Privacy Policy & GDPR Notice

1. Data Controller

In accordance with Law No. 6698 on the Protection of Personal Data ("KVKK") and the General Data Protection Regulation ("GDPR"), your personal data may be processed by Allergy Mate Teknoloji Anonim Şirketi ("Company" or "Allergy Mate") as the data controller, within the scope described below.

  • Registration No: 0055221892200001
  • Address: Reşitpaşa Mah. Katar Cad. İtü Arı Teknokent 3 Binası No: 4 İç Kapı No: B204 Sarıyer / Istanbul, Turkey
  • Email: info@allergy-mate.com

2. Purposes of Processing Personal Data

Your personal data will be processed by the Company for the following purposes, within the framework of the personal data processing conditions and purposes specified in Articles 5 and 6 of KVKK and GDPR:

Service Provision:

  • Creating and managing your user account.
  • Using your health data (allergies, intolerances, reaction history, etc.) provided through the application to create a personalized allergy profile.
  • Analyzing product ingredients scanned through optical character recognition (OCR) technology and providing instant feedback such as "suitable", "risky" or "unsuitable" according to your personal allergy profile.
  • Offering alternative product recommendations suitable for your allergies and intolerances.
  • Creating potential allergy and intolerance risk reports through surveys and forms you complete.
  • Answering your allergy-related questions through AI-powered chatbot features.

Improvement and Development:

  • Analyzing the performance of our application and services, improving user experience, and developing new features.
  • Conducting market analysis, statistical studies, and R&D activities using anonymized and aggregated data that cannot be associated with your identity to improve our services.

Communication and Marketing:

  • Communicating with you about updates, technical support, and administrative messages regarding our services.
  • With your explicit consent, sending you personalized campaigns, promotions, and marketing notifications.

Legal Obligations:

  • Complying with legal and regulatory requirements (KVKK, GDPR, HIPAA, FDA standards, etc.).
  • Responding to legal requests from authorized institutions and organizations.
  • Enforcing our terms of service and preventing potential fraud or security breaches.

3. Categories of Personal Data Processed and Legal Basis

  • Identity and Contact Data (Name, surname, email address, password): Contract performance, legitimate interest of the data controller.
  • Special Category Personal Data (HEALTH DATA): Allergies, intolerances, food and substance sensitivities, past allergic reactions, symptoms, and health information shared in surveys. As these data constitute the essence of the service, they are processed only with your EXPLICIT CONSENT pursuant to Article 6 of KVKK and Article 9 of GDPR.
  • User Activity Data (Scanned products, feedback, favorite products, in-app interactions): Contract performance, legitimate interest of the data controller.
  • Technical Data (Device information, IP address, operating system, cookies): Legitimate interest of the data controller, legal obligation.

4. Parties to Whom Personal Data is Transferred and Transfer Purposes

Your personal data may be shared with the following parties domestically and/or internationally, taking necessary security measures in accordance with Articles 8 and 9 of KVKK and Chapter V of GDPR:

  • Technology Infrastructure Providers: Business partners from whom we receive cloud services (AWS, Google Cloud), data analysis, and OCR services (Azure) necessary for the application's operation.
  • Business Partners and Advisors: Healthcare professionals, lawyers, and financial advisors with whom we collaborate to improve service quality (under confidentiality agreements).
  • Anonymous Data Recipients: Food, cosmetics, and e-commerce companies with whom we share anonymized and aggregated data that completely eliminates your personal identity for market analysis and product development purposes.
  • Authorized Public Institutions and Organizations: When legally required.

5. Rights of Data Subjects (KVKK Article 11 & GDPR Chapter III)

As a data subject, your rights include:

  • Learning whether personal data is being processed,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing and whether it is used appropriately,
  • Knowing third parties to whom personal data is transferred domestically or internationally,
  • Requesting correction if personal data is incomplete or incorrectly processed,
  • Requesting deletion or destruction of personal data within the framework of conditions stipulated in KVKK/GDPR,
  • Requesting notification of operations performed under (e) and (f) to third parties to whom personal data has been transferred,
  • Objecting to a result that emerges against the person through analysis of processed data exclusively by automated systems,
  • Requesting compensation for damages suffered due to unlawful processing of personal data.

To exercise these rights, you can submit your requests in writing to the email address specified above.