions for submitting complaints will be provided upon request.

11. Policy Updates

We regularly review and update this Privacy Policy to reflect changes in our practices, services, or legal obligations. Updates will be published on our official website and can be accessed at:

https://www.onedose.io/en/privacy-policy/ ‎

A notification will also be provided within the app for significant changes. The effective date of each version will be clearly indicated.

12. Privacy Policy in App

To ensure transparency, this Privacy Policy is available both:

  • Within the App: Accessible via the settings menu under the “Terms and Privacy” section.
  • On the App Store Listing: Linked directly from the app store description.