Privacy Policy & Data Protection

This Privacy Policy explains how Curotherapy collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and China's Personal Information Protection Law (PIPL).

Quick Navigation

What We Collect How We Use Your Data Data Protection Your Rights (GDPR) Your Rights (PIPL) Data Retention International Data Contact & Questions

Last Updated: January 15, 2026

This policy complies with GDPR (EU/UK) and PIPL (China) regulations.

1. What Personal Data We Collect

Curotherapy collects only necessary personal data required for providing our energetic harmonization services. This includes:

Contact Information

  • Full name
  • Email address
  • Phone number
  • Postal address

Session Information

  • Treatment preferences
  • Session history
  • Energetic intake forms
  • Communication records

Technical Information

  • IP address (anonymized)
  • Browser type
  • Website usage data
  • Cookie data (with consent)

Special Category Data: Information about health, beliefs, or personal experiences shared in intake forms is processed only with your explicit consent and treated with enhanced confidentiality.

2. How We Use Your Personal Data

We use your personal data for specific, legitimate purposes:

Purpose Details Legal Basis
Service Provision To provide personalized energetic harmonization sessions Contract
Communication To respond to inquiries, send appointment reminders, and provide updates Consent/Legitimate Interest
Administrative Billing, payment processing, and record keeping Legal Obligation
Improvement To enhance our services and website experience Legitimate Interest
Compliance To meet legal and regulatory requirements Legal Obligation

3. Data Protection & Security

We implement comprehensive security measures to protect your personal data:

🔒

Access Control

Strict access limitations to authorized personnel only

🔐

Encryption

Data encryption in transit and at rest

🛡️

Regular Audits

Security assessments and vulnerability testing

📋

Breach Protocol

Documented response plan for data incidents

Confidentiality: All information you provide remains strictly confidential. Only the Curotherapist responsible for your treatment has access to your file. We do not sell, rent, or trade your personal data with third parties for marketing purposes.

4. Your Rights Under GDPR (EU/UK)

If you are in the European Union or United Kingdom, you have the following rights:

Right to Access

Request copies of your personal data and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing

Request limitation of how we use your personal data.

Right to Data Portability

Receive your data in a structured, commonly used format.

Right to Object

Object to processing of your personal data.

To exercise these rights: Contact us at privacy@curo816.com. We will respond within 30 days.

5. Your Rights Under PIPL (China)

If you are in China, you have the following rights under the Personal Information Protection Law:

  • Right to Know and Decide: Know how your personal information is processed and decide on its use
  • Right to Limit or Refuse: Limit or refuse processing by others (except where required by law)
  • Right to Access and Copy: Access and obtain copies of your personal information
  • Right to Portability: Request transfer of your information to another processor
  • Right to Correct: Request correction of inaccurate information
  • Right to Delete: Request deletion of your personal information under specific circumstances
  • Right to Explanation: Receive explanations of personal information processing rules

To exercise these rights: Contact our China-based representative at privacy-cn@curo816.com or call +86 188 1806 1803.

6. Data Retention Periods

We retain personal data only as long as necessary for the purposes outlined:

Active Clients

Data is retained for 5 years from the last session or communication.

Inactive Accounts

Accounts inactive for 18 months are automatically flagged for deletion.

Legal Requirements

Financial records are kept for 7 years as required by law.

Upon expiry of retention periods, data is securely deleted or anonymized. You may request earlier deletion at any time.

7. International Data Transfers

Curotherapy operates primarily in Shanghai, China. When data transfers occur outside China or the EU:

  • EU Transfers: We use Standard Contractual Clauses approved by the European Commission
  • China Transfers: We comply with PIPL requirements for cross-border data transfers
  • Security: All transfers maintain equivalent protection through contractual agreements
  • Transparency: We inform you before transferring your data internationally

Data Location: Primary data storage is in Shanghai, China. Backup servers may be located in other jurisdictions with equivalent protection.

8. Contact Information & Questions

Data Protection Officer

Email: dpo@curo816.com

Phone: +86 188 1806 1803 (China)

China Representative

For PIPL inquiries and rights

Email: privacy-cn@curo816.com

EU Representative

For GDPR inquiries and rights

Email: privacy-eu@curo816.com

We aim to respond to all privacy inquiries within 30 days. If unsatisfied, you have the right to lodge a complaint with your local data protection authority.

Policy Updates

We may update this Privacy Policy periodically. The "Last Updated" date at the top indicates the latest revision. Significant changes will be communicated via email or website notification.