I. General information
We provide you with a mobile app (“CURIA“) that you can download to your mobile device. When using CURIA, we collect personal information to communicate with you, enhance your experience on the app, as well as to effectively provide our services, namely, providing information to cancer patients on potential treatment options, active clinical trials and experts.
Personal information is information that relates to you and can be used to contact or identify you. The personal information that we collect and use typically includes your name, address, phone number, email addresses, health information, usage data and user behavior.
II. Data protection officer
III. Collecting and using your personal information
1. Downloading, installing, registering with and logging into CURIA
a) Downloading CURIA
When downloading CURIA, personal information is collected from you such as your name, address, phone number, email address(es) and other information for identification purposes.
The required information is transferred to the App Store or Google Play store, in particular, your username, email address, time of download and the individual device ID number, and is processed pursuant to their respective privacy policies. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary to download CURIA to your mobile device. The processing is based on your consent. You are free to revoke your consent at any time by sending an email to email@example.com.
By uninstalling CURIA, the active processing of your personal data is stopped. 30 months from the date of uninstalling, the data will be deleted, unless we are subject to any statutory retention obligations. We assume that it is no longer likely that you will use our services again after this period. However, in order to give you the opportunity to restore your profile after a shorter period of time, e.g., because you deleted the app earlier for lack of necessity, we temporarily store the data for you. However, if you wish to revoke your consent and not just temporarily suspend its use, you can do so by clicking the “Delete all my personal data” button.
b) Installing CURIA
When CURIA is started for the first time, we assign a unique installation ID for each installation, which is stored on an Innoplexus server. It contains no personal data. If you delete CURIA and then reinstall it, a new installation ID will be generated. This will be assigned so that a connection to the Innoplexus server can be established when starting CURIA on the mobile device to check if the version of CURIA you are using is still up to date. CURIA can be updated to implement new features or to ensure data security.
c) Registering with CURIA
You must register with your first and last name, email address and telephone number in order to take advantage of CURIA’s free services. This creates a contract of use between Innoplexus and you and you will receive your own user account.
The personal data you provide will be transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded standard contractual clauses with Google, which guarantee an appropriate level of data protection.
d) Logging into CURIA
e) Deleting your account
You can delete your account at any time by clicking the “Delete my personal data” button within CURIA. The data stored by us will be deleted as soon as the purpose of storage no longer applies and the deletion is not contradicted by any legal storage obligations.
2. Usage data
When you access and use CURIA, certain non-personal information is collected automatically and saved in log files. Such data includes data such as access dates and times, app features or pages viewed, app crashes and other system activity and type of browser. It may also include data about the devices used to access the app such as your hardware model, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages and mobile network data. IP addresses in log files are deleted after 14 days.
This data is saved for technical reasons, on the one hand, in order to offer the various functions of CURIA as well as to ensure the stability and security of CURIA and, on the other hand, to customize the content you see, optimize the app and enable the comfortable use of it functions.
3. Tracking technologies and cookies
4. Voluntary disclosure of personal information
If you would like to receive information about possible treatment options, physicians and clinical studies, you can fill out the questionnaire provided by us with questions about your clinical picture. Cancer-specific parameters will be asked, such as information on genetic mutations, the status of the respective cancer, etc. The information you provide is voluntary and serves the sole purpose of enabling us to provide you with information.
The processing of such information is based on your consent. You are free to revoke your consent at any time with effect for the future without giving reasons by sending an email to firstname.lastname@example.org. This does not affect the legality of the processing carried out up to that point.
You also have the option of registering for participation in clinical studies. To do so, you must provide the following information: information about the study you wish to register for, your location, contact information (telephone number or email address), information about your medical inclusion and exclusion criteria. The provision of this personal data is voluntary and is based on your consent. The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with effect for the future without giving reasons by selecting the option “Delete all my personal data” in the app. This gives you the option to delete all personal data. After clicking on the “Delete all my personal data” option, you will receive an automated email confirming the deletion of your data. This does not affect the lawfulness of the processing that took place until the revocation of your consent.
The completed questionnaires and applications for participation in clinical trials are transferred to the Google Cloud and stored on a server in the United States. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. We have concluded standard contractual clauses with Google, which guarantee an appropriate level of data protection. If you have met all eligibility criteria for the clinical trial request, the personal data you have provided will be transferred to the internal Innoplexus clinical trial dashboard. This data can be accessed by the CURIA team, which is partly based in India and is part of the Innoplexus office located in Pune, and shared with and disclosed to clinical trial coordinators for the sole purpose of seeking your enrollment in a clinical trial. Here, an appropriate level of data protection is ensured through the conclusion of standard contractual clauses.
5. Google analytics
We use Google Analytics and Google Firebase, both services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to:
a) analyze the general use of CURIA, especially app installations/uninstallations, disease questionnaires, activities in the search for treatment and enrollment in clinical trials, starting a session and forgetting a password (Google Analytics).
b) collect diagnostic data to ensure technical stability of the app (Google Firebase).
