Privacy Policy

1. About this Privacy Policy

This Privacy Policy explains how Curénium (the “Platform”), operated by Plannorium Limited (“Curenium”, “we”, “us”, “our”), collects, uses, stores and protects personal data globally. While we are headquartered in the UK and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we apply high-fidelity privacy standards across all regions where the Platform is accessible.

2. Who we are

Curenium is a global cloud-based platform designed for hospitals and healthcare providers to manage clinical workflows, patient data, scheduling and analytics. We act as a data processor when handling patient or clinical data on behalf of hospitals (the data controllers). For our own users (hospital staff accounts, contact details), we act as the data controller. We actively work to acquire and maintain necessary licenses and regulatory approvals within every country and jurisdiction where we operate, ensuring compliance with local healthcare and data sovereignty laws.

3. Personal data we collect

We collect the following types of data:

• Account & contact data: Name, email, phone, job title, hospital name (from hospital staff).
• Usage data: IP address, browser type, login times, pages visited.
• Health/clinical data (as processor only): Any patient or clinical records you upload or enter via the Platform (e.g. records, notes, images).
• Technical data: Logs, cookies, analytics (Google Analytics or similar).

We do not collect special category data directly from individuals unless you (the hospital) upload it as part of using the service.

4. How we use your personal data

5. Sharing your personal data

We handle your data with global transparency:

• Sub-processors: We use MongoDB Atlas (UK region) for high-availability and secure database hosting. All sub-processors are bound by UK GDPR-compliant Data Processing Agreements.
• Regional Sovereignty: Depending on your location, data may be hosted in specific regional clusters (UK, MENA, etc.) to comply with local data residency requirements.
• Hospitals: Patient/clinical data remains under the hospital’s exclusive control.
• Legal requirements: We may disclose data if required by law, court order, or to protect rights/safety in the applicable jurisdiction.

We do not sell personal data. International transfers are protected by standard contractual clauses and appropriate safeguards.

6. Data security & Technical Measures

We implement military-grade technical and organisational measures. This includes end-to-end encryption for messaging, robust access controls, and regular backups. Our technical infrastructure via MongoDB Atlas includes advanced data protection, point-in-time recovery, and 24/7 security monitoring. While no system is 100% secure, we follow rigorous international industry standards.

7. Data retention

We keep data only as long as necessary for the purposes above or as required by law. Hospital-controlled clinical data is deleted/returned when your contract ends (in line with our DPA).

8. Your data protection rights

You have the right to:

• Access, correct, or delete your data
• Restrict or object to processing
• Data portability
• Withdraw consent (where applicable)
• Lodge a complaint with the ICO (ico.org.uk)

To exercise any right, email privacy@plannorium.com.

9. Cookies & tracking

We use essential cookies for the Platform to function. Non-essential analytics cookies require your consent. See our Cookie Policy for more details.

10. Changes to this Privacy Policy

We may update this page. We will notify you of material changes via email or in-app notice.

11. Contact us

Data Protection Officer / Privacy enquiries: