Curia | El poder de la información en las manos del paciente

Política de Privacidad de la Aplicación CURIA

Uso de nuestra aplicación móvil1

Innoplexus AG is committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws.

This document sets out our policies for managing your personal information and is referred to as our Privacy Policy.

We appreciate that your privacy is important to you. Innoplexus AG will continue to protect the personal information you provide us.

In this Privacy Policy, “we” and “us” refers to Innoplexus AG and “you” refers to any individual about whom we collect personal information.

By using our mobile app, you are accepting the terms of this Privacy Policy, and you are consenting to our collection, use, disclosure, retention and protection of your personal information as described in this Privacy Policy.

We will take all reasonable steps to ensure that all information we collect, use or disclose is accurate, complete, up-to-date and stored in a secure environment.

A. Information on the collection of personal data

General

1. We provide you with a mobile app (“CURIA”) that you can download to your mobile device. In the following, we provide information about the collection of personal data when using CURIA. The type of personal information that we collect will typically include:

  • your name, e-mail, postal address and other contact details;
  • information about your employer or an organisation who you represent;
  • your professional details; and
  • any additional personal information you provide to us, or authorise us to collect, as part of your interaction with Innoplexus AG.

2. The person responsible is
Innoplexus AG,
Frankfurter Str. 27, 65760 Eschborn, Germany
info@curia.app (ver nuestro pie de imprenta: www.curia.app/impressum) („Innoplexus“).

3. The company data protection officer of Innoplexus can be contacted at the above address, at Datenschutzabteilung, or at compliance@innoplexus.com

4. When you contact us via email or a contact form, we will store your email address and, if you have provided it, your name and telephone number to answer your questions. We delete the data arising in this connection after storage is no longer required or – in the case of legal storage obligations – restrict processing.

5. If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.

What information we collect

6. Personal information that includes your name, postal address, email address, telephone numbers and contact details and information for identification purposes.

7. Health information that includes text, digital images, sound recordings and other data, concerning past, present or future medical or mental health condition or past, present or future medical treatment or payment for medical or mental health treatment that is traceable or identifiable to an individual.

8. Log file data. When using CURIA, we collect the following log file data:

  • IP address, also in the API logs;
  • Date and time of the request;
  • Content of the request (concrete page, concrete API endpoint);
  • Access Status/HTTP Status Code;
  • Amount of data transferred in each case;
  • End device from which the request comes;
  • User Agent;
  • Operating system and its interface; and
  • Language and version of the User Agent.

This data is mandatory for us from a technical point of view in order to offer the various functions of CURIA as well as to ensure the stability and security of CURIA and, on the other hand, to enable a comfortable use of the functions.

Las direcciones IP de los archivos de registro se eliminan después de 14 días.

9. For the purpose of this Privacy Policy, Personal Information, Health Information and Log File Data constitute Personal Data.

B. Registering with Curia

1. When CURIA is started for the first time, we assign a unique installation ID for each installation, which is stored on an Innoplexus server. It contains no personal data. If you delete CURIA and then reinstall it, a new installation ID will be generated. This will be assigned so that a connection to the Innoplexus server can be established when starting CURIA on the mobile device to check if the version of CURIA you are using is still up to date. CURIA can be updated to implement new features or to ensure data security.

Registering with CURIA

2. You must register with your first and last name, e-mail address, telephone number in order to take advantage of CURIA’s free services. This creates a contract of use between Innoplexus and you and you will receive your own user account.

3. The Personal Data you provide will be transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of data protection.

Logging in with CURIA

4. You can log in with CURIA by using your Google user account. Google will ask you to authorise your information (name, email address) to sign into CURIA.

5. While logging in with CURIA using your Google account, we will collect and store your first and last name and your email address.

6. To determine what extent the Personal Data disclosed by you through the subsequent use of CURIA when registering or logging in with CURIA will be processed by Google, please refer to the Google privacy policy.

7. You can also log in with CURIA by using your Apple user account. Apple will ask you to authorise your information (name, email address) to sign into CURIA.

8. While logging in with CURIA using your Apple account, we will collect and store your first and last name and your email address.

9. To determine what extent the Personal Data disclosed by you through the subsequent use of CURIA when registering or logging in with CURIA will be processed by Apple, please refer to the Apple privacy policy.

