GDPR

Name: Vaka At Domain: https://vaka.at Email: info@vaka.at Under the General Data Protection Regulation ("GDPR"), we act as the "data controller." We also take the necessary measures and safeguards required by GDPR in our relationships with third parties, including data transfers.

Vaka At is a platform where physicians (doctors) can anonymously share case information. Protecting personal data is a core priority governed by both KVKK (Turkish Data Protection Law) and GDPR. The platform operates as follows: We do not store identifiable personal data (e.g., patient name, phone number) in our databases; only anonymous case notes and physician account details (e.g., name, surname, email) are kept. Patient identifying information (e.g., name, ID number, phone) may only be stored temporarily in the user's browser local storage. This information is never saved to our database. For users (doctors) accessing from within the European Union, we declare that we have taken all technical and organizational measures required under the GDPR for lawful data processing. This GDPR Disclosure Notice is prepared pursuant to EU Regulation 2016/679 ("GDPR") to set out our obligations regarding the processing, transfer, and protection of personal data, as well as to inform data subjects (physicians and, if applicable, other EU-based users) of their rights.

Technical Measures: SSL/TLS encryption, secure server protocols, and regular backups. Prevention of Unauthorized Access: Access to the platform management panel and database is restricted to authorized personnel only (GDPR Art. 32). Data Breach Notification: If a personal data breach occurs, we will notify the supervisory authority and/or affected users within 72 hours, in compliance with GDPR Arts. 33–34.

Transfers Outside the EU: Although the platform aims to store data anonymously, potential infrastructure/cloud providers might be located within or outside the EU. We do not transfer data abroad unless we ensure adequate safeguards (e.g., Standard Contractual Clauses) under GDPR Arts. 44–49. Requests from Official Authorities: Where legally mandated under EU/Member State law, data may be shared with competent authorities.

In accordance with GDPR Arts. 12–22, you have the right to: Access (Arts. 13–15): Obtain information regarding which personal data we process and for what purposes. Rectification (Art. 16): Request correction of inaccurate or incomplete data. Erasure (Art. 17, "Right to be Forgotten"): Request data deletion where permitted by law. Restriction of Processing (Art. 18): Under certain conditions, request that data be retained but not otherwise processed. Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format. Objection (Art. 21): Object to processing in certain scenarios (e.g., direct marketing). Not to be Subject to Automated Decisions (Art. 22): You can refuse decisions based solely on automated processing, including profiling. To exercise these rights, please email info@vaka.at. We will aim to respond within a reasonable time (GDPR Art. 12/3).

Supervisory Authority (Art. 77 GDPR): You may lodge a complaint with the national Data Protection Authority (e.g., CNIL in France, BfDI in Germany) in the Member State of your habitual residence or workplace, or where an alleged infringement has occurred. Judicial Remedy (Art. 79 GDPR): If you believe your personal data has been processed contrary to the GDPR, you have the right to bring the matter before the courts in the relevant Member State.

Our platform is intended for use by physicians and is not designed for children (under 16). Should children's data be processed in any way, we will seek explicit parental consent where required by GDPR Art. 8.

This GDPR Compliance Notice is dated January 12, 2025, and is subject to revision (GDPR Art. 97). In case of substantial changes, we will notify our users separately.

For your GDPR rights or any inquiries regarding this Notice, please contact: Email: info@vaka.at Vaka At Date: January 12, 2025 Email: info@vaka.at This text is prepared under Law No. 6698 on the Protection of Personal Data and related legislation. By using our platform, you are deemed to have accepted the terms set forth herein.