Nodusa GDPR & Privacy Policy
As the Nodusa Application (hereinafter, “Data Controller”, “Nodusa” or “Application”) (Alacaatlı Mah. 3381/1. Cad. No:8/37 Çankaya/ANKARA), operating under the sole proprietorship of Mehmet Tuna Aygün, we attach great importance to the security and privacy of your personal data. Your personal data is collected and processed within the scope of this Privacy Notice
Nodusa is a mobile application developed to enable physicians to systematically record health data, patient images, and records regarding their patients. The Application is accessible in the form of mobile application in iOS and Android, and designed to store all patient data locally on the user's registered device. Nodusa operates on a Strict Local Storage architecture, meaning that patient records, photos, videos, and notes are NEVER uploaded, transferred, or stored on Nodusa's servers, databases, or any third-party cloud infrastructure managed by Nodusa. All patient data remains under the exclusive physical and cryptographic control of the user on their personal device. Nodusa acts as a data controller regarding the collection, use and sharing of the information that you provide. When you register and subscribe to the platform, you agree to act as the data controller for the health data of the patients to be registered in the system. This means that data related directly with patients are processed according to your instructions as data controller.
1. PROCESSED PERSONAL DATA
By using our Platform, you may provide us with information, some of which may identify you. This information contains in particular the following data:
- Identity Information: Name Surname
- Contact Information: Phone number, email address
- Transaction Security Information: Şifre/Parola bilgileri, IP adres bilgileri, Log Kayıtları
- Professional Experience Information: Professional knowledge, title, area of expertise/department
- Other Information: Data types to be determined by the user: subscription information, device information.
2. PURPOSES OF PROCESSING YOUR PERSONAL DATA
Your personal data is collected and processed by Nodusa directly from you through the application for the purposes mentioned below, based on the legal grounds listed in Articles 5, 6, 8 and 9 of the KVKK (Personal Data Protection Law).
| OBJECTIVES | LEGAL BASIS | DATA CATEGORY |
|---|---|---|
| Creating your account on the application |
|
|
| The operation of the application and the provision of services through the Application |
|
|
| Storage of user records and allowing you to personalize your profile on the Application |
|
|
| Ensuring that you benefit from the products and services provided within the scope of your membership |
|
|
| You will be contacted regarding your membership and activities. |
|
|
| In cases where authorized institutions or organizations request something from our company, or where we are expected to notify these institutions, we will fulfill our legal obligations. |
|
|
In some of its operations, the application may require your explicit consent when processing your personal data. Our company collects, stores, and processes the personal data listed below based on your explicit consent, in accordance with Article 5/1 of the KVKK (Personal Data Protection Law), for the purposes listed below.
| OBJECTIVES | LEGAL BASIS | DATA CATEGORY |
|---|---|---|
| Providing access to photo and video recordings in the user library. | Explicit consent |
|
| Accessing the application using Face ID. | Explicit consent |
|
3. ANONYMIZATION AND DELETE OF YOUR PERSONAL DATA
Patient Data: Photos, videos, and notes belonging to patients you add to the application are NOT SENT TO OR STORED ON APPLICATION’S SERVERS. This data is stored encrypted solely on your device or in your personal cloud account under your control. The Application does not have access to the written records of the transactions carried out by users regarding their patients and does not process or transfer such records.
Your personal data is retained for the duration of your membership and for the period of legal retention obligations (e.g., tax laws). When you delete your membership, your data on our servers is immediately deleted or anonymized.
4. INABILITY TO PROCESS, STORAGE, AND TRANSFER WRITTEN NOTES AND VISUAL RECORDS OF USERS REGARDING THEIR PATIENTS
Within the scope of the application, photographs of the user's patients are retrieved directly from the user's registered device's local gallery or cloud system (iCloud and Google Drive). This patient data is not processed, stored, or transferred in any way within the application's infrastructure, servers, or by the company that developed the application.
Nodusa is unable to access, process, or transfer written records of actions users take regarding their patients.
5. YOUR RIGHTS AS A DATA SUBJECT (GDPR ARTICLES 15-21)
You have the right to receive a copy of your Personal Data in our possession (“right of access”).
- For processing activities carried out on the basis of your consent, you may withdraw your consent at any time
- You can also request the erasure of your Personal Data as well as the rectification of erroneous or obsolete Personal Data (“right of erasure and right of rectification”). Please note that Application may retain certain information about you when required to do so by law or when we have a legitimate reason to do so.
- You also have the right to object at any time to (i) the processing of your Personal Data for direct marketing purposes, or (ii) other processing carried out on the basis of our legitimate interest for reasons relating to your particular situation (“right to object”).
- You have the right to limit the processing carried out on your Personal Data (“right to limitation”). Please note that this right only applies if (i) you contest the accuracy of your Personal Data for the period allowing us to verify the accuracy of your Personal Data; (ii) in the event of unlawful processing on our part and you request a limitation of their use rather than erasure, (iii) we no longer need the personal data for the purposes of the processing but you still need them for the establishment, exercise or defense of legal claims; iv) in the event of exercising your right of opposition during the verification period to determine whether the legitimate reasons we are pursuing prevail over yours.
- You also have the right to portability of your data, i.e. the right to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable format and the right to transmit this data to another data controller (“right to portability”).
- You have the right to lodge a complaint with the competent supervisory authority or obtain redress from the competent courts if you consider we have not respected your rights.
- You also have the right to define directives relating to the fate of your Personal Data after your death.
- The right to object to an outcome that is detrimental to oneself, resulting from the analysis of processed data exclusively through automated systems.
- To exercise these rights, you can contact our Personal Data Protection Officer according to the terms defined in article 13 below.
6. IF YOU WISH TO CONTACT US REGARDING YOUR RIGHTS AND CLAIMS
For any questions relating to this Privacy Policy or for any request relating to your Personal Data, you can contact Nodusa by sending an email to destek@retuna.co or by sending us a letter to the address mentioned at the top of this document.