Privacy Policy
Last Updated: June 27, 2025
Data Privacy
Cura FZE (“We” or “Us”, as the context may be) are committed to protecting and respecting your privacy. This policy (together with our terms of use and any other documents referred to on it) (“Privacy Policy”) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
The purpose of this policy is to give you confidence as you visit and use the https://cura.cx/ website and/or our apps (Cura Connect, Cura CX, Cura Chart, Cura Kit) and to demonstrate our commitment to fair information practices and the protection of privacy. This policy is only applicable to this Site.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using the Site, you are accepting and consenting to the practices described in this Privacy Policy. If you do not understand any aspect of our Privacy Policy, please feel free to contact us using the information found at the end of the Privacy Policy.
For the purpose of the Data Protection Act 1998, the data controller is Cura Connect, part of Cura FZE, 57-Block C VL incorporated and licensed at Sharjah Research Technology & Innovation Park Free Zone (SRTI Park), Sharjah.
Under 18 Years of Age
Our Site is not eligible for use by persons under 18 years of age without legal parental or guardian consent. No one under age 18 may provide any personal information to or on our Sites without legal parental or guardian consent. We do not knowingly collect personal information from persons under 18 if such information is provided without legal parental or guardian consent.
If you are under 18, do not use or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use without legal parental or guardian consent. If we learn we have collected or received personal information from a person under 18 without verification of parental consent, we will delete that information.
If you believe we might have any information from or about a person under 18 for which there is no legal parental or guardian consent, please Contact Us.
Information We Collect From You
We will collect and process the following data about you:
- Information you give us: This includes details provided by filling in forms on our Site or corresponding with us by phone, email, or otherwise. It includes when you register, subscribe, book appointments, or report problems.
- Identity Data: First and last name, address, username, marital status, title, date of birth, gender, National/Emirates ID (and copy), Passport number (and copy), Insurance ID (and copy), nationality, workplace and work ID.
- Contact Data: Billing and delivery address, location, email, and telephone numbers.
- Other Data: Photos or data uploaded by you, communications via social media or messaging, device address book contacts, social media connections (e.g. Facebook, Instagram, Twitter).
- Financial Data: Bank account and payment card details, payment history.
- Medical Data: Health records, history, treatment results, and other non-public health information.
- Marketing & Communication Data: Your preferences in receiving marketing and your communication preferences.
- Information we collect about you: Includes mobile/email, Employee ID, insurance details, employment data, visa status, residence, family details, nationality, and health data collected during your use of our services.
- Transaction Data: Details of payments to/from you and products/services you purchased.
Additional Information We Collect
- Health Data: Health information prepared by the Cura Connect Platform, including medical records, treatment notes, and other health information.
- Transaction Data: Details about payments to and from you and other details of products and services purchased.
- Technical Data: Includes IP address, login data, browser type and version, mobile device make and model, operating system, device settings, hardware version, time zone, GPS/Bluetooth/WiFi location, browser plugins, connection info (ISP or mobile operator), language, mobile number, and more.
- Profile Data: Username and password, purchases/orders, interests, preferences, feedback, and survey responses.
- Usage Data: Information about how you use our Sites and devices, including pages/screens visited.
- Information from Other Sources: Data from third-party websites, partners, or linked services. You will be informed when such data is collected, why it's combined, and how it's used.
- Video Consultations: You consent to the audio/video recording or still photography of consultations conducted through the Site.
- Aggregated Data: Non-identifiable data like statistics or demographics may be collected for analysis. If combined with identifiable data, it will be treated as personal data under this policy.
How Your Data Is Collected
We use the following methods to collect data from and about you:
- HealthKit: iOS users may permit the app to access HealthKit data. Permission can be granted or revoked at any time.
- Direct Interactions: You may provide Identity, Contact, Transaction, Profile, Financial, Health, and Marketing Data when you:
- Purchase a service
- Use the service with Cura Connect Platform
- Create an account
- Request marketing
- Enter a campaign
- Give feedback or contact support
- Automated Technologies: We collect Usage and Technical Data through cookies, server logs, and other technologies during your interaction with our Site.
- Data Provided by Employers or Insurers
- Cookies: Cookies store user-related information and may be disabled at your discretion. Disabling cookies may limit some features.
- Location Information: Real-time location access depends on your device settings. Some features may be limited if disabled.
If we use your data for a different purpose, we’ll notify you and explain the legal basis. We may also process your data without consent when legally required.
Links to Third-Party Sites: Our Site may include links to other websites with their own privacy policies. We’re not responsible for those practices—please review their policies before sharing data.
