Curia | El poder de la información en las manos del paciente
Uso de nuestra aplicación móvil
A. INFORMATION ON THE COLLECTION OF PERSONAL DATA
1. We provide you with a mobile app (“CURIA") que puede descargar en su dispositivo móvil. A continuación, le proporcionamos información sobre la recogida de datos personales durante el uso de CURIA. Los datos personales son todos los datos que pueden estar relacionados personalmente con usted, p. ej. nombre, dirección, direcciones de correo electrónico, comportamiento del usuario.
2. The person responsible (Data Controller) in accordance with Art. 2.3 of the Nigeria Data Protection Regulation (GDPR) 2019 is
Frankfurter Str. 27,
65760 Eschborn, Germany
email@example.com (ver nuestro pie de imprenta: www.curia.app/impressum) (“Innoplexus“, “We”, “Us”, “Our”).
3. Data Subject, You,: You, as the user of the App, will be reffered to throughout this Terms with second-person pronouns such as You, Your, Yours, or Data Subject.
4. Puede ponerse en contacto con el responsable de protección de datos de la empresa Innoplexus en la dirección anterior, en Datenschutzabteilung o en firstname.lastname@example.org.
5. When You contact us via email or a contact form, we will store your email address and, if you have provided it, your name and telephone number to answer your questions. We delete the data arising in this connection after storage is no longer required or – in the case of legal storage obligations – restrict processing.
6. If We use contracted service providers for individual functions of our offer or wish to use Your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.
7. The processing is based on your consent (Art. 2.3 (1) (2) NDPR 2019). You are free to revoke your consent at any time with effect for the future without giving reasons. This does not affect the legality of the processing carried out up to that point.
B. INFORMATION SECURITY AND TRANSFER OF PERSONAL INFORMATION TO OTHER COUNTRIES. Art 2.11 NDPR 2019
8. In order to provide the Services, We may transfer, process and store personal information in a number of countries, and may also use cloud-based services for this purpose. We may also subcontract storage or processing of Your information to third parties located in countries other than Your home country. Information collected within one country may, for example, be transferred to and processed in another country, which may not provide the same level of protection for personal data as the country in which it was collected.
10. We have implemented physical, electronic, and procedural safeguards in order to protect the information, including that the information will be stored on secured servers and protected by secured networks to which access is limited to a few authorized employees and personnel in accordance with Art 2.6 NDPR 2019.
C. PROCESSING OF PERSONAL DATA WHEN USING CURIA
12. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading CURIA to your mobile device. This processing takes place on the basis of your consent according to Art. 2.3 (2) (a-e) NDPR 2019.
13. By uninstalling, the active processing of your personal data is stopped. 30 months from the date of uninstalling, the data will be deleted due to the discontinuation of purpose, unless we are subject to any statutory retention obligations. We accept the loss of purpose after this period because we assume that it is no longer likely that you will use our services again after this period.
14. However, in order to give you the opportunity to restore your profile after a shorter period of time, e.g. because you deleted the app earlier for lack of necessity, we temporarily store the data for you.
15. Sin embargo, si desea revocar su consentimiento y no solo suspender temporalmente su uso, puede hacerlo haciendo clic en el botón "Eliminar todos mis datos personales".
D. COLLECTION OF DATA
16. When using CURIA, We collect the following archivo de registro:
– IP address, also in the API logs
– Date and time of the request
– Content of the request (concrete page, concrete API endpoint)
– Access Status/HTTP Status Code
– Amount of data transferred in each case
– End device from which the request comes
– User Agent
– Operating system and its interface
– Language and version of the User Agent.
17. On the one hand, this data is mandatory for us from a technical point of view in order to offer the various functions of CURIA as well as to ensure the stability and security of CURIA and, on the other hand, to enable a comfortable use of the functions. This processing purpose also represents the legitimate interest which, according to Art. 2.2 and 2.3 (2) (a-e) NDPR 2019, is the legal basis for data processing. IP addresses in log files are deleted after 14 days.
E. INSTALLATION, REGISTRATION AND DELETE
18. Furthermore, when CURIA is started for the first time, We assign a unique installation ID for each installation, which is stored on an Innoplexus server. It contains no personal data. If you delete CURIA and then reinstall it, a new installation ID will be generated. This will be assigned so that a connection to the Innoplexus server can be established when starting CURIA on the mobile device to check if the version of CURIA You are using is still up to date. CURIA can be updated to implement new features or to ensure data security.
19. You must register with Your first and last name, e-mail address, telephone number in order to take advantage of CURIA’s free services. This creates a contract of use between Innoplexus and you and You will receive your own user account. The legal basis for this is Art. 2.2 (a-e) NDPR 2019, because We use this personal data for the execution of this contract. The data you provide will be transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of data protection.
