Update: 17, April, 2023

Hillal Biotechnology Inc.

DATA PRIVACY POLICY

Welcome to Hillal Biotechnology Inc. (“HillalBiotech”)’s Privacy and Data Protection Policy (“Privacy Policy”).

At HillalBiotech, we understand the importance of safeguarding your personal data and we are dedicated to complying with applicable data protection laws, including the GDPR. We take our responsibility to protect your privacy seriously and strive to ensure that your personal data is collected, processed, and stored in a secure and transparent manner. This Privacy Policy outlines how we collect and use your personal data, as well as your rights in relation to your personal data. By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use of your personal data as set out in this policy.

 

Our contact details: 

Hillal Biotechnology Inc.

İnciralti Dist. Mithatpasa Str. Morfoloji Apt. No:56-20/Z Balcova / IZMIR - Turkey

Email: info@hillalbio.com

Definitions:

GDPR: The General Data Protection Regulation (EU) 2016/679 (GDPR)

Personal Data: Information relating to an individual who can be directly identified. Personal Data includes information as well as expressions of opinion or intentions.

Data Controller / Controller: The organization that determines the manner and purposes for which Personal Data is to be processed. In this case, HillalBiotech.

DPO: The Data Protection Officer, a person appointed to deal with all data-related matters. Our DPO at the time of creating this policy is Emre MEMO. You can address any data-related issues or questions to this person at the following email: emrememo@hillalbio.com

Processors: Staff members of HillalBiotech authorized to discharge the responsibilities of the Data Controller.

“Staff members” – employees, contractors, consultants, and anyone acting on behalf of our organization.

Users: Any individual who either browses the public website, engages with our support, speaks with our staff, creates a profile, or uses our site or APP or test kit.

Personal Data Breach: Loss, theft, or unauthorized access, use or disclosure of Personal Data.

Privacy Policy: This document.

“Our website” or “The site” – www.hillalbio.com or www.spermcell.net

“Our APP” – a downloadable mobile application – SpermCell™ currently available on the Apple APP store and on Google Play and, in the future, could be available on additional sites or stores.

“Third parties” – Suppliers, business contacts, staff members of our users and any other people that we may need to contact.

The Information That We Collect and Store:

Personal Data means any information about an individual from which that person can be identified. We currently collect and process the following information about some individuals to improve the SpermCell™ – Smartphone Applied Sperm Analyzer customer experience.

If you sign up on the APP or on the site, you create a profile that includes the following data:

Profile Data (Optional): first name, last name, age, and gender.

Contact Data: includes approximate location data, email address, wi-fi name, internet connection details, connection speed.

Communications Data: includes your preferences in receiving support from us and your communication preferences.

We also collect the following data when you log onto the site or APP, we collect:

Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, operating system, and other technology on the devices you use to access this website.

Customer Support Data: includes feedback and survey responses. If you have engaged in a webchat or contacted us by email or on live chat, we will retain a record of that conversation

Usage Data: includes information about how you use our APP, website, products, and services.

As explained here, there are limited circumstances, when we collect data about your health which is a special category of Personal Data called Protected Health Information (PHI) and is entitled to increased protection.

In most cases, when you use the APP to upload test results, we do not know and have no way of knowing that results belong to a particular person. In these circumstances, although we have results data, they are entirely anonymous.

However, in some cases, such as a voluntary account sign-up, support enquiry, or question concerning test results, we may receive, store your results anonymously. In this case, we would have both personally identifiable information and the results of the user’s semen analysis tested by our APP (SpermCell™), including qualitative results of Sperm Concentration, Motility, Velocity, Volume and Semen Quality Reviews and a video recording of the user’s sperm.

We acknowledge the sensitivity of your health data and have therefore implemented a policy that is meant to make sure that we never store more data than we need, we only store such data for the minimum amount of time required, we keep it under strict security protocol and dispose of it regularly. If you would like to know more, please get in touch with our DPO.

Other than the health data described above, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, and genetic and biometric data) unless voluntarily provided. Nor do we collect any information about criminal convictions and offences.

How do we collect this information?

Most of the personal information we process is provided to us directly in the following way/s:

You create an account and provide us with your email address

You upload test results

When you create an account with us, you agree to disclose your personal data to us (specifically, your email, and location).

When you upload your test results, you complete a declaration and agree to give us access to them for limited purposes.

What do we do with your information?

The information that we receive from you, is received for the following reasons:

We analyze the test results to check whether the problem reported by the customer is related to a software bug or any other software issue. Then we are using the email address to contact and support the customer.

