OUR PRIVACY POLICY

Last update: 24th May 2018


THIS POLICY

This Privacy Policy sets out how we, The Curiosity Box Ltd, collect, store and use information about you when you use or interact with curiosity-box.com (our website) and where we otherwise obtain or collect information about you. This Privacy Policy is effective from 25th May 2018. If you have any questions about this Privacy Policy, you can contact our data protection officer by emailing help@curiosity-box.com


PERSONAL INFORMATION WE COLLECT


INFORMATION PROVIDED BY YOU

 When you register for an account with The Curiosity Box you provide your name, email address, password, delivery address, the names of recipient children and their dates of birth and payment information e.g. your credit or debit card details and billing postcode. You also have the option to tell us what your relationship to the child is. Through your use of the service you may also choose to provide your product feedback in the form of star ratings and comments.

We collect information you voluntarily provide to us, such as your name, phone number and email address when you contact our Customer Happiness team for help with your subscription or purchase of a gift.

The Curiosity Box does not target, as its paying customers, children under the age of sixteen. Although visitors of all ages may navigate through our websites, we do not knowingly collect or request personal information from those under the age of sixteen. If we discover, by any means, that a child under sixteen has been registered on our site, we will cancel that account and delete the personal information in it from our records.


INFORMATION COLLECTED AUTOMATICALLY

We automatically collect some information about you such as that collected by server logs or 3rd party website analytics services, and by using cookies or similar technologies when you visit our websites. We may collect information about the type of device you use and its operating system and version, your IP address, your general geographic location as indicated by your IP address, your browser type, the pages you view on our websites and how you interact with that content. 


INFORMATION OBTAINED FROM OTHER SOURCES

We may receive information about you from social media platforms when you interact with us on those platforms. We may also receive information from your Bank or from PayPal that tells us why a payment transaction on your chosen payment method failed if it did so. 



HOW WE USE PERSONAL INFORMATION

Delivering you THE CURIOSITY BOX SERVICEs

We process your personal information in order to provide you with the service you have requested from us and signed up for. This processing is necessary for the performance of our agreement with you and helps us provide you with the best possible experience of The Curiosity Box. We also use your data to develop aggregate analysis and business intelligence that enables us to operate, make informed decisions about, and report on the performance of our business. We have a legitimate interest in processing your data for these reasons and it is often necessary for the fulfilment of our contract with you. 


TAKING CARE OF OUR CUSTOMERS

   

Website and IT Improvements
We collect and store server logs to improve network, server and database security. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks, fraud and other attacks, by detecting unusual or suspicious activity.

We also analyse how our website users interact with our website and its features. For example, we analyse total visitor numbers and unique visitors, the time and date of the visit, whether certain pages or sequences of pages were visited, whether a visit resulted in a subscription to our service, the operating system and browser used and approximately where visitors are when they are accessing our websites. We use the information gathered from the analysis of this information to improve our websites.

We have a legitimate interest in improving our websites so that we can provide a better experience for existing customers and to attract new customers to our service.To help provide you with the best possible customer care we collect certain data by email or using our sign-up form and make tools available to our Customer Happiness team that process your personal data to help us respond to your enquiries, to investigate and diagnose problems you might experience and to help manage your account.

We do not routinely offer customer happiness by telephone but should you contact us by phone, we may collect your phone number and any information provide to us during your conversation with us. We do not record phone calls.

If you contact us by post, we will collect any information you provide to us in any postal communications you send us however we will not keep physical copies of your communication any longer than is strictly necessary to handle your enquiry.

We have a legitimate interest in processing your data for these reasons and it is often necessary for the fulfilment of our contract with you.


WEBSITE AND IT IMPROVEMENTS

We collect and store server logs to improve network, server and database security. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks, fraud and other attacks, by detecting unusual or suspicious activity.

We also analyse how our website users interact with our website and its features. For example, we analyse total visitor numbers and unique visitors, the time and date of the visit, whether certain pages or sequences of pages were visited, whether a visit resulted in a subscription to our service, the operating system and browser used and approximately where visitors are when they are accessing our websites. We use the information gathered from the analysis of this information to improve our websites.

We have a legitimate interest in improving our websites so that we can provide a better experience for existing customers and to attract new customers to our service.


