Curia | Empowering Cancer Patients

English
English Deutsch Italiano Español Français

Privacy policy for CURIA App-Website

I. General Information
The Website www.curia.app (“Website”) is a service of Innoplexus AG, hereinafter also referred to as “Innoplexus” or “we”/”us”.
You, the User, Data Subject: You, as the user of the Website, will be referred to throughout this Terms with second-person pronouns such as You, Your, Yours, or as User or Data Subject.

Hereby we inform you about the handling of your personal data. If you use our Website, personal data will be processed.
You can access this data protection declaration at any time under the section “Privacy Policy” at https://curia.app/privacy-policy-ng/web/ on our Website.

II. Name and address of the controller
Innoplexus, as operator of the Website, is responsible regarding personal data that gets processed because you use our Website.

Innoplexus AG
Frankfurter Straße 27
65760 Eschborn
Deutschland

Tel.: +49 6196-9677-311
E-Mail: info@innoplexus.com
Web: www.innoplexus.com

Chairman of the Supervisory Board: Ruben King-Shaw Jr.
Executive Committee: Gaurav Tripathi

III. Contact details of the data protection officer
If you have any questions or if you wish to exercise your data subject rights, please contact our data protection officer at compliance@innoplexus.com.

IV. Processing personal data
Legal basis for data processing: We process your data temporarily pursuant to Part Two Article 2.2 NDPR 2019.

1. Providing the Website and creation of log files
a) Description and scope of data processing
Every time you visit our Website, your browser transmits the following data which gets automatically saved for technical reasons:
– information about your browser type and version
– the operating system you are using
– the previous website from where you are accessing us (referrer URL)
– your IP addresses
– the date and time when accessing our Website.
Our system stores your personal data in log files. This data is not stored with other personal data in relation to you.

b) Processing purpose
It is necessary for us to process your IP address temporarily to enable the Website to be made available on your terminal device. Furthermore, we use your personal data to optimize our Website and guarantee the security of our IT systems. These reasons also reflect our legitimate interest in processing your personal data. Your data will not be processed for marketing purposes.

c) Storage period
The aforementioned personal data will be deleted as soon as it is not necessary anymore for achieving the processing purpose. This is the case when the respective session has been ended by you.

IP addresses that were processed in log files, will be deleted after seven days. A longer storage period is only appropriate if your IP address is deleted or alienated, which would make it impossible for us to draw any conclusions from the IP address to your person.

d) Possibility to object and removal according to Article 2.8 NDPR 2019
It is not possible to object to the processing of this data since it is necessary for the Website’s functioning.

The NDPR provides that the Data Subject shall have the option to object to the processing of Personal Data relating to him which the Controller intend to process for the purpose of marketing and this option shall be offered free of charge.

2. Cookies
a) Description and scope of data processing
We use so-called cookies on our Website. They serve us to recognize you as a user and to facilitate the usage of our Website. Cookies are small text files which your web browser installs on your terminal device. Mostly so-called “session cookies” are used, they get deleted automatically after your session has been completed.

Other cookies, so-called “persistent cookies”, remain installed on your terminal device until they get removed by you. These cookies allow us to identify your web browser when you visit our Website the next time.

You can check in your web browser the cookies that are installed on your terminal device. Within the predefined scope of your web browser settings, you can choose whether cookies should be permitted in individual cases, should not be accepted in general or be deleted automatically after your web browser has been closed. Nevertheless, disabling cookies may limit the possibility to use the Website.

We use cookies to make our Website more user-friendly for you. Therefore, some elements of our Website require the possibility to identify the calling browser after a page change has occurred.

The following data is stored and transmitted in the cookies:
– Log-in information for input masks
– IP address
– Time zone
– Information about technical failures
– Selection of settings and back-up information

b) Legal basis for data processing
We process your personal data according to Part Two Article 2.2 NDPR 2019.

c) Processing purpose
We use technical cookies that are necessary to optimize the usage of our Website. Otherwise, we would not be able to offer certain functions on our Website. It is essential for these functions that your web browser gets recognized after a page change has occurred. These purposes also represent our legitimate interest in processing your personal data.

