Curology makes customized skincare affordable and accessible. We use the information you share with us to help provide you with a customized experience from when you start interacting with us to providing you your own personalized treatment plan.
Curology, Inc., David Lortscher, MD, P.C. (DBA Curology Medical Group), Skin Specialty Solutions, Inc., and our provider entities (“Curology,” “we,” “us,” or “our”) take your privacy and trust in us seriously. We are committed to protecting the privacy and security of the information that you share with us.
The purpose of this Privacy Notice is to explain how we may collect, use, store, disclose, or otherwise process your personal information when you interact with us through the Curology website located at http://curology.com/, our mobile application(s), our products and services, and/or other communication channels under our control such as email, telephone, or social media that link to this Privacy Notice (collectively, “Services” or “Website”). The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. All capitalized terms not otherwise defined in this Privacy Notice have the same meaning as set forth in the Curology Terms of Service, available here: https://curology.com/terms/.
IF YOU DO NOT WISH TO ACKNOWLEDGE OR ACCEPT THIS PRIVACY NOTICE, PLEASE DO NOT USE THE SERVICES.
Curology collects and stores a variety of information when you use our Services. The specific types of information we collect will depend on the Services you use, but may include the following:
Personal information means information associated with or used to identify or contact a specific person. Personal information we collect may include:
Health information is a type of personal information that includes any identifying information we collect relating to your medical history, including symptoms, diagnoses, treatment and outcomes. Health information we collect may include:
Persons under the age of 13 are prohibited from using our Services. Persons between the ages of 13 and 18 may only use our Services with the legal authorization of their parent or legal guardian. Curology does not knowingly collect any information from persons under the age of 13 (or from persons between the age of 13 and 18 without appropriate authorization). If you are a parent or guardian of an individual under the age of 18 and believe your child has disclosed personal or health information to Curology without your authorization, please contact us at firstname.lastname@example.org.
We collect information about you from the following categories of sources:
You may actively provide us information when you use our Services such as through our websites, emails, social media, surveys, sweepstakes and promotions, or any other online or offline interactions.
We may receive information from third parties such as affiliates, business partners, and service providers to operate our business and improve your experience and interactions with us.
Publicly Available Databases
We may receive information that is available publicly, either online or offline, to operate our business and improve your experience and interactions with us.
Curology and our service providers may use information about you to:
Curology may send you marketing emails or texts to let you know of the latest news on our products and services. If you wish to stop receiving marketing emails from us, you can opt out by clicking the unsubscribe link in the footer of any marketing email or contact us at email@example.com. Please be aware that you cannot opt out of transactional emails. Transactional emails are emails we send you relating to your account or in connection with providing you the Services such as emails changing your password, emails in response to your support request, and emails from your medical provider. If you wish to opt out of all texts (including operational, promotional, or transactional texts), you can text the word “STOP” from the mobile device receiving the text messages.
Certain web and mobile browsers allow you to send a signal to inform websites that you do not want your online activities tracked. At this time, we do not currently respond to “Do Not Track” signals or similar mechanisms.
We understand the importance of protecting the confidentiality of your information and limit our disclosure of your personal and/or health information to the following possible scenarios:
Curology understands the importance of securing your information. We are continuously implementing and updating our administrative, technical, and physical security measures to protect your information. For example, we use firewalls to monitor and control our network traffic, encryption to secure our data transmissions, and cryptographic hash functions to store or share certain data.
Please be aware that using the Internet comes with inherent risks. No method of data transmission or method of physical or electronic storage can be guaranteed to be perfectly secure. There is some risk that an unauthorized third party may find a way to circumvent our security or that a transmission of your information over the Internet will be intercepted. Curology takes the measures stated above to provide a level of security appropriate to the risks of processing your information. You acknowledge and accept that we cannot guarantee the security of your information.
Aside from our efforts in securing your information, it is your responsibility to protect the security of your account credentials and keep your password confidential. If you notice suspicious activity or believe that your account may have been compromised in some way, please contact us immediately at firstname.lastname@example.org.
We may retain your information as required or permitted by applicable laws and regulations. For example, if you are a resident of certain jurisdictions you may be able to request to have your personal information deleted. If your request is granted, we may still be required by medical laws to retain your health information for a period of time. Your medical records will be retained by Company for a period of at least five (5) years, unless a longer period is required by state or federal law, after which they may be destroyed. If you are younger than twenty-three (23) years of age on the date the records may potentially be destroyed, your records will be kept at least until you reach the age of 23 or as required by state or federal law.
California law permits California residents to request certain details about how their information is disclosed with third parties for third-party direct marketing purposes. We do not share your information with third parties for their direct marketing purposes.
If you are a California resident under the age of 18 and are a registered user of the Services, then you may request that we remove information you posted on the Services. Please be aware that applicable state or federal law may prevent Curology from deleting certain categories of information such as health information. Request for removals should include a description of the specific posted information (including information that will allow us to confirm it was created and posted by you) and should be sent to email@example.com.
If you are a California resident you have the following rights subject to certain exceptions:
We will not discriminate against you for exercising your rights under the CCPA.
Please note that requests pursuant to the CCPA are limited to non-medical personal information as the CCPA does not apply to health information governed by the CMIA. Before we approve your request(s), we will ask you to verify certain Personal Information that we have on file. You may submit a request to access or delete your personal information by emailing firstname.lastname@example.org or filling out our online form here.
You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent, you or your authorized agent must provide written proof to email@example.com that the agent has a valid power of attorney pursuant to California Probate Code sections 4000-4465 or by submitting a signed authorization form (available here).
The table below summarizes the categories of personal information we have collected in the last 12 months and the categories of third parties who we have disclosed personal information to for a business purpose. The sources from which we collect personal information can be found in the above section entitled “Sources of Information.” The purpose for collecting personal information can be found in the above section entitled “Use of Information.”
|Categories of Personal Information Collected|
(See Above Categories)
|Categories of Third Parties |
(Disclosed to for a Business Purpose)
|A. Identifiers||Affiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)|
|B. Certain Personal Information (§1798.8)||Affiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)|
|C. Certain Characteristics of Protected Classifications||Affiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Website Optimization, Data Analytics)|
|D. Commercial Information||Affiliated Entities; Medical Providers; Service Providers (Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)|
|F. Internet or Network Activity Information||Service Providers (Customer Support/Feedback, Marketing Services, Operating Systems, Website Optimization, Data Analytics)|
|H. Certain Audio/Electronic/Visual/Similar Information||Affiliated Entities; Medical Providers; Service Providers (Operating Systems, Website Optimization, Data Analytics)|
|I. Professional/Employment-related Information||Affiliated Entities; Medical Providers; Service Providers (Talent Acquisition)|
|K. Inferences||Service Providers (Website Optimization, Data Analytics)|
Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Services.
We may update this Privacy Notice from time to time and make changes to our information practices as permitted by law. You can reference the date on the bottom to determine when this Privacy Notice was last updated. Any changes will become effective when we post the revised Privacy Notice on the Services. If you are registered for the Services, you will be notified of any material changes to this notice prior to them becoming effective. Your use of the Services following this notice means that you acknowledge and accept the revised Privacy Notice
Last Updated: September 2, 2020.