Privacy Policy CURIATM App-Website

I. General Information

The Website (“Website”) is a service of Innoplexus AG, hereinafter also referred to as “Innoplexus” or “we”/”us”.

Hereby we inform you about the handling of your personal data. If you use our website, personal data will be processed as set forth in this Policy. This Privacy Policy explains the types of Personal Data as this term is defined in the laws of the Member states of the European Union and the United Kingdom and Personal Information as this latter term Is defined within the California Consumer Privacy Act (“CCPA) and U.S. states that have enacted privacy laws to the extent those laws apply to us and to you. If CCPA or a US. state privacy law applies to you as a resident of the state of California (collectively referenced as “Personal Data” throughout this Privacy Policy) or a state that has enacted a privacy law how we collect, how we process that data, and how we will protect it, in accordance with applicable law, though we do not concede the applicability of any U.S state law to us and the applicability of those laws is determined by the text of the laws themselves. Please also read our Cookie Policy below for information about how we use cookies and refer to our Terms & Conditions for additional information regarding our services.

You can access this data protection declaration at any time under the section “Privacy Policy” at on our Website.

II. Name and address of the controller

Innoplexus, as operator of the Website, is responsible regarding personal data that gets processed because you use our website.

Innoplexus AG
Frankfurter Straße 27
65760 Eschborn

Tel.: +49 6196-9677-311

Chairman of the Supervisory Board: Dr. Andreas Penk
Chief Executive Officer: Dr. Gunjan Bhardwaj

III. Contact details of the data protection officer

If you have any questions or if you wish to exercise your data subject rights, please contact our data protection officer at

IV. Processing personal data

1. Providing the Website and creation of log files

a) Description and scope of data processing

Every time you visit our Website, your browser transmits the following data which gets automatically saved for technical reasons:
– information about your browser type and version
– the operating system you are using
– the previous website from where you are accessing us (referrer URL)
– your IP address
– the date and time when accessing our Website
Our system stores your personal data in log files. This data is not stored with other personal data in relation to you.

b) Legal basis for data processing
We process your data temporarily pursuant to Article 6 Sec. 1 phrase 1 lit. f GDPR.

c) Processing purpose
It is necessary for us to process your IP address temporarily to enable the Website to be made available on your terminal device. Furthermore, we use your personal data to optimize our Website and guarantee the security of our IT systems. These reasons also reflect our legitimate interest in processing your personal data. Your data will not be processed for marketing purposes.

d) Storage period
The aforementioned personal data will be deleted as soon as it is not necessary anymore for achieving the processing purpose. This is the case when the respective session has been ended by you.
IP addresses that were processed in log files, will be deleted after seven days. A longer storage period is only appropriate if your IP address is deleted or alienated, which would make it impossible for us to draw any conclusions from the IP address to your person.

e) Possibility to object and removal according to Article 21 GDPR
It is not possible to object to the processing of this data since it is necessary for the Website’s functioning.

2. Cookies

a) Description and scope of data processing
We use so-called cookies on our Website. They serve us to recognize you as a user and to facilitate the usage of our Website. Cookies are small text files which your web browser installs on your terminal device. Mostly so-called “session cookies” are used, they get deleted automatically after your session has been completed.
Other cookies, so-called “persistent cookies”, remain installed on your terminal device until they get removed by you. These cookies allow us to identify your web browser when you visit our Website the next time.
You can check in your web browser the cookies that are installed on your terminal device. Within the predefined scope of your web browser settings, you can choose whether cookies should be permitted in individual cases, should not be accepted in general or be deleted automatically after your web browser has been closed. Nevertheless, disabling cookies may limit the possibility to use the Website.
We use cookies to make our Website more user-friendly for you. Therefore, some elements of our Website require the possibility to identify the calling browser after a page change has occurred.

The following data is stored and transmitted in the cookies:
Log-in information for input masks
– IP address
– Time zone
– Information about technical failures
– Selection of settings and back-up information

b) Legal basis for data processing
We process your personal data according to Article 6 Sec. 1 phrase 1 lit. f GDPR.

c) Processing purpose
We use technical cookies that are necessary to optimize the usage of our Website. Otherwise we would not be able to offer certain functions on our Website. It is essential for these functions that your web browser gets recognized after a page change has occurred. These purposes also represent our legitimate interest in processing your personal data.
The use of cookies is required for the following applications:
– Use of website functions
We do not use personal data collected by technically necessary cookies to create user profiles.

d) Storage period, possibility to object and removal according to Article 21 GDPR
Cookies that are installed on your terminal device transfer the stored information to our Website. Thus, you have full control of whether and how long cookies can contain informational data. You can deactivate or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. Though, please be aware that while deactivating the use of cookies, it may no longer be possible to use all functions our Website is offering.