C. Processing data

When using CURIA

General

1. When downloading CURIA, the required information is transferred to the App Store or Google Play store, in particular user name, email address, time of download and the individual device ID number and is processed pursuant to Apple’s privacy policy or Play store privacy policy, linked here: https://www.apple.com/legal/privacy/en-ww/ and https://policies.google.com/privacy?hl=en-US.

2. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading CURIA to your mobile device. This processing takes place on the basis of your consent.

3. We use different technologies and procedures to help protect Personal Data from unauthorised access, loss, alternation, disclosure or use. Our commitment to data security means:

  • we have procedures to limit access to Personal Data within our organisation;
  • we use security measures and technologies within our organisation to protect your Personal Data; and
  • we use service providers that can establish that they have secure controls relating to software security, access security and network security.

4. CURIA is not hosted in Australia. For that reason, we transfer all data (including all Personal Data) to our hosting service provider. In addition, web traffic information we collect, such as data collected by Google Analytics may be stored overseas.

5. By uninstalling, the active processing of your Personal Data is stopped. 30 months from the date of uninstalling, the data will be deleted due to the discontinuation of purpose, unless we are subject to any statutory retention obligations. We accept the loss of purpose after this period because we assume that it is no longer likely that you will use our services again after this period. However, in order to give you the opportunity to restore your profile after a shorter period of time, e.g. because you deleted the app earlier for lack of necessity, we temporarily store the data for you.

Deletion of account

6. You can delete your account at any time by clicking the “Delete my personal data” button within CURIA. The Personal Data processed by us will be deleted or blocked or restricted in their processing. The data stored by us will be deleted as soon as the purpose of storage no longer applies and the deletion is not contradicted by any legal storage obligations.

Receiving and providing information

7. If you would like to receive information about possible treatment options, physicians and clinical studies, you can fill out the questionnaire provided by us with questions about your clinical picture. Cancer-specific parameters will be asked, such as information on genetic mutations, the status of the respective cancer, etc. The information you provide is voluntary and serves the sole purpose of enabling us to provide you with information.

8. The processing is based on your consent. You are free to revoke your consent at any time with effect for the future without giving reasons. This does not affect the legality of the processing carried out up to that point.

9. You also have the option of registering for participation in clinical studies. To do so, you must provide the following information: Information about the study you wish to register for, your location, contact information (telephone number or e-mail address), information about your medical inclusion and exclusion criteria. The provision of this Personal Data is voluntary. The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with effect for the future without giving reasons by selecting the option “Delete all my personal data” in the app. This gives you the option to delete all Personal Data. After clicking on the “Delete all my personal data” option, you will receive an automated email confirming the deletion of your data. This does not affect the lawfulness of the processing that took place until the revocation.

10. The completed questionnaires and applications for participation in clinical trials are transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of data protection. If you have met all eligibility criteria for the clinical trial request, the Personal Data you have provided will be transferred to the internal Innoplexus clinical trial dashboard. This data can be accessed by the CURIA team, which is partly based in India and is part of Innoplexus Pune. Here, an appropriate level of data protection is ensured through the conclusion of standard contractual clauses.

Data handling

11. We use Google Analytics and Google Firebase, both services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to

a. analyse the general use of CURIA, especially app installations/uninstallations, disease questionnaires, activities in the search for treatment and enrollment in clinical trials, starting a session and forgetting a password (Google Analytics).

b. collect diagnostic data to ensure technical stability of the app (Google Firebase).

12. Your IP address will be processed. We use the anonymization function of Google, whereby the IP address is shortened in the EU/EEA for anonymisation purposes and is transmitted in shortened form to Google servers in the USA. We use the anonymised reports on the general use of CURIA created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of CURIA. The reports we receive contain no Personal Data. We process the information for the aforementioned purposes on the basis of your previously granted consent.

13. The data is processed in the USA, for which we have so-called standard contractual clauses with Google that guarantee an appropriate level of data protection.

14. The data will be deleted when they are no longer necessary for the purpose of their collection because the option to collect and further process information on diagnosis and usage behavior in CURIA has been deactivated.

15. You are free to revoke your consent at any time with effect for the future without stating reasons. This does not affect the legality of the processing that has taken place up to that point.

Marketing

16. We may use or disclose your personal information for the purpose of direct marketing.

17. Before we use your personal information for direct marketing, we will seek your consent in advance.

18. At any time you can request that we do not use your personal information for direct marketing, in which case we will comply with your request.

