Privacy and Security Policy

Effective as of September 29, 2015

This Privacy and Security Policy (this "Privacy Policy") describes how your personal information may be collected, used and disclosed by Curology, Inc. and its subsidiaries and affiliates (collectively, "Curology," "we", "us", or "our"). By (a) using the website operated by Curology located at http://www.curology.com or other related websites and/or mobile applications operated by Curology (collectively, the "Website"), (b) purchasing and/or using the products and/or services provided by us thereunder (together, the "Products"), and/or (c) providing your personal information to Curology, you signify your acknowledgement and agreement to this Privacy Policy, whether or not you register for an account with Curology through the Website (an "Account"). If you do not agree with any provision in this Privacy Policy, please do not use the Website, purchase or use the Products, provide your personal information to Curology, or register for an Account. This Privacy Policy does not apply to websites or applications that display or link to different privacy policies. PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY.

In addition to this Privacy Policy, Curology has established Terms of Service that set forth the general rules and policies governing your use of the Website. A copy of the Terms of Service can be found here.

Curology's Commitment to Your Privacy.

Curology understands that your health information is very personal, and is dedicated to maintaining the privacy of your personally identifiable information, including your protected health information (collectively, "PII"). PII includes information about you that may be used to identify you (such as your name, date of birth, or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present or future payment for the provision of health care. In operating the Website, Curology may receive information and create records containing your PII. Curology is required by law to maintain the privacy of your PII and to provide you with notice of its legal duties and privacy practices with respect to your PII.

Collection, Use and Disclosure of Non-Personally Identifiable Information.

Curology may collect information about your use of the Website that does not contain any PII, or may aggregate or create de-identified information that does not contain any PII by removing information that personally identifies you from other information collected (collectively, "Anonymous Information"). Curology reserves the right to use or disclose Anonymous Information without restriction, subject to applicable law.

Collection, Use and Disclosure of Personally Identifiable Information.

Curology does not collect your PII without your authorization, though the use of certain features of the Website or Services will require you to provide certain information to us. Any information you provide to us when you visit or use the Website and/or when you register or use your Account is voluntary. This information may include the following PII:

  • Contact information, including, without limitation, name, email address, mailing address, and phone number; and
  • Health or medical information, including, without limitation, medical records, age, gender, health background, health status, prescribed and over-the-counter medications, medical ID number, driver's license number, laboratory testing results, and photos).

Subject to the restrictions on the use and disclosure of your PII under applicable law, Curology may use and disclose your PII (including to third parties) to:

  • Provide for the dermatological diagnosis and treatment of acne and skin aging.
  • Provide, operate, analyze usage of and improve the Website and Products.
  • Verify your identity as the holder of an Account.
  • Administer your Account or process payments.
  • Communicate with you about the Website and Products, and to deliver any administrative notices or alerts and communications relevant to your use of the Website or Products.
  • Tailor the features, performance and support of the Website and Products to you and your preferences.
  • Troubleshoot problems with the Website and provide you with customer support.
  • Market our services and those of third parties we believe may be of interest to you when you have given us express authorization to do so.
  • Investigate, deter, prevent, defend against or take other action regarding violations of Curology's Terms of Service, illegal activities, suspected fraud or situations involving potential threats to the legal rights or physical safety of any person or the security of Curology's network, Website or Products.
  • Respond to subpoenas, court orders or legal processes.
  • Facilitate the negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another person or entity.
  • Protect the personal safety of Curology, its customers, or any other person in an emergency.
  • Fulfill any other obligation of Curology as required by law.

In the event that we are legally compelled to disclose your PII to a third party, we will make every reasonable effort to notify you, unless doing so would violate the applicable law, court order or other legal requirement.

Additionally, when you visit the Website or use your Account, Curology may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited and average time spent on the Website. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve web design and functionality.

Disclosure of Personally Identifiable Information to Third Parties.

The Website may contain links to third party sites whose information, privacy and security practices may be different than ours. Before using these third party sites or providing them with your PII, you should carefully review and evaluate the privacy notices for such sites, as Curology has no control over information that is submitted to, or collected by, these third parties.

