Curia | Il potere dell'informazione nelle mani del paziente

Privacy policy for CURIATM App

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your personal information when you use our mobile app. By using our mobile app, you are accepting the terms of this Privacy Policy and you are consenting to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and the Personal Information Protection and Electronic Documents Act (PIPEDA). You further acknowledge that your information may be sent to servers located outside of Canada.

I. General information

We provide you with a mobile app (“CURIA“) that you can download to your mobile device. When using CURIA, we collect personal information to communicate with you, enhance your experience on the app, as well as to effectively provide our services, namely, providing information to cancer patients on potential treatment options, active clinical trials and experts.

Personal information is information that relates to you and can be used to contact or identify you. The personal information that we collect and use typically includes your name, address, phone number, email addresses, health information, usage data and user behavior.

We will not use your personal information for purposes other than those for which it was collected, except with your consent or as required by law. We will retain your personal information only as long as necessary for the fulfillment of the purposes set out in this Privacy Policy and to the extent necessary to comply with our legal obligations.

II. Data protection officer

CURIA is powered by Innoplexus AG (“Innoplexus”). If you have any questions, comments or concerns about this Privacy Policy or any inquiries or complaints about the handling of your personal information, please contact us at:

Innoplexus AG
Data Protection Officer
Frankfurter Str. 27, 65760
Eschborn, Germany
Tel.: +49 6196-9677-311
info@curia.app
www.curia.app/impressum

The data protection officer of Innoplexus is accountable for our compliance with this Privacy Policy and can be contacted at the above address or at compliance@innoplexus.com.

III. Collecting and using your personal information

1. Downloading, installing, registering with and logging into CURIA

a) Downloading CURIA

When downloading CURIA, personal information is collected from you such as your name, address, phone number, email address(es) and other information for identification purposes.

The required information is transferred to the App Store or Google Play store, in particular, your username, email address, time of download and the individual device ID number, and is processed pursuant to their respective privacy policies. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary to download CURIA to your mobile device. The processing is based on your consent. You are free to revoke your consent at any time by sending an email to info@curia.app.

By uninstalling CURIA, the active processing of your personal data is stopped. 30 months from the date of uninstalling, the data will be deleted, unless we are subject to any statutory retention obligations. We assume that it is no longer likely that you will use our services again after this period. However, in order to give you the opportunity to restore your profile after a shorter period of time, e.g., because you deleted the app earlier for lack of necessity, we temporarily store the data for you. However, if you wish to revoke your consent and not just temporarily suspend its use, you can do so by clicking the “Delete all my personal data” button.

b) Installing CURIA

When CURIA is started for the first time, we assign a unique installation ID for each installation, which is stored on an Innoplexus server. It contains no personal data. If you delete CURIA and then reinstall it, a new installation ID will be generated. This will be assigned so that a connection to the Innoplexus server can be established when starting CURIA on the mobile device to check if the version of CURIA you are using is still up to date. CURIA can be updated to implement new features or to ensure data security.

c) Registering with CURIA

You must register with your first and last name, email address and telephone number in order to take advantage of CURIA’s free services. This creates a contract of use between Innoplexus and you and you will receive your own user account.

The personal data you provide will be transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded standard contractual clauses with Google, which guarantee an appropriate level of data protection.

d) Logging into CURIA

You may access your CURIA account through a social media platform, in which case we may access the information you have provided on such social media platform. To determine your rights in that regard, please refer to the privacy policy of the social media provider.

If you have an account with Google, you may log into your CURIA account through Google by clicking on the Google button on the login screen. If you log into your CURIA account in this way, we collect your first and last name and email address, which information will be shared with Google for authentication purposes. To determine to what extent your name and email address will be processed by Google and your options with regard to that processing, please refer to Google’s privacy policy.

You can also log into CURIA by using your Apple user account. In that case, we collect your first and last name and your email address, which information will be shared with Apply for authentication purposes. To determine to what extent your name and email address will be processed by Google will be processed by Apple and your options with regard to that processing, please refer to Apple’s privacy policy.

e) Deleting your account

You can delete your account at any time by clicking the “Delete my personal data” button within CURIA. The data stored by us will be deleted as soon as the purpose of storage no longer applies and the deletion is not contradicted by any legal storage obligations.