Cross-border disclosure of personal information

19. We will disclose your personal information overseas.

20. We will take reasonable steps to ensure that the overseas recipient of your personal information does not breach the Australian Privacy Principles.

21. We will disclose your personal information to entities that we reasonably believe that:

a. the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and

b. there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme.

When using the Cancer Twin feature

22. A Cancer Twin is a patient in the CURIA community whose cancer diagnosis is similar to yours. Cancer Twins can use a private chat to share experiences. The chat is based on Ethereum blockchain technology. The aim of the new feature is to bring cancer patients together.

23. As part of a matching process, you as a user will be matched together with up to 3 other cancer patients, Cancer Twins, who have activated this feature and have a similar profile.

24. In order to find a matching Cancer Twin, the following parameters are compared, which we collect from you to carry out the matching process:

  • Cancer indication;
  • Stage;
  • Hormone receptors;
  • Genetic markers;
  • Sex;
  • Age;
  • Other health data, depending on cancer type; and
  • Distance

25. The purpose of this feature is to bring together cancer patients and promote the exchange of experiences and information between patients who have a similar cancer diagnosis. The processing is based on your explicit consent. You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.

26. If the last login date is more than 6 months ago, the corresponding profile is automatically removed from the database and can no longer be matched with new Cancer Twins.

27. Cancer Twins can exchange information in a chat integrated in CURIA. Patients must register for the feature and select a nickname before being matched with their Cancer Twin(s). This nickname can be edited in the settings. When users exchange messages via the built-in chat, the end-to-end encrypted messages are stored on a public Ethereum blockchain.

28. For this purpose, Innoplexus has provided a node that takes on the function of an intermediary to forward the chat message to the Ethereum blockchain. Before a message is transmitted and stored on the blockchain, it is fully encrypted locally on the patient’s mobile device using end-to-end encryption. The private key needed to encrypt the message is stored on your physical device the whole time and is not shared with Innoplexus or other users. Only when the encrypted message is received by the Cancer Twin, this message is decrypted with a corresponding key on the mobile device of the Cancer Twin who is to receive the message.

29. The purpose of this chat function is to enable the exchange of information and experiences in a simple way and without big hurdles, offering at the same time a high level of security. The processing is based on your consent.

30. You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point. In this case, the chat associated with your profile will be deleted from your device. In this case, the private key is lost and no one can decrypt the data, not even CURIA or Innoplexus AG. The nickname and chat content on the device of the Cancer Twin with whom messages were exchanged also disappear. Besides this, your profile will be automatically removed from the Cancer Twin database if the last login date is more than 6 months ago.

31. The server location cannot generally be assigned to a specific country due to the blockchain infrastructure (Public Ethereum blockchain), but by encrypting the chat content using a public key encryption method, the data is highly pseudonymised for everyone else, so that a data transfer to a third country can be considered “safe”.

Los metadatos codificados no se almacenan en la blockchain de Ethereum.

D. Processing of personal data when using the “Second Opinion” feature

We only collect personal information for purposes which are directly related to our services, functions or activities and only when necessary for, or directly related to those purposes. If you do not provide your personal information, we may not be able to provide some or all of our services or products to you or contact you in order to perform the functions and activities set out in this Policy.

After you have registered in the CURIA app and created a user account, you can use the “Second Opinion” feature to obtain a second medical opinion on your Cancer. In addition to confirming your Cancer diagnosis, this contains suggestions for possible therapies, further steps to take, and advice for family members.

Uploading or Disclosing of material information

In order for our physicians to provide accurate Second Opinions services regarding your health, you may be required to provide us with basic data limited to your Date of Birth, Gender, Address, Email ID, Phone numbers, initial diagnosis of your Cancer, past and current medical records, a description of symptoms, a medical history, lifestyle descriptions, any imaging or other diagnostic test results, and other relevant medical information and/or documentation (collectively, the “Medical Information”) as below:

  • Doctor’s letter
  • CT Scan Reports
  • MRI Scan Reports
  • PET Scan Reports
  • Ultrasound/Endoscopic Reports
  • Surgery Reports
  • Histopathology/Lab Reports
  • Biopsy/Molecular Markers Reports

In addition, you have the option to upload further documents via a Contact form integrated in the CURIA app, as well as to write requests or comments that should be taken into account by the doctor when preparing the second opinion. You understand and agree that you will be solely responsible for all the medical data you have uploaded, together with your basic data (excluding e-mail address and telephone number) and a patient ID assigned to you, will be transmitted to a doctor located worldwide who specializes in treating the Cancer diagnosis you have specified. This doctor will prepare a second opinion and send it to you via the CURIA app. The medical data will not be passed on to third parties.

