This Privacy Policy (“Policy”) explains how your information is collected, used, and disclosed by Curie (“We” or “Us" or “Our”). This policy applies where we are acting as a Data Controller with respect to the personal data of users of the Curie application or website.
Curie takes all reasonable measures to ensure that the privacy of all visitors to the Curie website or users of the application are protected. This privacy policy explains how Curie collects, processes and uses data collected from the users. We will never sell, share, or use your personal information other than as described here.
By using our platform, you consent to this policy. Please do not use the platform if you do not agree to the terms laid out in this policy. Your continued usage of the platform following changes to this policy will be deemed your acceptance to those changes.
The General Data Protection Regulation (GDPR) describes how organizations must collect, handle, process, and store personal information. These rules apply regardless of whether data is stored electronically, on paper, or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by eight important principles. These say that personal data must:
We take these responsibilities seriously; this document describes our approach to data protection. This policy helps to protect us from data security risks, including:
Curie is an application developed by ZoomRx Inc. who is registered in the US and India. The Data Protection Lead is Kendall Anderson. You can contact us in any of the following ways:
Email: [email protected]
US Address: Curie, 245 Main Street, Floor 2, Cambridge, Massachusetts 02142, USA
India Address: Curie, No-73, 2nd Street, Karpagam Avenue, Raja Annamalaipuram, Chennai – 600 028, IN
Our UK Representative
Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:
GDPR Local Ltd.
Adam Brogden: [email protected] / Tel: +44 1772 217800
1st Floor Front Suite, 27-29 North Street, Brighton, England, BN1 1EB
Processing of your data is required in order to offer you our services. This policy relates to every user that chooses to share their personal data with us; users where we collect, store, or process their data in order to provide our services; and all other users whose data we process in order to operate and develop our website and application.
This policy applies to individuals who have shared their data with Curie as a user in any capacity.
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:
This section describes our lawful basis for processing: We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:
| Purpose / Activity | Type of Data | Lawful basis for processing |
|---|---|---|
| To process and deliver the products and services you request |
|
|
| To manage our ongoing relationship with you, including notifying you about changes to our terms, services, or privacy policy, and to maintain our records |
|
|
| To administer and protect our business and our site/application (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) |
|
|
| To use data analytics to improve our website/application, services, marketing, customer relationships, and experiences |
|
|
| To make suggestions and recommendations to you about services that may be of interest to you |
|
Personal data we receive will be used for the purposes it was provided, including but not limited to:
In accordance with your preferences, we may also use your personal information to provide you with information about services, promotions, and offers that may be of interest to you. This document explains how you can change whether to receive this information. Please note that, even if you choose not to receive this information, we may still use your personal information to provide you with important services and communications, including communications in relation to any purchases you make or services you use.
We operate in line with GDPR data protection guidelines. We respect your rights and will respond to any request for access to personal information and requests to delete, rectify, transfer, data and to stop processing. We will also advise you on how to complain to the relevant authorities. Any requests or objections should be made in writing to the Data Controller, or you can visit our website or email us to contact us to change your preferences at any time.
We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for processing. Information may be used in the following ways:
We may be legally obliged to disclose your personal information without your knowledge to the extent that we are required to do so by law; in connection with any ongoing or prospective legal proceedings; in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
We implement commercially reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. We restrict access to data collected on the Curie platform to individuals who may need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. Any personal information submitted by you will be dealt with in accordance with our terms and conditions set forth herein.
We are a Data Controller. In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the GDPR in the way we use and share your personal data.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
Personally Identifiable Information will not be shared with any third parties, except that we may disclose your information if we believe we are required to do so by law, if we need to do so to protect someone's safety or our rights or property, or in order to comply with this policy or other policies that may be applicable.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a business need to know such data. They will only process your personal data per our instruction, and they are subject to a duty of confidentiality.
We will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.
For California, Virginia, Colorado, Utah, and Connecticut Residents
Your Rights Under the California Consumer Protection Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act pursuant to the state regulations, and subject to certain exceptions and limitations, residents of the above states can contact Curie to exercise the rights described below with respect to certain personal information that Curie holds about them. To the extent those rights apply to you, they are described below.
You have the right to request that we provide you with details about the personal information we collect, use, and disclose. Curie reserves the right to verify your identity to our satisfaction, including by asking you to log into your account if you have one.
You are entitled to receive the following:
You have the right to request deletion of the personal information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.
You have the right not to receive unlawful discriminatory treatment by Curie for the exercise of your privacy rights.
You have the right to opt-out of the collection, use, and disclosure of your personal information by Curie. You may request to opt-out by sending an email to [email protected].
If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us, or wish to complain, please contact:
Email: [email protected]
US Address: Curie, 245 Main Street, Floor 2, Cambridge, Massachusetts 02142, USA
India Address: Curie, No-73, 2nd Street, Karpagam Avenue, Raja Annamalaipuram, Chennai – 600 028, IN
We will process data protection requests within 30 days. Subject Access Requests (SARs) are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.
If you remain dissatisfied, then you have the right to apply directly to the relevant Supervisory Authority.
This Privacy Policy may be revised periodically. Your continued use of the website or application constitutes your agreement to this Privacy Policy and any amendments.