Privacy
Last updated and effective as of Monday, 20 February 2023.
This Privacy Policy, along with our Terms and Conditions, explains how we handle any personal information we collect from you or that you provide to us. It tells you what we will do with your data.
When we use your information, we follow the rules of the Data Protection Laws. These laws include the General Data Protection Regulations (EU) 2016/679, the Data Protection Act 1998 (and any changes to it), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (and any changes to it), and any other data protection laws that apply.
Background
The CURLYTREATS website is run by Dear Black Women and Girls CIC, which is also known as "CURLYTREATS", "we", "us", and "our". Our company number is 14106889, and our registered office is located at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JE.
As the data controller of your information, we are responsible for deciding how and why we collect and process your personal data, and we follow the Data Protection Laws. We are registered with the Information Commissioner's Office.
If you do not agree with any changes made to this Privacy Policy, you will need to stop using our services.
Changes to this privacy notice
What personal data is collected from you?
- First name and surname
- Email address
- Postal address
- Phone number
- Gender
- Date of birth
- Bank details
- Nationality
- Qualifications, CV and employment history
- Company information
When do we collect personal information about you?
- When you visit our website
- When you create and place an order
- When you sign up to create an account or log in to your account
- When you subscribe to our newsletter or mailing lists
- When you contact us by email, phone, or online request
- When you complete a survey
- When you enter a competition by CURLYTREATS
- When you apply to work for us
- When you complete a business order form
What do we do with your personal data?
- When you browse our website, we automatically collect identifiers such as cookies and IP addresses, as well as technical data such as browser type and version, operating system and platform, location data, and login data. We also collect usage data including information about how you use our website, products, and services.
- When you order a service or product from us, our third-party payment provider will collect your transaction data, including the details of the purchases you make on our site, as well as your payment details (bank account and payment card).
- When you contact us with an enquiry about our service or product, we will use your personal data to service your request and respond to your enquiry.
- When you apply to work for us via our online forms, we may make your personal data available to recruiters and employers who use our website to find suitable people for specific roles that they are seeking to fill.
- When you subscribe to receive email updates from us, we will send you the latest events, news, updates, and commercial info directly to your inbox. You can update your preferences or unsubscribe by clicking the unsubscribe link at the bottom of our emails.
- We may ask you to complete surveys that we use for research purposes only, and we will ask for your personal data when you submit the survey. However, you are not required to respond to the survey.
- If you contact our customer services team, we may keep a record of that correspondence as well as the identity and contact data that you provide to us.
- If you tell us that you have a health concern or reduction in mobility that could affect your event experience, we will ask for your explicit consent to collect and process this data.
- We may collect technical data about your computer, including your IP address, operating system, and browser type, for system administration and for compiling aggregated (statistical) data. Aggregated data about our users' browsing actions and patterns does not identify any individual and is not considered personal data in law. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data, which will be used in accordance with this Privacy Policy.
- We may also ask for your personal data when you enter a competition or promotion sponsored by CURLYTREATS.
What are the legal grounds for our processing of your personal information (including when we share it with others)?
- Assessing your application for a product or service, including determining whether to offer you the product, the price, the payment methods available, and the conditions to attach.
- Managing the products and services you hold with us or an application for one.
- Updating your records, contacting you about your account, and recovering debt (where appropriate).
- Sharing your personal information with internal/external business partners and service providers when appropriate.
- All stages and activities relevant to managing the product or service, including enquiry, purchase, application, administration, and management of accounts, and information requests.
- Managing your products and services, updating your records, contacting you about your account, and recovering debt (where appropriate).
- Performing and/or testing the performance of our products, services, and internal processes.
- Following guidance and recommended best practices of government and regulatory bodies.
- Managing and auditing our business operations, including accounting.
- Carrying out monitoring and keeping records of our communications with you and our staff.
- Conducting market research and analysis and developing statistics.
- Direct marketing communications and related profiling to offer you relevant products and services, including deciding whether or not to offer you certain products and services. We will send marketing to you by email, phone, post, and social media and digital channels.
- Sharing your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations.
- For some direct marketing communications.
- For some of our processing of special categories of personal data, such as about your health if you are a vulnerable customer or some criminal records information.
- Processing your special categories of personal data, such as about your health, criminal records information (including alleged offenses), or if you are a vulnerable customer.
- Service providers
- Internal departments, including Sales, Marketing, and Accounts, for the purpose of quality surveys, news, and information useful to self-development.
- Business partners (for example, IT providers, insurers), account beneficiaries, or others who are part of providing your products and services or operating our business.
- Governmental and regulatory bodies, such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office, and under the Financial Services Compensation Scheme.
- Other organisations and businesses who provide services to us, such as debt recovery agencies, backup and server hosting providers, IT software and maintenance providers, document storage providers, and suppliers of other back-office functions.
Withdrawal of consent
If we're relying upon your consent to process personal data, you can withdraw this at any time by contacting us.
Is your personal information transferred outside the UK or the EEA?
What should you do if your personal information changes?
Do you have to provide your personal information to us?
Do we do any monitoring involving the processing of your personal information?
For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
Your rights under data protection laws
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us here.
Your right to object
You have a number of rights in relation to how we process your personal data. These include the right to:
- be informed about any personal information held about you by us;
- request access to your personal information;
- request us to have any inaccurate personal information amended or erased;
- request us to restrict processing of the personal information on certain grounds;
- receive a copy of your personal data in a machine-readable format;
- object to the processing of your personal information on certain grounds; and
- file a complaint with the relevant supervisory authority if you think we have violated data protection laws.
If you have any concerns or complaints about how we handle your personal data, or to exercise the above rights, please contact the DPO, you can email [email protected], or contact us by going to the contact section of our website to exercise these rights.
Cookies and similar technologies
A cookie is a small file that is placed on your device that allows us to recognise your device when you return to the web page. We use cookies to offer log-in functionality, to remember user preferences and to understand how our web pages are used.
We use both temporary (“session”) and persistent cookies. We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. including, for example, cookies that enable you to log into secure areas of our website.
- Analytical/performance cookies. These allow us to recognise and count the number of users and to see how users move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. Where you have expressly consented, we may also share this information with third parties for this purpose.
You may delete cookies in your browser anytime and you can also block cookies from being placed by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
In addition to our own, cookies are also placed by Google Analytics as described below.
Integration with third-party services
Google Analytics: We use Google Analytics from Google on our web pages to create anonymous usage statistics. If you have concerns relating to the usage of Google Analytics be informed that it is possible to block Google Analytics by installing a plug-in to your browser. A plug-in for the most common browsers can be found here: http://tools.google.com/dlpage/gaoptout. Please refer to Google’s privacy policy to understand how Google processes your personal data.
Facebook: If you use the function “share” you will post to your Facebook account, you may share your personal information, please refer to Facebook’s privacy policy to understand how Facebook processes your data.
Twitter: If you use the function “share” you will post to your Twitter account. Such posting might involve sharing personal information. Please refer to Twitter’s privacy policy to understand how Twitter processes your data.