Privacy policy for Curia App

Use of our mobile app

I. Information on the collection of personal data
(1) We provide you with a mobile app (“Curia“) that you can download to your mobile device. In the following, we provide information about the collection of personal data when using Curia. Personal data are all data that can be personally related to you, e.g. name, address, email addresses, user behavior.

(2) The person responsible in accordance with Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
Innoplexus AG,
Frankfurter Str. 27, 65760 Eschborn,
info@curia.app (see our imprint: www.curia.app/impressum) (“Innoplexus”).
The company data protection officer of Innoplexus can be contacted at the above address, at Datenschutzabteilung, or at compliance@innoplexus.com.

(3) When you contact us via email or a contact form, we will store your email address and, if you have provided it, your name and telephone number to answer your questions. We delete the data arising in this connection after storage is no longer required or – in the case of legal storage obligations – restrict processing.

(4) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.

II. Processing of personal data when using our mobile app
When downloading Curia, the required information is transferred to the App Store, in particular user name, email address, time of download and the individual device ID number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading Curia to your mobile device. This processing takes place on the basis of your consent according to Art. 6 para. 1 lit. a GDPR.

By uninstalling, the active processing of your personal data is stopped.
30 months from the date of uninstalling, the data will be deleted due to the discontinuation of purpose, unless we are subject to any statutory retention obligations. We accept the loss of purpose after this period because we assume that it is no longer likely that you will use our services again after this period. However, in order to give you the opportunity to restore your profile after a shorter period of time, e.g. because you deleted the app earlier for lack of necessity, we temporarily store the data for you.

However, if you wish to revoke your consent and not just temporarily suspend its use, you can do so by clicking the “Delete all my personal data” button.

§1 When using Curia, we collect the following log file data:
– IP address, also in the API logs
– Date and time of the request
– Content of the request (concrete page, concrete API endpoint)
– Access Status/HTTP Status Code
– Amount of data transferred in each case
– End device from which the request comes
– User Agent
– Operating system and its interface
– Language and version of the User Agent.

On the one hand, this data is mandatory for us from a technical point of view in order to offer the various functions of Curia as well as to ensure the stability and security of Curia and, on the other hand, to enable a comfortable use of the functions. This processing purpose also represents the legitimate interest which, according to Art. 6 para. 1 p. 1 lit. f GDPR, is the legal basis for data processing.
IP addresses in log files are deleted after 14 days.

§2 Furthermore, when Curia is started for the first time, we assign a unique installation ID for each installation, which is stored on an Innoplexus server. It contains no personal data. If you delete Curia and then reinstall it, a new installation ID will be generated. This will be assigned so that a connection to the Innoplexus server can be established when starting Curia on the mobile device to check if the version of Curia you are using is still up to date. Curia can be updated to implement new features or to ensure data security.

§3 You must register with your first and last name, e-mail address, telephone number in order to take advantage of Curia’s free services. This creates a contract of use between Innoplexus and you and you will receive your own user account. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR, because we use this personal data for the execution of this contract.

Alternatively, you can log in via your Google user account. For this purpose we collect the following personal data:

  • First and last name
  • e-mail address

To what extent the personal data disclosed by you through the subsequent use of Curia will be processed by Google, please refer to the Google privacy policy.

You can delete your account at any time by clicking the “Delete my personal data” button within Curia. The personal data processed by us will be deleted in accordance with Art. 17 GDPR or blocked or restricted in their processing in accordance with Art. 18 GDPR. The data stored by us will be deleted as soon as the purpose of storage no longer applies and the deletion is not contradicted by any legal storage obligations.

§4 If you would like to receive information about possible treatment options, physicians and clinical studies, you can fill out the questionnaire provided by us with questions about your clinical picture. Cancer-specific parameters will be asked, such as information on genetic mutations, the status of the respective cancer, etc. The information you provide is voluntary and serves the sole purpose of enabling us to provide you with information.

The processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You are free to revoke your consent at any time with effect for the future without giving reasons. This does not affect the legality of the processing carried out up to that point.

You also have the option of registering for participation in clinical studies. To do so, you must provide the following information: Information about the study you wish to register for, your location, contact information (telephone number or e-mail address), information about your medical inclusion and exclusion criteria. The provision of this personal data is voluntary and is based on your consent (Art. 6 para. 1 lit. a GDPR). The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with effect for the future without giving reasons. This does not affect the legality of the processing carried out up to that point.

§5 We use Google Analytics and Google Firebase, both services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to

  1. Analyze the general use of Curia, especially app installations/uninstallations, disease questionnaires, activities in the search for treatment and enrollment in clinical trials, starting a session and forgetting a password (Google Analytics).
  2. To collect diagnostic data to ensure technical stability of the app (Google Firebase).

Your IP address will be processed. We use the anonymization function of Google, whereby the IP address is shortened in the EU/EEA for anonymization purposes and is transmitted in shortened form to Google servers in the USA. We use the anonymized reports on the general use of Curia created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of Curia. The reports we receive contain no personal data. We process the information for the aforementioned purposes on the basis of your previously granted consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data is processed in the USA, whereby Google is certified according to the EU-U.S. and Swiss-U.S. Privacy Shield Framework.

The data will be deleted when they are no longer necessary for the purpose of their collection because the option to collect and further process information on diagnosis and usage behavior in the Curia App has been deactivated.

You are free to revoke your consent at any time with effect for the future without stating reasons. This does not affect the legality of the processing that has taken place up to that point.

III. Your rights
(1) You have the following rights towards us regarding your personal data:

– Right to information,
– Right to correction or deletion,
– Right to limit processing,
– Right to object to the processing,
– Right to data transferability.
– Right of withdrawal according to Art. 7 para. 3 GDPR

(2) You also have the right to complain to a data protection supervisory authority of your choice about the processing of your personal data by our association. Responsible for us is the

Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65189 Wiesbaden, Germany
Phone: +49 (0) 611 14080