The use of cookies is required for the following applications:
– Use of website functions
We do not use personal data collected by technically necessary cookies to create user profiles.

d) Storage period, possibility to object and removal according to 2.8 NDPR 2019
Cookies that are installed on your terminal device transfer the stored information to our Website. Thus, you have full control of whether and how long cookies can contain informational data. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. Though, please be aware that while deactivating the use of cookies, it may no longer be possible to use all functions our Website is offering.

3. Google Analytics with anonymization function
a) Description and scope of data processing
We use Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter “Google”) on our Website. Google Analytics uses so-called cookies. These are text files that are stored on your terminal device (see above) and enable an analysis of the use of our Website.

The information generated by this cookie regarding your usage behavior is transmitted to Google’s servers located in the USA and stored there.

So that you can still use our portal anonymously, we use Google Analytics with the addition “_gat._anonymizeIp”. This means that your IP address is already reduced by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized. Only in very special cases will the full IP address be transmitted to a Google server in the USA and shortened there. Under no circumstances will your IP address be merged with other data collected by Google. Google has signed standard contractual clauses to ensure an appropriate level of data protection.

More detailed information on the terms of use and data protection of Google Analytics can be found at https://www.google.de/analytics/terms/de.html.

b) Legal basis for data processing
We process your personal data according to Part Two Article 2.2 NDPR 2019 based on your consent. 2.3 (1) NDPR 2019

c) Processing purpose
Google uses the information to determine how you have used the Website, to provide us with a summary of website activity and to provide other services related to internet and Website usage. This includes all demographic and geographic data. If necessary, Google will transfer the collected information to third parties if this is required by law or if Google commissions third parties to process this data.

d) Storage period
The storage period of the data transmitted by you and linked to cookies is 2 years. After this period, the data will be automatically deleted. The deletion of data whose retention period has been reached takes place automatically once a month. In addition, you can independently uninstall the cookies installed by Google Analytics and thus delete the stored data. We explain how this deletion can be carried out via the browser settings in the following point.

e) Revocation in accordance with Art. 7 (3) GDPR.
You are free to revoke the installation of cookies at any time by making the appropriate setting in your browser software and without giving any reasons.

For this purpose, Google offers a deactivation add-on for the most common browsers, which gives you more control over what data is collected by Google about the portal page you call up. The add-on tells the JavaScript (ga.js) of Google Analytics that no information about the portal visit should be transmitted to Google Analytics. However, the Google Analytics browser deactivation add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For more information on how to install the browser add-on, please click on the following link: https://tools.google.com/dlpage/gaoptout?hl=en

This does not affect the lawfulness of the processing carried out until then based on the consent. In the event of revocation, your personal data will no longer be processed, but deleted.

4. Possibility of contacting
a) Description and scope of data processing
We integrated on our Website a contact form to offer you the opportunity to get in touch with us. By contacting us through the contact form, all the information which is provided by you, will be transmitted to and stored by us for processing your inquiry.

The following data is collected at the time of your request:
– Name
– E-mail address
– At the time of sending your request, the following data will also be processed:
– IP address
– Date and time when the request has been sent
In case you are contacting us via the email-address we made available on our Website, we will process your e-mail-address and all personal data which is associated with your e-mail-address.

b) Legal basis of data processing
We process your personal data pursuant to Part Two Article 2.2 NDPR 2019.

c) Processing purpose
We process your personal data only for the purpose of processing your inquiry.

Other personal data which got collected during the transmission process is carried out for our protection, in particular to prevent a misuse of our contact possibilities and an impairment of our IT systems.

These purposes also constitute our legitimate interest in processing your personal data.

d) Storage period
Your personal data gets deleted when it is not necessary anymore to achieve the processing purpose.

Therefore, we delete personal data you sent through the contact form, when the conversation has ended. The conversation has ended when the circumstances indicate that the relevant matter has been resolved.

Other personal data which is associated with the contact form and got transmitted through its usage will be deleted after a period of 3 months.

e) Possibility to object and removal according to Articles 2.3 (c) and 2.8 NDPR 2019
You have the possibility to object to the processing of your personal data in accordance to Article 2.8 NDPR 2019 at any time. In such a case, the conversation cannot be continued. Please address your objection to compliance@innoplexus.com. In this case, the personal data processed during the communication will be deleted.