20. Alternatively, you can log in using your Google user account. For this we collect the following personal data:
– First and Last Name
- Dirección de correo electrónico
21. You can also log in using your Apple user account ID. For this we collect the following personal data:
– First and Last Name
- Dirección de correo electrónico
22. You can delete your account at any time by clicking the “Delete my personal data” button within CURIA. The personal data processed by us will be deleted in accordance with Art 3.1 (9) (a-e) NDPR or blocked or restricted in their processing in accordance with Art 3.1 (11) NDPR. The data stored by us will be deleted as soon as the purpose of storage no longer applies and the deletion is not contradicted by any legal storage obligations.
F. POSSIBLE TREATMENT OPTIONS, PHYSICIANS AND CLINICAL STUDIES
23. If You would like to receive information about possible treatment options, physicians and clinical studies, you can fill out the questionnaire provided by Us with questions about Your clinical picture. Cancer-specific parameters will be asked, such as information on genetic mutations, the status of the respective cancer, etc. The information you provide is voluntary and serves the sole purpose of enabling us to provide You with information.
24. You also have the option of registering for participation in clinical studies. To do so, You must provide the following information: Information about the study you wish to register for, your location, contact information (telephone number or e-mail address), information about your medical inclusion and exclusion criteria. The provision of this personal data is voluntary and is based on your consent (Art. 2.3 (1) NDPR 2019).
25. The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with effect for the future without giving reasons by selecting the option “Delete all my personal data” in the app.
26. This gives you the option to delete all personal data. After clicking on the “Delete all my personal data” option, you will receive an automated email confirming the deletion of your data. This does not affect the lawfulness of the processing that took place until the revocation. Art. 2.3 (2) (c) NDPR 2019.
27. Los cuestionarios cumplimentados y las inscripciones para participar en los ensayos clínicos se transfieren a la nube de Google y se almacenan en un servidor de Alemania. Google Cloud es operado por Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Hemos concluido con Google las llamadas cláusulas contractuales estándar, que garantizan un nivel adecuado de protección de datos. Si usted ha cumplido con todos los criterios de elegibilidad para la solicitud de ensayo clínico, los datos personales que ha proporcionado serán transferidos al tablón interno de ensayos clínicos de Innoplexus. A estos datos puede acceder el equipo de la aplicación CURIA, que tiene parte de su sede en la India y pertenece a Innoplexus Pune. En este caso, se garantiza un nivel adecuado de protección de datos mediante la celebración de cláusulas contractuales estándar.
G. GOOGLE ANALYTICS AND GOOGLE FIREBASE
28. We use Google Analytics and Google Firebase, both services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to
a) analyze the general use of CURIA, especially app installations/uninstallations, disease questionnaires, activities in the search for treatment and enrollment in clinical trials, starting a session and forgetting a password (Google Analytics).
b) collect diagnostic data to ensure technical stability of the app (Google Firebase).
29. Your IP address will be processed. We use the anonymization function of Google, whereby the IP address is shortened in the EU/EEA for anonymization purposes and is transmitted in shortened form to Google servers in the USA. We use the anonymized reports on the general use of CURIA created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of CURIA. The reports we receive contain no personal data. We process the information for the aforementioned purposes on the basis of your previously granted consent in accordance with Art. 2.3 (1) NDPR 2019.
30. Los datos se procesan en EE. UU, en donde hemos concluido con Google las denominadas cláusulas contractuales estándar que garantizan un nivel adecuado de protección de datos.
31. Los datos serán eliminados cuando ya no sean necesarios para el propósito de su recogida porque se ha desactivado la opción de recoger y procesar más información sobre el diagnóstico y el comportamiento de uso en la aplicación CURIA.
32. You are free to revoke your consent at any time with effect for the future without stating reasons. This does not affect the legality of the processing that has taken place up to that point.
H. PROCESSING OF PERSONAL DATA WHEN USING THE CANCER TWIN FEATURE
33. Un gemelo Curia es un paciente de la comunidad Curia cuyo diagnóstico de cáncer es similar al suyo. Los gemelos de la Curia pueden utilizar un chat privado para compartir experiencias. El chat se basa en la tecnología blockchain de Ethereum. El objetivo de la nueva funcionalidad es acercar a los pacientes de cáncer.
34. As part of a matching process, you as a User will be matched together with up to 3 other cancer patients, Cancer Twins, who have activated this feature and have a similar profile. In order to find a matching Cancer Twin, the following parameters are compared, which we collect from you to carry out the matching process:
- Indicación del cáncer
- Receptores hormonales
- Marcadores genéticos
- Género (sexo)
- Otros datos sanitarios, según el tipo de cáncer
35. The purpose of this feature is to bring together cancer patients and promote the exchange of experiences and information between patients who have a similar cancer diagnosis. The processing is based on your explicit consent (Art. 2.3 (1) NDPR 2019). You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.
