CURO Logo
Help Center

Privacy Policy

Your privacy is our priority. We are committed to protecting your personal and medical information.

Effective Date: August 1, 2025Last Updated: August 1, 2025

1. Introduction

Curo Clinic Management System (“we”, “our”, or “us”) is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service.

2. Information We Collect

2.1 User Account Information

  • Name, email, phone number
  • Professional credentials (for healthcare providers)
  • Login credentials and authentication data
  • User role and permissions

2.2 Patient Information

  • Personal details: Name, IC/Passport, date of birth, gender
  • Contact information: Address, phone, email
  • Medical history and records
  • Appointment and visit history
  • Insurance information
  • Emergency contacts

2.3 Clinical Data

  • Consultation notes
  • Prescriptions and medications
  • Lab results and diagnostic reports
  • Treatment plans
  • Medical images

2.4 Operational Data

  • Inventory records
  • Financial transactions and invoices
  • Queue management data
  • Appointment scheduling data

2.5 Technical Information

  • IP addresses
  • Browser type and version
  • Device information
  • Access logs and usage patterns
  • System performance metrics

3. How We Use Information

3.1 Provide Services

  • Manage patient records and medical history
  • Schedule and track appointments
  • Process billing and payments
  • Manage clinic operations
  • Generate reports and analytics

3.2 Improve Services

  • Analyze usage patterns
  • Optimize system performance
  • Develop new features
  • Provide customer support

3.3 Legal and Compliance

  • Comply with healthcare regulations
  • Respond to legal requests
  • Prevent fraud and abuse
  • Enforce our Terms of Service

4. Data Sharing and Disclosure

4.1 We DO NOT Sell Personal Information

We never sell, rent, or trade personal or medical information.

4.2 Authorized Sharing

We may share information with:

  • Healthcare Providers: Within the same clinic/organization
  • Patients: Their own medical records upon request
  • Service Providers: Technical support, hosting, payment processing
  • Legal Authorities: When required by law or court order

4.3 Third-Party Services

  • Payment Processors: For billing transactions
  • Cloud Providers: For data storage and backup
  • SMS Providers: For appointment reminders
  • Email Services: For notifications

5. Data Security

5.1 Security Measures

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security audits
  • Access controls and role-based permissions
  • Secure backup procedures

5.2 Employee Access

  • Limited to authorized personnel only
  • Bound by confidentiality agreements
  • Regular training on data protection

6. Data Retention

6.1 Retention Periods

  • Medical Records: As required by healthcare regulations (typically 7-10 years)
  • Financial Records: As required by tax laws
  • User Accounts: Until account deletion request
  • Technical Logs: 90 days

6.2 Data Deletion

  • Upon account termination, data is retained for legal compliance
  • Anonymized data may be retained for analytics

7. Patient Rights

Patients have the right to:

  • Access: Request copies of their medical records
  • Correction: Request corrections to inaccurate information
  • Deletion: Request deletion (subject to legal requirements)
  • Portability: Receive data in a portable format
  • Restriction: Limit processing of their data
  • Objection: Object to certain data processing

8. Healthcare Compliance

We comply with applicable healthcare privacy laws including:

  • Personal Data Protection Act (PDPA)
  • Healthcare regulations in operating jurisdictions
  • International data protection standards

9. International Data Transfers

If we transfer data internationally:

  • We ensure appropriate safeguards are in place
  • We comply with cross-border data transfer regulations
  • We use secure transfer mechanisms

10. Children's Privacy

  • Our Service is not intended for children under 13
  • Parental consent is required for minor patients
  • Parents/guardians can access minor's records as permitted by law

11. Cookies and Tracking

11.1 We Use Cookies For:

  • Session management
  • User preferences
  • Security features
  • Analytics (anonymized)

11.2 You Can:

  • Disable cookies in your browser
  • Note: This may affect Service functionality

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices.

13. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify users of material changes via:

  • Email notification
  • In-app notification
  • Website announcement

14. Data Breach Notification

In the event of a data breach:

  • We will notify affected users within 72 hours
  • We will provide information about the breach
  • We will outline steps taken to address the breach
  • We will comply with all legal notification requirements

15. Contact Information

For privacy-related questions or concerns:

Data Protection Officer

privacy@curo.com.my
607-562-1587
51B, Jalan Mutiara 1/11,
Taman Mutiara Mas
81300 Skudai Johor, Malaysia

16. Complaints

If you have concerns about our privacy practices:

  1. Contact our Data Protection Officer
  2. File a complaint with the relevant data protection authority

17. Consent

By using Curo CMS, you consent to:

  • Collection and processing of data as described
  • This Privacy Policy

You may withdraw consent at any time, which may limit Service functionality.

Your privacy is our priority. We are committed to protecting your personal and medical information with the highest standards of security and confidentiality.