iOS & Android Apps COMING SOON!

Privacy Policy

Last updated: [26th May 2026]

This Privacy Policy explains how Curapas, operated by Kim Piessen Zorg (“we”, “us”, “our”), collects, uses, stores, accesses, and protects personal data.

This Policy is aligned with the Curapas Terms and Conditions and applies to all individuals who access our website, purchase a membership, or otherwise interact with our services (“Clients”).

Curapas is a non-clinical medical concierge service. For the avoidance of doubt, we do not provide medical care and we do not process medical data for clinical purposes.

1. Data Controller Identification

​Curapas is operated by:

Kim Piessen Zorg
Registered in the Netherlands
KvK (Chamber of Commerce) Number: 89276043
VAT (BTW) Number: NL004732671B92

For the purposes of the General Data Protection Regulation (GDPR), Curapas is the data controller within the meaning of Article 4(7) GDPR.

Curapas determines the purposes and means of processing personal data collected through its website, forms, communications, and services. Privacy-related requests may be submitted via the contact details provided on our website.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to the Curapas website

  • Clients who purchase or use a membership

  • Individuals who communicate with us via email, telephone, WhatsApp, VoIP services, or online forms

  • Members who download the Curpas Application on Apple and Google networks.

  • Members who use the downloaded Curpas Application on Apple and Google networks.

This Policy does not apply to third-party websites, medical providers, diagnostic centres, or services accessed independently by clients.

3. Categories of Personal Data We Process

We process only the minimum personal data necessary to provide our non-clinical concierge and coordination services.

3.1 Identity & Contact Data

  • Full name

  • Nationality

  • Country of residence

  • Email address

  • Telephone number

3.2 Membership & Administrative Data

  • Membership plan type

  • Membership start and end dates

  • Payment confirmation status
    (No credit card or bank details are stored by us.)

3.3 Service Coordination & Communication Data

  • Email correspondence

  • WhatsApp messages

  • Call logs and call summaries
    (Call recordings are not stored.)

3.4 Technical & Usage Data

  • IP address

  • Browser and device information

  • Website usage data (via cookies where applicable)

4. Special Category Data (Health-Related Information)

Curapas does not require, request, or process medical or health data.

If a Client voluntarily shares health-related information:

  • Such information is processed only to facilitate communication or coordination at the Client’s request

  • Sharing is entirely optional

  • No medical assessment, interpretation, or clinical storage is performed

Clients remain solely responsible for deciding whether to share any health-related information.

5. Purposes and Legal Bases for Processing

Personal data is processed solely for the following purposes and legal bases under GDPR:

  • Purpose - Legal Basis

  • Provision of concierge services - Performance of a contract

  • Client communication - Performance of a contract / Legitimate interest

  • Membership administration - Legal obligation

  • Customer support - Legitimate interest

  • Legal and regulatory compliance - Legal obligation

  • Website functionality - Legitimate interest / Consent

  • Personal data shall not be processed for purposes incompatible with the above.

6. Systems Used & Data Storage

Personal data is stored and processed using:

  • Zoho (servers located within the European Union) for client correspondence and administration

  • Telephone, WhatsApp, and VoIP services (including Exotel) for operational communication

  • IOS Application

  • Android Application

We do not control how third-party communication platforms process data once communication occurs through their services.

7. Use of Offshore Processing & Access

To deliver its services efficiently, Curapas may allow authorised personnel or service providers located outside the European Union, including in India, to access and process personal data on its behalf for administrative, coordination, and customer support purposes.

Such personnel and service providers:

  • Act exclusively as data processors

  • Process personal data solely on the documented instructions of Curapas

  • Do not process data for their own purposes

Curapas remains fully responsible for all processing carried out on its behalf.

8. Safeguards for International Data Transfers

Where personal data is accessed or processed outside the European Union, Curapas ensures appropriate safeguards in accordance with Articles 44–49 GDPR, including:

  • European Commission–approved Standard Contractual Clauses (SCCs)

  • Contractual data protection and confidentiality obligations imposed on processors

  • Role-based access controls

  • Appropriate organisational and technical security measures

Curapas remains fully accountable for the protection of personal data processed on its behalf.

9. Data Sharing & Disclosure

Curapas follows a strict no data sharing policy.

We do not sell, rent, share, or disclose personal data to:

  • Hospitals or clinics

  • Diagnostic centres

  • Travel partners

  • Hotels

  • Marketing or advertising partners

Personal data may be disclosed only:

  • Where legally required by competent Dutch or EU authorities

  • In response to a valid court order or statutory obligation

10. Data Retention

Personal data is retained only for as long as necessary to:

  • Fulfil contractual obligations

  • Comply with legal, tax, and regulatory requirements

  • Resolve disputes

After the applicable retention period, data is securely deleted or anonymised.

11. Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Access controls and authentication measures

  • Secure systems and credentials

  • Internal access limited on a strict need-to-know basis

Despite these measures, no system can guarantee absolute security.

12. Data Subject Rights (GDPR)

Clients have the following rights under the GDPR:

  • Right of access

  • Right to rectification

  • Right to erasure (where legally permissible)

  • Right to restriction of processing

  • Right to object to processing

  • Right to data portability

  • Right to withdraw consent (where applicable)

All requests relating to personal data are handled directly by Curapas, irrespective of where the data is processed.

Requests may be submitted using the contact details provided on our website.

13. Cookies & Website Tracking

Our website may use essential and functional cookies to ensure proper operation.

Where required by law, cookie consent will be requested. Detailed information is provided in the separate Cookie Policy available on our website.

14. Complaints & Supervisory Authority

Clients have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if they believe their personal data has been processed unlawfully.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website.

Continued use of our services after changes constitutes acceptance of the updated Privacy Policy.

16. Acceptance

By purchasing a membership, using our services, or interacting with Curapas, you acknowledge that you have read and understood this Privacy Policy.

Quick Links

Policy

About

Contact

Terms & Conditions

Cancellation & Refund Policy

Privacy Policy

Imprint

CURAPAS

Curapas LogoCurapas Logo

© KIM PIESSEN ZORG