Back to Home 

PRIVACY POLICY

   1. DATA CONTROLLER

Your personal data, as well as the personal data of the minors and restricted persons for whom you are the guardian, custodian, or representative, are processed by All Next Health and Technology ("Company") as the data controller, within the scope of the provisions of the Law on the Protection of Personal Data No. 6698 (“PDPL”) and within the framework of this aiSecondopinion.com Privacy Policy (“Privacy Policy”).

Our Company respects your privacy and your rights concerning the protection of your personal data and strives to establish and maintain a trust-based relationship with you. In this regard, our Company processes your personal data and the personal data of the minors and restricted persons for whom you are the guardian, custodian, or representative, in compliance with all legal regulations related to personal data protection, primarily the PDPL. We take all necessary security measures to ensure the security of these data.

This Privacy Policy explains the scope and purposes for which we process the personal data collected by our Company through your use of the www.aiSecondopinion.com website ("Website"), as well as through applications, sales, and/or after-sales support services related to our products and/or services. It also details the extent to which we may transfer your personal data, as well as the data of the restricted and/or minor users of the Website for whom you are the guardian, custodian, or representative, to third parties.

   2. METHODS OF COLLECTING PERSONAL DATA, PROCESSED PERSONAL DATA, AND PURPOSES AND LEGAL REASONS FOR PROCESSING PERSONAL DATA

   2.1 Method of Collecting Personal Data and Processed Personal Data

During your membership registration on the Website and subsequently if you make remote service purchases from the Website, we will process your personal data and the personal data of the minors and restricted persons for whom you are the guardian, custodian, or representative, based on the categories of personal data specified below that you share with us.

   2.1.1 Personal Data Processed During Website Membership Registration

Personal Data

Identity Data: Your first and last name.

Contact Data: Address information, email address, social media platform contact information or other platforms used for membership registration (if the registration is completed via social media platforms or other platforms used for membership registration), and phone number.

Transaction Security Data: Device operating system and version, type, model, IP address, user transaction records, and passwords (encrypted).

   2.1.2 Personal Data Processed During Performance of the Service Following the Remote Service Purchase from the Website

In addition to the personal data collected during the membership registration on the Website:

Financial Data: Credit card number and billing information.

Transaction Data: Data related to service purchases through the Website.

Health Data: Images in the formats specified on the Website (with identifying information of the person anonymized), health data related to past illnesses, health data of family members, and the AI-assisted second opinion service prepared by the healthcare professional (with identifying information of the person anonymized).

   2.2 Purposes and Legal Reasons for Processing Personal Data

Categories of Processed Personal Data	Purpose of Processing	Legal Reason
Identity Data Contact Data Transaction Data Transaction Security Data	Performing user membership registrations through the Website within the framework of the membership agreement. Providing access to the Website. Conducting storage and archiving activities. Ensuring the security of the Company's operational activities.	PDPL Article 5/2 (b) "It is mandatory for the protection of the life or physical integrity of the person who is unable to express their consent due to actual impossibility or whose consent is not legally valid”. PDPL Article 5/2 (c) "It is necessary for the processing of personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract." PDPL Article 5/2 (ç) "It is mandatory for the data controller to fulfill its legal obligation." PDPL Article 5/2 (f) "It is mandatory for the processing of data for the legitimate interests of the data controller.”
Health Data	Fulfillment of the services provided by the Company within the scope of the distance sales agreement. Presentation of the outputs of the AI-assisted second opinion service prepared by the healthcare professional to the user within the scope of service performance. Planning and execution of user relationship management processes. Conducting storage and archiving activities within the Company. Financing and planning of the services.	Explicit Consent PDPL Article 5/2 (b) "It is mandatory for the protection of the life or physical integrity of the person who is unable to express their consent due to actual impossibility or whose consent is not legally valid." PDPL Article 5/2 (c) "It is necessary for the processing of personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract."
Identity Data Contact Data Financial Data Transaction Data Transaction Security Data	Fulfillment of the services provided by the Company within the scope of the remote service agreement.  Financing and planning of services. Conducting finance and accounting transactions. Ensuring the security of the Company's operational activities.	PDPL Article 5/2 (a) "It is explicitly stipulated by the laws."  PDPL Article 5/2 (c) "It is necessary for the processing of personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract." PDPL Article 5/2 (ç) "It is mandatory for the data controller to fulfill its legal obligation." PDPL Article 5/2 (f) "It is mandatory for the processing of data for the legitimate interests of the data controller."
Identity Data Contact Data	Planning and execution of the necessary activities for the customization and recommendation of products and services offered by the Company based on the preferences, usage habits, and needs of the relevant individuals. Conducting marketing activities. Managing advertisement/campaign/promotion processes, including contacting you with electronic commercial messages if necessary. Obtaining consent for commercial electronic communication.	·       PDPL Article 5/2 (a) "It is explicitly stipulated by the laws." ·       PDPL Article 5/2 (c) "It is necessary for the processing of personal data of the parties to the contract, provided that it is directly related to the establishment or performance of the contract."

