Privacy Policy

Hello! We are Working Voices Limited (also known as “Curv”, “we”, “us” or “our”) and we operate the Curv application (the “App”), and provide opportunities for users to connect and enjoy a safe platform and build communities that galvanise societal, cultural and environmental progress (the “Services”). We have set out in this privacy notice (“Notice”) how we protect your personal data and respect your privacy, as well as information on your rights in relation to your personal data and what to do if you have a complaint.

If you are a user of the App or the Services, or make an account on the App, this Notice applies to you. When we process your personal data, we are regulated under the General Data Protection Regulation (“EU GDPR”) and the UK General Data Protection Regulation (“UK GDPR”) (as applicable) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. This means we determine how and why your data is processed.

Our App is not intended for use by children under the age of 13 .

When and how we collect data

We collect personal data about you whenever you interact with Curv. Sometimes you provide us with the data directly and sometimes we collect data about you automatically, when you:

• use our App or the Services;
• register with us;
• contact us for any reason, including user support;
• send us feedback;
• post material and content; and
• complete user surveys.

The types of data we collect

• Identity Data includes first name, last name, title and date of birth.
• Contact Data includes email address and telephone numbers.
• Technical (Device) Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location (please note you may stop us from collecting location data at any time by turning off the location services settings), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our App.
• Usage Data includes details of your use of our App or Services, traffic data, communication data, your individual reach, and whether other users have reported you.
• Profile Data includes your username and password, your interests, preferences, and feedback.
• Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
• Other Data includes any other information you decide to share with us or via our App, including your ethnicity and pronouns.

Ethnicity and pronoun data constitute ‘special category personal data’ for the purposes of EU and UK data protection legislation. This means this data is considered more sensitive and we will only process it with your explicit consent.

How and why we process your personal data

Data protection legislation requires that we only use your data for purposes that we tell you about and where we have a legal basis to do so. Here are the purposes and legal bases for which we process the personal data talked about above.

More information on legal bases

Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out below

Create and manage your account.

Offer, provide you with, and manage the App and the Services, including: installation of the App, registration, login, authentication, and and account verification.
Legal basis: Legitimate interests (provision of our services); Consent (regarding any ‘special category’ data)
Type of data: Identity, Contact, Technical (Device), Other

To manage our relationship with you.

Notifying you of changes to the App or Services; respond to and assist with any queries you may have about our Services.
Legal basis: Legitimate interests (manage our services); Contract
Type of data: Identity, Contact, Profile, Marketing and Communications, Technical (Device), Usage

To improve Curv.

To improve Curv or any of Curv brand group companies’ products and services, including research and development or to otherwise manage our business, internal data analysis to ensure Curv remains a fair, ethical and diverse experience for all.
Legal basis: Legitimate interests (to improve our business); Consent (regarding any ‘special category’ data)
Type of data: Identity, Usage, Profile, Technical (Device), Other

Complying with the law.

To comply with any legal or regulatory obligations or requirements that apply to us, including any record-keeping requirements that apply to us.
Legal basis for this data usage: Legal obligation
Type of data: Identity, Contact, Technical (Device), Usage, Profile, Other

Enforcing our rights where needed.

Seek professional advice, enforce or protect our rights, establish and defend legal claims; conduct investigations or take action in relation to crime and fraud prevention, risk management, and violation of our terms and conditions for services.
Legal basis: Legitimate interests (enforcing or protecting our legal rights)
Type of data: Identity, Contact, Technical (Device), Profile, Other

Marketing.

Sending you newsletters about the App and the Services, which may be of interest to you.
If you have previously agreed to being contacted in this way, you can unsubscribe for these marketing communications at any time by contacting us using the contact details in the ‘Contact us’ section below.
Legal basis: Consent
Type of data: Identity, Contact, Marketing and Communications, Profile

More information on what these legal bases mean

Consent: where you have given us clear consent for us to process your personal information (such as if you choose to share your pronouns or ethnicity information with us) for a specific purpose (such as for marketing and communications purposes), you have the right to withdraw your consent at any time – you can do this by using the contact details in the ‘Contact us’ section of this Notice.

Contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations).

Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).

Who we share your personal information with

Service providers. We share your personal data with third parties who provide services to us in order for us to run the App or provide the Services, where necessary, e.g. service providers providing software as a service for the hosting of our App.

Some of those third party recipients may be based outside the European Economic Area (“EEA“)/ the UK (as applicable) — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA/ UK (as applicable)’.

Regulators and authorities. We will share personal information with law enforcement, regulators or other authorities if required by applicable law.

Our group companies. We will share personal data in certain circumstances with other companies across the group of companies that Curv is part of.