5. Use of Social Media Buttons
On our Website we integrate the following social networks by providing a hyperlink to access them:
Facebook-components
Instagram-components
LinkedIn-recommendation-components

The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as your rights in this regard and possible configuration settings for protecting your privacy can be found in the privacy policies of the respective social network providers:
Facebook – http://www.facebook.com/policy.php
Instagram – https://help.instagram.com/402411646841720
LinkedIn – http://www.linkedin.com/legal/privacy-policy

V. Rights of the Data Subject
Regarding the processing of your personal data on our Website, you are a data subject within the meaning of the NDPR, therefore, you are entitled of the following rights towards us:

1. Right to be informed Art. 3.1. (8) NDPR 2019
You have the right to request information about your personal data processed by us at any time. This includes information about the origin, recipients or categories of recipients to whom we transfer your data and the purposes for which we process your personal data.

2. Right to rectification Art 3.1 (8) NDPR 2019
You have the right to request the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.

3. Right to erasure Art 3.1 (9) (a-e) NDPR and right to restriction Art 3.1 (11) NDPR
You can ask us to delete your personal data immediately. We are obliged to carry out the deletion immediately unless we are obliged to further process your personal data on the basis of contractual and/or legal regulations. This is the case, for example, if we are prohibited from deleting data under tax law. In such a case we restrict the processing and delete the personal data in question immediately after expiry of the retention period.

4. Right to data portability Art 3.1 (15) NDPR
You have the right to receive your personal data you have provided in a structured, current and machine-readable format, if this is technically possible. Furthermore, you have the right to transfer this data to another controller without any hindrance.

5. Rights in relation to automated decision making and profiling
You have the right not to be subject to a completely automated decision-making process – including profiling – that has a legal effect against you or significantly impairs you in a similar manner.

6. Right to appeal to a supervisory authority
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

Our competent supervisory authority is:

Der Hessische Datenschutzbeauftragte
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
Phone: (0611) 14 08-0
Fax: (0611) 14 08-900
E-Mail: poststelle@datenschutz.hessen.de

VI. SHARING AND DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
1. In addition to the sharing and disclosure of personal information that is included as part of the functionality of the Services as described in paragraph above, may disclose personal information if we believe such action is necessary to:

  • comply with the law, or legal process served on us;
  • protect and defend our rights and the enforcement of our agreements; or
  • protect the security and safety of Users or members of the public or other aspects of public importance, provided, of course, that such disclosure is lawful.

2. We transfer information to trusted service providers, and other partners who support our business and Services, such as providing technical infrastructure services, bug testing, analyzing how our Services are used, measuring the effectiveness of ads and services, and facilitating payments as well as potential partners who may wish to work with us to provide other services. we will always require these third parties to take appropriate organizational and technical measures to protect personal information and to observe applicable legislation.

3. We may also share personal information with third-party advertisers, agencies, and networks. Such third parties may use this information for analytical and marketing purposes e.g., to provide measurement services and targeted ads and for improvement of products and services. The information may be collected by such third parties by use of cookies, or similar technologies.

4. We may disclose and transfer Your Information to Our associated or affiliated organizations or related entities and to any third-party who acquires, Our business, whether such acquisition is by way of merger, consolidation or purchase of all or a substantial portion of our assets.

VII. INFORMATION SECURITY AND TRANSFER OF PERSONAL INFORMATION TO OTHER COUNTRIES
1. In order to provide the Services, We may transfer, process and store personal information in a number of countries, and may also use cloud-based services for this purpose. We may also subcontract storage or processing of Your information to third parties located in countries other than Your home country. Information collected within one country may, for example, be transferred to and processed in another country, which may not provide the same level of protection for personal data as the country in which it was collected.

2. You acknowledge and agree that We may transfer Your personal information as described above for purposes consistent with this Privacy Policy. We take all reasonable precautions to protect personal information from misuse, loss, and unauthorized access.

3. Innoplexus has implemented physical, electronic, and procedural safeguards in order to protect the information, including that the information will be stored on secured servers and protected by secured networks to which access is limited to a few authorized employees and personnel Art 2.6 NDPR 2019..

VIII. ACCESSING AND UPDATING PERSONAL INFORMATION
1. We may on Our own initiative, or at Your request, replenish, rectify, or erase any incomplete, inaccurate or outdated personal information retained by Us in connection with the operation of the Services.

2. When required by the applicable law, You have the right to know what personal information is stored about You and to have any such information corrected or deleted on Your request.