CURO DATA PROTECTION AND PRIVACY POLICY

Curo Technologies Pty Ltd ACN 605 788 510 (Curo) is the developer of a an innovative, technology-based health and aged care platform with its offices in Melbourne, Victoria, Australia, operating in both Australia and the US.

Collection and analysis of your data is essential to the delivery of Curo's software-as-a-service and, in particular, to monitor your health and wellbeing, detect changes in your patterns of behaviour and generate insights and alerts about the same to third parties who you nominate (Nominated Contacts). As a result, data protection and privacy compliance are essential to our business. 

Our software is designed so as to minimise the collection of personal information by us, but to the extent that we do collect personal information, this data protection and privacy policy is created to set the guidelines by which we must act to protect the privacy of the individuals with whom we deal and to comply with all applicable data protection laws. We will always collect, hold, use and disclose any personal information in accordance with the applicable data protection laws and this policy.

You may choose not to give your personal information to us. However, if you choose not to give us your personal information we may not be able to provide our hardware, software and services to you. By providing us with your personal information you consent to us collecting, holding, using and disclosing your personal information in accordance with this policy. If you have any questions about this policy, please contact the privacy officer in charge at privacy@meetcuro.com or write to:

The Privacy Officer

Curo Technologies Pty Ltd

580 Church Street 

Richmond, VIC 3121


The information we collect and how we collect it

Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

The types of personal information and other data that we collect directly from you or from third parties may include (but is not limited to) your name, personal address, email, telephone numbers, job title, age and medical history, as well as the name and contact details of your Nominated Contacts.

Whenever it is reasonable and practicable to do so we will collect personal information about you and other data directly from you. This includes collecting data (including personal information about you) when you request services from Curo or when you arrange a demonstration of our products and services. We may also collect data (including personal information about you) from our services functionality. We may also collect personal information and data from you via websites or cookies.

To register as a customer with Curo, you are asked to provide us with personal information, which includes your name, age, email address, phone number, company address or personal address and the names and contact details of your Nominated Contacts.

No matter whether we collect your personal information directly from you or from/via third parties, we will use, manage, hold and disclose your personal information in accordance with the applicable privacy laws and this privacy policy.


How that information is used

We may use your personal information for the following purposes: 

  • to provide requested information, products and/or services to you including the analysis, generation and transmission of insights and alerts about your health and behaviour to your Nominated Contracts or emergency health service providers;
  • to contact you, your Nominated Contacts or emergency health service providers, where necessary;
  • to tailor your experience with our software, website or other services and to direct you to content we believe will be of interest to you;
  • to provide you with information in connection with complementary products and services to those of Curo;
  • to refine our database;
  • for product and service development and to share positive testimonials with others; 
  • to transfer any of the assets and or operations of Curo to another party;
  • unless you have indicated otherwise, opted-out or it is prohibited by applicable laws, to provide information about products and services which we expect may be of interest to you. However, in each marketing message you will be provided with the ability to opt-out from receiving future marketing messages; and
  • for other purposes required or permitted by applicable law.

If you receive promotional information from Curo and do not wish to receive this information any longer, you may remove your name from our list by contacting Curo at privacy@meetcuro.com asking to be removed from our mailing list or follow the instructions in any marketing communication you receive.


Who we disclose that information to

The nature of the Curo platform means that our customers or their Nominated Contacts may disclose personal information across the platform. We do not take part in or verify the conduct of such disclosure and ours terms of supply with customers requires the customer to ensure such activities comply with all applicable laws, including data protection law. 

We may disclose your personal information to third party service providers who assist us to facilitate the software and services that we provide. These third parties may be located in various countries across the globe. They provide services in connection with our products and services, for example by providing hosting, legal, accounting or marketing services or other support services. All such parties are under an obligation to maintain the security and confidentiality of personal information and to process such information in accordance with Curo's instructions.

Where a disclosure is made to a third party for the purposes of processing your personal information on our behalf, we will ensure by using contractual or other means that disclosed personal information is (i) not kept at the data processor/service provider for longer than is necessary for the purpose of processing the information/providing the service to us and (ii) protected from unauthorised or accidental access, processing, erasure, loss or use.

