Curology makes customized skincare affordable and accessible. We use the information you share with us to help provide you with a customized experience from when you start interacting with us to when you receive your own personalized treatment plan.
Curology, Inc., David Lortscher, MD, P.C. (DBA Curology Medical Group), Skin Specialty Solutions, Inc., Personalized Skin Solutions, Inc., our fully owned and operated brands, including Agency, and our provider and related entities (“Curology,” “we,” “us,” or “our”) take your privacy and trust in us seriously. We are committed to protecting the privacy and security of the information that you share with us.
The purpose of this Privacy Notice is to explain how we may collect, use, store, disclose, or otherwise process your personal information when you interact with us through the Curology website located at http://curology.com, our mobile application(s), our products and services, and/or other communication channels under our control such as email, telephone, or social media that link to this Privacy Notice (collectively, “Services” or “Website”).
The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. All capitalized terms not otherwise defined in this Privacy Notice have the same meaning as set forth in the Curology Terms of Service, available here: https://curology.com/terms/.
Curology collects and stores a variety of information when you use our Services so that we can provide the Services to you. If we do not have this information, you may not be able to access or use part or all of our Services. The specific types of information we collect will depend on the Services you use, but may include the following:
Personal information means information associated with or used to identify or contact a specific person. Personal information we collect may include:
Identifiers such as your first and last name, date of birth, sex or gender, physical address, email address, phone number, identification numbers, etc.
Audio, visual, and other electronic information such as photographs and videos for purposes other than diagnosis or treatment
Commercial information such as your order history, products purchased or considered, payment information, and shipping history
Internet and network activity information such as IP address, geolocation information for transactional purposes, device information, log data, and cookies and similar technologies
Inferences drawn from any of the information collected about you such as your preferences, characteristics, and behavior, etc.
Health information is a type of personal information that includes any identifying information we collect relating to your medical history, including symptoms, diagnoses, treatment and outcomes. Health information we collect may include:
Audio, visual, and other electronic information such as photographs and videos for purposes of diagnosis or treatment
Medical history such as medical conditions, medications, allergies, treatment options, prescriptions, and any other health-related information for purposes of diagnosis or treatment.
Commercial information such as your order and shipping history
We collect information about you from the following categories of sources:
You may actively provide us information when you use our Services such as through our websites, emails, social media, surveys, sweepstakes and promotions, customer support, or any other online or offline interactions.
We may receive information from third parties such as affiliates, business partners, and service providers to operate our business and improve your experience and interactions with us.
Publicly Available Databases
We may receive information that is available publicly, either online or offline, to operate our business and improve your experience and interactions with us.
Curology and our service providers may use information about you to:
Provide teledermatology and related services;
Verify your identity as the holder of an account with us;
Administer your account, process payments, troubleshoot issues, and provide you with customer support;
Communicate with you about the Services, and to deliver any administrative notices or alerts and communications relevant to your use of the Services;
Allow you to participate in sweepstakes, contests, or other promotions;
Market our services and those of third parties that we believe may be of interest;
Tailor the features, performance and support of the Services to you and your preferences;
Provide, operate, analyze usage of, and improve the Services, including performing research and development;
Investigate, detect, deter, prevent, report, defend against, or take other action regarding security incidents, abusive behavior, suspected fraud, malicious or illegal activities, or violations of our Terms of Service or other policies;
Make sure our terms, policies, and agreements with you and any third parties are enforced;
Comply with applicable laws and regulations.
We understand the importance of protecting the confidentiality of your information and limit our disclosure of your personal and/or health information to the following possible scenarios:
To licensed medical providers (including those who provide healthcare services, drugs, or medical devices) so that they may provide you with the teledermatology and related products and services you request;
To third-party service providers acting on our behalf or to entities with whom we may collaborate with to offer and deliver the Services;
In order to protect the safety and security of Curology, the Services, our operations, our systems, our properties, our customers, or any other related person or entity;
In order to investigate, detect, deter, prevent, report, defend against, or take other action regarding security incidents, abusive behavior, suspected fraud, malicious or illegal activities, or violations of our Terms of Service or other policies;
In order to establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others;
In order to comply with applicable laws or legal processes such as a court order or subpoena;
In connection with any reorganization, restructuring, merger, sale, acquisition, financing, dissolution, or other transfer of assets under the condition that the recipient agrees to respect your information in a manner that is consistent with this Privacy Notice.
