PRIVACY POLICY

Thank you for your interest in the Curate platform www.curate.eco (hereinafter “Platform”). We respect your privacy and will collect and process your Personal Data (as defined in Section 2 of this Policy) in compliance with the applicable legal requirements at all times. We will never rent or sell your Personal Data for marketing or other purposes.
This privacy policy (“Policy”) explains how we collect, use, and share information from users of our Platform and the Curate website and apps, (referred to herein as the “Website”). If you are located in the European Economic Area (“EEA”), this policy informs you of your choices and our practices in relation to your Personal Data. If you are a California Resident, our California Resident Privacy Notice contained in Section 10 of this Policy provides more information about your California privacy rights and explains how you can exercise those rights.
  1. CONTACT INFORMATION AND DETAILS FOR DATA CONTROLLER, DATA PROTECTION OFFICER AND REPRESENTATIVE IN THE EUROPEAN UNION (EU)
    1. The data controllers within the meaning of the European General Data Protection Regulation (GDPR) are Curate Inc., 111 Sutter St., 17th Floor, San Francisco, CA 94104, USA, and Curate Ltd., Level 12, 697 Collins St., Docklands, Victoria 3008, Australia; phone +49 (0) 30 5683 7185, e-mail privacy@curate.eco
    2. Our data protection officer can be contacted under Data Protection Officer, Curate Ltd., Level 12, 697 Collins St., Docklands, Victoria 3008, Australia, e-mail dpo@curate.eco.
    3. Our representative in the European Union (EU) is Curate GmbH at Stralauer Platz 33-34, 10243 Berlin, Germany, email privacy@curate.eco.
  2. WHAT IS PERSONAL DATA
    For the purposes of this Policy, “Personal Data” means information relating to an identified or identifiable individual. This includes Personal Data collected and processed by us when you access our Website and the services related to it. Personal data does not include information of a general nature that does not identify you; for example, the number of users of the Platform.
  3. WHAT TYPES OF PERSONAL DATA WE COLLECT
    1. WEB SERVER PROTOCOLS (INCLUDING IP ADDRESS)
      1. When you visit and use the Website, our web server automatically collects your IP address, the date and time of your visit to the Website, the sites visited on the Platform, the referrer website, your browser type, your operating system, the domain name and the address of your internet access provider, to help us understand how you use our Website and to help us improve it.
      2. We and our third-party partners collect Personal Data using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. We may use both session cookies (which are deleted from your device after you leave the Website) and persistent cookies (which remain on your device for longer or until you delete it manually). A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Website.
      3. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Website, you may not be able to utilize the features of the Website to their fullest potential.
    2. PERSONAL DATA SUBMITTED BY YOU
      1. (a) We collect Personal Data that you provide to us on a voluntary basis to provide, operate and manage the Platform as well as to provide our services in accordance with our user agreement (curate.eco/agreement). For example, we collect (a) your user name and e-mail address when you create an user account and register for the Platform; (b) your name, delivery address, phone number, e-mail address, bank respectively payment information when you order a product via the Platform; (c) your name, address, phone number, e-mail address, bank account details and tax status respectively tax file number when you sell products via the Platform; and (d) your e-mail address when you complete a form or send us an e-mail. When we collect your Personal Data, we inform you whether the designation of certain Personal Data is compulsory or optional and of the possible consequences that arise in case of the absence of a designation. In addition, we collect the data which you have provided to us through the visit and use of the Platform as well as our services, e.g. your purchases and sales history, favorited and earmarked items on the Platform, your movement and actions taken on the Platform as well as the content and details of messages send or received via our BubbleMail service. Provided that you log in via a social media single sign-on we collect your Personal Data from the respective social media platform which you have made publically available.
      2. (b) We collect your e-mail address when you register for our newsletter and promotional messages. If we send you promotional messages, we may track whether you open them to learn how to deliver a better customer experience and improve our Website.
      3. (c) When you make a purchase through our Website, your credit card information, billing information, and any other financial information necessary to complete your purchase (“Payment Information”) is processed by our third-party payment processor, and we do not collect, store, or process your Payment Information. For more information, please see Section 4.2 below.