3. Google Analytics with anonymization function

a) Description and scope of data processing
We use Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter “Google”) on our Website. Google Analytics uses so-called cookies. These are text files that are stored on your terminal device (see above) and enable an analysis of the use of our Website.
The information generated by this cookie regarding your usage behavior is transmitted to Google’s servers located in the USA and stored there.
So that you can still use our portal anonymously, we use Google Analytics with the addition “_gat._anonymizeIp”. This means that your IP address is already reduced by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized. Only in very special cases will the full IP address be transmitted to a Google server in the USA and shortened there. Under no circumstances will your IP address be merged with other data collected by Google. Google has signed standard contractual clauses to ensure an appropriate level of data protection.
More detailed information on the terms of use and data protection of Google Analytics can be found at

b) Legal basis for data processing
We process your personal data according to Article 6 Sec. 1 phrase 1 lit. a GDPR based on your consent.

c) Processing purpose
Google uses the information to determine how you have used the Website, to provide us with a summary of website activity and to provide other services related to internet and Website usage. This includes all demographic and geographic data. If necessary, Google will transfer the collected information to third parties if this is required by law or if Google commissions third parties to process this data.

d) Storage period
The storage period of the data transmitted by you and linked to cookies is 2 years. After this period, the data will be automatically deleted. The deletion of data whose retention period has been reached takes place automatically once a month. In addition, you can independently uninstall the cookies installed by Google Analytics and thus delete the stored data. We explain how this deletion can be carried out via the browser settings in the following point.

e) Revocation in accordance with Art. 7 (3) GDPR.
You are free to revoke the installation of cookies at any time by making the appropriate setting in your browser software and without giving any reasons.

For this purpose, Google offers a deactivation add-on for the most common browsers, which gives you more control over what data is collected by Google about the portal page you call up. The add-on tells the JavaScript (ga.js) of Google Analytics that no information about the portal visit should be transmitted to Google Analytics. However, the Google Analytics browser deactivation add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For more information on how to install the browser add-on, please click on the following link:

This does not affect the lawfulness of the processing carried out until then based on the consent. In the event of revocation, your personal data will no longer be processed, but deleted.

4. Possibility of contacting

a) Description and scope of data processing

We integrated on our Website a contact form to offer you the opportunity to get in touch with us. By contacting us through the contact form, all the information which is provided by you, will be transmitted to and stored by us for processing your inquiry.
The following data is collected at the time of your request:
– Name
– E-mail address
At the time of sending your request, the following data will also be processed:
– IP address
– Date and time when the request has been sent
In case you are contacting us via the email-address we made available on our Website, we will process your e-mail-address and all personal data which is associated with your e-mail-address.

b) Legal basis of data processing
We process your personal data pursuant to Article 6 Sec. 1 phrase 1 lit. f GDPR.

c) Processing purpose
We process your personal data only for the purpose of processing your inquiry.
Other personal data which got collected during the transmission process is carried out for our protection, in particular to prevent a misuse of our contact possibilities and an impairment of our IT systems.
These purposes also constitute our legitimate interest in processing your personal data.

d) Storage period
Your personal data gets deleted when it is not necessary anymore to achieve the processing purpose.
Therefore, we delete personal data you sent through the contact form, when the conversation has ended. The conversation has ended when the circumstances indicate that the relevant matter has been resolved.
Other personal data which is associated with the contact form and got transmitted through its usage will be deleted after a period of 3 months.

e) Possibility to object and removal according to Article 21 GDPR
You have the possibility to object to the processing of your personal data in accordance to Article 21 GDPR at any time. In such a case, the conversation cannot be continued. Please address your objection to In this case, the personal data processed during the communication will be deleted.

5. Use of Social Media Buttons

On our Website we integrate the following social networks by providing a hyperlink to access them:
The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as your rights in this regard and possible configuration settings for protecting your privacy can be found in the privacy policies of the respective social network providers:
Facebook –
Instagram –
LinkedIn –

Login to CURIATM Account Through Google

It is not necessary for you to access your CURIATM mobile app account by logging in through any social media platform. If you have an account with Google, though, you may log into your CURIATM mobile app account through Google by clicking on the Google button on the login screen. If you log into your CURIATM account in this way, your first name, last name and email address (which Google will process to determine to authenticate that your email address indicates that your Gmail account is valid) will be shared with Google. No other personal data and no health information will be shared with Google, but your name and email address will be processed by Google and the scope of that processing and your options with regard to that processing may be found in Google’s Privacy Policy at

V. Rights of the data subject: Europe Union/EEA

Regarding the processing of your personal data on our Website, you are a data subject within the meaning of the GDPR, therefore, you are entitled of the following rights towards us:

1. Right to be informed

You have the right to request information about your personal data processed by us at any time. This includes information about the origin, recipients or categories of recipients to whom we transfer your data and the purposes for which we process your personal data.

