THE PATIENT VOICE DATABASEMAKE YOUR VOICE HEARD

Privacy Policy.

Last updated: October 9, 2025

1. Introduction

This Privacy Policy explains how The Patient Voice Database ("we", "us", "our") collects, uses, discloses, stores, and protects your personal data when you use our website www.thepatientvoicedatabase.org (the "Site").

When we say "personal data" (or "personal information"), we mean information that identifies you, or could with reasonable effort be used to identify you (directly or indirectly).

By using our Site, registering, or submitting information, you consent to the processing described herein (unless local law requires separate or explicit consent).

2. Who is responsible (Data Controller) & contact information

We act as the Data Controller with respect to any personal data we process via this Site.

If you have questions about this Privacy Policy, data protection, or wish to exercise your data rights, please contact us at: privacy@curewiki.health

You also have the right to lodge a complaint with the supervisory authority in your country (for example, in Belgium: Belgian Data Protection Authority).

3. What categories of personal data we collect

We collect personal data you provide voluntarily, as well as automatically collected / derived data:

a. Identification / contact data

  • Name, first name, postal address, date of birth, etc.
  • Email address, telephone number
  • Any other identification data you submit

If you provide data concerning third parties (e.g. medical professionals, family), please ensure you have their informed consent.

b. Health & medical data

Because this is a patient-centric platform, we may collect sensitive data relating to your health, such as:

  • Diagnoses, medical history
  • Treatments, medications
  • Physical or psychological status (disabilities, pregnancy, etc.)
  • Any information relevant to matching you to clinical trials

c. Cookies and tracking & usage data

As you browse or use the Site, we may collect data via cookies, analytics tools, and other tracking technologies. This includes e.g. IP address, browser type, pages visited, time stamps, and other usage metrics. (See our separate Cookie Policy for more details.)

d. Other data / voluntary data

If you choose to sign up as an ambassador, or fill out optional surveys, you may provide additional contact or profile information.

4. How we collect personal data

  • Direct collection: when you fill in registration forms, update your profile, ask for information, or voluntarily submit data.
  • Indirect collection / third parties: in some cases (with your explicit consent) we may obtain data from your healthcare providers or medical records, if necessary for matching to trials or filling eligibility.
  • Automatic / system collection: via cookies, analytics, server logs.

5. Purposes for which we process your personal data

We process your data for the following legitimate purposes:

  1. To uniquely identify and authenticate you as a user.
  2. To register and maintain your "patient profile" and manage your account.
  3. To match you to clinical trials based on eligibility criteria and health parameters.
  4. To notify you by email or other channels regarding trials you may be eligible for.
  5. If you become an ambassador: to manage your ambassador account and communications.
  6. To maintain and optimize the Site, analytics, security, and fraud prevention.
  7. To comply with legal obligations (e.g. reporting, audits).

We rely on appropriate legal bases (e.g. your explicit consent, legitimate interests, or legal obligations) for the processing depending on the context.

6. Sharing / Disclosure of your personal data

We may share your data in the following circumstances, always under contractual or legal safeguards:

a. Within our organization

Access is limited to those roles or employees who need it to perform their tasks (e.g. IT, support, clinical matching).

b. Third parties in the context of clinical trials / matching

  • We may share pseudonymized or de-identified data with clinical trial sponsors for aggregate statistics.
  • With your explicit informed consent, we may share individualized (pseudonymized or identified) data with trial sponsors, investigation sites, or healthcare institutions for matching.
  • We will ask your consent prior to any transfer of identifiable data.

c. Third-party service providers / partners

We engage trusted external providers (e.g. hosting, analytics, IT support, email delivery) who process data on our behalf under strict confidentiality and security obligations.

d. Legal requirements / authorities

When required by law or judicial order, or to comply with requests from government authorities, we may disclose data (only minimal necessary) to courts, regulators, or law enforcement.

e. International transfers

Some of our service providers or partners may be outside the European Economic Area (EEA). When transferring data across borders, we adopt safeguards (e.g. EU Standard Contractual Clauses, other legally recognized mechanisms).

7. Data security

We implement technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, alteration or disclosure. These include:

  • Encryption, secure protocols (SSL/TLS)
  • Access controls, passwords, role limits
  • Regular audits, employee training
  • Physical security measures

However, note that no system is 100% secure — we cannot guarantee absolute security for data transmitted over the internet.

8. Data retention / how long we keep your data

We adhere to the data minimization and storage limitation principles. We retain your personal data only as long as necessary for the purposes described, or as required by law.

Unless otherwise required, a default retention period may be 15 years from your registration or last active usage — after which data will be anonymized or deleted. If you withdraw consent and no other legal basis exists, we will delete or anonymize your data when appropriate.

9. Your rights as a data subject

Subject to local laws, you have the following rights (when applicable):

  • Withdraw your consent (where processing relies on consent)
  • Access your personal data
  • Rectify / correct inaccurate or incomplete data
  • Request deletion ("right to be forgotten")
  • Request restriction or suppression of processing
  • Object to processing based on legitimate interest
  • Data portability (receive your data in a structured, machine-readable format)
  • Lodge a complaint with a supervisory authority

To exercise these rights, provide proof of identity and contact us at privacy@thepatientvoicedatabase.org. We will respond within applicable legal timeframes (often 1 month).

10. Links to external websites / third-party content

Our Site may include links or buttons to external websites (e.g. social media). This Privacy Policy does not apply to those other sites. We encourage you to read their own privacy policies before interacting.

When you click on third-party buttons or share data, those services may process your data independently, under their own terms.

11. Special notice for children / minors

Our Site and services are intended for users who are at least 18 years old (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children under that age. If you become aware a minor has submitted data, please contact us so we can delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy over time (e.g. to reflect changes in practices, laws, or services). We will publish the updated version on our Site with a new "Last updated" date. We encourage you to check this page periodically for updates.