Privacy policy

Our terms and conditions, and the privacy notices below, are all written to be fully compliant with Australian Privacy Principles and European privacy and data regulations (GDPR). It’s all written in language that is designed to be understood and read by our users.

Privacy and Data Protection Notice

In summary we:

We don’t sell or share data and we will try and only contact you on things that are important.
Our server infrastructure is provided by Amazon Web Services and is currently based in the Australia (although servers may from time to time be based in other countries).
We only hold your data because you have given it to us – if you don’t want us to do that, we won’t. If you are worried about it – don’t collect or send any sensitive data through our system. If you want us to delete your data, please contact us.
We operate and comply with all the laws that apply to us. This means that if you use our Service, you are required to as well. Check out our terms and conditions for more information about this.

If you have any questions at all about the rest of this – please email us,privacy@curio.co.

General

1. Curio (“we” or “us”) is operated by Curio Group Pty Ltd. We take the privacy of your information very seriously. Our Privacy and Data Protection Notice is designed to tell you, the user of our platform about our practices regarding the collection, use and disclosure of personal and other information about you or your business that may be provided via this website or collected through using our Service or otherwise.

2. This policy applies to information provided by our users and account holders (“members”) and applies to information which is processed by us when using our Service.

3. We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).

4. “Personal information” is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.

5. You may contact us in writing at 3 Albert Coates Lane, Melbourne, Victoria, 3000 for further information about this Privacy and Data Protection Notice.

Basis on which we process personal data

1. Personal data we hold about you will be processed either because:

you have consented to the processing for the specific purposes described in this notice;
the processing is necessary in order for us to deliver our Service (i.e. to comply with our obligations under the contract between us and our members); or
the processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security.

Personal data we collect

1. We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:

details of your visits to the Site, the resources and pages that you access and any searches you make (“Technical Information”).
information we may require from you when you report a problem or complaint (“Complaints Information”)

2. We only collect such information when you choose to supply it to us. You do not have to supply any personal information to us and you may withdraw your authority for us to process your data or request that we restrict our processing (see below) but our Service may not be operable in practice without providing such data to us.

3. Information may also be gathered through the Service without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies.

4. An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet.

5. We use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our site, and to administer and improve the site.

6. We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.

How we use your personal data

1. We may use personal information collected from you to provide with you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.

2. We will use personal information only for the purposes that you consent to. This may include to:

provide you with products and services during the usual course of our business activities;
administer our business activities;
manage, research and develop our products and services;
provide you with information about our products and services;
communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail; and
investigate any complaints.

3. We may disclose your personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.

4. If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

Disclosure of your personal information

1. We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy and Data Protection Policy.

2. If we do disclose your personal information to a third party, we will protect it in accordance with this Privacy and Data Protection Policy.

3. Apart from where you have consented or disclosure is necessary to achieve the purpose for which it was submitted, personal information may be disclosed in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities. Also, we may disclose personal information when we believe in good faith that the law requires disclosure.

4. We do not sell personal information to third parties.

General Data Protection (GDPR) for the European Union (EU)

1. We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

2. We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

3. We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

4. We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

5. We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

6. We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

7. We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

8. You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

Your privacy rights

1. If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU

2. Except as otherwise provided in the GDPR, you have the following rights:

to be informed how your personal information is being used;
access your personal information (we will provide you with a free copy of it);
to correct your personal information if it is inaccurate or incomplete;
to delete your personal information (also known as “the right to be forgotten”);
to restrict processing of your personal information;
to retain and reuse your personal information for your own purposes;
to object to your personal information being used; and
to object against automated decision making and profiling.

3. Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy and Data Protection Notice.