How We Use Your Personal Data
We only use your personal data where permitted by law. Common purposes include:
- Providing services and fulfilling obligations to you, including medical care and billing
- Maintaining health records and disclosing to healthcare providers as needed
- Billing services and insurance claims
- Reviewing services and Cura Connect Platform performance
- Providing required data to regulators or courts as necessary
- Sending information about related or similar services
- Marketing products/services via electronic means, with your consent if required
- Notifying you of service changes
- Improving and optimizing our Site
- Enabling interactive features
- Ensuring security and legal compliance
- Serving relevant advertisements
- Making suggestions and recommendations
Marketing & Targeted Advertising
You may opt out of receiving marketing communications from us at any time.
If you no longer wish to receive promotional emails, simply follow the unsubscribe link or email us to be removed.
This opt-out does not affect essential communications or transactional emails related to products or services.
Targeted Advertising: If you don’t want your data used for tailored advertising, contact us to opt out.
Promotions
We may use your Identity, Contact, Technical, Usage, Profile, and Special Categories of Personal Data to determine what services or offers may be of interest to you. You’ll receive marketing communications if you’ve requested information, created an account, purchased services, or registered for promotions—unless you’ve opted out.
Third-party Marketing
We will obtain your explicit opt-in consent before sharing your data with third-party companies for marketing purposes. While we don’t control how third parties use your data for interest-based advertising, many of them offer ways to opt out.
Marketing Opt-Out
You can stop receiving marketing messages at any time by using the opt-out link in any message or by contacting us directly. This does not affect transactional communications related to purchases or services.
Disclosure of Your Information
We may share your personal data (excluding personal health records) with any member of our group, including subsidiaries and affiliated companies.
We may also disclose your data to the following parties:
- Healthcare professionals and service providers supporting our operations
- Advertisers to deliver relevant advertising
- Analytics and search providers for improving our Site
- Health plans and related entities for treatment or payment purposes
- Buyers or sellers during business mergers or acquisitions
- Authorities or courts as required by legal obligations or court orders
- Parties to protect your or others’ safety or our legal rights
- Family members or representatives to notify them of your status if needed
Your consultation notes (including doctor-provided notes) may be shared with other doctors or clinics on the Cura Connect Platform.
International Transfers
We may transfer your personal data within the Cura Connect Platform and to third parties located outside your country of residence. To ensure data protection:
- We require all group companies to follow the same data protection rules.
- We use data protection agreements (such as Standard Contractual Clauses) for third-party service providers.
- Transfers to the US may rely on providers certified under the Privacy Shield (or equivalent mechanisms).
In cases where local regulations conflict with other laws, the local regulations will prevail.
Where We Store Your Personal Data
We comply with all applicable Local Regulations and take all reasonable steps to ensure your data is treated securely and in line with this Privacy Policy.
All personal health data—including primary care, secondary care, medication, and diagnostic information—is stored on secure servers. Payment transactions are encrypted. If you access secure parts of our Site with a password, you are responsible for keeping it confidential.
We do not store credit or debit card information. All payments are handled by a third-party provider fully compliant with Level 1 PCI data security standards and SSL encryption.
Once received, your information is protected with strict procedures and industry-standard physical, technical, and administrative safeguards to prevent unauthorized access.
Protection of Passwords
Your account is protected by your password. Please do not disclose your password and always log out after each session. You are responsible for managing access to your login credentials.
If you suspect any unauthorized use or breach of security related to your account, please notify us immediately so we can take appropriate action.
Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, or regulatory requirements—such as those outlined by the Dubai Health Authority.
When determining retention periods, we consider the type and sensitivity of the data, potential risk from unauthorized use or disclosure, the purposes of processing, and applicable legal obligations.
In some cases, we may anonymize your data for research or statistical purposes. Once anonymized, this data may be retained indefinitely without further notice.
Your Rights
You have the right to make the following requests at any time:
- Access: Request a copy of the personal data we hold about you to check we are processing it lawfully.
- Correction: Request correction of incomplete or inaccurate data. Medical record corrections will be added as timestamped addenda.
- Erasure: Request deletion of your personal data, excluding medical records, where there is no legitimate reason for continued processing.
- Objection: Object to our processing based on legitimate interests or for direct marketing.
- Restriction: Request a pause in data processing under specific conditions (e.g., verifying data accuracy or legal claims).
- Transfer: Request your personal data in a machine-readable format for yourself or a third party.
- Withdraw Consent: Withdraw consent at any time, which may affect our ability to provide certain services.
You can exercise any of these rights by contacting us at support@cura.cx.
Requests are free, but we may charge a reasonable fee or refuse requests that are clearly unfounded, repetitive, or excessive. We aim to respond within one month, with updates provided if it takes longer.
Changes to Our Privacy Policy
Any future changes to our Privacy Policy will be posted on this page and, if appropriate, notified to you by email. Continued use of our Site following these changes indicates your agreement to the updated policy.
By using the Site, you consent to the collection, use, and disposal of your personal information as described in this Privacy Policy, now and as modified over time. Please review this page regularly to stay informed.
Contact
Questions, comments, and requests regarding this Privacy Policy are welcomed and should be sent to: support@cura.cx.