In certain cases, you may be directed to a third party site to provide information to complete a transaction in connection with the Website. In such cases, any information you provide to such third party sites directly to such third party will be subject to the applicable third party's privacy policy and terms of service. For example, Stripe, Inc. ("Stripe") provides third party payment processing services for Curology. All payments made to Curology will be processed by Stripe. The privacy policies of Stripe may differ from those of Curology. Any information you submit to Stripe will be governed by their privacy statements. Accordingly, Curology encourages you to carefully read their privacy statements.

CUROLOGY DOES NOT CONTROL AND IS NOT RESPONSIBLE FOR, HOW THIRD PARTIES HANDLE YOUR PII. PLEASE EXERCISE CAUTION AND CONSULT THE PRIVACY POLICIES POSTED ON EACH THIRD PARTY WEBSITE FOR FURTHER INFORMATION. CUROLOGY AND ITS OFFICERS, DIRECTORS, EMPLOYEES, CONSULTANTS, REPRESENTATIVES, AND AGENTS EXPRESSLY DISCLAIM ANY AND ALL LIABILITY RELATING TO THE ACCURACY, QUALITY, AVAILABILITY, RELIABILITY, OR SECURITY OF ANY THIRD PARTY WEBSITES. CUROLOGY AND ITS OFFICERS, DIRECTORS, EMPLOYEES, CONSULTANTS, REPRESENTATIVES, AND AGENTS SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED USE OR DISCLOSURE OF YOUR PII BY ANY SUCH THIRD PARTY IF SUCH PII IS PROVIDED TO SUCH THIRD PARTY IN COMPLIANCE WITH THIS PRIVACY POLICY.

Protection of Personally Identifiable Information.

Curology employs reasonable physical, electronic and managerial security measures, and follows generally accepted industry standards to safeguard your PII.

Curology utilizes firewall barriers, high-grade SSL encryption techniques, and authentication procedures, among others, to maintain the security of your online sessions and to protect Accounts and systems from unauthorized access. Curology software and member health records are stored on secure servers and backed up daily. All data is encrypted during storage and transmission.

Curology strictly limits access to your PII. Curology's employees and agents are trained in our confidentiality and privacy policies, and only those employees and authorized agents of Curology who need such information to provide you with the Products have access to your PII, and only under strictly controlled conditions. Curology and its employees and agents will use PII only as necessary to provide the Products through the Website.

Please be aware that no method of data transmission over the Internet or method of electronic storage can be guaranteed to be perfectly secure. As a result, while Curology takes extensive measures to protect your PII, it cannot ensure or guarantee the security of any information you transmit to Curology or through the Website. CUROLOGY DOES NOT COVENANT, REPRESENT, OR WARRANT THAT THE TRANSMISSION OF YOUR PII ONLINE WILL BE SECURE, AND YOU DO SO AT YOUR OWN RISK.

Your cooperation is imperative in safeguarding your PII. Choose your Account password carefully, as anyone with access to your Account password will be able to assume your online identity and view your medical information, change your PII, and communicate with your Curology health care providers. It is your responsibility to prevent disclosure of your password to others, and to change your password if you feel that its security has been compromised. You may change your password from your Account profile page after logging into your Account. Additionally, you will periodically receive correspondence from Curology at the email address you register with your Account. While these emails will never contain your photos or payment information, they will sometimes include information relating to the details of your acne or skin aging treatment (as applicable). Accordingly, it is critical that you safeguard your designated email address and restrict access thereto. The registration of an email address with your Account indicates your consent for Curology to transmit your PII to such address.

Opting Out Of Future Communications

You can stop receiving marketing emails from Curology by clicking the unsubscribe link included at the bottom of a Curology marketing email. You cannot opt out of certain emails we need to send you relating to normal business operations (for example, notifying you of a message from your medical provider). To opt out of all emails from Curology, you may email support@curology.com and cancel your Curology membership.

Accessing, Correcting, Updating, and Deleting Your Personally Identifiable Information.

You may access and update certain information, or deactivate your Account from your Account profile page after logging into your Account. Additionally, you may at any time make a request to access, correct or update the PII that Curology has collected about you by contacting us at support@curology.com, including requests to:

  • View your medical records that have been provided to Curology.
  • Inspect and copy your PII.
  • Amend your PII if you believe your file is incomplete, incorrect or obsolete.
  • Receive an accounting of all disclosures Curology has made of your PII.

