Effective date: March 13, 2019
Curelator, Inc. (“Curelator”, “the Company”, “we“, “us“, or “our“) operates the n1-headache.com website (“Site”) and the N1-Headache application (together hereinafter referred to as the “Service“).
This page informs you of our policies regarding the collection, use, protection, and disclosure of personal data when you use our Service and the choices you have associated with that data.
User is any living individual who is using our Service and is the subject of Personal Data
Visitor means an individual other than a User who uses the Site but has not registered to use the Service
Personal Data means any information relating to an identified or identifiable natural person. Personal Data that can be used to contact or identify you may include, but is not limited to:
First name and last name
Date of Birth
Cookies and Usage Data
Health-related information such as symptoms, medications taken and missed as well as lifestyle, emotional state and preferences data
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). Usage Data may include information such as:
Your computer's Internet Protocol address (e.g., IP address)
Browser type and version
The pages of our Site that you visit
The time and date of your visit
The time spent on those pages
Unique device identifiers
Other diagnostic data
When you access the Service with a mobile device, this Usage Data may include information such as:
The type of mobile device you use
Your mobile device unique ID
The IP address of your mobile device
Your mobile operating system
The type of mobile Internet browser you use
Unique device identifiers
Other diagnostic data
Location Data is data that may be used to identify a User’s geographic location
Cookies are small files stored on your device (computer or mobile device) with a small amount of data that may include an anonymous unique identifier. Depending on the content of the cookie, it may or may not constitute Personal Data
Data Processors (or Service Providers) means any natural or legal person who processes Personal Data on behalf of the Data Controller. We may use the services of various service providers in order to process your data more effectively
Anonymized Information is information that does not relate to an identified or identifiable person, or to Personal Data that has been rendered anonymous in such a way that the Data Subject is not or is no longer identifiable
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you. We may employ service providers, including third party companies and individuals, to facilitate our Service, provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used. The service providers may contact you on our behalf, including, but not limited to, using surveys, market research, and e-bulletins. These service providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We do not share, sell or distribute User Personal Data except to provide Curelator services to Users as set forth herein.
Types of Data Collected
We may collect various types of information, including Personal Data, as part of your use of our Service. We use this data to provide the features of our Service and to improve and customize our Service.
The types of information we may collect, process and/or maintain are set forth below.
While using our Service, we may ask you to provide us with certain Personal Data, as defined above. We may also obtain information, including Personal Data, from third parties and sources other than Curelator services, such as our partners and advertisers. If we combine or associate information from other sources with Personal Data that we collect through our Services, we will treat the combined information as Personal Data in accordance with this Policy.
We may also collect Usage Data, as defined above, whenever you visit our Service or when you access the Service by or through a mobile device.
We may also collect, use and store Location Data, as defined above, if you give us permission to do so. You can enable or disable location services when you use our Service at any time by way of your device settings.
Tracking & Cookies Data
We will not collect or store your payment card details. Any such information that is necessary for the use of our Service is provided directly to our third-party payment processors whose use of your Personal Data is governed by their Privacy Policies. These payment processors adhere to the standards set by the Payment Card Industry Data Security Standard (“PCI-DSS”) as managed by the PCI Security Standards Council (pcisecuritystandards.org), which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
How We Use Your Information
We use the information we collect in a variety of ways in providing our Services and operating our business, including:
To operate, maintain, improve and provide all features offered to Curelator customers and website visitors
To respond to comments and questions about the Company and our products
To provide customer support to the users of our Service
We use Anonymized Information to provide selected research groups and individual researchers with daily diary, profile, medication, and demographic data with the goal of improving the knowledge of the disease, influencing factors, impact, and effectiveness of potential and existing therapies. The results of these research projects may be presented in relevant publications, journals, and meetings.
We may keep Anonymized Information related to you for the purpose of medical research. This information will be kept in such a way that it will be impossible to re-identify it. We may also keep records for legal and administrative requirements.
With your express consent, we may share Personal Data, including health and lifestyle information, with your treating clinician and/or healthcare provider to improve their understanding of your health situation and allow them to make better decisions about your treatment options, risks, and effectiveness. Your Personal Data is shared using compliant means, is password protected and is encrypted during transit.
We may retain communications with Users of the Service for reasons including:
For administrative purposes such as customer service and billing
To notify customers and mailing lists subscribers of new products and services offerings
To inform subscribers about new research, findings, and publications
To conduct customer research or satisfaction surveys
You may opt-out of receiving any, or all, promotional communications from us by following the unsubscribe link or the instructions provided in any email we send.
We use Anonymized and aggregated information to analyze the usage trends of the Service, to improve the Service offering, and to develop new features, products, and services.
Cookies and Tracking
Keep track of user login and authentication on the Service
Monitor the usage and effectiveness of the Service, such as the number of visitors, pages viewed and content interaction
Analytics and Advertisement
We use Google Analytics to measure access to and traffic on our Service, and we create usage reports for our Service managers. Google may use the information collected through Google Analytics to evaluate activity and usage on our Service. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page. We make sure the data sent to Google Analytics is protected and Anonymized and is used solely for the purpose of administering the Service, understanding usage trends, Users and Visitors preferences and resolving technical issues.