   3. TRANSFER OF PERSONAL DATA

Personal data processed for the purposes explained above may be transferred to the following groups of persons in accordance with the basic principles stipulated in the PDPL and in compliance with Articles 8 and 9 of the PDPL:

Identity, financial, contact, transaction, transaction security, and health data are transferred to cloud operating system service providers that the Company uses for the purpose of executing processes related to the sale, provision, and performance of the services offered by the Company, as well as ensuring operational security, due to the Website being cloud-based.

Identity, contact, and financial data are transferred to relevant payment service providers, banks, and other financial institutions for the purpose of financing the services.

Identity and contact data are transferred to relevant public institutions and organizations for the Company to fulfill its financial and accounting obligations arising from the laws of the Republic of Turkey.

Contact data are transferred to relevant public institutions and organizations to fulfill the Company's obligations arising from the laws of the Republic of Turkey and to service providers for the delivery of commercial electronic messages to you, provided that you have given the Company consent to receive such messages.

The Company may transfer identity, contact, transaction, and transaction security data categories, as well as special categories of personal data in the health data category, to authorized public institutions and organizations both domestically and/or abroad for the purposes specified for each data category above, primarily to fulfill its legal obligations arising from the laws and to follow legal proceedings.

   4. RIGHTS UNDER PDPL

We inform you that, pursuant to Article 11 of the PDPL, relevant individuals have the following rights:

• To learn whether their personal data is processed,
• To request information if their personal data has been processed,
• To learn the purpose of processing their personal data and whether it is used in accordance with this purpose,
• To know the third parties to whom their personal data is transferred domestically or abroad,
• To request the correction of their personal data if it is incomplete or incorrectly processed and to request the notification of the transaction to the third parties to whom the personal data has been transferred,
• Despite being processed in accordance with the PDPL and other relevant laws, to request the deletion or destruction of their personal data in the event that the reasons for its processing no longer exist, and to request the notification of the transaction to the third parties to whom the personal data has been transferred,
• To object to the occurrence of a result against themselves by analyzing the processed data exclusively through automated systems,
• To request compensation for the damage in case of suffering loss due to unlawful processing of personal data.

You can submit your applications regarding the above-mentioned rights in accordance with the provisions of the Communiqué on the Procedures and Principles of Application to the Data Controller, through the Personal Data Application Form available on the Website, and with information/documents verifying your identity in order for our Company to confirm that you are the rightful owner, by delivering it in person or by registered mail to our Company's address at Tepe Prime İş Merkezi, Dumlupınar Bul. No:266, C Blok, İç Kapı No:34 Mustafa Kemal Mah., Çankaya, Ankara, Turkey, or by secure electronic signature, mobile signature, or to the email address info@aisecondopinion.com (using your email address registered in our systems). Depending on the nature of your request, your applications will be concluded free of charge as soon as possible and no later than 30 (thirty) days; however, if the process requires an additional cost, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board.

   5. COMPANY INFORMATION

All Next Health and Technology (“Company”)

Address: Tepe Prime İş Merkezi, Dumlupınar Bul. No:266, C Blok, İç Kapı No:34 Mustafa Kemal Mah., Çankaya, Ankara, Türkiye

E-mail: info@aiSecondOpinion.com

Telephone: +90 312 2216108

MERSIS Number: 0055217714200001