Curology will make reasonable efforts to respond promptly to all such requests. Curology may impose a fee for the costs associated with your request, including the costs of labor, materials and/or shipping. In certain circumstances, Curology may deny your request. In the event of a denial, we will inform you of the reason for such denial and you will have the opportunity to request a review of the denial and submit a statement of disagreement for inclusion in your records. Curology will not verify, modify or otherwise alter any of your PII without your request or consent, provided that Curology may correct any errors or modify any immaterial information at any time.

You may at any time make a request for Curology to delete your PII. Curology will promptly comply with all such requests, but only to the extent such requests are not in conflict with any requirements to retain such information pursuant to applicable law or otherwise. When we delete your PII, it will be deleted from the active database, but may remain in our archives; we may also retain and continue to use your Anonymous Information. Further, to the extent your PII has been disclosed to third parties; Curology may not be able to access such PII or cause the deletion or modification of such PII by the relevant third parties.

Use of Cookies and Other Technologies on the Website.

Certain features of the Website are only available through the use of cookies and other user tracking mechanisms (collectively, "Cookies"). Cookies may include small files saved on your local hard drive which store your preferences or other records, and enable Curology to (a) collect information about your use of the Website, (b) understand general Website usage and volume statistical information, and (c) improve the services, experience, content and offerings on the Website. Cookies do not tell Curology your email address or other PII unless you choose to provide this information to Curology; for example, by registering for an Account. However, once you choose to provide your PII to Curology, this information may be linked to the data stored in a Cookie. You may elect to decline Cookies if your browser has this functionality. However, if you do so, you may not be able to use certain features on the Website which are dependent on the information collected by Cookies.

As you browse Curology, advertising cookies will be placed on your computer so that we can understand what you are interested in. Our display advertising partner, AdRoll, then enables us to present you with retargeting advertising on other sites based on your previous interaction with Curology. The techniques our partners employ do not collect personal information such as your name, email address, postal address or telephone number. You can visit this page to opt out of AdRoll and their partners' targeted advertising.

Persons under the Age of 18.

Persons under thirteen (13) years of age are not eligible to use the features, services and other aspects of the Website or the Products. Further, Curology does not knowingly collect PII from anyone between the ages of thirteen (13) and eighteen (18) unless Curology has authorization from the parent or legal guardian of such individual. A parent or guardian of a person under the age of eighteen (18) may review and request deletion of such individual's PII as well as prohibit our use thereof. If you are a parent or guardian of an individual under the age of eighteen (18) and believe your child has disclosed PII to Curology without your consent or authorization, please contact us at support@curology.com.

Assignment.

If Curology or its assets are acquired by another company, or in the event of a merger, consolidation, change in control, transfer of substantial assets, reorganization or liquidation, we may transfer, sell or assign to third parties information concerning your relationship with us, including, without limitation, PII that you provide or that has been provided on your behalf and other information concerning your relationship with Curology. Such third parties will assume responsibility for the PII collected by Curology in connection with Curology's business operations or through the Website and such third parties will assume the rights and obligations regarding such information as described in this Privacy Policy.

Amendments.

We reserve the right to amend, modify, add, delete or update the terms of this Privacy Policy at any time in our sole discretion, as long as such changes are in compliance with applicable law. If we change the terms of this Privacy Policy, we will post the new Privacy Policy on the Website and you agree that such postings constitute notice of the new Privacy Policy to you. We recommend that you read this Privacy Policy each time you use the Website. If you object to any changes to this Privacy Policy your sole recourse will be to cease using the Website and/or Products. Your continued access to and usage of the Website and/or Products signifies your acknowledgement and acceptance of any such changes to the Privacy Policy and agreement to be bound thereby. The terms of any new Privacy Policy will apply to all PII that it maintains, including PII that was created or received before such changes were made.

Report Violations.

You should report any suspected violations of this Privacy Policy to support@curology.com.

Questions.

If you have questions or concerns about this Privacy Policy, please contact us at support@curology.com.