Use of our mobile app
I. Information on the collection of personal data
(2) The terms: “data subject”, “Information Officer”, “personal information”, “special personal information”, “processing”, “responsible party” and shall have the same meanings assigned to these terms in the Protection of Personal Information Act No. 4 of 2013 (“POPIA”).
(3) The person responsible in accordance with the provisions of “POPIA” is
Frankfurter Str. 27, 65760 Eschborn, Germany
email@example.com (see our imprint: www.curia.app/impressum) (“Innoplexus“).
The company data protection officer of Innoplexus can be contacted at the above address, at Datenschutzabteilung, or at firstname.lastname@example.org.
(4) When you contact us via email or a contact form, we will store your email address and, if you have provided this information to us, your name and telephone number, to enable us to respond to your query. We delete the information arising in this connection after storage is no longer required or – to meet any applicable law, regulation, legal process, or enforceable governmental request, we store or restrict further processing of this information.
(5) If we use contracted service providers for individual functions of our offer or wish to use your information for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.
II. Processing of personal information when using CURIA
The provision of your personal information is voluntary, however, a failure to provide us with some of your personal information may mean that you are unable to access CURIA or certain services (“services”) that we offer through CURIA.
By uninstalling, the active processing of your personal information is immediately stopped.
18 months from the date of uninstalling CURIA, your personal information will be deleted due to the cessation of our legitimate purpose for processing your personal information, unless we are subject to any statutory obligations to retain your personal information. We accept the cessation of our legitimate purpose after this period because we assume that it is no longer likely that you will use the services that we offer through CURIA again after this period. However, in order to afford you the opportunity to restore your CURIA profile after a shorter period of time, e.g. because you deleted CURIA earlier for lack of necessity, we temporarily store your personal information for you.
However, if you wish to revoke your consent and not just temporarily suspend your CURIA profile, you can do so by clicking the “Delete all my personal information” button. (Eg: Menu>Account Setting>Delete all my personal information)
§1 When using CURIA, we collect the following log file data:
– IP address, also in the API logs
– Date and time of the request
– Content of the request (concrete page, concrete API endpoint)
– Access Status/HTTP Status Code
– Amount of transferred in each case
– End device from which the request comes
– User Agent
– Operating system and its interface
– Language and version of the User Agent.
We process the above information on the basis of pursuing our legitimate business interests, for example, in order to offer the various functions of CURIA as well as to ensure the stability and security of CURIA as well as to enable and improve a your comfortable use of those functions.
IP addresses in log files are deleted after 14 days.
§2 Furthermore, when CURIA is started for the first time, we assign a unique installation ID for each installation, which is stored on an Innoplexus server. The unique installation ID contains no personal information. If you delete CURIA, a new installation ID will be generated when you re-install CURIA. A unique installation ID will be assigned so that a connection to the Innoplexus server can be established when starting CURIA on the mobile device to check if the version of CURIA you are using is still up to date. CURIA can be updated to implement new features or to ensure data security.
§3 You are required to register with your first and last name, e-mail address and telephone number in order to take advantage of CURIA’s free services. This creates a contract of use between Innoplexus and you and you will receive your own user account. We process the aforementioned personal information for purposes of providing our services only and not for any other purpose . The personal information you provide to us will be transferred to the Google Cloud and stored on a server located in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. In these circumstances we will, as required by section 72 of POPIA, ensure that your privacy rights are adequately protected by organizational, technical, contractual and/or other lawful means. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of information protection. By registering your CURIA profile, you consent to the transfer and processing of your personal information the Google Cloud and to a server located in Germany.
Alternatively, you can log in using your Google user account, in which case, we collect the following personal information:
– First and Last Name
– E-mail address
You can also log in using your Apple user account ID, in which case we collect the following personal information:
– First and Last Name
– E-mail address
You can delete your account at any time by clicking the “Delete my personal information” button within CURIA, in which case we will delete your personal information that we have in our possession. The personal information stored by us will be deleted as soon as the purpose for which we store such information no longer applies and the deletion is not prohibited by any legal storage obligations.
§4 If you would like to receive information about possible treatment options, physicians and clinical studies, you can fill out the questionnaire provided by us with questions about your clinical picture. Cancer-specific parameters will be asked, such as information on genetic mutations, or the status of the respective cancer. The information you provide is voluntary and serves the sole purpose of enabling us to provide you with information.
The processing for purposes of transmitting information about possible treatment options is based on your express consent . You are free to revoke your consent at any time without giving reasons. This does not affect the legality of the processing carried out up to that point.
You also have the option of registering for participation in clinical studies. To do so, you must provide the following information: Information about the study you wish to register for, your location, contact information (telephone number or e-mail address), information about your medical inclusion and exclusion criteria. The provision of this personal information, including special personal information, is voluntary and is based on your express and informed consent. The purpose of the processing is to carry out the selection procedure. You are free at any time to revoke your consent with immediate effect without giving reasons by selecting the option “Delete all my personal information” in the app. This gives you the option to delete all personal information, including special personal information, that we hold about you. After clicking on the “Delete all my personal information” option, you will receive an automated email confirming the deletion of your personal information. This does not affect the lawfulness of the processing that took place until you revoke your consent.
