Privacy Policy

We at Curacell value your privacy and are committed to protecting your personal data. This policy explains how we collect, use, store, and share your information in accordance with the General Data Protection Regulation (GDPR).

Summary – how we handle your personal data

We respect your privacy. When you interact with us, for example as an employee, consultant, business partner, research participant, or via our website, we may collect certain personal data such as your name, contact details, employment information, or, in research contexts, health data and biological data.

We use this data to fulfil our contracts, run our operations, conduct research, process salaries, communicate with you, and comply with legal obligations. We only retain data as long as necessary and share it only with trusted providers, research partners, and authorities when required. We always protect your data with technical and organizational security measures.

You have the right to know what data we hold about you, request corrections or deletion, and object to certain types of processing. For more details, please read the full privacy policy below.

Data Controller

Curacell Holding AB, org.nr 559280-8546, is the data controller for the processing activities described in this policy. If you have any questions about how we process your personal data, please contact us at:

Email: info@curacell.com
Address: Nanna Svartz Väg 4, 171 65 Solna, Sweden

Data Protection Officer: Agnes Sandin, Secify.

What personal data do we process?

Depending on your relationship with us, we may process the following categories of personal data:

  • Employees and consultants: name, workplace, email address, phone number, employment information, payroll details, and other information required to fulfil our contractual obligations.
  • Business partners and suppliers: name, contact details, organizational affiliation.
  • Website visitors: name, email address, CV, and other information you provide via contact forms or applications.
  • Social media (LinkedIn): names and information you make available by interacting with our page.
  • Research study participants: health data, biological data (such as DNA sequencing data), and information about your participation in the study. All research data is pseudonymized, this means that you have to go through the institution that provided the data to us to exercise your data protection rights.

Cookies

This website uses cookies and similar technologies in order to ensure the functionality of the site. Only strictly necessary cookies are used.

Why do we process your data?

We process personal data for the following purposes:

  • Administration and cooperation: managing projects, contracts, and communication with employees, consultants, and business partners.
  • Finance and payroll: administering employment agreements and paying salaries.
  • External communication: newsletters, information published on our website, and updates via social media.
  • Research and development: conducting studies, analyzing results, publishing scientific findings, and validating methods.
  • Legal obligations: complying with labor law, accounting and tax obligations, research ethics, and other applicable legislation.

Legal basis for processing

We process personal data on the following legal grounds:

  • Contract: when processing is necessary to enter into or perform a contract (e.g., employment or consultancy agreements).
  • Legal obligation: when we are required to process data by law (e.g., accounting legislation, clinical trials regulation).
  • Legitimate interest: to communicate with business partners, market our activities, and develop our services.
  • Consent: in research studies and when you voluntarily provide data via our website or in recruitment processes.

Who has access to the data?

Personal data is only shared with:

  • Service providers and partners who supply IT systems, financial services, or other support functions.
  • Research partners, laboratories, and authorities in connection with research studies, always under confidentiality and with safeguards in place.
  • Public authorities when we are legally obliged to do so.

We never sell your personal data to third parties.

Retention period

We only keep personal data as long as necessary to fulfil the purposes for which it was collected, or as required by law. Examples include:

  • Employment and contract data: stored for the duration of the employment or assignment, and thereafter up to 30 years to handle potential legal claims.
  • Financial data: stored for 7 years in accordance with the Swedish Accounting Act.
  • Website or recruitment data: stored only for the duration of the recruitment process or according to the consent you have given.
  • Social media data: remains as long as you choose not to remove it or according to the consent you have given.
  • Research data: stored as long as necessary for the study’s purpose and in accordance with legal and research ethics requirements. Data is then anonymized or deleted.

How we protect your data

We apply appropriate technical and organizational security measures, such as:

  • Restricted access to personal data.
  • Password protection, pseudonymization, and encryption where possible.
  • Contracts with service providers and research partners ensuring GDPR compliance.

Your rights

As a data subject, you have the following rights:

  • Right to information: to be informed about how we process your data.
  • Right of access: to receive a copy of the personal data we hold about you.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to have your data deleted when it is no longer necessary or when you withdraw your consent.
  • Right to restriction: to request that processing is limited in certain circumstances.
  • Right to data portability: to obtain the data you provided to us in a structured, machine-readable format.
  • Right to object: to processing based on legitimate interests or for direct marketing.

To exercise your rights, please contact us using the details provided above.

Complaints

If you believe we process your personal data in violation of applicable laws, you have the right to file a complaint with the relevant supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (IMY).

Changes to this policy

We may update this privacy policy from time to time. The latest version will always be available on our website.