Your IP address will be processed but we use the anonymization function of Google, whereby the IP address is shortened for anonymization purposes and is transmitted in shortened form to Google servers in the United States. We use the anonymized reports on the general use of CURIA created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of CURIA. The reports we receive contain no personally identifiable information. We process the information for the aforementioned purposes on the basis of your previously granted consent.
The data is processed in the United States, for which we have standard contractual clauses with Google that guarantee an appropriate level of data protection.
The data will be deleted when it is no longer necessary for the purpose of its collection because the option to collect and further process information on diagnosis and usage behavior in CURIA has been deactivated.
L'utente è libero di revocare il proprio consenso in qualsiasi momento con effetto per il futuro senza doverne indicare i motivi. Ciò non pregiudica la legalità del trattamento effettuato fino a quel momento.
We may use or disclose your personal information for the purpose of direct marketing. Before we use your personal information for direct marketing, we will seek your consent in advance. At any time, you can request that we do not use your personal information for direct marketing, in which case we will comply with your request.
We will collect and use your personal information to receive and respond to your comments, inquiries or complaints. We may also contact you using your personal information.
8. Cross-border transfer
IV. Security of your personal information
We will take reasonable steps to ensure that all information we collect is stored in a secure environment. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We use current technologies to protect the confidentiality and privacy of your information. We have implemented top-level security standards to ensure that your personal information is protected against unauthorized access, disclosure, inappropriate alteration or misuse. All safety and security measures are commensurate to the sensitivity level of the information. We also have procedures within our organization to limit access to your personal information.
V. Specific provisions regarding the Cancer Twin Feature
A Cancer Twin is a patient in the CURIA community whose cancer diagnosis is similar to yours. Cancer Twins can use a private chat to share experiences. The chat is based on Ethereum blockchain technology. The aim of the new feature is to bring cancer patients together.
As part of a matching process, you as a user will be matched together with up to 3 other cancer patients, Cancer Twins, who have activated this feature and have a similar profile. In order to find a matching Cancer Twin, the following parameters are compared, which we collect from you to carry out the matching process:
The purpose of this feature is to bring together cancer patients and promote the exchange of experiences and information between patients who have a similar cancer diagnosis. The processing is based on your explicit consent. You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point.
Se la data dell'ultimo accesso risale a più di 6 mesi fa, il profilo corrispondente viene automaticamente rimosso dal database e non può più essere abbinato a nuovi Gemelli Curia.
Cancer Twins can exchange information in a chat integrated in CURIA. Patients must register for the feature and select a nickname before being matched with their Cancer Twin(s). This nickname can be edited in the settings. When users exchange messages via the built-in chat, the end-to-end encrypted messages are stored on a public Ethereum blockchain.
A questo scopo, Innoplexus ha predisposto un nodo che funge da intermediario per inoltrare il messaggio di chat alla blockchain di Ethereum. Prima che un messaggio venga trasmesso e memorizzato sulla blockchain, viene completamente criptato localmente sul dispositivo mobile del paziente utilizzando la crittografia end-to-end. La chiave privata richiesta per crittografare il messaggio viene conservata sul vostro dispositivo fisico per tutto il tempo e non viene condivisa con Innoplexus o altri utenti. Solo quando il messaggio crittografato viene ricevuto dal Gemello Curia, questo messaggio viene decifrato con una chiave corrispondente sul dispositivo mobile del Gemello Curia che deve ricevere il messaggio.
The purpose of this chat function is to enable the exchange of information and experiences in a simple way and without big hurdles, offering at the same time a high level of security. The processing is based on your consent.
You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to that point. In this case, the chat associated with your profile will be deleted from your device. In this case, the private key is lost and no one can decrypt the data, not even CURIA or Innoplexus. The nickname and chat content on the device of the Cancer Twin with whom messages were exchanged also disappear. Besides this, your profile will be automatically removed from the Cancer Twin database if the last login date is more than 6 months ago.
The server location cannot generally be assigned to a specific country due to the blockchain infrastructure (public Ethereum blockchain), but by encrypting the chat content using a public key encryption method, the data is highly pseudonymized for everyone else, so that a data transfer to a third country can be considered “safe”.
I metadati hashed non sono memorizzati sulla blockchain di Ethereum.
VI. Accessing and updating your personal information
Access to your personal information
You have the right to access, verify and update the personal information we have collected from you. If you wish to access the personal information we have about you or believe that any personal information we have about you is incorrect or incomplete, please contact us.
Correction of information
Since it is important that your personal information be accurate and complete, we encourage you to amend any inaccuracies and make corrections as often as necessary so that we will have up-to-date information. You are allowed to ask us to take reasonable steps to correct any personal data that is inaccurate, out of date, incomplete, irrelevant or misleading.