The completed questionnaires and applications for participation in clinical trials are transferred to the Google Cloud and stored on a server in Germany. The Google Cloud is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. In these circumstances we will, as required by section 72 of POPIA, ensure that your privacy rights are adequately protected by organizational, technical, contractual and/or other lawful means. We have concluded so-called standard contractual clauses with Google, which guarantee an appropriate level of information protection. If you have met all eligibility criteria for the clinical trial request, the personal information you have provided will be transferred to the internal Innoplexus clinical trial dashboard. This information can be accessed by the CURIA team, which is partly based in India and is part of Innoplexus Pune. Here, an appropriate level of data protection is ensured through the conclusion of standard contractual clauses. By registering for participation in clinical studies, you consent to the transfer of your personal information, including your special personal information, as aforesaid.
§5 We use Google Analytics and Google Firebase, both services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to
Your IP address will be processed. We use the anonymization function of Google, whereby the IP address is shortened in the EU/EEA for anonymization purposes and is transmitted in shortened form to Google servers in the USA. We use the anonymized reports on the general use of CURIA created by Google and transmitted to us in order to continuously improve our service and increase the user-friendliness of CURIA. The reports we receive contain no personal information. We process the information for the aforementioned purposes on the basis of your previously granted consent.
The information is processed in the USA, for which we have so-called standard contractual clauses with Google that guarantee an appropriate level of information protection.
The information will be deleted when it is are no longer necessary for the purpose of its collection because the option to collect and further process information on diagnosis and usage behavior in CURIA has been deactivated.
You are free to revoke your consent at any time with immediate effect without stating reasons. This does not affect the legality of the processing that has taken place up to that point.
III. Processing of personal information when using the Cancer Twin feature
A Cancer Twin is a patient in the Curia community whose cancer diagnosis is similar to yours. Cancer Twins can use a private chat to share experiences. The chat is based on Ethereum blockchain technology. The aim of the new feature is to bring cancer patients together.
§ 1 As part of a matching process, you, as a user, will be matched together with up to 3 other cancer patients, Cancer Twins, who have activated this feature and have a similar profile. In order to find a matching Cancer Twin, the following parameters are compared, which we collect from you to carry out the matching process:
– Cancer indication
– Hormone receptors
– Genetic markers
– Other health information, depending on cancer type
The purpose of this feature is to bring together cancer patients and promote the exchange of experiences and information between patients who have a similar cancer diagnosis. The processing is based on your explicit consent. You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to the point of you revoking your consent.
If the last login date is more than 6 months ago, the corresponding profile is automatically removed from the database and can no longer be matched with new Cancer Twins.
§ 2 Cancer Twins can exchange information in a chat integrated in CURIA. Patients must register for the feature and select a nickname before being matched with their Cancer Twin(s). This nickname can be edited in the settings. When users exchange messages via the built-in chat, the end-to-end encrypted messages are stored on a public Ethereum blockchain.
For this purpose, Innoplexus has provided a node that takes on the function of an intermediary to forward the chat message to the Ethereum blockchain. Before a message is transmitted and stored on the blockchain, it is fully encrypted locally on the patient’s mobile device using end-to-end encryption. The private key needed to encrypt the message is stored on your physical device the whole time and is not shared with Innoplexus or other users. Only when the encrypted message is received by the Cancer Twin, this message is decrypted with a corresponding key on the mobile device of the Cancer Twin who is to receive the message.
The purpose of this chat function is to enable the exchange of information and experiences in a simple way and without big hurdles, offering at the same time a high level of security. The processing of your personal information, including special personal information, is based on your express consent You are free to revoke your consent at any time without giving reasons with effect for the future. This does not affect the legality of the processing carried out up to the point of you revoking your consent.
In this case, the chat associated with your profile will be deleted from your device. The private key is lost and no one can decrypt the information, not even CURIA or Innoplexus AG. The nickname and chat content on the device of the Cancer Twin with whom messages were exchanged also disappear. Besides this, your profile will be automatically removed from the Cancer Twin database if the last login date is more than 6 months ago.
The server location cannot generally be assigned to a specific country due to the blockchain infrastructure (Public Ethereum blockchain), but by encrypting the chat content using a public key encryption method, the data is highly de-identified for everyone else, so that a data transfer to a third country can be considered “safe”.
Hashed metadata is not stored on the Ethereum blockchain.
We will only send you marketing information electronically (e.g. by email) only when you have actively provided your consent to us for this processing. We will contact you to let you know about the progress we are making against the latest research developments, advice, on our products and services etc. We also notify you about the introduction of new functions, announce the conclusion of new partnerships and what this means for you when using CURIA.
You can withdraw your consent at any time by clicking the Unsubscribe; link provided in the emails.Even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us.
V. Your rights
(1) In terms of POPIA, you have the following rights as a data subject –
– the right of access to personal information, including special personal information relating to you;
– the right to have the processing of your personal information, including your special personal information restricted;
– the right to object to the processing of your personal information, including your special personal information;
– the right not to be subject to decisions based solely on automated processing of your personal information and/or special personal information;
– the right to have inaccurate personal information, including your special personal information, corrected;
– the right to have personal information, including your special personal information destroyed and/or deleted
(2) You also have the right to lodge a complaint with the Information Regulator, whose details appear below, about the processing of your personal information by us.
27 Stiemens Street
Telephone number: (012) 406 4818
Fax number: (086) 500 3351