Privacy Policy

At Curvaso, we are committed to maintaining the trust and confidence of our visitors and customers. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you browse our storefront or make a purchase.

1. What Personal Data We Collect and Why We Collect It

Order & Transaction Data (E-Commerce Fulfillment)

When you purchase items from our store, we collect personal information necessary to fulfill our commercial contract with you. This includes:

• Your full name, billing address, and shipping address.
• Your email address and phone number (used strictly for order confirmations, tracking updates, and delivery alerts).
• A detailed record of the items you purchased.

Lawful Basis for Processing: Contractual Necessity (we cannot fulfill or ship your order without this information) and Legal Obligation (to comply with UK corporate tax and financial record-keeping laws).

Customer Accounts

If you choose to register an account on our storefront, we securely store the personal credentials and profile data you provide. This information allows you to track order processing metrics and view your historical purchase data.

Comments and Product Reviews

When visitors leave reviews or comments on the site, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string to assist in automated spam detection.

• An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to verify if you are a user. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/.

Media Uploads

If you upload images directly to the website (e.g., when submitting a product review), you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can potentially download and extract layout location data from these files.

2. Cookies and Data Tracking

• Account Login: If you visit our login page, we set a temporary cookie to determine if your browser accepts cookies. This contains no personal data and is discarded when you close your browser. When you log in, we set up several cookies to save your session information and screen display choices. Login cookies last for two days; screen options cookies last for a year. Selecting “Remember Me” extends your login persistence to two weeks.
• Shopping Convenience: If you interact with our checkout, cookies are utilized to temporarily remember items added to your dynamic shopping basket grid. If you leave a comment or review, you may opt-in to saving your name, email address, and website in cookies so you do not have to re-enter your details in the future. These cookies last for one year.

3. Secure Financial Transaction Processing

Your digital security is our highest priority. All payments handled across our storefront use fully verified, encrypted Secure Socket Layer (SSL) channels.

• We partner with trusted third-party payment gateways, including Stripe, Visa, Mastercard, and Apple Pay, to process transaction funds.
• At no point does Curvaso view, process, or store your raw credit or debit card data directly on our internal servers. Your billing information is collected and processed safely by these external merchant platforms under their respective encryption security frameworks.

4. Who We Share Your Data With (Third-Party Logistics)

We do not sell, rent, or trade your personal data with third parties for marketing purposes. To fulfill your orders, your data is securely shared only with the following essential entities:

• Logistics & Delivery Couriers: Your name, shipping address, and telephone number are passed to our freight forwarding partners and courier distribution networks (such as Royal Mail, DPD, Evri, or third-party fulfillment centers) strictly to execute tracked UK mainland parcel deliveries.
• Password Resets: If you request an automated account password reset, your current IP address will be included dynamically in the reset email.
• Spam Detection: Visitor comments and reviews may be checked through an automated third-party spam detection service.

5. How Long We Retain Your Data

• Order Records: We retain transactional data, invoices, and sales communication indefinitely, or as strictly mandated by UK tax laws to satisfy our regulatory corporate auditing commitments.
• Comments & Reviews: If you leave a review or comment, the text and its associated metadata are retained indefinitely so we can recognize and approve follow-up entries automatically.
• User Profiles: For users who register an account on our website, we store the personal information provided in their profile layout. All users can see, edit, or delete their personal information at any time (except they cannot change their primary account username).

6. What Rights You Have Over Your Data

Under the UK GDPR, you hold complete authority over your personal records. If you have a registered customer account or have left product reviews on this site, you have the right to:

• Request an exported file of the personal data we hold about you, including any details you provided.
• Request that we correct, rectify, or completely erase any personal data we hold about you.

Note: This does not include any historical data that we are legally or contractually obliged to retain for administrative, legal, corporate tax, or security framework purposes.

7. Contact Information and Data Requests

For any privacy concerns, data access requests, or to exercise your right to erasure, please contact our administrative data controller directly at:

Email: sales@curvaso.co.uk