  4. HOW WE PROCESS YOUR PERSONAL DATA
    1. We process your Personal Data in order to provide and operate the Platform and render our services to you in accordance with our user agreement (curate.eco/agreement). Specifically, we may use your Personal Data to: (a) facilitate and coordinate sales and purchases via the Platform; (b) attempt to provide you with a smoothly and accurately functioning Website by monitoring and maintaining its performance; and (c) enable and process your communication with our support service in case of queries via e-mail, web forum, or phone. This processing is necessary for the performance of our contract. With respect to your communication with other users via our message boards, chatrooms or other interactive online forums as set out under item 4.1 above please be aware that if you post a comment on a message board or in a chatroom, this information will be made available to the public in an online environment. Each user is solely responsible for its posted comments. If you choose to use any such interactive area, please be aware that this environment and all Personal Data posted there is publicly accessible. We cannot control how other visitors of the Platform will use this information. In particular, we are unable to prevent you from receiving unsolicited messages from third parties.
    2. When you make a purchase through our Website, your payment is processed by a third-party payment processor (“Payment Processor”). This Payment Processor may collect Personal Data from you, including your name, email address, billing address, and Payment Information in connection with your payment. The use of your Personal Data by the Payment Processor is governed by the Payment Processor’s terms and conditions and privacy policy, and Personal Data we receive about you from our Payment Processor is governed by this Policy. This processing is necessary for the performance of our contract.
    3. Further we may process your Personal Data for the purpose of preventing fraud on the Platform. This processing is necessary for the purpose of our legitimate interests. Our legitimate interests in this context are the protection of the integrity of the Platform, our services, our system as well as our users.
    4. We process your Personal Data (a) to provide you with an optimal and meaningful user experience on the Platform and within our services; and (b) to improve and optimize the Platform and our services, the layout and content of the Platform. This processing is necessary for the purpose of our legitimate interests. Our legitimate interests are to provide an optimal and meaningful user experience on the Platform which fulfils your expectations and needs as well as our commercial interests.
    5. Provided that you have given us your consent, we will further use the Personal Data collected for the provision and optimisation of our marketing measures via e-mail, in particular, the provision of our newsletter and other promotional messages on Curate events, services, products and/or special offers. You may withdraw your consent at any time with future effect. You may, at any time, opt out from receiving such communications by following the instructions included in each e-mail or contacting Curate customer service e.g. by sending us an e-mail to the contact details set out under item 1 above or by visiting the Curate Help Centre at https://help.curate.eco/hc (which can also be reached by clicking “Help” on the bottom of the homepage of the Platform). If you have consented to it, we will also use your e-mail address to send you useful information about using the Curate services from time to time. You may at any time opt out from such use by deactivating the receipt of specific kinds of messages in your user account settings. This processing is based on consent given by you.
    6. Further, we may process your web server information (cf. item 3.1 above) in cooperation with your internet service provider and/or local authorities in cases of a system misuse in order to investigate and identify the originator of such system misuse. This processing is necessary for the purpose of our legitimate interests. Our legitimate interests in this context are the protection of the integrity of the Platform, our services, our system as well as our users.
    7. For other purposes for which we process Personal Data, we provide specific notice at the time such Personal Data is collected.
  5. TRANSFER OF PERSONAL DATA
    Your Personal Data is important and helpful for us to provide and optimize our services and the Platform. We do not share Personal Data with any third party, unless this (a) is necessary to fulfil our services and/or the provision of the Platform; (b) is permitted by applicable law; or (c) has been agreed by you. We share Personal Data with third parties as described below:
    1. To properly render our services - for example for facilitating sales and purchases made between users via the Platform, we will to share your name, delivery address and phone number on behalf of the selling user with third-party service providers (e.g. fulfillers for manufacturing, printing, logistics or processing services). This processing is necessary for the performance of our contract.
    2. In case third-parties address Curate with the allegation that content submitted by you onto the Platform infringes applicable law, intellectual property rights of the third party (including without limitation, copyrights and ancillary copyrights, patents, trademarks, company symbols, work titles, or designs) or any other rights of the third party (including without limitation, the general right of privacy and the right of one’s own image), we are entitled pursuant to our user agreement (cf. under https://www.curate.eco/agreement) to provide the third party with your name, address and/or information relating to the content which has been objected, in order to enable the third party to claim such rights vis-à-vis you directly. This processing is necessary for the performance of our contract.
