Privacy and Data Protection Notice
In summary we:
- We don’t sell or share data and we will try and only contact you on things that are important.
- Our server infrastructure is provided by Amazon Web Services and is currently based in the Australia (although servers may from time to time be based in other countries).
- We only hold your data because you have given it to us – if you don’t want us to do that, we won’t. If you are worried about it – don’t collect or send any sensitive data through our system. If you want us to delete your data, please contact us.
- We operate and comply with all the laws that apply to us. This means that if you use our Service, you are required to as well. Check out our terms and conditions for more information about this.
If you have any questions at all about the rest of this – please email us,firstname.lastname@example.org.
1. Curio (“we” or “us”) is operated by Curio Group Pty Ltd. We take the privacy of your information very seriously. Our Privacy and Data Protection Notice is designed to tell you, the user of our platform about our practices regarding the collection, use and disclosure of personal and other information about you or your business that may be provided via this website or collected through using our Service or otherwise.
2. This policy applies to information provided by our users and account holders (“members”) and applies to information which is processed by us when using our Service.
3. We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).
4. “Personal information” is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.
5. You may contact us in writing at 3 Albert Coates Lane, Melbourne, Victoria, 3000 for further information about this Privacy and Data Protection Notice.
Basis on which we process personal data
1. Personal data we hold about you will be processed either because:
- you have consented to the processing for the specific purposes described in this notice;
- the processing is necessary in order for us to deliver our Service (i.e. to comply with our obligations under the contract between us and our members); or
- the processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security.
Personal data we collect
1. We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:
- details of your visits to the Site, the resources and pages that you access and any searches you make (“Technical Information”).
- information we may require from you when you report a problem or complaint (“Complaints Information”)
2. We only collect such information when you choose to supply it to us. You do not have to supply any personal information to us and you may withdraw your authority for us to process your data or request that we restrict our processing (see below) but our Service may not be operable in practice without providing such data to us.
3. Information may also be gathered through the Service without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies.
4. An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet.
5. We use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our site, and to administer and improve the site.
6. We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.
How we use your personal data
1. We may use personal information collected from you to provide with you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.
2. We will use personal information only for the purposes that you consent to. This may include to:
- provide you with products and services during the usual course of our business activities;
- administer our business activities;
- manage, research and develop our products and services;
- provide you with information about our products and services;
- communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail; and
- investigate any complaints.
3. We may disclose your personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.
4. If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.
Disclosure of your personal information
1. We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy and Data Protection Policy.
2. If we do disclose your personal information to a third party, we will protect it in accordance with this Privacy and Data Protection Policy.
3. Apart from where you have consented or disclosure is necessary to achieve the purpose for which it was submitted, personal information may be disclosed in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities. Also, we may disclose personal information when we believe in good faith that the law requires disclosure.
4. We do not sell personal information to third parties.
General Data Protection (GDPR) for the European Union (EU)
1. We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
2. We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
3. We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
4. We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
5. We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
6. We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
7. We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
8. You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your privacy rights
1. If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
2. Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information (we will provide you with a free copy of it);
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as “the right to be forgotten”);
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
3. Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy and Data Protection Notice.
4. We may ask you to verify your identity before acting on any of your requests.
1. We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
2. Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
3. The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy and Data Protection Notice.
4. In order to safeguard the information we collect from you, we will take all reasonable steps to ensure that:
- our servers are protected by security mechanisms and can only be administered via strictly controlled public/ private cryptographic keys;
- our data processing storage facilities are sited in secure locations to prevent unauthorised access, our infrastructure is provided by Amazon Web Services (AWS) and certifications for infrastructure provided by AWS can be obtained here: AWS Certifications;
- all communication with our servers is encrypted through Secure Sockets Layer (SSL), an industry standard encryption method that encrypts data between your computer and our servers so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;
- regular security assessments of our infrastructure are performed. This includes web vulnerability scans, dependency vulnerability scans, static code analysis, rule based OS inspection and manual assessments.
Access to your personal information
1. You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at email@example.com.
2. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.
1. If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to relevant Information Commissioner’s Office (ICO).
2. If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
1. Our Site may contain links and references to other websites. Please be aware that this Privacy and Data Protection Notice does not apply to those websites.
2. We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via the Site and/or any other service that is operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
3. In addition, if you came to this Site via a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
Transferring your information outside of Europe
1. Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to Australia.
2. We and our other group companies have offices and/or facilities in Australia. Transfers to each of these countries will be protected by appropriate safeguards, these include the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.
3. The hosting facilities for our website are situated in Australia. Transfers to each of these Countries will be protected by appropriate safeguards, these include the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.
4. Our Suppliers and Contractors are situated in Australia. Transfers to each of these Countries will be protected by appropriate safeguards, these include the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.
5. You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
6. If you use our Site or Service while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
7. By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.
8. As part of the services offered to you the information you provide to us will be transferred to, and stored at, countries outside of the European Union (“EU”). We may also share information with other equivalent national bodies, which may be located in countries worldwide. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EU in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy and Data Protection Policy.
Notification of changes to our Privacy and Data Protection Notice
1. Please be aware that we may change this Privacy and Data Protection Notice in the future. We may modify this notice at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on this Site. Please check back from time to time to review our Privacy and Data Protection Notice.
- Essential cookies – which are an essential part of our Service and affect the way you can use our site (e.g security & authentication)
- Performance cookies – which are used for analytics (e.g understanding usage on our website)
- Functionality cookies – which collect information about your device to help you customize our Service (e.g remembering your timezone settings or accessing inline help)
2. As well as cookies that are set by domains we control (first-party cookies), you may also see cookies set by a third party (third-party cookies). These are set when you interact with certain parts of our Service, such as viewing one of our help videos (YouTube) or signing in via Facebook and are used by these third-party services to understand your preferences and sometimes tailor content they show you.
3. Do I have to accept cookies? The majority of browsers are set up to accept cookies by default but you can change the way your browser handles cookies if you wish. You could reject them by default or be notified when a website is trying to set or update cookie. Exactly how you disable cookies depends on the browser or device you are using. The help feature on most browsers will tell you how you how you can manage and or disable cookies. If you disable cookies on your browser, certain features or parts of our Service may not function correctly or will have a degraded experience.
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can contact our Data Protection Officer by email or mail.
Curio Group Pty Ltd
3 Albert Coates Lane
VIC 3000, Australia
Acceptance of these conditions
We assume that all visitors of our website, and users of our platform have carefully read this document and agree to its contents. If someone does not agree with the Privacy and Data Protection Notice, they should refrain from using our Site. We reserve the right to change our Privacy and Data Protection Notice as necessity dictates. Continued use of our Site after having been informed of any such changes to these conditions implies acceptance of the revised Privacy and Data Protection Notice.