2. Right to rectification

You have the right to request the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.

3. Right to erasure and right to restriction

You can ask us to delete your personal data immediately. We are obliged to carry out the deletion immediately unless we are obliged to further process your personal data on the basis of contractual and/or legal regulations. This is the case, for example, if we are prohibited from deleting data under tax law. In such a case we restrict the processing and delete the personal data in question immediately after expiry of the retention period.

4. Right to data portability

You have the right to receive your personal data you have provided in a structured, current and machine-readable format, if this is technically possible. Furthermore, you have the right to transfer this data to another controller without any hindrance.

5. Rights in relation to automated decision making and profiling

You have the right not to be subject to a completely automated decision-making process – including profiling – that has a legal effect against you or significantly impairs you in a similar manner.

6. Right to appeal to a supervisory authority

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

For the United Kingdom users the applicable law, regarding their data protection and privacy, is the Data Protection Act 2018 and the respective articles of such as amended or revised from time to time.

California Residents

While many browsers permit you to send a signal about your Do Not Track (“DNT”) preferences, we do not respond to DNT signals sent from browsers.

If CCPA applies to you and to us (and we do not concede that it applies to us), then CCPA California Civil Code Section 1798.83, The California Consumer Privacy Act (“CCPA”) permits you to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to

CCPA also provides California residents with additional rights related to data privacy. If you have any questions about this section or whether it applies to you, please contact us at

Pursuant to the CCPA California residents may, subject to certain exceptions within CCPA:

  • Request access to the specific and Personal Information that we have collected about you over the past twelve months, the categories of sources of that information, our business or commercial purposes for collecting the information, and the categories of third parties with whom the information was shared;
  • Obtain a copy of your Personal Information in a format that would permit you to transfer that Information to another repository;
  • Submit a request for deletion of Personal Information, subject to certain exceptions, including (without limitation) in the event that we may need to retain Personal Information to complete the transaction for which the Personal Information was collected, detect security incidents protect against illegal activity, exercise certain rights of free speech, comply with a legal obligation or for internal uses permitted by law. If your request is subject to any exception, we may deny your request to delete your data. Please note that you must verify your identity and request before further action is taken by us. To do so, we will notify you of what we require for identity verification via email.

Do Not Sell My Personal Information
(Innoplexus or CURIATM) does not sell Personal Information, but the CCPA defines sale more broadly than the traditional sense of an exchange of data for money and may encompass transactions in which we may share your Personal Information. Accordingly, you may, subject to exceptions in CCPA, request that (Innoplexus or CURIATM) not “sell” your personal information by submitting this request to us at Please be aware that certain sharing of your Personal Information, such as disclosures of that Information to “Service Providers” as that term is defined and in accordance with CCPA, or for certain business operations of (Innoplexus or CURIATM) are not considered “sale” of Personal Information.

CCPA comprises provisions that explicitly prohibit us from making any adverse decisions about you or your account based upon your exercise of this right (“non-discrimination”).

To exercise these rights, you may contact us at or at +49 6196-9677-311 . Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent please contact us via email or at +49 6196-9677-311.

Children’s Online Privacy Protection Act
(Innoplexus or CURIATM) complies with the Children’s Online Privacy Protection Act (COPPA), which requires the consent of a parent or guardian for the collection of personally identifiable information from children under 13 years of age. (Innoplexus or CURIATM) does not knowingly collect, use or disclose personal information from children under 13, or equivalent minimum age in the relevant jurisdiction, without verifiable parental consent. However, it is possible that we may inadvertently receive information pertaining to children under 13. If you believe that we have received information about your child that is under the age of 13, please do not hesitate to notify us at When we receive your notification, we will obtain your consent to retain the information or will delete it permanently.

Last updated 20th of October of 2021

Our competent supervisory authority in the European Union/EEA is:

Der Hessische Datenschutzbeauftragte
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
Phone: (0611) 14 08-0
Fax: (0611) 14 08-900