    3. We may outsource the processing of Personal Data (completely or partially) to third-party service providers acting on our behalf as data processors in accordance with of Art. 28 GDPR. When such third-party service providers are located outside of the European Union (EU) or the European Economic Area (EEA), we will establish appropriate safeguards in accordance with the requirements set by law and data protection authorities to ensure that your Personal Data is duly protected. In particular, we use external service providers to provide and operate the Platform and our respective services: To host the Website and to store its back-end database. To enable and provide communication via live chat. To enable and provide the technical basis for user product reviews. To detect, identify and prevent fraudulent use of the Platform. To monitor the performance of the Platform as well as to detect and solve issues and errors on the Platform. To provide customer relationship management, in particular, customer and product support services for the Platform as well as the identification and resolve of customer support issues via live chat, e-mail, web forum, social media or phone. To provide data reporting and enable analysis for our internal business purposes. To optimize the typography on the Platform. To organize and manage internal business goals effectively and efficiently. To optimize and enhance our budgeting, corporate performance, analysis and reporting. To provide payment services for our users. To provide marketing and marketing optimization services.
    4. We use analytics services such as Google Analytics to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/.
    5. We work with third-party advertising partners to show you ads that we think may interest you. Some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.
    6. We may access, preserve, and disclose your Personal Data if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your Personal Data may occur if you post any objectionable content on or through the Website.
    7. We do not rent, sell, or share Personal Data about you with non-affiliated companies for their direct marketing purposes unless we have your permission.
    8. We may share Personal Data we receive with our affiliates for any purposes described in this Policy.
    9. We may transfer your Personal Data to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.
  6. INTERNATIONAL DATA TRANSFERS
    The Website is hosted in the United States. If you choose to use the Website from regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Data outside of those regions to the United States for storage and processing, which does not have the same data protection laws as your jurisdiction. When we transfer your Personal Data to the United States, we take steps to comply with applicable data protection law, in particular legal requirements regarding adequate protection for data transfers (e.g. Standard Contractual Clauses). Also, we may transfer your Personal Data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. You can obtain a copy of the data transfer mechanisms we use by contacting us below.
  7. HOW WE KEEP PERSONAL DATA SECURE
    We make reasonable efforts to protect your Personal Data by using physical and electronic safeguards designed to improve the security of the Personal Data we maintain. However, as no electronic transmission or storage of Personal Data can be entirely secure, we can make no guarantees as to the security or privacy of your Personal Data. Your payments are handled over an encrypted connection or via a secure third-party Payment Processor. Access to Personal Data on our databases is subject to reasonable technical safeguards and is restricted to authorized staff on a strict need-to-know basis. Further, we require our external service providers with access to Personal Data to sign data processing agreements (Art. 28 GDPR) that require them to take the necessary and reasonable steps to protect the Personal Data provided to them.
  8. STORAGE TIME
    We will only store your Personal Data as long as necessary to fulfil the purposes for which they were collected or – where the law provides for longer retention periods – for the duration of the retention period required by law. When determining the specific retention period, we take into account various criteria, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the statute of limitations. After that your Personal Data will be deleted.
  9. WEB ANALYSES SERVICES, COOKIES AND OTHER TECHNOLOGIES
    1. We want to provide you with an optimal and meaningful user experience. Therefore, we use cookies and other technologies on the Website and within our services (a) in order to better understand how our users use the Website and our services; (b) for the optimization of the Website and our services; (c) in order to provide and maintain, to the extent possible and reasonable, a smoothly and accurately functioning Website; as well as (d) for marketing purposes and market research.
      Cookies and other technologies help us in many ways to make your visit of the Website more enjoyable and meaningful.
      Cookies are text information files that our web server sends to and places on your computer when you visit the Website. Most browsers accept cookies automatically, but can be configured in their settings not to accept cookies or to indicate when a cookie is being sent. For more information please check the help menu of your browser. Some or all of our cookies may be disabled or deleted later. You can either disable our cookies via the browser settings or via the opt-out possibilities as set out in the table under item 8.3 below. Please note that you do not have to accept our cookies in order to use the Website. However, if you opt out of the cookie function, some areas and functions of the Website may be disabled.