Other parties as part of a corporate transaction. Lastly, if it is proposed that Curv is to merge with or be acquired by another business in the future, we may share your personal information with potential purchasers, where this is necessary, or the new owners of the business or company.

Where we store your personal data

The personal data we collect is processed in the United Kingdom and in the data processing facilities of the third parties with which we share your data (as outlined in the ‘Who we share your personal information with’ section above), which may include transferring your data outside of the EEA/ UK (as applicable).

Where we make such transfers of your personal data, we ensure a similar degree of protection is afforded to your personal data as in the EEA or the UK (as applicable). We do this by sending your data to countries that the EEA or the UK (as applicable) has deemed to provide essentially equivalent protection or by entering into EEA/UK (as applicable) approved standard contractual clauses with the relevant party.

Direct marketing

Where required under relevant EU and UK data protection legislation, we will obtain your opt-in consent before sending you marketing messages, unless we are permitted to contact you without your opt-in consent in relation to services which are similar to those which you have already used or interacted with. We often seek your consent to use your personal data for any marketing purposes.

In relation to marketing messages, you may opt out at any time if you no longer wish to receive these messages from us, by unsubscribing for these marketing communications at any time by contacting us using the contact details in the ‘Contact us’ section below.

Profiling

The decisions you make on the App, e.g. the themes you engage with and the communities you join, will contribute to the algorithm on the ‘For You’ page regarding what content you see.

Your rights

Under the EU GDPR/UK GDPR (as applicable) you have a number of important rights. You can exercise your rights by contacting us using the information in the ‘Contact us’ section below. You have the right to:

Access the information we hold about you, and to certain other supplementary information.

Require us to correct any mistakes in the information which we hold about you.

Be ‘forgotten’ by us by asking us to erase the personal data we hold about you, in certain situations.

Port your data to another service by asking us for a copy of the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format.

Restrict our processing of your personal data in certain circumstances, i.e. you may be able to limit the way that we use your personal data.
Object to the processing of the personal data concerning you in certain circumstances.

Withdraw consent at any time, where we are processing your personal data based on your consent.

Lodge a complaint with the UK Information Commissioner’s Office or relevant supervisory authority. You can contact the ICO in the following ways:

• Phone: 0303 123 1113
• Email: casework@ico.org.uk
• Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Please think about telling us first though, so we have a chance to address your concerns!

Keeping your personal data secure

We use appropriate security, technical and organisational measures, including restricted access controls, encryption programmes, ensuring appropriate security measures on the servers we use and established procedures to manage any suspected data security breaches.

How long do we store your personal data?

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with access to the App or the Services or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

Changes
This Notice was published on 22 April 2022 and last updated on 22 April 2022.

We may change this Notice from time to time. Changes to this Notice will come into effect immediately upon such changes being published. Please visit this page if you want to stay up to date, as we will post any changes here.

Contact us

Please contact us using the details below if you have any questions about this Notice or the information we hold about you.
If you wish to contact us, please send an email to hello@joincurv.com or write to us at Berkeley Square House, Berkeley Square, London, England, W1J 6BD.

We ask that you read this application privacy policy (“Policy“) carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are

This application is operated by Daily Curv Ltd. We are an online social media platform which supports changemakers in building communities that can create and grow movements and make change.

We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation (“EU GDPR“) and the UK General Data Protection Regulation (“UK GDPR“) (as applicable) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Our application

This Policy relates to your use of the Curv application (“App“), which you can download or stream onto your mobile telephone or handheld device (“Device“), and the services accessible through the App (“Services“).

Our collection and use of your personal information

We collect personal information about you when you use our App and associated services (including the Services) register with us, contact us, send us feedback, post material and complete user surveys.

We collect this personal information from you either directly, such as when you register with us, use our App, or contact us or indirectly, such as your browsing activity while on our website.

The personal information we collect about you depends on the particular activities carried out through our App. Such information includes:

• Identity Data includes first name, last name, title and date of birth.
• Contact Data includes email address and telephone numbers.
• Technical (Device) Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and/or our App.
• Usage Data includes details of your use of our website or services or your visits to any of our sites including, but not limited to, traffic data and other communication data and how you use the content of our applications and the information input by you, whether this is required for our own purposes and the resources that you access.
• Profile Data includes your username and password, your interests, preferences, feedback.
• Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
• Other Data includes any other information you decide to share with us or via our App. This may include if you choose to share your ethnicity or pronouns with us. These categories of data constitute ‘special category personal data for the purposes of EU and UK data protection legislation. This means this data is considered more sensitive and we will only process it with your consent.

How and why we process your personal information

Data protection legislation requires that we only use your data for purposes that we tell you about and where we have a legal basis to do so. Here are the purposes and legal bases for which we process the personal data talked about above. Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out below:

• Create and manage your account. To offer and provide you with our services; to otherwise manage our services; to verify your identity; to register you as a new customer or user of our applications; to install the App.