Before disclosing your information to an offshore third party we will undertake an appropriate level of due diligence to assure ourselves that the offshore third party is capable of complying with the requirements of the applicable privacy laws. 

Any personal information supplied to Curo or any of its subsidiaries may (as permitted by and in accordance with applicable law) also be shared within the internal company group to facilitate our business activities across countries and the provision of our products and services. 


Curo can aggregate your non-personally identifiable data

Curo can access, aggregate and use non-personally identifiable data Curo has collected from you. Curo may use this aggregated non-personally identifiable data to:

• enable our software and services to undertake their behaviour detection, analysis and alert functions;

• enable your Nominated Contacts or emergency health services providers to respond to abnormal behaviour insights about you that we generate;

• assist us to better understand how our customers are using our products and services;

• provide our customers with further information regarding the uses and benefits of our products and services;

• enhance our customers' experiences and practices, including by creating useful insights from that aggregated data such as benchmarking and analysis; and

• otherwise to improve our products and services.

In addition to the above, Curo may also sell this aggregated non-personally identifiable data to third parties from time to time.  


You are responsible for transfer of your data to third-party applications

Curo's products and services may allow users to transfer data, including personal information, electronically to and from third-party applications. Curo has no control over, and takes no responsibility for, the privacy practices or content of these applications. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.


Keeping information accurate and up to date

We take reasonable steps to ensure that all information we hold is as accurate as is possible. You are able to contact us at any time (via the contact details above) and ask for its correction if you feel the information we have about you is inaccurate or incomplete.


Keeping information secure

We take all practicable steps to protect your personal information from misuse, interference, loss, unauthorised or accidental access, and modification, processing, erasure or disclosure. Your data will be held in encrypted format at all times in the hosted servers to maintain confidentiality and ensure security of your data. 


For how long does Curo keep personal information?

The time period for which Curo keeps information varies according to what the information is used for. In some cases there are legal requirements to keep information for a minimum period. Unless there is a specific legal requirement for Curo to keep the information, Curo will keep personal information for so long as it is necessary for the purpose for which it was collected or for such other purposes for which consent has been obtained or Curo is otherwise permitted or authorised by law to use the personal information.


How you can access your information

You can contact us to request access to your information at our contact details above. Once we have verified your identity, in normal circumstances we will give you full access to your personal information that we hold. However, there may be some legal or administrative reasons to deny access. If access is denied, we will provide you with the reason why.


Curo Cookies

A cookie is a small data file that contains information about a visit to a web site. This information is provided by an individual's computer the first time it visits a web server. The server records this information in a text file and stores this file on the hard drive. When that individual visits the same web site again the server looks for the cookie and structures itself based on the information provided.

Most browsers are initially set up to accept cookies, but they can be reset to refuse all cookies or to warn you before accepting cookies. We use cookies to help us improve our service to visitors to our site and to ensure that our site stays easy to navigate and useful.

Curo also works with third party advertising and personalisation partners that use cookies to help us display personalised content and web advertisements across the internet based on someone’s past visits to our website. Cookies placed by our third party partners also assist us with measuring the performance of our advertising campaigns. You can decide whether or not to accept cookies through your internet browser’s settings.


Links

Curo cannot guarantee or accept responsibility for the privacy practices or the content of websites to which we provide links.


Complaints and dispute resolution

If you have a complaint about how we have collected, used or disclosed your personal information, or if we have not corrected or provided you access to your personal information, then you may contact our Privacy Officer to make a complaint at the email or address detailed above.

Curo will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy. If we fail to respond to your concerns, or if you are dissatisfied with the response that you receive from us, you may have the right, depending on the jurisdiction, to make a complaint to the applicable regulator. 

We will cooperate with all applicable authorities to resolve any data protection dispute.


Changes to the privacy policy

If Curo's information practices change, Curo will post these changes on the website http://www.meetcuro.com/privacy. Curo encourages you to review the Curo Data Protection and Privacy Policy periodically.

If we change material terms of this Data Protection and Privacy Policy, we will provide notice of the revised policy for 30 days on the Curo website. We will also take other steps as necessary depending on the nature of the changes, including obtaining your consent or providing you with the opportunity to delete your personal information, where required by local data protection laws.