    2. We use the following types of cookies on the Website for the following purposes:
      1. Technical cookies
        Cookies that allow the navigation through the Website and the use of different options or services that exist in it, such as allowing the communication of data, identifying your user account, accessing restricted access Website areas, storing products from orders, completing the purchase process of an order or storing content for the broadcast of videos and sound and share content.
        This processing is necessary for the performance of our contract.
      2. Customization cookies
        Cookies that allow the access to the Website with some general predetermined characteristics according to several criteria out of the user’s device, such as the language, the web browser, the regional settings etc.
        This processing is necessary for the performance of our contract.
      3. Advertising cookies
        Cookies that allow Curate to analyse and manage the information related to the advertisements displayed to each user on the Website. Those cookies allow to manage, in the most efficient way, the advertising spaces of the Website pursuant to different information such as the edited content or the frequency in which such advertisements are displayed.
        This processing is necessary for the purpose of our legitimate interests. Our legitimate interests are to provide a user-friendly and meaningful Website which fulfils your expectations and needs as well as our commercial interests.
      4. Conduct or behavior advertising cookies
        These cookies store information on the behavior of users obtained through the continuous observation of their browsing habits, which allows the development of a specific profile in order to display different advertisements based on such profiling process.
        It is also possible that by visiting a website or by opening an e-mail where an advertisement or promotion about our services is displayed, a cookie will be installed in your browser that will be useful to show to the user some other advertisements related to the searches that it has carried out, to develop a control of our advertising in connection, for example, with the number of times each advertisement is displayed, where or at what time it is displayed etc.
        This processing is necessary for the purpose of our legitimate interests. Our legitimate interests are to provide a user-friendly and meaningful Website which fulfils your expectations and needs as well as our commercial interests.
      5. Third-party analytics cookies
        Together with our server logs and other web analysis programs, analytical cookies enable Curate to ascertain the total number of users visiting the website and the most popular areas. Thanks to them, Curate can obtain information to improve browsing and offer a better service to users.
        This processing is necessary for the purpose of our legitimate interests. Our legitimate interests are to provide a user-friendly and meaningful Website which fulfils your expectations and needs as well as our commercial interests.
      6. Third-party social networks cookies
        If you interact with the content of the Website, third-party cookies may also be installed (for example, by clicking on social media buttons or viewing videos housed on other websites). Third-party cookies are those established by a domain different to the Website and subject to the relevant social network’s policies.
        This processing is necessary for the purpose of our legitimate interests. Our legitimate interests are to provide a user-friendly and meaningful Website which fulfils your expectations and needs as well as our commercial interests.
  10. YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION
    Depending on your location, you may have the following rights under applicable data protection law:
    1. Right of access, rectification, erasure and restriction of processing: You have the right to obtain access to your Personal Data stored by us. If we process or use your Personal Data, we will use reasonable steps to ensure that your Personal Data is accurate and up-to-date for the purposes for which they were collected. If your Personal Data is inaccurate or incomplete, you have the right to obtain the rectification of such Personal Data. Furthermore, you may have the right to obtain the erasure or restriction of processing of your Personal Data, for example if no legitimate business purpose exists anymore for the data processing under this privacy policy or applicable law and the further storage is not necessary under statutory storage obligations.
      Your user account essentially shows the Personal Data you have stored with us. You may view, change and/or erase the data as needed. Furthermore, to obtain access to or the rectification, erasure or restriction of processing of your Personal Data you may at any time contact us as provided in item 1 above.
    2. Right to data portability:
      You may have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller. To exercise this right you may at any time contact us as provided in item 1 above.
    3. Right to object:
      You may have the right to object, on grounds relating to your particular situation, to the processing of your Personal Data. To exercise this right you may at any time contact us as provided in item 1 above.
