Privacy Policy

Last updated and effective as of Monday, 20 February 2023.

This Privacy Policy, along with our Terms and Conditions, explains how we handle any personal information we collect from you or that you provide to us. It tells you what we will do with your data.

When we use your information, we follow the rules of the Data Protection Laws. These laws include the General Data Protection Regulations (EU) 2016/679, the Data Protection Act 1998 (and any changes to it), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (and any changes to it), and any other data protection laws that apply.

Background

The CURLYTREATS website is run by Dear Black Women and Girls CIC, which is also known as "CURLYTREATS", "we", "us", and "our". Our company number is 14106889, and our registered office is located at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JE.

As the data controller of your information, we are responsible for deciding how and why we collect and process your personal data, and we follow the Data Protection Laws. We are registered with the Information Commissioner's Office.

If you do not agree with any changes made to this Privacy Policy, you will need to stop using our services.

Changes to this privacy notice
If we make any changes to our privacy policy, we will update this page and, if necessary, let you know about the changes by email. We suggest that you regularly check this page for any updates to our privacy policy whenever you visit our website: curlytreats.co.uk. The most recent update to this policy was made on 20 February 2023.
What personal data is collected from you?
According to the Data Protection Laws, personal data refers to any information that is related to a natural person and can be used to identify them, either directly or indirectly. This can include their name, identification number, location data, online identifier, or any other information specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. We may collect personal information such as:
  • First name and surname
  • Email address
  • Postal address
  • Phone number
  • Gender
  • Date of birth
  • Bank details
  • Nationality
  • Qualifications, CV and employment history
  • Company information
When do we collect personal information about you?
We collect personal information about you in the following instances:
  • When you visit our website
  • When you create and place an order
  • When you sign up to create an account or log in to your account
  • When you subscribe to our newsletter or mailing lists
  • When you contact us by email, phone, or online request
  • When you complete a survey
  • When you enter a competition by CURLYTREATS
  • When you apply to work for us
  • When you complete a business order form
What do we do with your personal data?
What we do with your personal data:
  • When you browse our website, we automatically collect identifiers such as cookies and IP addresses, as well as technical data such as browser type and version, operating system and platform, location data, and login data. We also collect usage data including information about how you use our website, products, and services.
  • When you order a service or product from us, our third-party payment provider will collect your transaction data, including the details of the purchases you make on our site, as well as your payment details (bank account and payment card).
  • When you contact us with an enquiry about our service or product, we will use your personal data to service your request and respond to your enquiry.
  • When you apply to work for us via our online forms, we may make your personal data available to recruiters and employers who use our website to find suitable people for specific roles that they are seeking to fill.
  • When you subscribe to receive email updates from us, we will send you the latest events, news, updates, and commercial info directly to your inbox. You can update your preferences or unsubscribe by clicking the unsubscribe link at the bottom of our emails.
  • We may ask you to complete surveys that we use for research purposes only, and we will ask for your personal data when you submit the survey. However, you are not required to respond to the survey.
  • If you contact our customer services team, we may keep a record of that correspondence as well as the identity and contact data that you provide to us.
  • If you tell us that you have a health concern or reduction in mobility that could affect your event experience, we will ask for your explicit consent to collect and process this data.
  • We may collect technical data about your computer, including your IP address, operating system, and browser type, for system administration and for compiling aggregated (statistical) data. Aggregated data about our users' browsing actions and patterns does not identify any individual and is not considered personal data in law. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data, which will be used in accordance with this Privacy Policy.
  • We may also ask for your personal data when you enter a competition or promotion sponsored by CURLYTREATS.
What are the legal grounds for our processing of your personal information (including when we share it with others)?
Legal grounds for processing your personal information (including when we share it with others): We use the following legal bases to process your personal data: (a) To provide you with our products or services, such as:
  • Assessing your application for a product or service, including determining whether to offer you the product, the price, the payment methods available, and the conditions to attach.
  • Managing the products and services you hold with us or an application for one.
  • Updating your records, contacting you about your account, and recovering debt (where appropriate).
  • Sharing your personal information with internal/external business partners and service providers when appropriate.
  • All stages and activities relevant to managing the product or service, including enquiry, purchase, application, administration, and management of accounts, and information requests.
(b) To serve our legitimate interests, such as:
  • Managing your products and services, updating your records, contacting you about your account, and recovering debt (where appropriate).
  • Performing and/or testing the performance of our products, services, and internal processes.
  • Following guidance and recommended best practices of government and regulatory bodies.
  • Managing and auditing our business operations, including accounting.
  • Carrying out monitoring and keeping records of our communications with you and our staff.
  • Conducting market research and analysis and developing statistics.
  • Direct marketing communications and related profiling to offer you relevant products and services, including deciding whether or not to offer you certain products and services. We will send marketing to you by email, phone, post, and social media and digital channels.
  • Sharing your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations.
(c) To comply with our legal obligations. (d) With your consent or explicit consent:
  • For some direct marketing communications.
  • For some of our processing of special categories of personal data, such as about your health if you are a vulnerable customer or some criminal records information.
(e) For public interest, such as:
  • Processing your special categories of personal data, such as about your health, criminal records information (including alleged offenses), or if you are a vulnerable customer.
When we share your personal information: We may share information with the following third parties for the purposes listed above:
  • Service providers
  • Internal departments, including Sales, Marketing, and Accounts, for the purpose of quality surveys, news, and information useful to self-development.
  • Business partners (for example, IT providers, insurers), account beneficiaries, or others who are part of providing your products and services or operating our business.
  • Governmental and regulatory bodies, such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office, and under the Financial Services Compensation Scheme.
  • Other organisations and businesses who provide services to us, such as debt recovery agencies, backup and server hosting providers, IT software and maintenance providers, document storage providers, and suppliers of other back-office functions.
Withdrawal of consent

If we're relying upon your consent to process personal data, you can withdraw this at any time by contacting us.