The payment processors we work with are:
Security and Data Protection
We will take all steps reasonably necessary to ensure that Personal Data is treated securely and in accordance with this Policy. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. When possible, encryption is used, both in transit and storage.
All third parties that process Personal Data on our behalf are required to keep that data secure.
Retention of Data
Curelator will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security of or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
Transfer of Data
Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
Disclosure of Data
Third Party Service Providers
We employ third-party service providers to help us with the development, maintenance, hosting, backup and other services required to operate the Service. Some of these third parties may have access to or process a minimal set of Personal Data necessary to perform their function. Our contracts with service providers require them to preserve the confidentiality of Personal Data that is shared with them.
Curelator may also, at a User’s request or with a User’s express consent, share their Personal Data, including medical and behavioral information, with the User's physician, clinician, other healthcare provider or any other individual or entity that the User instructs Curelator to so inform.
Anonymized and/or Aggregated Information
Although Curelator will never share any User Personal Data, except for the purposes set forth in this Policy, Curelator may, from time to time, disclose Anonymized Information or aggregate information relating to particular diseases or disorders, behaviors or modifications as part of our research and to researchers doing work for or on behalf of Curelator, sponsors, or other business partners. Any such disclosure to such third parties is bound by the privacy protections set forth herein.
Disclosure for Law Enforcement
Curelator will disclose User Personal Data outside the scope of these provisions only as required to do so by law or compelled by court or government or administrative agency of competent jurisdiction. Personal Data from Users may be subject to Federal and local laws that require Curelator to disclose this data in certain circumstances.
Change of Ownership
Curelator reserves the right to transfer our user databases together with any Personal Data contained in them, to any third-party acquiring our assets after notice and the opportunity for a User to request that Personal Data not be transferred. Should Curelator or our assets ever be sold, acquired, merged, liquidated, reorganized, or otherwise transferred, we will place a prominent notice on the homepage of the N1-Headache website.
We do not knowingly collect Personal Data from anyone under the age of 18 without consent from a parent or guardian. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take reasonable steps to remove that Personal Data from our servers in a timely manner.
Our Service is not designed for, or intentionally targeted at, children under 13 years of age. It is not our policy to intentionally collect or maintain Personal Data about anyone under the age of 13.
Your Data Protection Rights
The Service Users retain ownership of their Personal Data.
In certain circumstances, you have the following data protection rights:
The right to access, correct or delete the Personal Data we have on you
The right to object to our processing of your Personal Data
The right to request that we restrict the processing of your Personal Data
The right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format (although, in certain circumstances, we may assess reasonable costs for providing this information to you)
The right to withdraw your consent to the collection and/or processing of your Personal Data at any time where Curelator relied on your consent to process your Personal Data
You can modify some of your Personal Data through the use of our Service at any time. If you are unable to perform these actions yourself, please contact us to assist you at email@example.com.
When processing is based on your explicit consent, you can withdraw this consent at any time, by either closing your account or writing an email to firstname.lastname@example.org. This may affect the features offered by the Service.
If you wish to be informed about what Personal Data we hold about you, or if you want it to be removed from our systems, please contact us. Please note that we may ask you to verify your identity before responding to such requests.
We retain the information we collect about and from you only for as long as necessary to fulfill a business purpose or comply with legal and administrative requirements. If your account becomes inactive, we will keep your Personal Data for a period of 7 years after which you will be notified one month prior to deletion of your account and Personal Data.
You can also opt-out of our commercial communications and email surveys by following the instructions given at the bottom of such communication, or by writing an email to email@example.com.
You have the right to contact a Data Protection Authority if you have a concern about your privacy rights or our collection or use of your Personal Data. Nonetheless, Curelator shall not have liability for disclosure of any User Personal Data obtained or disclosed due to errors in transmission or the unauthorized acts of third parties. Users are hereby reminded that transmission of information via the Internet or over mobile networks is not completely secure. Despite our best efforts, no matter how extensive, Curelator cannot and does not guarantee the security of User data transmitted to and from Curelator or over mobile networks; any transmission is at User's own risk.
Special Notice to California Residents – Your California Privacy Rights
California's Shine the Light law provides California residents with the right to receive disclosures about any sharing of their personal information with other companies during the preceding calendar year.
If you are a California resident and you provided your Personal Data to Curelator, then, once each calendar year, you may submit a written request for information about the information we shared, if any, with other companies for their use in direct marketing. To submit your written request, please send a written request to:
210 Broadway, Floor 201
Cambridge, MA 02139
with “Request for California Privacy“ in the letter subject line. You must include sufficient detail for us to locate your file; at a minimum, your name and postal address or ZIP Code.
Upon receiving your request, we will send you a list of the categories of Personal Data disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties.
We reserve our right not to respond to requests sent more than once in a calendar year, or requests submitted to an address other than the one posted in this notice. Please note that the California Shine the Light law does not cover all information sharing. Our disclosure only includes information covered by the law.
California Do Not Track
Curelator does not track its Users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals.
If you have any questions, comments, concerns or complaints about this Policy, please contact us by email at firstname.lastname@example.org or by a written request to:
Data Protection Officer
210 Broadway, Floor 201
Cambridge, MA 02139