2. Usage data

When you access and use CURIA, certain non-personal information is collected automatically and saved in log files. Such data includes data such as access dates and times, app features or pages viewed, app crashes and other system activity and type of browser. It may also include data about the devices used to access the app such as your hardware model, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages and mobile network data. IP addresses in log files are deleted after 14 days.

This data is saved for technical reasons, on the one hand, in order to offer the various functions of CURIA as well as to ensure the stability and security of CURIA and, on the other hand, to customize the content you see, optimize the app and enable the comfortable use of it functions.

3. Tracking technologies and cookies

When you use CURIA, we may also collect non-personal information from you through the use of cookies. A cookie is a small text file placed in your browsers to store your preferences, web beacons (small pieces of code that monitors your behavior and collect data about your use of the app) and/or other collection and/or tracking techniques. Cookies allow us to recognize you as a user and to enhance your experience using the app. You can disable cookies through your mobile device’s operating system, although certain features and content of the app may not be functional or accessible if cookies are disabled.

4. Voluntary disclosure of personal information

If you would like to receive information about possible treatment options, physicians and clinical studies, you can fill out the questionnaire provided by us with questions about your clinical picture. Cancer-specific parameters will be asked, such as information on genetic mutations, the status of the respective cancer, etc. The information you provide is voluntary and serves the sole purpose of enabling us to provide you with information.

The processing of such information is based on your consent. You are free to revoke your consent at any time with effect for the future without giving reasons by sending an email to info@curia.app. This does not affect the legality of the processing carried out up to that point.

You also have the option of registering for participation in clinical studies. To do so, you must provide the following information: information about the study you wish to register for, your location, contact information (telephone number or email address), information about your medical inclusion and exclusion criteria. The provision of this personal data is voluntary and is based on your consent. The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with effect for the future without giving reasons by selecting the option “Delete all my personal data” in the app. This gives you the option to delete all personal data. After clicking on the “Delete all my personal data” option, you will receive an automated email confirming the deletion of your data. This does not affect the lawfulness of the processing that took place until the revocation of your consent.

The completed questionnaires and applications for participation in clinical trials are transferred to the Google Cloud and stored on a server in the United States. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded standard contractual clauses with Google, which guarantee an appropriate level of data protection. If you have met all eligibility criteria for the clinical trial request, the personal data you have provided will be transferred to the internal Innoplexus clinical trial dashboard. This data can be accessed by the CURIA team, which is partly based in India and is part of the Innoplexus office located in Pune, and shared with and disclosed to clinical trial coordinators for the sole purpose of seeking your enrollment in a clinical trial. Here, an appropriate level of data protection is ensured through the conclusion of standard contractual clauses.

5. Google analytics

We use Google Analytics and Google Firebase, both services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to:

a) analyze the general use of CURIA, especially app installations/uninstallations, disease questionnaires, activities in the search for treatment and enrollment in clinical trials, starting a session and forgetting a password (Google Analytics).

b) collect diagnostic data to ensure technical stability of the app (Google Firebase).

Your IP address will be processed but we use the anonymization function of Google, whereby the IP address is shortened for anonymization purposes and is transmitted in shortened form to Google servers in the United States. We use the anonymized reports on the general use of CURIA created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of CURIA. The reports we receive contain no personally identifiable information. We process the information for the aforementioned purposes on the basis of your previously granted consent.

The data is processed in the United States, for which we have standard contractual clauses with Google that guarantee an appropriate level of data protection.

The data will be deleted when it is no longer necessary for the purpose of its collection because the option to collect and further process information on diagnosis and usage behavior in CURIA has been deactivated.

L'utente è libero di revocare il proprio consenso in qualsiasi momento con effetto per il futuro senza doverne indicare i motivi. Ciò non pregiudica la legalità del trattamento effettuato fino a quel momento.

6. Marketing

We may use or disclose your personal information for the purpose of direct marketing. Before we use your personal information for direct marketing, we will seek your consent in advance. At any time, you can request that we do not use your personal information for direct marketing, in which case we will comply with your request.

7. Contact

We will collect and use your personal information to receive and respond to your comments, inquiries or complaints. We may also contact you using your personal information.

8. Cross-border transfer

CURIA is not hosted in Canada. For that reason, we transfer all data we collect, including your personal information, to servers that are located overseas. Certain data may also be stored outside of Canada by third party service providers, such as analytics providers. While the data protection laws in other countries may differ from those in Canada, we will take reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy and the principles set forth in PIPEDA.

