KVKK

Personal Data Protection Law Notice

Data Controller Information

Name: Vaka At Domain: https://vaka.at Email: info@vaka.at In accordance with the Law on the Protection of Personal Data No. 6698 ("KVKK") and relevant legislation, we operate as the "data controller" within the scope of this Policy.

Scope and Purpose

The Vaka At platform is designed for physicians and healthcare professionals to share anonymous case information. Our core principle is not to record personal data (e.g., patient name, phone number, national ID) on our servers. In particular: Our platform does not store personally identifying information of patients. Physicians must anonymize or refrain from sharing any identifying data (e.g., face photos, phone numbers, ID) in the cases they share (KVKK Art. 4/2 & Art. 5). Users acknowledge that they are prohibited from entering identifiable patient information. This Policy is intended to provide notice and information on data protection pursuant to KVKK and related legislation.

Which Data Do We Process?

Data Stored on Our Servers (Database)

Anonymous Case Details: Complaints, history, findings, etc., are stored without any identifying details. User (Physician) Account Information: Basic personal information (name/surname, email, specialty, etc.) related to the physician. These constitute personal data for the user (doctor), not for patients. Template Information: Medical case templates created by the physician, stripped of personal data, for personal use.

Local Storage

Patient Name, Phone Number, etc.: Our platform never saves such data to the server database. If the user (doctor) wishes, they may temporarily store them locally in the browser's localStorage. After converting them to PDF/TXT, these personal details should be deleted locally. No such information is ever transferred to our servers (KVKK Art. 7 principle: data must be erased or destroyed when the reason for processing no longer exists).

Cookies

We use mandatory, preference, and analytical cookies to ensure platform functionality and improve user experience. See our Privacy Policy for more details.

Conditions for Personal Data Processing

Processing Principles

Under KVKK Art. 4/2: Data must be processed lawfully, fairly, proportionately, and for legitimate, specific purposes. Patient privacy and confidentiality of data are paramount.

Exclusion of Patient Identifiers

Vaka At's fundamental approach is to avoid storing identifiable patient data. Users are not permitted to enter personal data fields into the system. Users must also comply with the rules for processing personal and special categories of data under KVKK Arts. 5 & 6.

Data Security and Allocation of Responsibility

Data Security Measures

We use standard security measures such as SSL/TLS for data stored online. We rely on localStorage specifically to prevent storing patient details on the server.

User Responsibility

It is your duty to anonymize or blur any patient-identifying details (photos, phone numbers, ID, etc.) prior to uploading—even within your own browser (KVKK Art. 12). If you publish a case containing data that can identify a patient, you (the sharing physician) bear sole liability.

Data Retention Periods

Anonymous Case Data: May remain on our servers indefinitely or until the user account is deleted. These do not include identifiable information. Locally Held Patient Data: Intended to be deleted once converted to PDF or similar output. No patient data is stored on our servers (KVKK Art. 7).

Data Subject Rights

Under KVKK Art. 11, users have the right to: Learn whether their personal data is processed, Request information about the processing, Learn the processing purpose and whether it is used appropriately, Request correction of incomplete or inaccurate data, Request deletion or destruction if the reasons for processing no longer apply, Demand notification of such actions to third parties, Object to adverse automated decisions, Seek compensation for damages due to unlawful processing. Important Note: Because the system is designed to avoid storing actual patient data, these KVKK rights generally apply to the physician's own account data. Our server does not process patient data, so any request concerning patient information typically relates to data held locally by the physician.

Cross-Border Data Transfers

Anonymous case data may be stored on local or cloud-based infrastructures located domestically or abroad. User (physician) data (e.g., name, email) may also be stored in cloud servers internationally. We implement adequate protection measures (e.g., encryption, confidentiality principles, etc.) in compliance with KVKK Art. 9.

How to Apply (Inquiries & Requests)

For any requests, please email us at info@vaka.at or use our contact channels on the platform. We will review your requests in accordance with KVKK Art. 13 and provide a response within 30 (thirty) days.

Updates

This KVKK Disclosure Policy was last updated on January 12, 2025, and may be revised as needed (KVKK Art. 4/2, 10). We will notify users of any significant changes.

Conclusion

At Vaka At, we attach the utmost importance to patient privacy and data protection. When sharing data, please follow the KVKK and other relevant regulations. For any questions, comments, or requests, feel free to contact us at info@vaka.at. Vaka At Date: January 12, 2025 Email: info@vaka.at This text is prepared under Law No. 6698 on the Protection of Personal Data and related legislation. By using our platform, you are deemed to have accepted the terms set forth herein.