Legal basis for this data usage: Legitimate interest (provision of our services); Consent (for use, and sharing, of any ‘special category’ data)

Type of data: Identity, Contact, Technical (Device), Other

• To manage our relationship with you. including contacting you for marketing purposes or notifying you of changes to any services or applications.

Legal basis for this data usage: Legitimate interest (manage our services); Consent (for the use of any of your data for marketing and communications purposes); Compliance with legal obligations

Type of data: Identity, Contact, Profile, Marketing and Communications, Technical (device), Usage

• To communicate with you. to communicate with you about our services, respond to and assist with any queries you may have about our services, notify you of any changes to our website and App or to our services that may affect you

Legal basis for this data usage: Contract, Legitimate interests (to administer our business

• To improve Curv. To improve Curv or any of Curv brand group companies’ products and services, including research and development or to otherwise manage our business, and including our website and App.

Legal basis for this data usage: Legitimate interests (to improve our business)

• To enable us to comply with the law. To comply with any legal or regulatory obligations or requirements that apply us, including any record-keeping requirements that apply to us.

Legal basis for this data usage: Legal obligation

• To enforce our rights where needed. To seek professional advice, to enforce or protect our rights, to establish and defend legal claims; to conduct investigations or take action in relation to crime and fraud prevention, risk management, and violation of our terms and conditions for services.

Legal basis for this data usage: Legitimate interests (enforcing or protecting our legal rights)

Our App is not intended for use by children under the age of 13 and we do not knowingly collect or use personal information relating to children. The App is recommended for those that are 16 or over.

More information on what these legal bases mean

consent: where you have given us clear consent for us to process your personal information (such as if you choose to share your pronouns or ethnicity information with us) for a specific purpose (such as for marketing and communications purposes). You have the right to withdraw your consent at any time – you can do this by using the contact details in the ‘How to contact us’ section of this Policy.

contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations).

legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).

Who we share your personal information with

We will only share your personal data as follows. With:

• our personnel who provide services to you on our behalf;
• service providers providing software as a service for the hosting of our website; and
• service providers providing payment processing software.

This data sharing enables third parties to perform functions on our behalf that are required in order to process and despatch your order.

Some of those third party recipients may be based outside the European Economic Area / the UK (as applicable) — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA/ UK (as applicable)’.

We will share personal information with law enforcement or other authorities if required by applicable law.

Transfer of your information out of the EEA or UK (as applicable)

We may transfer your personal information to our third party suppliers (see ‘Who we share your personal information with’, above), including in the United States of America.

Where we do so, we ensure a similar degree of protection is afforded to your personal data as in the EEA or the UK (as applicable). We do this by sending your data to countries that the EEA or the UK (as applicable) has deemed to provide essentially equivalent protection or by entering into EEA/UK (as applicable) approved standard contractual clauses with the relevant party.

If you would like further information please contact us. We will not otherwise transfer your personal data outside of the EEA / UK (as applicable) or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Marketing

We would like to send you newsletters about the App and information about our products and special offers, which may be of interest to you. Where we have your consent to do so, we may do this by post, email, telephone, text message (SMS) or automated call.

If you have previously agreed to being contacted in this way, you can unsubscribe at any time by contacting us at [hello@joincurv.com].

It may take up to five days for this to take place.

For more information on your rights in relation to marketing, see the ‘Your rights’ section below.

Your rights

Under the EU GDPR/UK GDPR (as applicable) you have a number of important rights. In summary, those include rights to:

• fair processing of information and transparency over how we use your use personal information;
• access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address;
• require us to correct any mistakes in your information which we hold;
• require the erasure of personal information concerning you in certain situations;
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
• object at any time to processing of personal information concerning you for direct marketing;
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
• object in certain other situations to our continued processing of your personal information; and
• otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK GDPR or guidance from the relevant supervisory authority regarding individuals’ rights under the EU GDPR (as applicable).

If you would like to exercise any of those rights, please:

• email, call or write to us using the details in the ‘How to contact us’ Section;
• let us have enough information to identify you (e.g. account number, user name, registration details);
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
• let us know the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The EU GDPR/UK GDPR (as applicable) also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred, or in the UK (as applicable). The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this Policy

This Policy was published on 1 February 2022 and last updated on the 28 January 2022.

We may change this Policy from time to time, and will notify you of any material changes. We also encourage you to check the App periodically to make sure you are aware of our current privacy policy.

How to contact us

Please contact us using the details below if you have any questions about this Policy or the information we hold about you.

If you wish to contact us, please send an email to [hello@joincurv.com] or write to us at [138-140 Southwark Street, London, England SE1 0SW].

‍