GENERAL DATA PROTECTION REGULATION POLICY
DATA CONTROLLERS AND DATA PROTECTION OFFICER
A company that collects, manages and uses any personal data while you shop is known as a Data Controller. Our Data Protection Officer is the person within our company that is to ensure that we act in accordance with the law. If you have any concerns over the use of your data, you can contact our Data Protection Officer.
Curiology Limited provides your goods and is the data controller of the personal information that you provide when you order from us.
2. HOW WE USE YOUR DATA
We collect your personal data to help us to complete your order successfully. This is so we can provide the correct goods and services to you and keep our products easily accessible for your future shopping experiences. We also use your data to keep you informed of things that may be of interest to you.
We will use your data in the following ways:
To provide goods and services and to manage your account including administering payments, returns and responding to queries.
To administer any prize draw or competition you may enter.
To analyse your shopping preferences and how you interact with our websites.
For research and statistical purposes.
To send you special offers or discounts and to tell you about our products and services. You control how your data is used for marketing and you can choose to subscribe or unsubscribe from our newsletter at any time.
We collect personal data directly from you when you purchase through our websites and/or when you register an account on our websites. Without this data, we cannot fulfil your orders through our websites.
We obtain data from publicly available information relating to you on the internet, for example social media.
We do not pass your information to any third parties for marketing purposes. Your data is secure in our hands.
3. WHY WE NEED YOUR DATA
Personal data is anything that identifies you or relates to you. Things like your name, address, email address etc. We will only collect and use this information where it is needed for us to be efficient in providing you with the goods and services that you have requested from us. We will keep your data for as long as is needed for you to be able to shop with us in the future.
We need to keep your personal data for as long as is necessary for us to operate our business and to comply with legal and regulatory obligations.
We rely on one of more of the following legal bases for processing your personal data:
To perform our contract with you or to enter into a contract with you.
We need your personal data to fulfil our contract with you or to asses whether we will enter into a contract with you, whether this is in selling and delivering goods and services or providing payment plans and other services to you.
To fulfil our legitimate interests or the legitimate interests of a third party.
When we process personal data to fulfil our legitimate interests we will use it in a ay in which you would reasonably expect and which will have a minimal privacy impact. When we or third parties are relying on legitimate interests we will balance our interests against your interests and the privacy impact of the processing on you and we will process your personal data responsibly.
Examples of our legitimate interests are: Direct marketing, fraud prevention, preventing and investigating crime and IT security.
To comply with legal obligations to which our business is subject.
We have to comply with relevant law and regulation in order to provide services to you and we will need to process your personal data in order to comply with these obligations.
If we are relying on consent as our legal basis to process your personal data, you have the right to withdraw consent at any time.
We will keep your personal data for the purposes set out in this privacy notice. Below is a non exhaustive list for some of the reasons we need to keep your data:
Ensuring we have relevant information in the event of any queries or complaints.
Being able to identify you if you have purchased a product with is subject to a product recall.
Being able to service any product you have purchased.
To assist with the establishment, exercise or defence of legal claims.
The length of time we need to keep personal data will vary depending on the nature of the data and the reason we are obliged to hold it.
By entering your data onto our website to access your account, you are giving us permission to retain your personal data until such a time that you wish to request it’s deletion. Your account will remain active indefinitely so that you have the ease to purchase with us.
4. WHO WE TRANSFER DATA TO
Transferring your personal data to trusted partners such as courier companies delivering your parcels needs to take place so we can provide the best service to you. You can be sure that all the right safeguards are in place when we transfer your data.
We may transfer your personal data to the following third parties:
Technology service providers - our partners who provide IT and website services.
Delivery companies - our couriers, parcel firms and mail firms who deliver your goods or services on our behalf.
Marketing service providers - our partners who work with us to make sure we send you information regarding products, services and special offers that are of interest to you.
Regulators and other governmental agencies or law enforcement agencies.
Financial organisations who collect our payments for your purchases such as Paypal.
We will only transfer your personal data to third parties who adhere to appropriate data security standards.
5. YOUR RIGHTS
You have a number of rights under data privacy laws. You can have errors corrected, restrict how your information is used, object to the way your information is processed and control how it is used for marketing. You can also request a copy of what data we hold and make a complaint if you feel you have not been treated fairly.
We have processes in place to enable you to exercise your rights.
Right of Access:
This is known as Subject Access Request. If you want to know if we are processing personal information relating to you and have access to any such personal data you can contact us via email firstname.lastname@example.org
Right to Rectification
If you believe that we hold inaccurate information about you, you can log into your account and alter this information or alternatively contact us via email email@example.com and we will correct this information. We may ask for further proof to ensure that the personal data is being corrected properly before we agree to change it.
Right to Erasure
You have the right to ask for your personal data to be erased in certain circumstances. However this right does not apply if we need to retain the information to comply with our legal obligations.
Right to Restriction
You have a right to request that the processing of data is restricted in certain circumstances. However, we will still continue to process the personal data for storage purposes for the purposes of legal cases.
Right to Object
Where we are relying on legitimate interests as a legal basis to process your data, you have a right to object to processing on grounds relating to your particular situation.
If you object to our use of your personal data for marketing purposes, you can opt out in your account by amending your preferences.
Where we need your data for legal purposes to fulfil our legal obligations, we will continue to use your data even if you have objected.
We use automated processing in relation to the information we hold about you to make recommendations of products and services we think you would be interested in and to improve your experience when you visit our website.
Right to Portability
In certain circumstances, you can request that we provide to you your personal data in a commonly used format. If you wish to make a request you can email us shop@curiology
Right to Complain to the Information Commissioner
You have the right to lodge a complaint with the Information Commissioner and more details can be found on their website www.ico.org.uk.
6. FRAUD PREVENTION
When it comes to preventing fraud and money laundering we will use your personal data so that we can minimise any risk to you while you shop.
The personal data we collect from you may include:
Date of birth
Identifiers assigned to your computer or other internet connected device including your IP address.
Where we are obliged to, we will use your data to prevent fraud and money laundering and will pass this information on to any legal entity that requires it for this purpose. They can hold your information for up to size years.
As part of the processing of your personal information, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
Our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct or is inconsistent with your previous submissions.
You appear to have deliberately hidden your true identity
Consequences of Processing
If we or a fraud prevention agency determine that you pose a fraud or money laundering rid, we may refuse to provide our services to you that you have requested.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or employment to you. If you have any questions please contact us.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal information to the standard required.
They may also require the recipient to subscribe to international frameworks intended to enable secure data sharing.
Your personal data is protected by legal rights which include your rights to:
Object to our processing of your personal data.
Request that your personal data is erased or corrected
Request access to your personal data.
For more information or to exercise your data protection rights, please contact us on firstname.lastname@example.org
If you are unhappy about how your personal data has been used, please contact us email@example.com
You also have the right to complain to the Information Commissioners Office, which regulates the processing of personal data.
7. CONTACTING US AND UNSUBSCRIBING
If you have any queries about data protection or would like a full list of companies who may receive your information, write to us and we will provide everything you need,
To unsubscribe from marketing offers and updates please access your account and change your preferences. Alternatively you can contact us firstname.lastname@example.org