Effective Date: 25th May 2018
In processing your data we will comply in compliance with the General Data Protection Regulations (EU) 2016/679 (from 25 May 2018), as well as the Data Protection Act 1998 (and any amendment of or replacement for that Act) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (and any amendment of or replacement for those Regulations), as well as any other data protection laws that apply from time to time (together the "Data Protection Laws").
CurlyTreats is owned and operated by Nia Phoenix Ltd (“CurlyTreats”, “we”, “us”, and “our”), company number 10244719 with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
We are the data controller of your data under the Data Protection Laws in that we determine the purposes and means of processing the personal data that we collect and are responsible for your data. We are registered with the Information Commissioner’s Office.
Changes to this privacy notice
What personal data is collected from you?
Under the Data Protection Laws, personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical physiological, genetic, mental, economic, cultural or social identity of that natural person.
We will collect certain identity and contact data such as:
• First name and surname
• Email address
• Postal address
• Date of birth
• Bank details
• Qualifications, CV and employment history
• Company information
When do we collect personal information about you?
• visit our website;
• create and place an order;
• sign up to create an account or log in to your account;
• subscribe to our newsletter or to mailing lists or
• send an email, phone or online request;
• complete a survey
• enter a competition by CurlyTreats
• apply to work for us;
• when you complete a business order form;
What do we do with your personal data?
When you browse our website. We automatically collect identifiers such as cookies and IP addresses and other technical data, such as browser type and version and operating system and platform, location data and login data, as well as usage data including information about how you use our website, products and services.
When you order a service or product with us, our third-party payment provider will collect your transaction data including the details of the purchases that you make on our site, including your payment details – bank account and payment card.
When answering your enquiries. When you get in touch with us with an enquiry about our service or product, we will use your personal data to service your request and respond to your enquiry.
When applying to work for us via our online forms, it is understood that work seekers are interested in opportunities which match the work seekers’ fields of interest. If you are a work-seeker we will, so make your personal data available to recruiters and employers who use the website to find suitable people for specific roles that they are seeking to fill.
When you subscribe to receive emails updates from us, you will get the latest events, news, updates and commercial info delivered directly to your inbox. If you consent to receive marketing using our subscribe form you may change your mind at any time. You can update your preferences or unsubscribe by clicking the unsubscribe link at the bottom of our emails.
We may also ask you to complete surveys that we use for research purposes only, although you do not have to respond to them, and we will ask for you to provide personal data when you submit the survey.
If you contact us through our customer services team, we may keep a record of that correspondence as well as the identity and contact data that you provide to us.
If you tell us that you have a health concern or reduction in mobility that could affect your event experience, we will ask you for details. We will ask for your explicit consent to collect and process this data.
We may also ask you for personal data when you enter a competition or promotion sponsored by CurlyTreats.co.uk.
What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to use your personal data:
(a) Where it is needed to provide you with our products or services, such as:
• Assessing an application for a product or service you hold with us, including considering whether or not to offer you the product, the price, the payment methods available and the conditions to attach
• Managing products and services you hold with us, or an application for one
• Updating your records, contacting you about your account and recovering debt (where appropriate)
• Sharing your personal information with internal/external business partners and services providers when appropriate
• All stages and activities relevant to managing the product or service including enquiry, purchase, application, administration and management of accounts, and information requests
(b) Where it is in our legitimate interests to do so, such as:
• Managing your products and services, updating your records, contacting you about your account and doing this for recovering debt (where appropriate)
• To perform and/or test the performance of our products, services and internal processes
• To follow guidance and recommended best practice of government and regulatory bodies
• For management and audit of our business operations including accounting
• To carry out monitoring and to keep records of our communications with you and our staff
• For market research and analysis and developing statistics
• For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by email, phone, post and social media and digital channels
• Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations
(c) To comply with our legal obligations
(d) With your consent or explicit consent:
• For some direct marketing communications
• For some of our processing of special categories of personal data such as about your health, if you are a vulnerable customer or some criminal records information
(e) For a public interest, such as:
• Processing of your special categories of personal data such as about your health, criminal records information (including alleged offences), or if you are a vulnerable customer
When do we share your personal information?
We may share information with the following third parties for the purposes listed above:
• Service providers
• Internal departments, including Sales, Marketing and Accounts for the purpose of quality surveys, news, and information useful to self-development
• Business partners (for example, IT providers, insurers), account beneficiaries, or others who are a part of providing your products and services or operating our business
• Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme
• Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back-office functions
How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
Is your personal information transferred outside the UK or the EEA?
We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
What should you do if your personal information changes?
You should tell us so that we can update our records using the details in the Contact section of our website. We’ll then update your records if we can.
Do you have to provide your personal information to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
Do we do any monitoring involving processing of your personal information?
In this section, monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
• For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
• Retention periods in line with legal and regulatory requirements or guidance.
What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not.
• The right to be informed about the processing of your personal information
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
• The right to object to processing of your personal information
• The right to restrict processing of your personal information
• The right to have your personal information erased (the “right to be forgotten”)
• The right to request access to your personal information and to obtain information about how we process it
• The right to move, copy or transfer your personal information (“data portability”)
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.
Your right to object
You have a number of rights in relation to how we process your personal data. These include the right to:
• be informed about any personal information held about you by us;
• request access to your personal information;
• request us to have any inaccurate personal information amended or erased;
• request us to restrict processing of the personal information on certain grounds;
• receive a copy of your personal data in a machine-readable format;
• object to the processing of your personal information on certain grounds; and
• file a complaint with the relevant supervisory authority if you think we have violated data protection laws.
If you have any concerns or complaints about how we handle your personal data, or to exercise the above rights, please contact the DPO, you can email DPO@curlytreats.co.uk, or contact us by going to the Contact section of our website to exercise these rights.
Cookies and similar technologies
We use both temporary (“session”) and persistent cookies. We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. including, for example, cookies that enable you to log into secure areas of our website.
Analytical/performance cookies. These allow us to recognise and count the number of users and to see how users move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. Where you have expressly consented, we may also share this information with third parties for this purpose.
You may delete cookies in your browser anytime and you can also block cookies from being placed by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
In addition to our own, cookies are also placed by Google Analytics as described below.
Integration with third-party services
Links and integration with third websites
This website includes links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy notice of every website you visit.
What are your marketing preferences and what do they mean?
We may use your home address, phone number, email address and social media or digital channels to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.
Children and privacy
We do not knowingly collect or solicit information from children under age 13 or knowingly allow such persons to register for the Services. If you are under age 13, you are not allowed to use the Services. If you are 13 - 17 years of age, you may visit, browse and use the information on the websites but you may not register an account or submit any personal data. If you are 13 - 17 years old, by browsing the website, using or accessing the Services you confirm that you have the permission of a parent or guardian to do so. If you are a parent or guardian and believe that we may have inadvertently collected personal data from your child without your consent, please notify us immediately by sending an email to DPO@curlytreats.co.uk and we will delete such personal data promptly.
Alternatively, you can write to Nia Phoenix Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, marking it for the attention of the DPO.