Is your personal information transferred outside the UK or the EEA?
Transfer of personal information outside the UK or the EEA: Although we're based in the UK, your personal information may be transferred outside the European Economic Area at times. If we do this, we'll ensure that appropriate safeguards are in place, such as approved contractual agreements, unless certain exceptions apply.
What should you do if your personal information changes?
Changes to personal information: If your personal information changes, you should inform us so that we can update our records. Complete the contact for. We'll update your records as appropriate.
Do you have to provide your personal information to us?
Providing personal information: In some cases, we won't be able to provide our products or services to you if you don't provide us with certain information. We'll make it clear when providing some personal information is optional.
Do we do any monitoring involving the processing of your personal information?
Monitoring of personal information: In this section, "monitoring" means any of the following activities: listening to, recording, viewing, intercepting, or taking and keeping records of calls, emails, text messages, social media messages, in-person meetings, and other communications. We may monitor your personal information where permitted by law. We'll do this if the law requires it or to comply with regulatory rules, to prevent or detect crime, to protect the security of our communications systems and procedures, and for quality control and staff training purposes. The information collected may be shared for the purposes described above.
For how long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
  • Retention periods in line with legal and regulatory requirements or guidance.
Your rights under data protection laws
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. • The right to be informed about the processing of your personal information • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed • The right to object to processing of your personal information • The right to restrict processing of your personal information • The right to have your personal information erased (the “right to be forgotten”) • The right to request access to your personal information and to obtain information about how we process it • The right to move, copy or transfer your personal information (“data portability”) • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us here.
Your right to object

You have a number of rights in relation to how we process your personal data. These include the right to:

• be informed about any personal information held about you by us;

• request access to your personal information;

• request us to have any inaccurate personal information amended or erased;

• request us to restrict processing of the personal information on certain grounds;

• receive a copy of your personal data in a machine-readable format;

• object to the processing of your personal information on certain grounds; and

• file a complaint with the relevant supervisory authority if you think we have violated data protection laws.

If you have any concerns or complaints about how we handle your personal data, or to exercise the above rights, please contact the DPO, you can email [email protected], or contact us by going to the contact section of our website to exercise these rights.

Cookies and similar technologies

A cookie is a small file that is placed on your device that allows us to recognise your device when you return to the web page. We use cookies to offer log-in functionality, to remember user preferences and to understand how our web pages are used.

We use both temporary (“session”) and persistent cookies. We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. including, for example, cookies that enable you to log into secure areas of our website.

Analytical/performance cookies. These allow us to recognise and count the number of users and to see how users move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. Where you have expressly consented, we may also share this information with third parties for this purpose.

You may delete cookies in your browser anytime and you can also block cookies from being placed by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

In addition to our own, cookies are also placed by Google Analytics as described below.

Integration with third-party services

Google Analytics: We use Google Analytics from Google on our web pages to create anonymous usage statistics. If you have concerns relating to the usage of Google Analytics be informed that it is possible to block Google Analytics by installing a plug-in to your browser. A plug-in for the most common browsers can be found here: http://tools.google.com/dlpage/gaoptout. Please refer to Google’s privacy policy to understand how Google processes your personal data.

Facebook: If you use the function “share” you will post to your Facebook account, you may share your personal information, please refer to Facebook’s privacy policy to understand how Facebook processes your data.

Twitter: If you use the function “share” you will post to your Twitter account. Such posting might involve sharing personal information. Please refer to Twitter’s privacy policy to understand how Twitter processes your data.

Links and integration with third websites
This website includes links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy notice of every website you visit. When we link to third party websites. We cannot control or be held liable for third parties privacy policies and content. Please refer to the third-party site’s privacy policy to understand how such a third party processes your personal data. We are not responsible for the practices employed by any websites or services linked to or from the Services—such as, but not limited to, Facebook, LinkedIn and Twitter—including the information or content contained within them. When you use a link to go from our Services to another website or service, our Privacy Policy does not apply to those third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link to our Services, are subject to that third party’s own rules and policies. In addition, you understand and agree that we are not responsible and do not have control over any third parties that you authorise to access your personal information.
What are your marketing preferences and what do they mean?
We may use your home address, phone number, email address and social media or digital channels to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.
Children and privacy
Children's privacy is an important issue, and we take it very seriously. As a platform, we are committed to protecting the privacy and safety of children who use our services. We do not knowingly collect any personal information from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under the age of 13, we will take steps to delete the information as soon as possible. Parents and guardians should be aware that our services are not intended for use by children under the age of 13. If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us immediately so that we can take appropriate action. We encourage parents and guardians to supervise their children's online activities and to take an active role in protecting their privacy. We also recommend that parents and guardians educate their children about online safety, including the importance of not sharing personal information online. If you have any questions or concerns about our policies regarding children's privacy, please contact us.
Consent
If you have any questions about how we handle your personal information, or if you want to make a request about your personal information, you can send an email to [email protected].