Curan Medical B.V., hereinafter referred to as: “Curan”, attaches great importance to your privacy and respects the privacy of visitors to our website, and treats all personal data that is shared with us as confidential. Personal data is collected in accordance with the guidelines of the General Data Protection Regulation.
Curan is the responsible party and is located at Barlhammerweg 26 in Doetinchem. Telephone: +31 (0)314 39 27 25; Email: firstname.lastname@example.org
- people who request a sample package from Curan (through a distributor);
- visitors to the website, or the Curan Facebook page or LinkedIn account;
- people who fill out the Curan contact form.
What personal data do we collect?
We collect only the personal data that you have shared with us and the personal data that we have obtained from other sources, such as (corporate) social media platforms.
Personal data provided by you:
- contact details and other personal data that are necessary needed to send you your sample package via the distributor;
- IP address;
- personal data available on public (corporate) social media platforms such as Facebook and LinkedIn.
How do we use your personal data?
We send your personal data to the distributor you have chosen to fulfil your request for a sample package to be delivered. When you request a sample package, the minimum data collected are your contact details, your gender and the size you require. The data are only used to send you the sample package you have requested via your chosen distributor.
Curan analyses the following data:
- for the improvement and security of our website www.curan.eu.
- for generating user statistics: The user statistics from the website allow us to form an image of, among other things, the number of visitors, the duration of the visit, which parts of the website were visited and the click behaviour. It concerns generic reports, without specific information about individuals. We only use the information we collect to improve our website.
Legal basis for collection:
We collect personal data for one of the following legal bases:
- on the basis of an agreement or in the run-up to the conclusion of an agreement;
- in connection with a legitimate interest.
The person(s) responsible may only collect personal data if this can be done in accordance with one of the limitative enumerated legal bases detailed in the General Data Protection Regulation (GDPR). The four legal bases upon which Curan works are:
- consent: if we have asked for your consent to collect your personal data and you have agreed to this, then you still retain the right to revoke this consent;
- on the basis of an agreement or in the run-up to the conclusion of an agreement: if you have requested a sample package via a distributor, we will use your personal data if and insofar as it is necessary in order to fulfil the contract;
- legitimate interest: we may also make use of your personal data – without disproportionately infringing on your privacy – if we have a legitimate interest. For example, once you have consented, your selected distributor may use your contact details to contact you in response to any questions and/or comments you have made about them via our contact form.
The distributors (data handlers) we use to process your personal data do so exclusively for us. The agreement we have concluded with these data handlers meets the requirements of the General Data Protection Regulation (GDPR). For example, we would send your personal data to the distributor you have chosen so that they can send you your sample package. This also applies to any personal data you enter on to the contact form on our website.
Sharing personal data with third parties:
Your personal data are shared with distributors. This is necessary in order for the distributor to be able to send you a sample package. Your personal data are not stored for longer than 2 days.
Your personal data are not shared with third parties for commercial purposes.
Sharing outside the EEA:
It is sometimes necessary to share your personal data with parties located outside the European Economic Area (EEA). This may be — dependent upon the chosen distributor — necessary to send a sample package
In accordance with the General Data Protection Regulation (GDPR), personal data may only be sent to parties outside the EEA if a sufficient level of security for the protection of personal data is guaranteed, or if an equal variant applies.
We may pass your personal data on to a party outside the EEA if it is necessary to do so in order to fulfil the contract to deliver your sample package.
We hereby advise you that, in such countries, other laws and regulations may apply to the protection of your personal data.
How does Curan protect your data?
Curan takes the protection of your data very seriously. You want to know that your data is in safe hands and that your data won’t be left out on the street. For this reason, Curan has met the relevant technical and organisational measures that guarantee that your data are kept secure and only used for these specific purposes. Curan has taken all potential security risks to your data into account, especially concerning the potential effects of the loss or unauthorised use of your data. Curan has adopted, among others, the following measures:
- many Curan systems communicate with one another. When data are transferred from one system to another, this occurs in a safe and secure manner;
- third parties who require access to your data are obliged to undertake appropriate technical and organisational security measures and to ensure that their staff comply with confidentiality regulations;
- Curan protects its system against malware, viruses, cryptoware and hacking software;
- Curan uses the latest technology to guarantee the safety and security of its systems;
- Curan ensures that its software and other technologies are always up-to-date;
- Curan regularly performs automated security scans on its websites and systems;
- Curan deletes emails that have been sent to the distributors within 2 days of sending.
In the event that a data breach occurs, Curan is obliged to notify the (Dutch) Data Protection Authority within 72 hours of being made aware of its occurrence, unless it is unlikely that the data breach represents a risk to your rights and freedoms. If it is likely that the data breach poses a high risk to your rights and freedoms, Curan is obliged to advise you of the data breach. A data breach is defined as a security incident (such as the theft of a laptop or a hack into our system) in which data is lost or if Curan cannot reasonably exclude the unlawful processing of your data. When a data breach has been noted, all surrounding circumstances need to be assessed.
If it is merely an unexpected weak spot in the security system, then it is only a security breach and not a data breach. In this case, in principle, Curan is not obliged to notify the (Dutch) Data Protection Authority. It goes without saying that Curan will rectify any security breach as soon as it becomes known.
If you think you find a (potential) security or data breach at Curan, we would ask you to contact us directly via email on email@example.com.
In the event that you have questions about your personal data:
The law entitles everybody to exercise certain rights with respect to their own personal data. This means you have the right to the inspection, rectification or deletion of your personal data. You can also make a complaint against the use of your data or request that the use of your data is restricted. In certain situations, you can request your own personal data yourself and pass it on to another party. For all of these matters, please contact David van Groningen on +31 (0)314 39 27 25 or firstname.lastname@example.org
If you feel that Curan has not handled your data safely and securely then you can submit a complaint to the (Dutch) Data Protection Authority. If you have a complaint about the way in which CURAN has processed your personal data, then you can of course contact us by emailing David van Londen at email@example.com or calling on +31 (0)314 39 27 25. We will be happy to help you find a solution. In the event that this is unsuccessful, then you may, at any time, refer to the (Dutch) Data Protection Authority. If you feel that your complaint has not been satisfactorily resolved, then you can appeal to the court.
Do you have any other questions or comments about how Curan makes use of your data? Then please get in touch with us.