The processing is based on your Consent as permitted under the Privacy Act 1988. You are free to revoke your Consent at any time without giving reasons with effect for the future. This will not affect the lawfulness of the processing carried out until then. The aforementioned health data will be processed for the purpose of obtaining a second opinion.

Duración del almacenamiento

Sus datos solamente se almacenan durante el tiempo necesario para la finalidad anteriormente reseñada o durante el plazo de conservación legal pertinente.

If you revoke your Consent, your data will be deleted immediately if we do not need it for aa) fulfilling a legal obligation or bb) asserting, exercising or defending legal claims. After statutory retention periods and all limitation periods expire, we delete your data irrevocably.

Data Storage

Usted puede oponerse en cualquier momento al tratamiento de sus datos personales, siempre y cuando no prevalezcan motivos legítimos imperiosos para el tratamiento.

Your data will only be stored as long as is necessary for the aforementioned purposes or as long as legal retention periods require us to store it.

If you object to the processing, your data will be deleted immediately if we do not need it for (a) fulfilling a legal obligation or (b) asserting, exercising or defending legal claims. After statutory retention periods and all limitation periods expire, we delete your data irrevocably.

Deletion of data

Nosotros suprimimos sus datos personales cuando ya no son necesarios para cumplir la finalidad del tratamiento de datos ulterior. Normalmente esto suele ser el caso al finalizar el plazo de prescripción, comenzando con el final del año en el que se finaliza la relación contractual, por ejemplo, mediante eliminación de su cuenta de usuario. Tras finalizado el plazo de prescripción, sus datos se bloquean, y luego se suprimen tras finalizar las obligaciones legales de conservación.

You may object to the processing of your personal data processed unless there are compelling legitimate grounds for the processing.

Allocating a Physician

The physician appointed under the Second Opinion Services are among the qualified physicians, healthcare professionals etc that are legally binded with medical duties and responsibilities that comply with the applicable laws and regulations under the Cooperation Agreement with Innoplexus (“Curia App”) while performing their duties under Second Opinion Services

You acknowledge and agree that the report obtained from the Second Opinion Services should not in any form, shape or fashion constitute a diagnosis, medical advice, treatment, medical care or establish any doctor patient relationship. Furthermore, you understand that your doctor(s) shall directly communicate to you all information contained in the Second Opinion report obtained from the Services

Payment of Fees

Transaction is possible by means of Credit/Debit card:

We use third parties to provide Credit/Debit Card processing. When you sign up for such services, we will share your user information only as necessary for the third party to provide that service. These third parties are prohibited from using your user information for any other purpose. With respect to Credit/Debit Card processing, we do not collect, store, or process any Credit/Debit card information. If you do not want your information to be shared, you can choose not to allow the transfer of your information by not using that particular service. If you use a credit card to set up an account or pay for the Service, you must be authorised to use the Credit/Debit Card information that you enter while making such Payments.

All fees related to the obtaining of “Second Opinion”, are subject to change upon 30 days’ notice from Innoplexus. Such notice may be provided at any time by updates to the Curia app.

E. Your rights

Access the personal information

1. We are happy to provide you with details of Personal Data held about you. You are allowed access to the Personal Data we hold about you.

Correction of information

2. You are allowed to ask us to take reasonable steps to correct any Personal Data that is inaccurate, out of date, incomplete, irrelevant or misleading.

Complaints

3. If you believe that your Personal Data has been misused, you can inform us of your complaint by writing to us and we will attempt to resolve the matter.
compliance@innoplexus.com

Responsible for us is the
Comisario de Protección de Datos y Libertad de Información de Hesse
Gustav-Stresemann-Ring 1
Apartado de correos 3163
65189 Wiesbaden, Alemania
Teléfono: +49 (0) 611 14080

4. If you are not satisfied with the outcome of your complaint you may refer the matter to the

Revocation of consent

5. If you wish to revoke your consent and not just temporarily suspend its use, you can do so by clicking the “Delete all my personal data” button.

Changes to our privacy policy

6. If we decide to change this Privacy Policy, we will post those changes on this page, and update the privacy policy modification date below.

7. This privacy policy was last modified on 23rd June, 2022.