Generally, we use first-party and third-party cookies for the following purposes: to make our Services function properly; to provide a secure browsing experience during your use of our Services; to collect information about your use of our Services to help us improve and optimize our Services; to remember your preferences for your convenience; and to market our Services, including by showing ads or content on our Services or on third-party sites.
We use the following types of cookies on our Services:
Strictly Necessary Cookies, which are needed for the Site or Services to operate as reasonably expected by you.
Functional or Preference Cookies, which remember your name or choices.
Performance or Analytic Cookies, which collect passive information about your use of the Site or Services.
Advertising or Targeting Cookies, which are used to make advertising messages more relevant and personalized to you based on your inferred interests.
Depending on whether you would like to manage a first-party or third-party cookie, you will need to take the following steps:
First-Party Cookies: You can enable, disable, or delete cookies through the browser you are using to access our Services. To do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” settings). Please note, if you set your browser to disable cookies, you may not be able to access secure areas of our Services, and/or parts of the Services may not work properly for you. You can find more information about how to change your browser cookie settings at https://www.allaboutcookies.org.
Third-Party Cookies: You can disable cookies from third parties by using your browser settings or, if available, directly opting-out of cookie collection with the third-party cookie service provider via their website. The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at the following websites:Network Advertising Initiative, Ad Choices, Facebook, Google Ads.
Google Analytics. We use Google Analytics. Google Analytics is a web analytics service offered by Google LLC (“Google”) that tracks and reports Site traffic. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: policies.google.com/privacy. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: tools.google.com/dlpage/gaoptout.
Location Information. You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third parties by (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. See your device settings for more information. We will not share data obtained through our text message programs, including your phone number or location information, with third parties for their marketing purposes.
Persons under the age of 13 are prohibited from using our Services. Persons between the ages of 13 and 15 may only use our Services with the legal authorization of their parent or legal guardian. Curology does not knowingly collect any information from persons under the age of 13 (or from persons between the age of 13 and 15 without appropriate authorization).
Please contact us if you believe we have collected user information about a child without consent from their parent or guardian so we can take corrective action. Requests should include a description of the specific posted information (including information that will allow us to confirm it was created and posted by you) and should be sent to email@example.com.
Curology understands the importance of securing your information. We are continuously implementing and updating our administrative, technical, and physical security measures to protect your information. For example, we use firewalls to monitor and control our network traffic, encryption to secure our data transmissions, and cryptographic hash functions to store or share certain data.
Please be aware that using the Internet comes with inherent risks. No method of data transmission or method of physical or electronic storage can be guaranteed to be perfectly secure. There is some risk that an unauthorized third party may find a way to circumvent our security or that a transmission of your information over the Internet will be intercepted. Curology takes the measures stated above to provide a level of security appropriate to the risks of processing your information. You acknowledge and accept that we cannot guarantee the security of your information.
Aside from our efforts in securing your information, it is your responsibility to protect the security of your account credentials and keep your password confidential. If you notice suspicious activity or believe that your account may have been compromised in some way, please contact us immediately at firstname.lastname@example.org.
We may retain your information as required or permitted by applicable laws and regulations. For example, if you are a resident of certain jurisdictions you may be able to request to have your personal information deleted. If your request is granted, we may still be required by medical laws to retain your health information for a period of time. Your medical records will be retained by Company for a period of at least five (5) years, unless a longer period is required by state or federal law, after which they may be destroyed. If you are younger than twenty-three (23) years of age on the date the records may potentially be destroyed, your records will be kept at least until you reach the age of 23 or as required by state or federal law.
In order to provide our Services to you, we may send you communications related to your transactions, security, or the administration of this website. Transactional emails are emails we send you relating to your account or in connection with providing you the Services such as emails changing your password, emails in response to your support request, and emails from your medical provider.
From time to time, Curology may also send you marketing emails to provide you with free newsletters, surveys, offers, and other promotional materials. If you wish to stop receiving marketing emails from us, you can opt out by clicking the unsubscribe link at the bottom of any marketing email or contact us at email@example.com. Please be aware that you cannot opt out of transactional emails. You may opt in to receive text messages. If you decide you no longer wish to receive text messages (including operational, promotional, or transactional) from us, you can opt-out of receiving future text messages by replying “STOP.” However, you acknowledge that opting out of receiving text messages may impact your use of the Services.