COMMUNICATION AND MARKETING

 We use the data we collect to deliver and personalise our communications with you. For example, we may contact you by email to inform you about new products, special offers or to invite you to take part in a survey or provide product feedback. This processing is necessary to serve our legitimate interest. As a subscriber to The Curiosity Box you can opt-out of these emails at any time by visiting your email settings


Type of email: Transactional emails (Welcome email, payment emails, forgotten password email, cancellation confirmation email, important announcements about service or security) Lawful basis:  Legitimate interest (These communications are fundamental to providing your service and you cannot unsubscribe from these emails while remaining a customer of The Curiosity Box.)

   

Type of email:   Newsletters and special announcements (Seasonal craft and recipe ideas (Christmas, Easter, etc) and special announcements) Lawful basis:  Legitimate interest  (These emails are part of our product and the service you have subscribed to.)


Type of email:  Feedback and satisfaction surveys  (Customer surveys) Lawful basis:  Legitimate interest  (Responses to these emails help us improve our products and your service.)


Type of email:  Rate your box emails  (Product ratings and feedback emails ) Lawful basis:  Legitimate interest  (Responses to these emails help us improve our products and your service.)


Type of email:  Special offers from The Curiosity Box (Special offers, friend referral, competitions and schools/ fundraising ) Lawful basis:  Legitimate interest  (These offers will only relate to the product you currently buy from us and are part of the service that we offer.)


We also use cookies and similar technologies to provide the most relevant advertising to you. Please see Use of automated decision making for display advertising below.


COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies like pixels, tags, web beacons, and other identifiers to help us personalise our website for you, remember your preferences, understand how users are using our website, and help customise our marketing offerings.


COOKIES

A cookie is a small data file that is sent by our servers to your computer when you visit our websites. When you visit our websites again, this cookie can be read and your browser can be recognised. We use the following categories of cookies on our website: 


  • Strictly necessary cookies - these cookies are essential for you to browse our website and use its features and you cannot opt out of receiving them. You can block them using your browsers’ cookie settings (see below) but this may prevent you from being able to use our websites. 
  • Performance cookies - we use Google Analytics to help us understand things like how long a visitor stays on our website, what pages they find most useful, and how they arrived. You can find out more about Google Analytics from Google. We also test some new features on groups of users this way.
  • Functionality cookies - these cookies allow our websites to remember choices you make while browsing. For example we may store you country choice so that we can automatically configure your experience to the correct territory and language.
  • Targeting/advertising cookies - third party cookies are those placed by websites and/or parties other than The Curiosity Box but at our request. These largely help us provide more relevant advertising or to feed back anonymised data on signup conversions to our affiliate marketing partners. These cookies are subject to the respective privacy policies for these external services, for example, Facebook Data Use Policy.

  

You can opt out of specific types of cookies (apart from necessary cookies) but this may affect the smooth functioning of the website.
 

Web browsers allow you to control cookies in their preferences but doing so may disrupt your visits to our websites. Some browsers offer “Do Not Track” (“DNT”) functionality however we do not currently employ technology that recognises DNT signals. To control cookie settings on popular web browsers please see:


· Google Chrome

· Google Chrome Android

· Internet Explorer

· Safari macOS

· Safari iOS

· Firefox


PIXELS OR BEACONS

  

The Curiosity Box may work with third-party advertisers that use cookies and similar technologies to provide more relevant advertising about The Curiosity Box across the Internet. Examples of this may include a The Curiosity Box advertisement on a Facebook or Google page or on a site within Google’s advertising network. We do not share your personal information as part of this process and, where necessary, we obtain your consent. This results in increased efficiencies and costs savings for us compared to manually displaying advertisements or displaying advertisements by different means. You can opt out of these personalised ads from most major third-party advertisers and ad networks at any time by visiting Ad Choices and this will impact the advertising you see across the Internet. We use automated decision making and profiling on our website. We do not consider that this has any legal effect on you or similarly significantly affects you. In addition to cookies, we may use small images known as 'pixels' (also known as web beacons or pixel tags). We use pixels in our various email communications to you, to help us to understand whether our emails have been viewed. We also use third party pixels (such as those from Google, Facebook, and other advertising networks) to help us provide advertising that is relevant to your interests. As a The Curiosity Box user you can opt out of most of our emails by visiting your email settings page. Learn more about our advertising and marketing activities below. 