IV. Security of your personal information

We will take reasonable steps to ensure that all information we collect is stored in a secure environment. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

We use current technologies to protect the confidentiality and privacy of your information. We have implemented top-level security standards to ensure that your personal information is protected against unauthorized access, disclosure, inappropriate alteration or misuse. All safety and security measures are commensurate to the sensitivity level of the information. We also have procedures within our organization to limit access to your personal information.

V. Specific provisions regarding the Cancer Twin Feature

A Cancer Twin is a patient in the CURIA community whose cancer diagnosis is similar to yours. Cancer Twins can use a private chat to share experiences. The chat is based on Ethereum blockchain technology. The aim of the new feature is to bring cancer patients together.

As part of a matching process, you as a user will be matched together with up to 3 other cancer patients, Cancer Twins, who have activated this feature and have a similar profile. In order to find a matching Cancer Twin, the following parameters are compared, which we collect from you to carry out the matching process:

  • Cancer indication Stage
  • Hormone receptors
  • Genetic markers
  • Sex
  • Age
  • Other health data, depending on cancer type
  • Distance

The purpose of this feature is to bring together cancer patients and promote the exchange of experiences and information between patients who have a similar cancer diagnosis. The processing is based on your explicit consent. You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.

Se la data dell'ultimo accesso risale a più di 6 mesi fa, il profilo corrispondente viene automaticamente rimosso dal database e non può più essere abbinato a nuovi Gemelli Curia.

Cancer Twins can exchange information in a chat integrated in CURIA. Patients must register for the feature and select a nickname before being matched with their Cancer Twin(s). This nickname can be edited in the settings. When users exchange messages via the built-in chat, the end-to-end encrypted messages are stored on a public Ethereum blockchain.

A questo scopo, Innoplexus ha predisposto un nodo che funge da intermediario per inoltrare il messaggio di chat alla blockchain di Ethereum. Prima che un messaggio venga trasmesso e memorizzato sulla blockchain, viene completamente criptato localmente sul dispositivo mobile del paziente utilizzando la crittografia end-to-end. La chiave privata richiesta per crittografare il messaggio viene conservata sul vostro dispositivo fisico per tutto il tempo e non viene condivisa con Innoplexus o altri utenti. Solo quando il messaggio crittografato viene ricevuto dal Gemello Curia, questo messaggio viene decifrato con una chiave corrispondente sul dispositivo mobile del Gemello Curia che deve ricevere il messaggio.

The purpose of this chat function is to enable the exchange of information and experiences in a simple way and without big hurdles, offering at the same time a high level of security. The processing is based on your consent.

You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point. In this case, the chat associated with your profile will be deleted from your device. In this case, the private key is lost and no one can decrypt the data, not even CURIA or Innoplexus. The nickname and chat content on the device of the Cancer Twin with whom messages were exchanged also disappear. Besides this, your profile will be automatically removed from the Cancer Twin database if the last login date is more than 6 months ago.

The server location cannot generally be assigned to a specific country due to the blockchain infrastructure (public Ethereum blockchain), but by encrypting the chat content using a public key encryption method, the data is highly pseudonymized for everyone else, so that a data transfer to a third country can be considered “safe”.

I metadati hashed non sono memorizzati sulla blockchain di Ethereum.

VI. Accessing and updating your personal information

Access to your personal information
You have the right to access, verify and update the personal information we have collected from you. If you wish to access the personal information we have about you or believe that any personal information we have about you is incorrect or incomplete, please contact us.
Correction of information
Since it is important that your personal information be accurate and complete, we encourage you to amend any inaccuracies and make corrections as often as necessary so that we will have up-to-date information. You are allowed to ask us to take reasonable steps to correct any personal data that is inaccurate, out of date, incomplete, irrelevant or misleading.
VII. Changes to this Privacy Policy

We may change or update this Privacy Policy from time to time. If we decide to change this Privacy Policy, we will post those changes on this page and update the date below. Your use of CURIA following the posting of any changes to this Privacy Policy constitutes acceptance of those changes. You are advised to review this Privacy Policy periodically for any changes.

This Privacy Policy was last updated on May 17, 2022.