You may access your Curology account information by going to the “Your Account” page. You can edit your account information as necessary, such as your email address, name, phone number, and more. When you update your account information, we may keep a copy of your previous account details for our records and to prevent fraud or other activities that violate our terms, policies and agreements. However, if you do not provide us with some of your personal information, such as your name or email, we will no longer be able to provide you with access to our Services.
If you are a California resident, please see the next section regarding your rights.
California Consumer Privacy Act of 2018 (CCPA)
If you are a California resident you have the following rights subject to certain exceptions:
The right to know about what personal information in the last 12 months was collected, how it is used, and whether it is disclosed for a business purpose or sold to third parties;
The right to request deletion of personal information;
The right to opt-out of the sale of personal information; and
The right to non-discrimination for the exercise of privacy rights.
You may submit a request to access or delete your personal information by emailing firstname.lastname@example.org or filling out our online form here. Before we approve your request(s), we will ask you to verify certain Personal Information that we have on file. Please note that requests pursuant to the CCPA are limited to non-medical personal information as the CCPA does not apply to health information governed by the CMIA.
If you opt-out of the sale of your personal information, we will wait at least 12 months before asking you if we may sell your personal information. You have the right to opt-in to the sale of your personal information after you have opted out. If you would like to opt-in to the sale of your personal information, you can email us at email@example.com. Opting-in is a two-step process in which you will first clearly request to opt-in, and then separately confirm that choice.
We will not discriminate against you for exercising your rights under the CCPA.
Please note that requests pursuant to the CCPA are limited to non-medical personal information as the CCPA does not apply to health information governed by the CMIA. Before we approve your request(s), we will ask you to verify certain Personal Information that we have on file. You may submit a request to access or delete your personal information by emailing firstname.lastname@example.org or filling out our online form here.
You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent, you or your authorized agent must provide written proof to email@example.com that the agent has a valid power of attorney pursuant to California Probate Code sections 4000-4465 or by submitting a signed, notarized authorization form (available here).
The table below summarizes the categories of personal information categories, as identified by the CCPA that Curology has collected in the last twelve months, and the third-parties with whom we may share your information. for a business purpose as described in Section 4, above. The sources from which we collect personal information can be found in Section 1 above entitled “Sources of Information.” For purposes of this Section 11 only, “personal information” has the meaning given in the CCPA, but excludes information exempted from the scope of the CCPA, such as health information that is exempt from the CCPA, as noted above.
|Categories of Personal Information Collected||Categories of Third Parties|
|A. Identifiers||Affiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)|
|B. Certain Personal Information (§1798.8)||Affiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)|
|C. Certain Characteristics of Protected Classifications||Affiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Website Optimization, Data Analytics)|
|D. Commercial Information||Affiliated Entities; Medical Providers; Service Providers (Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)|
|F. Internet or Network Activity Information||Service Providers (Customer Support/Feedback, Marketing Services, Operating Systems, Website Optimization, Data Analytics)|
|H. Certain Audio/Electronic/Visual/Similar Information||Affiliated Entities; Medical Providers; Service Providers (Operating Systems, Website Optimization, Data Analytics)|
|I. Professional/Employment-related Information||Affiliated Entities; Medical Providers; Service Providers (Talent Acquisition)|
|K. Inferences||Service Providers (Website Optimization, Data Analytics)|
“Shine the Light” Law (California Civil Code § 1798.83)
California law permits California residents to request certain details about how their information is disclosed with third parties for third-party direct marketing purposes. We do not share your information with third parties for their direct marketing purposes.
Privacy Rights for California Minors in the Digital World Act
If you are a California resident under the age of 18 and are a registered user of the Services, then you may request that we remove information you posted on the Services. Please be aware that applicable state or federal law may prevent Curology from deleting certain categories of information such as health information. Request for removals should include a description of the specific posted information (including information that will allow us to confirm it was created and posted by you) and should be sent to firstname.lastname@example.org.
Do Not Track
Certain web and mobile browsers allow you to send a signal to inform websites that you do not want your online activities tracked. At this time, we do not currently respond to “Do Not Track” signals or similar mechanisms.
Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Services.
We may update this Privacy Notice from time to time and make changes to our information practices as permitted by law. You can reference the date on the bottom to determine when this Privacy Notice was last updated. Any changes will become effective when we post the revised Privacy Notice on the Services. If you are registered for the Services, you will be notified of any material changes to this notice prior to them becoming effective. Your use of the Services following this notice means that you acknowledge and accept the revised Privacy Notice.