1.  General information

CureCode AG
Via Piazzetta San Carlo 2
6900 Lugano
Switzerland

Contact:
Email: info@curecode.ch
Phone: +41 79 774 44 33

‍Commercial Register:
Registered in the Commercial Register of the Canton of Ticino

‍UID Number:
CHE-266.615.825

‍Legal Form:
CureCode AG, a joint-stock company under Swiss law

‍Authorized Representative:
Tofan Sultan Selman, CEO

2.  Purpose and Responsible Entity

CureCode AG places great importance on protecting your personal data. This Privacy Policy informs you about the collection, processing, and storage of your data when using our services:
‍
- Interfaces (APIs)
- Visiting our website
- Contacting us
- Utilizing additional services

Responsible for data processing:
‍
CureCode AG
Via Piazzetta San Carlo 2
6900 Lugano
Switzerland
info@curecode.ch

Adeola Adebiyi
Data Protection Officer
adeola.adebiyi@curecode.ch

3.  Data Collected

We collect various categories of data to provide and enhance our services:
‍
Personal Data:
This includes your name, email address, phone number, date of birth,and gender.

Medical Data:
We handle medical information such as diagnoses, treatment histories,medical documents (e.g., PDFs, scans), and structured content.

Technical Data:
To ensure optimal functionality and security, we collect your IPaddress, browser type, operating system, and access times.


Clinic-Specific Data Storage
All documentation and communications are stored in isolated, clinic-specific logs. Thissegmentation minimizes the risk of unauthorized access and ensures data traceability.

Business Continuity and Disaster Recovery
We implement regular data backups and maintain failover systems to ensure uninterruptedservice. These measures are designed to prevent data loss and enable rapid recovery in theevent of an unexpected system failure.

Minimization of Data Collection
We are committed to collecting only the data necessary to deliver our services effectively.This principle of data minimization ensures that your privacy is respected while allowing usto provide optimal functionality. Data is stored only for the duration necessary to fulfill itsintended purpose. Logs are maintained for traceability and deleted in compliance withregulatory obligations.

Compliance with GDPR and Swiss Privacy Laws
Our data protection practices align with the General Data Protection Regulation (GDPR) andSwiss privacy laws. We engage external IT security consultants to review and update ourpolicies regularly, ensuring ongoing compliance and best practices.

4.  Disclosure and Security

Disclosure
Personal data is shared with third parties only when required for purposes such as communication,fulfilling contractual obligations, or processing payments.

Medical data is processed exclusively by our internal systems and is securely stored oncertified servers located in Switzerland. In certain cases, pseudonymized data may beprocessed by trusted Swiss service providers. These providers operate strictly within the framework of Swiss data protection laws and the GDPR, ensuring that your data is handled securely and in compliance with all relevant regulations.

Importantly, medical data is never stored by these service providers, nor is it transmitted tothe USA or other non-compliant countries. All data transmissions, including those involvingpseudonymized data, are secured using SSL encryption. At your request and per contractual agreements, data storage processing can also be arranged on servers within the EU.

Data is stored in isolated environments based on clinic or user settings to preventunauthorized cross-access.API-based data exchanges are protected by authentication protocols and encryption to ensuresecure data transfer.

Security Measures
We employ robust measures to protect your data:
‍
Two-Factor Authentication (2FA):
All user accounts are secured with 2FA, reducingthe risk of unauthorized access.

SSL Encryption:
Data transmitted between users and our servers is encrypted usingSSL protocols to prevent interception.• Regular Security

Audits:
Our systems undergo periodic reviews and updates incollaboration with external IT security consultants to ensure compliance with GDPR,Swiss privacy laws, and other relevant regulations.

Data Backups and Failover Systems:
To maintain business continuity, we conductregular data backups and implement failover protocols to quickly restore service in theevent of disruptions.


Data Segregation and Retention
Medical data and user documentation are stored in isolated, clinic-specific logs to minimizerisks and enhance traceability. Data is retained only for as long as necessary to fulfill thepurposes for which it was collected, in compliance with legal and regulatory requirements.

5.  Storage Abroad

We primarily store and process your data in Switzerland or the EU.In rare cases, data may be processed in other countries (e.g., by IT support, cloud solutions, or international partners) when required for our services. For transfers to countries without adequate data protection, we ensure compliance with contractual safeguards, such as standard contractual clauses recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC). This guarantees the protection of your data under legal requirements.

6.  User Rights

You have the right to:
‍
‍Access:
What data is stored?
‍
‍Rectification:
Correct inaccurate data.
‍
‍Deletion:
Delete data no longer needed.
‍
‍Objection:
Object to data processing.

‍Contact: info@curecode.ch

7.  Cookies and Tracking Technologies

- We use cookies to improve your website experience.
- Statistical and marketing cookies are only set with your consent.
- You may object to the use of cookies or change your preferences at any time.

8.  Applicable Law and Jurisdiction

This Privacy Policy and any agreements based on or related to it are governed by Swiss law, excluding any conflict of laws provisions. The place of jurisdiction is Lugano, Switzerland.

9.  Changes to the Policy

We reserve the right to amend this policy at any time. Changes will be published on our website.