    4. Right to withdraw your consent:
      If you have given your consent to the collection or processing of your Personal Data, you have the right to withdraw your consent at any time on a prospective basis without affecting the lawfulness of processing based on the consent before its withdrawal. You may also object to use of your Personal Data for purposes of market research and public opinion polling as well as advertising and unsubscribe from our newsletter (please cf. under item 4.3 above). To exercise any of these rights you may at any time contact us as provided in item 1 above.
      Before meeting your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. In addition, you also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
  11. Consumer Privacy Act ("CCPA") – for California residents
    This Section 11 applies only to users of our Platform who are California residents. As used in this Section, “Personal Information” in this Section 11 means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”).
    1. CCPA Disclosure
      The chart below provides the categories of Personal Information (as defined by the CCPA) we have collected, disclosed for a business purpose, sold, or used for business or commercial purposes in the preceding twelve (12) months since this California Resident Privacy Notice was last updated, as well as the categories of sources from which that Personal Information was collected, and the categories of third parties with whom we shared Personal Information. The examples of Personal Information provided for each category reflect each category’s statutory definition and may not reflect all of the specific types of Personal Information associated with each category.
    2. Use of Personal Information
      We collect, use, and disclose your Personal Information in accordance with the specific business and commercial purposes as described in Sections 3-5 of this Policy.
    3. Collection of Personal Information
      In the preceding twelve months since this notice was last updated, we have collected Personal Information from the following categories of sources:
      • You/Your Devices: You or your devices directly.
      • Users: Other users of our services.
      • Affiliates.
      • Analytics Providers.
      • OS/Platform Provider: Operating systems and platforms.
      • Social Networks.
      • Partners: Business partners.
    4. Disclosure of Personal Information
      As set forth in Section 5 of this Policy, we share your Personal Information with the following categories of third parties:
      • Affiliates.
      • Analytics Providers.
      • Vendors: Vendors and service providers.
      • Integrated Third Parties: Third parties integrated into our Services.
      • Third Parties as Legally Required: Third parties as required by law and similar disclosures.
      • Third Parties in Merger/Acquisition: Third parties in connection with a merger, sale, or asset transfer.
      • Third Parties with Consent: Other third parties for whom we have obtained your permission to disclose your Personal Information.
    5. Right to Know and Access
      You may submit a verifiable request for information regarding the: (i) categories of Personal Information collected, sold, or disclosed by us; (ii) purposes for which categories of Personal Information are collected or sold by us; (iii) categories of sources from which we collect Personal Information; (iv) categories of third parties with whom we disclosed or sold Personal Information; and (v) specific pieces of Personal Information we have collected about you during the past twelve months.
    6. Right to Delete
      Subject to certain exceptions, you may submit a verifiable request that we delete Personal Information about you that we have collected from you.
    7. Verification
      Requests for access to or deletion of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations. To verify your access or deletion request, we may request that you provide us with personal information that matches the identifying information that you have already provided to us.
    8. Authorizing an Agent
      To authorize an agent to make a request to know or delete on your behalf, please email us at privacy@curate.eco.
    9. Submit Requests
      To exercise your rights under the CCPA, click this the “Do not sell my Personal Information” link in the footer) or email datadeletions@curate.eco. Only you or an agent duly authorized to act on your behalf may submit verifiable consumer request related to your Personal Information. A verifiable consumer request must:
      • provide sufficient information that allows Curate to reasonably verify the requester’s identity; and
      • describe the request with sufficient detail that allows Curate to properly understand, evaluate, and respond to it.
    10. Right to Equal Service and Price
      You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights, subject to certain limitations. Curate may offer certain financial incentives to the extent permitted by the CCPA that result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive that is offered will reasonably relate to California consumers’ personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program would require prior opt in consent, which may be revoked at any time.
    11. Shine the Light
      California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California consumers to request certain information regarding Curate’s disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@curate.eco.
  12. COMPLAINTS
    If you have any questions, concerns or complaints relating to this privacy policy or Curate’s privacy/data protection practices, you are welcome to contact the Curate Data Protection Officer at the contact details listed in Section 1.
    You may also lodge complaints with the relevant supervisory authority, depending on your location.
  13. CHANGES
    Curate reserves the right to change this privacy policy from time to time in compliance with the legal requirements, for example to be compliant with new laws or to add new services.