ADVERTISING AND MARKETING TOOLS

The Curiosity Box may work with third-party advertisers that use cookies and similar technologies to provide more relevant advertising about The Curiosity Box across the internet. Examples of this may include a The Curiosity Box advertisement on a Facebook or Google page or on a site within Google’s advertising network. We do not share your personal information as part of this process and, where necessary, we obtain your consent. This results in increased efficiencies and costs savings for us compared to manually displaying advertisements or displaying advertisements by different means. You can opt out of these personalised ads from most major third-party advertisers and ad networks at any time by visiting Ad Choices and this will impact the advertising you see across the internet.


AUTOMATED DECISION-MAKING AND PROFILING

We use automated decision making and profiling on our website. We do not consider that this has any legal effect on you or similarly significantly affects you. 


IN MARKETING EMAILS

 We may use information that we know about you, either that you have provided to us or that may be included in your account history to determine the best marketing, transactional and product emails to send you. By targeting these emails and by analysing how our email recipients respond to our emails we are able to send more relevant emails to current and former customers and we are able to improve the content and effectiveness of these emails.

This means that your behaviour when you open our emails will be tracked using small gif files called pixels or beacons and will include open rates, bounce rates and click through rates. It is in our legitimate interests to use profiling and tracking in this way and you can opt out by emailing us at help@curiosity-box.com and requesting to be unsubscribed from all our emails.


HOW WE SHARE PERSONAL INFORMATION

The Curiosity Box does not and will never sell personal information about our customers. We do, however, share your personal information with a number of 3rd parties where strictly necessary to operate as a business and provide the service you ordered. This may involve your data being transferred outside the EEA. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area. We may share information with the following types of third parties: 


THIRD PARTY VENDORS

 The Curiosity Box uses a variety of third-party vendors to carry out critical services like website hosting, online product purchases and shipping, credit card processing and email communications. We will only share your personal data when absolutely necessary. It is our legitimate interest to process your personal data for these purposes. We do not display the identities of our service providers for security and competitive reasons but if you have any questions please send an email to help@curiosity-box.com 


SALE OR MERGER

We may share your personal information in the event of a merger, acquisition, or sale of all or a portion of our assets. Of course, we shall notify you via email and/or a prominent notice on our website and inform you of your rights. 


LEGAL DISCLOSURE

 When legally required, strictly necessary for the performance of the services or to protect our rights, or the rights of our affiliates or users, we disclose your personal information to law enforcement authorities, investigative organisations, our affiliates or in legal proceedings. 


HOW LONG WE RETAIN YOUR INFORMATION

 We will retain your personal information for as long as we deem it necessary to enable you to use the website, to provide your subscriptions to you, to comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. All personal information we retain will be subject to this Privacy Statement and our internal retention guidelines. If you have a question about a specific retention period for certain types of personal information please send an email to help@curiosity-box.com 


HOW WE SECURE YOUR INFORMATION

  

While we are committed to protecting against the prevent loss, theft or misuse of your personal information and though we take all reasonable precautions to secure the personal information we collect, no system should be considered completely safe from compromise.

We store the personal data you provide on computer systems that have limited access, that are in controlled facilities and which have suitable backup policies in place. We ensure that our third-party data centre vendors provide adequate security measures. Additionally, your data is protected with encryption, such as Transport Layer Security (TLS), during transmission over the Internet.

Your password is stored using a one-way hash, which means that it cannot be recovered (or disclosed) by anyone, including The Curiosity Box, it can only be reset. To protect the confidentiality of your personal information, you must keep your password confidential and not disclose it to any other person. Please notify us immediately if you believe your password has been misused and note that we will never ask you to disclose your password in an unsolicited phone call or email.

If you send us any information by email you should be aware that email is not secure and as such could be read in transit within systems outside of our control. If you send us information in this manner you do so at your own risk. Though we cannot discuss the details of our security systems and policies if you have any questions please email help@curiosity-box.com and we will try to answer them.


