This Privacy Notice aims to inform you about how we look after your personal data when you use our services or interact with us through or browse our website (“Website”), and your rights in relation to that data. The term ‘personal data’, also commonly referred to as personal information, means any information about an individual from which on its own or when combined with other information that person can be identified.
Information about us
For the purposes of data protection regulations, Curiosity Social Media is the data controller, which means the entity responsible for your personal data, and is also referred to in this Privacy Notice as “we”, “us” and “our”.
Our full contact details are:
Curiosity Social Media, c/o 90 Montacute Road, London SE6 4XQ
Telephone: 07969 883844
If you have any questions about anything in this Privacy Notice, or you wish to request access to the data we hold about you, you can contact us using the details above.
It is important that the personal data we hold about you is accurate and up to date. Please do let us know if any of that data changes during the time we hold it.
What data do we collect from you?
We may from time to time collect, use, store and transfer the following personal data about you:
- Your full name (first name and surname)
- Your address
- Your contact details, including email addresses and telephone numbers
- Financial information, including bank account holder details
- Your IP address and other technical data based on that IP address e.g. time zone; location, browser type and settings, operating system and platform and other technology on the device you use to contact us
- Login details including username and passwords for websites we are building, hosting or for domain names you ask us to purchase
- Usage data from our Website, including information about how you have arrived at our Website
- Your communications preferences with regards to receiving marketing and newsletters from us.
We may also collect aggregated or anonymised data (or both) for the purposes of Website performance and engagement analysis. This data may be derived from your personal data but as it does not directly or indirectly identify you, it is not considered ‘personal data’ in legal terms.
If we need to collect any personal data for any legal reason, or under the terms of a contract we have with you, and you do not provide that data when requested, then we may not be able to carry out our obligations under that contract. In such circumstances we may have to cancel our contract with you, but we will notify you if this is the case.
Third party links and websites
Our Website may contain links to third-party websites, plug-ins or applications. By clicking on any of those links or enabling those connections, you may allow third parties to collect or share data about you. We do not control those third-party sites and we are not responsible for what they may do with data they collect about you. We recommend that you read the privacy notices of each third-party site in order to understand how they may collect and process your data.
How do we collect your data?
We collect data from and about you in various forms and circumstances, as set out below:
- When we interact with you directly – you may provide us with data such as names, addresses and email addresses when you correspond with us by post, phone, email or otherwise. This includes data you provide when you:
- engage us to provide our services to you
- enquire about our services
- subscribe to our newsletter
- contact us, request a quote or fill in any other form on our Website
- Via automated technology – as you use our Website, we may automatically collect data about the device you are using to access our Website and your browsing activities and patterns. We collect this data by using cookies and other similar technologies. You can read more about what cookies are and how we use them by clicking [HERE].
- Via third parties – we collect data about you via Google Analytics, who provide the cookies referred to above.
How do we use your data?
We have set out below the purposes for which we use your data, and the legal basis (or bases, depending on the purposes for which we are using that data) that we rely upon in order to do so. If you need any more information about which legal basis applies to any particular use of data, then please contact us using the details above.
|Purpose/Activity||Data Used||Lawful Basis of Processing|
|To set you up as a client of Curiosity Social Media/to provide our services once you are set up||Name, address and contact details||Taking steps preparatory to entering into, or performance of, a contract with you to provide our services to you|
|To respond to enquiries about us and our services, quote requests or briefs including those submitted via any of the forms on our Website||Contact details as provided to us||Taking steps preparatory to entering into, or performance of, a contract with you to provide our services to you|
|To send newsletters and updates||Email address||You have given consent for us to do so|
|To manage our relationship with you, including:
(a) notifying you of changes to our policies; and
(b) to collect and recover any monies owed to us.
|(a) Name and contact details
(b) Name, address and contact details
|(a) necessary to comply with legal obligations from time to time
(b) performance of a contract with you – recovering monies owed under that contract
|To process payment of our fees||Name, address, contact details, financial information||Performance of a contract between you and us|
|To administer and provide our Website including performance monitoring, troubleshooting and data analysis||IP addresses and other technical data/ analytics data (anonymised)||The legitimate interests of our business in improving and delivering our service as best as possible|
|To provide our hosting services or other technical support (or both), to transfer your Website to a third-party host or to transfer ownership of a domain name||Contact details provided by you; login details||Performance of a contract with you to provide our services to you|
|To comply with legal and accounting obligations||Name, address and financial information||Necessary to comply with legal and regulatory obligations from time to time|
We will only use your personal data for the purposes for which we collected it, unless we believe that we need to use it for another purpose and that purpose is compatible with the original purpose for which the data was provided to us. You can contact us at any time to obtain more information about this processing. If we need to use your personal data for any other purpose, we will notify you and will explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent if the law requires or permits us to do so.
We only send out marketing information and newsletters if you have opted in to receive that information. We do not share or pass on data to any third parties for marketing purposes.
You can ask us to stop sending you marketing/newsletters at any time by contacting us at mailto:email@example.com by choosing ‘unsubscribe’ at the bottom of any such communication (but, if you do so we will retain personal data provided to us and which we need to process in order to continue providing our services to you).
Disclosure of your personal data and international transfers
We may be required to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities
- Third parties to whom we sell, transfer, or merge parts of our business or our assets. We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or if we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place. If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We require all third parties to respect the security of your personal data, to treat it in accordance with the law and to process and use that data only for the purposes specified by us and in accordance with our instructions.
Some of our external service providers are based outside the European Economic Area (EEA), as set out above, so their processing of your data involves a transfer of data outside the EEA. Wherever we transfer your data outside the EEA in this way, we use our best efforts to ensure that at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection as it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We may also share personal data in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of that business or assets; or if any third party acquires Curiosity Social Media or any part of it, in which case personal data held about our customers will be one of the transferred assets.
We have put in place appropriate security measures for the nature and scale of our business, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those of our employees, contractors and other third parties who have a business need to know, and only on our instructions and subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal data breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we use your data for?
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying legal, accounting and reporting requirements.
To determine how long we need to retain data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process that data and whether we can achieve those purposes without keeping the data.
If you are a client, by law we have to keep certain basic information about you for six years after ceasing to work with you, for tax purposes.
We aim to carry out data reviews on an annual basis and will endeavour at such time, where possible, to delete any data held by us and which we no longer require.
Your legal rights
You have the right to request the information we hold on you, to ask us to correct that data and, in certain circumstances, to erase that data. If you would like to do so, or to opt out of marketing and newsletter communications, or you wish to update your details and preferences with us, please email firstname.lastname@example.org give us a call on 07969 883844.
You also have certain rights to object to us processing your data, to restrict that processing or to transfer your personal data. If you would like any more information about, or would like to exercise, any of these rights please contact us. You will not be charged any fee to do so, unless your request is clearly unfounded, excessive or malicious, in which case we may either refuse to comply or we will charge a reasonable fee.
We will make every effort to respond to legitimate requests within one month. Occasionally it may take us longer to do so, if your request is complicated or you have made more than one request. In this case, we will notify you and keep you updated.
You are entitled to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, if you feel that our processing of your personal data is not compliant with our legal and regulatory obligations. We would, however, appreciate the chance to address your concerns before you contact the ICO, so we would be grateful if you would contact us in the first instance.
This Privacy Notice was last updated in July 2018.