36. Si la última fecha de acceso a la cuenta es de hace más de 6 meses, el perfil correspondiente se elimina automáticamente de la base de datos y ya no se puede emparejar con nuevos Gemelos Cáncer.
I. EXCHANGE OF INFORMATION BETWEEN CANCER TWINS
37. Cancer Twins can exchange information in a chat integrated in CURIA. Patients must register for the feature and select a nickname before being matched with their Cancer Twin(s). This nickname can be edited in the settings. When users exchange messages via the built-in chat, the end-to-end encrypted messages are stored on a public Ethereum blockchain.
38. For this purpose, Innoplexus has provided a node that takes on the function of an intermediary to forward the chat message to the Ethereum blockchain. Before a message is transmitted and stored on the blockchain, it is fully encrypted locally on the patient’s mobile device using end-to-end encryption. The private key needed to encrypt the message is stored on your physical device the whole time and is not shared with Innoplexus or other users. Only when the encrypted message is received by the Cancer Twin, this message is decrypted with a corresponding key on the mobile device of the Cancer Twin who is to receive the message.
39. The purpose of this chat function is to enable the exchange of information and experiences in a simple way and without big hurdles, offering at the same time a high level of security. The processing is based on your consent (Art. 2.3 (1) NDPR 2019). You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.
40. En este caso, el chat asociado a tu perfil será eliminado de tu dispositivo, la clave privada se pierde y nadie puede descifrar los datos, ni siquiera Curia / Innoplexus. El alias y el contenido del chat en el dispositivo del gemelo Curia con el que se intercambiaron los mensajes también desaparecerán. Además, su perfil se eliminará automáticamente de la base de datos de Gemelos Curia si la última fecha de acceso fue hace más de 6 meses.
41. Por lo general, la ubicación del servidor no puede asignarse a un país específico debido a la infraestructura de la tecnología de blockchain (aquella pública de Ethereum), pero al cifrar el contenido del chat mediante un método de cifrado de clave pública, los datos están altamente seudonimizados para todos los demás, por lo que una transferencia de datos a un tercer país puede considerarse "segura".
42. Los metadatos codificados no se almacenan en la blockchain de Ethereum.
43. We use the email address you provide when you register for your CURIA account to send you emails informing you about our products and services and the terms and conditions that apply to them. In addition, we will notify you regarding the introduction of new features, announce the conclusion of new partnerships and what these mean for you when using CURIA.
44. For sending marketing e-mails, we use the service Google of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
45. When using these services, the following personal data are processed:
- Dirección IP
– e-mail address
- Nombre y apellido(s)
K. YOUR RIGHTS
46. You have the following rights towards us regarding your personal data:
– Right to obtain rectification of inaccurate Personal Data without delay – Art 3.1 (8) NDPR
– Right to be informed of the appropriate safeguards for data protection in foreign country. Art 3.1 (8) NDPR
– Right to request the erasure of personal Data without delay- Art 3.1 (9) (a-e) NDPR
– Right to receive the Personal Data upon request. Art 3.1 (14) NDPR.
– Right to restriction of processing – Art 3.1 (11) NDPR,
– Right to object to the processing – Art. 2.8 (a)(b) NDPR,
– Right to data portability – Art 3.1 (15) NDPR.
47. You also have the right to complain to a data protection supervisory authority of your choice about the processing of your personal data by our association. Responsible for us is the Hessische Beauftragte für Datenschutz und Informationsfreiheit Gustav-Stresemann-Ring 1 Postfach 3163 65189 Wiesbaden, Germany Phone: +49 (0) 611 14080
I. HOW WE USE INFORMATION:
48. PROVIDE, IMPROVE AND PERSONALIZE OUR SERVICES:
We may use the personal information collected to provide, maintain, improve, analyze and personalize the Services to its Users, partners and third-party providers and otherwise improve Our Services, business and operations.
49. STATISTICAL DATA FROM THE SERVICES:
We use aggregated or anonymized personal information for statistical and analytical purposes. We may come to share such data with third parties. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.
50. PERSONALIZE OUR ADVERTISING AND COMMUNICATIONS:
[We may use any of the information collected, as set out above, to provide You with location and interest-based advertising, Marketing-Messaging, Information and Services.] We may also use the collected information to measure the performance of Our Services.
51. We may contact You for verification purposes or with information pertaining to the Services or special offers, e.g., newsletter e-mails, SMS and similar notifications about Innoplexus and Our business partners’ products and services. We also use the collected information to respond to you when you contact us.
52. COMPLIANCE WITH LAWS AND PREVENTION OF FRAUDULENT OR ILLEGAL ACTIVITIES:
We may use the collected information to comply with applicable laws and to enforce our agreements and protect and defend the rights or safety of Innoplexus, its Users or any other person and verify provided User profile information with third party providers and ensure technical service functionality and data accuracy, perform trouble-shooting and prevent or detect fraud, security breaches or illegal activities.