4. We may ask you to verify your identity before acting on any of your requests.

Security

1. We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

2. Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

3. The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy and Data Protection Notice.

4. In order to safeguard the information we collect from you, we will take all reasonable steps to ensure that:

our servers are protected by security mechanisms and can only be administered via strictly controlled public/ private cryptographic keys;
our data processing storage facilities are sited in secure locations to prevent unauthorised access, our infrastructure is provided by Amazon Web Services (AWS) and certifications for infrastructure provided by AWS can be obtained here: AWS Certifications;
all communication with our servers is encrypted through Secure Sockets Layer (SSL), an industry standard encryption method that encrypts data between your computer and our servers so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;
regular security assessments of our infrastructure are performed. This includes web vulnerability scans, dependency vulnerability scans, static code analysis, rule based OS inspection and manual assessments.

Access to your personal information

1. You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at privacy@curio.co.

2. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.

Data breaches

1. If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to relevant Information Commissioner’s Office (ICO).

2. If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.

Other websites

1. Our Site may contain links and references to other websites. Please be aware that this Privacy and Data Protection Notice does not apply to those websites.

2. We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via the Site and/or any other service that is operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

3. In addition, if you came to this Site via a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

Transferring your information outside of Europe

1. Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to Australia.

2. We and our other group companies have offices and/or facilities in Australia. Transfers to each of these countries will be protected by appropriate safeguards, these include the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.

3. The hosting facilities for our website are situated in Australia. Transfers to each of these Countries will be protected by appropriate safeguards, these include the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.

4. Our Suppliers and Contractors are situated in Australia. Transfers to each of these Countries will be protected by appropriate safeguards, these include the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.

5. You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

6. If you use our Site or Service while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

7. By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.

8. As part of the services offered to you the information you provide to us will be transferred to, and stored at, countries outside of the European Union (“EU”). We may also share information with other equivalent national bodies, which may be located in countries worldwide. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EU in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy and Data Protection Policy.

Notification of changes to our Privacy and Data Protection Notice

1. Please be aware that we may change this Privacy and Data Protection Notice in the future. We may modify this notice at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on this Site. Please check back from time to time to review our Privacy and Data Protection Notice.

Cookie Policy

1. Like most websites and applications, this Site uses cookies to help provide you with the best experience whilst using our Service. The cookies we use are split between the following categories:

Essential cookies – which are an essential part of our Service and affect the way you can use our site (e.g security & authentication)
Performance cookies – which are used for analytics (e.g understanding usage on our website)
Functionality cookies – which collect information about your device to help you customize our Service (e.g remembering your timezone settings or accessing inline help)

2. As well as cookies that are set by domains we control (first-party cookies), you may also see cookies set by a third party (third-party cookies). These are set when you interact with certain parts of our Service, such as viewing one of our help videos (YouTube) or signing in via Facebook and are used by these third-party services to understand your preferences and sometimes tailor content they show you.

3. Do I have to accept cookies? The majority of browsers are set up to accept cookies by default but you can change the way your browser handles cookies if you wish. You could reject them by default or be notified when a website is trying to set or update cookie. Exactly how you disable cookies depends on the browser or device you are using. The help feature on most browsers will tell you how you how you can manage and or disable cookies. If you disable cookies on your browser, certain features or parts of our Service may not function correctly or will have a degraded experience.

Contact us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can contact our Data Protection Officer by email or mail.

privacy@curio.co

Curio Group Pty Ltd
3 Albert Coates Lane
Melbourne
VIC 3000, Australia

Acceptance of these conditions

We assume that all visitors of our website, and users of our platform have carefully read this document and agree to its contents. If someone does not agree with the Privacy and Data Protection Notice, they should refrain from using our Site. We reserve the right to change our Privacy and Data Protection Notice as necessity dictates. Continued use of our Site after having been informed of any such changes to these conditions implies acceptance of the revised Privacy and Data Protection Notice.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
player	1 year	Vimeo uses this cookie to save the user's preferences when playing embedded videos from Vimeo.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjRecordingEnabled	never	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivity	never	Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
wmc	1 year 1 month 4 days	Workable sets this cookie to assign a unique visitor ID for statistical purposes.

Cookie	Duration	Description
_dc_gtm_UA-63932471-3	1 minute	No description
_hjIncludedInSessionSample_3412719	2 minutes	No description
_hjSession_3412719	30 minutes	No description
_hjSessionUser_3412719	1 year	No description