Privacy Policy

1. Who We Are

Curosa is the "Data Controller" of the personal data you provide to us. If you have any questions regarding this policy or our privacy practices, please contact us using the details below:

• Email: privacy@curosa.com
• Registered Office: 20 Wenlock Road, London, England, N1 7GU

2. The Data We Collect

We collect different types of information depending on how you interact with our marketplace:

• Identity & Contact Data: Name, email address, billing address, delivery address, and telephone number.
• Transaction Data: Details about payments to and from you and details of products you have purchased from vendors on our platform. (Note: Full payment card details are processed by our secure third-party providers and are not stored on our servers).
• Technical Data: IP address, login data, browser type, time zone setting, and operating system.
• Profile Data: Your username, password, purchases, interests, and preferences.
• Vendor Data: For sellers, we collect business registration details, VAT numbers, and payout bank details.

3. How We Use Your Data

We only use your data when the law allows us to. Most commonly, we use your data in the following circumstances:

• Performance of a Contract: To process your orders and facilitate the transaction between Buyer and Vendor.
• Legitimate Interests: To improve our platform, provide customer support, and prevent fraudulent activity.
• Legal Obligation: To comply with UK tax laws, financial regulations, and reporting requirements.
• Consent: To send you marketing communications. You can withdraw this consent at any time.

4. Sharing Your Data

Because Curosa is a marketplace, sharing certain information is essential to the service:

• With Vendors: When a Buyer makes a purchase, we share the Buyer's name and delivery address with the Vendor so they can fulfill the order.
• With Service Providers: We use third-party "Data Processors" for payment processing (e.g., Stripe/PayPal), email delivery, and website analytics.
• Legal Requirements: We may disclose data if required by UK law enforcement or regulatory authorities.

5. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal data to those employees and partners who have a genuine business need to know.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By UK law, we must keep basic information about our customers (including Contact, Identity, and Transaction Data) for six years after they cease being customers for tax purposes.

7. Your Legal Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we fix any incomplete or inaccurate data.
• Erasure: Request that we delete your data (the "right to be forgotten").
• Object/Restrict: Object to the processing of your data for marketing or restricted use.
• Data Portability: Request the transfer of your data to another service provider.

To exercise any of these rights, please contact us at the email address provided in Section 1.

8. Cookies

Our website uses cookies to distinguish you from other users. This helps us provide you with a smooth experience when you browse our marketplace and allows us to improve our site. You can set your browser to refuse all or some cookies, but please note that some parts of this website may become inaccessible or not function properly.

9. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.