Geo-location data – we use this data to establish a Wi-Fi connection and suggest physicians in your proximity.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

There are numerous justifiable reasons under the GDPR that allow collection and processing of Personal Data. We rely mainly on:

Consent: Certain situations allow us to collect your Personal Data, such as when you create and account and provide us with your email or upload your test results and authorize us to receive this data. You are thereby consenting that we receive, hold, and process the data.

‍Contractual Obligations: We may require certain information from you to fulfil our contractual obligations and provide you with the promised service.

Legal Compliance: We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.

Legitimate Interest: We might need to collect certain information from you to be able to meet our legitimate interests – this covers area that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom, or interests. Examples could be your geolocation, so that the APP can suggest physicians or other service providers in your physical proximity.

For the collection of special category data (Protected Health Information), we rely on explicit consent. 

We may share this information with:

We may share your Personal Data with subcontractors (only when necessary and with your consent) or affiliates or for the purpose of additional clinician recommendations or physician referral (subject to confidentiality obligations to use it only for the purposes for which we disclose to the user and pursuant to our instructions).

We may also share Personal Data with interested parties in the event that HillalBiotech anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology.

If HillalBiotech is sold or sells or makes a transfer, we may, in our sole discretion, sell or transfer your Personal Data and Protected Health Information to a third party as part of such transaction. Upon such transfer, the Data Privacy Policy of the acquiring organization may govern the subsequent use of your Personal Data. In such case or in connection with the licensing of our technology, we may also share it with interested parties.

In all other situations your data will remain protected in accordance with this Data Privacy Policy (as amended from time to time).

We may share your Personal Data Protected Health Information at any time if required for legal reasons or to enforce our Terms of Use for our Site/Terms of Service or this Data Privacy Policy.

Our APP or Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our APP or Site, please review the privacy policy of every website you visit.

How we store your information 

Your information is securely stored in PostgreSQL. We store the data on secure cloud services running in Helsinki, Finland. PostgreSQL is a powerful, open-source object-relational database system with over 35 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance and have stated that the model clauses relating to transfer of data between the EU and Turkey are fully compliant with the GDPR. We urge you to read their statements and policies in full.

We generally don’t delete the information that we hold for the benefit of our users who may want to use our services in the future but in the event that we requested results data, which is special category data, we would make every effort not to hold it for more than a year and we will do so by fully anonymizing any results data that we have received such that it could not be linked to a particular person. You can also request to delete data which refers to you by contacting the company.

We have implemented a concept of security by design and constantly apply rigid data protection measures to secure your data.

We take at least the following measures:

We are protecting databases with unique password (database is accessible from a website which is password protected)

Each internal user has a unique password.

We encrypt our databases.

We encrypt our passwords.

We implemented an Audit trail, so that we can investigate any issues.

We conduct regular vulnerability testing at least once a year

We maintain a risk management policy, regularly assess, and address risks related to privacy and security

We use an encrypted HTTPS protocol for our websites.

Even though we follow industry best practices and make great efforts to protect your data, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure or have any reason to believe that a data breach has occurred, please contact us urgently.

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erase your data – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your Protected Health Information and Personal Data in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.  Please contact our DPO with any data-related issues including any of the requests detailed above.

Additional matters

Marketing consent – You will receive marketing and new content communications from us if you have created an account. You can ask us to stop sending you marketing HillalBiotech sages by changing the communication preferences in your account with us.

Purpose – We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Our DPO is always available to explain how the new purpose is compatible with the original purpose. We may process your personal data without your knowledge or consent, but we must have a legal basis to do so as detailed above.

How long will we retain your data for? – We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for.

International transfer of data – Your information may be stored and processed in Finland  or other countries outside the Turkey where we have cloudservers. Insofar as we store data in cloud, we will always use providers that have implemented the model contract clauses that enable transfer of data between the all server and Turkey. By using the SpermCell™ APP, you are permitting and consenting to the transfer of information, including personal data, outside of the Turkey.

Age limits for our users – You must not use SpermCell™ unless you are aged 18 or older. If you are under 18 and you access SpermCell™ by lying about your age or are otherwise in breach of our Terms of Use for our Site or Terms of Service and this Privacy Policy, you must immediately stop using SpermCell™ and terminate your account. The website or our SpermCell™ APP is not intended for children and we do not knowingly collect data relating to children.

Notification of changes and acceptance of policy – We keep our Privacy Policy under review and will place any updates on this webpage. This version is dated June 17, 2021. By using our website and our APP, you consent to the collection and use of data by us as set out in this Data Privacy Policy. Continued access or use of our website and our APP shall constitute your express acceptance of any modifications to this Privacy Policy.

 

Hillal Biotechnology Inc.

Quality Management