TRANSFERS OF YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA

  

Personal data collected by The Curiosity Box may be stored and processed within or outside the EEA and is sometimes determined by where our service providers are located or store data. The Curiosity Box has put in place adequate mechanisms to protect personal information whenever it is transferred internationally, for example by using the Model Contract Clauses as approved by the European Commission or, in the case of suppliers in the US, that they have certified under the EU-U.S. Privacy Shield program.  

We want you to be in control of how your personal information is used by us. You have the following rights over your personal information that we hold:

· you can ask us for a copy of the personal information we hold about you

· you can inform us of any changes to your personal information, or if you want us to correct any of the personal information we hold about you - you can do this by logging into your account or emailing our Customer Happiness Team 

· in some situations you can ask us to delete your personal information

· you can object to certain ways in which we are using your personal information and

· you can also request that we send your personal information to a third party of your choice

Where we are using your personal information on the basis of your consent, you are entitled to withdraw that consent at any time. Where we process your personal information based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal information. If you are not satisfied with the way we have handled any enquiry relating to the way we process your personal information you have the right to complain to The Information Commissioner's Office  

You can opt out of receiving various types of email communications from The Curiosity Box by following the unsubscribe link in every email sent to you by us. You can also opt out by updating your account email preferences however there are some emails that we will continue to send you: for example the get set email that is part of your Curiosity Box subscription, regarding meaningful changes to this policy, responding to routine customer care and transactional emails relating to your use of our service, including but not limited to welcome, forgotten password emails and payment failure emails.

You can adjust the amount of interest-based advertising you may receive by changing your cookie settings and/or opting out of certain advertising networks. For more information see Cookies and similar technologies.  

‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us. If, however, you inadvertently or intentionally transmit sensitive personal information to us, we will only use and process your sensitive personal information for the purposes of deleting it. We may modify or update this Statement when necessary, to reflect customer feedback and changes in our products and service. Please review it regularly. When we update this Statement, we will revise the 'Last Update' date at the top of the Statement. If there are material changes to the Statement or in how The Curiosity Box uses your personal data, we will inform you either by posting a notice of such changes, prior to them taking place, or by directly sending you a notification. We encourage you to regularly review this Statement to learn more how The Curiosity Box is using and protecting your information. 


YOUR RIGHTS AND CHOICES


YOUR RIGHTS


We want you to be in control of how your personal information is used by us. You have the following rights over your personal information that we hold:

· you can ask us for a copy of the personal information we hold about you

· you can inform us of any changes to your personal information, or if you want us to correct any of the personal information we hold about you - you can do this by logging into your account or emailing our Customer Happiness Team 

· in some situations you can ask us to delete your personal information

· you can object to certain ways in which we are using your personal information and

· you can also request that we send your personal information to a third party of your choice

Where we are using your personal information on the basis of your consent, you are entitled to withdraw that consent at any time. Where we process your personal information based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal information. If you are not satisfied with the way we have handled any enquiry relating to the way we process your personal information you have the right to complain to The Information Commissioner's Office


YOUR CHOICES


You can opt out of receiving various types of email communications from The Curiosity Box by following the unsubscribe link in every email sent to you by us. You can also opt out by updating your account email preferences however there are some emails that we will continue to send you: for example the get set email that is part of your Curiosity Box subscription, regarding meaningful changes to this policy, responding to routine customer care and transactional emails relating to your use of our service, including but not limited to welcome, forgotten password emails and payment failure emails.

You can adjust the amount of interest based advertising you may receive by changing your cookie settings and/or opting out of certain advertising networks. For more information see Cookies and similar technologies.


SENSITIVE PERSONAL INFORMATION


‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us. If, however, you inadvertently or intentionally transmit sensitive personal information to us, we will only use and process your sensitive personal information for the purposes of deleting it.


CHANGES TO OUR PRIVACY POLICY


We may modify or update this Statement when necessary, to reflect customer feedback and changes in our products and service. Please review it regularly. When we update this Statement, we will revise the 'Last Update' date at the top of the Statement. If there are material changes to the Statement or in how The Curiosity Box uses your personal data, we will inform you either by posting a notice of such changes, prior to them taking place, or by directly sending you a notification. We encourage you to regularly review this Statement to learn more how The Curiosity Box is using and protecting your information.