Privacy Policy
Last updated: January 3rd 2026
Version: 1.3
Curaley Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Curaley Limited is a company registered in the United Kingdom, providing Software as a Service (SaaS) solutions to clients.
As a data controller: We determine how and why we process personal data relating to our own business operations (such as our clients, website visitors, and staff).
As a data processor: We process personal data on behalf of our clients, such as their prospects’ and customers’ data, to enable content sharing via our platform.
If you have any questions about this policy, please contact us (see Section 13).
What Personal Data We Collect
As a data controller, we may collect:
Identification data (e.g., name, email address, company name)
Contact details (e.g., phone number, business address)
Account credentials (e.g., username, password)
Payment information (e.g., billing address, payment card details)
Usage data (e.g., IP address, device information, access logs)
Communication records (e.g., support tickets, emails)
Marketing preferences
As a data processor, we process on behalf of our clients:
Prospects’ and customers’ contact details (e.g., name, job title, email address)
Any other data clients upload to the platform for content sharing
Metadata related to content delivery and engagement
Children’s Data:
Our services are not intended for children under 16 years of age and we do not knowingly collect data relating to children. If you believe we have collected such data, please contact us immediately.
Lawful Basis for Processing
We process your personal data under the following lawful bases:
Contractual necessity: To perform our contract with you or to take steps at your request before entering into a contract.
Legitimate interests: For our legitimate business interests, provided these are not overridden by your rights and interests.
Legal obligation: To comply with applicable laws and regulations.
Consent: Where you have given clear consent for processing (e.g., for marketing communications).
As a data processor, we process data strictly on the instructions of our clients (the data controllers), who are responsible for ensuring a lawful basis for their processing activities.
How We Use Your Data
As a controller, we use your data to:
Provide, operate, and maintain our platform and services
Manage your account and provide customer support
Communicate with you about updates, security, and relevant information
Send marketing communications (where permitted)
Improve our services and user experience
Comply with legal and regulatory obligations
As a processor, we use data only to:
Enable our clients to share content with their prospects and customers via our platform
Support our clients in managing and tracking their content sharing activities
Fulfil our contractual obligations to clients
Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals. If this changes, we will update this policy and notify affected individuals.
Data Sharing and Disclosure
We may share your data with:
Sub-processors: Trusted third-party service providers (e.g., cloud hosting, support, analytics) who process data on our behalf under strict contractual terms.
Clients: Data uploaded by clients remains under their control; we do not use this data for our own purposes.
Legal or regulatory authorities: Where required by law, regulation, or court order.
Professional advisers: Such as lawyers, accountants, or auditors, where necessary.
We do not sell your personal data.
International Data Transfers
If we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:
UK International Data Transfer Agreements (IDTAs)
Standard Contractual Clauses (SCCs)
Transfers to countries deemed adequate by the UK Government
You may request further information or a copy of these safeguards by contacting us.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law.
Controller data: Retained for the duration of your relationship with us and as required for legal or regulatory purposes.
Processor data: Retained in accordance with our contract with the client; deleted or returned upon client request or termination of service.
Data Security
We implement appropriate technical and organisational measures to protect your data, including:
Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments and staff training
Incident and breach response procedures
Data Breach Notification
In the unlikely event of a data breach, we will:
Notify affected clients and/or individuals without undue delay, where required by law
Cooperate with the Information Commissioner’s Office (ICO) and other relevant authorities as necessary
Your Rights
Under the UK GDPR, you have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Erase your data (“right to be forgotten”)
Restrict or object to processing
Data portability (to receive your data in a structured, commonly used format)
Withdraw consent at any time (where processing is based on consent)
Not be subject to automated decision-making (where applicable)
To exercise your rights:
Please contact us using the details in Section 13. We may need to verify your identity before responding. We aim to respond within one month.
For data we process on behalf of clients:
Please direct your request to the relevant client (the data controller). We will support our clients in responding to such requests.
Complaints
If you have concerns about how we handle your personal data, please contact us first so we can address your concerns.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: https://ico.org.uk/
Helpline: 0303 123 1113
Data Protection Officer
We are not required to appoint a Data Protection Officer (DPO) to oversee our data protection compliance, however the directors of Curaley are the primary point of contact.
Contact:
Email: mc@curaley.com
Address :
Ashton,
Hillbrow Road,
Esher,
England, KT10 9UD
Last updated: January 3rd 2026
Version: 1.3
Curaley Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Curaley Limited is a company registered in the United Kingdom, providing Software as a Service (SaaS) solutions to clients.
As a data controller: We determine how and why we process personal data relating to our own business operations (such as our clients, website visitors, and staff).
As a data processor: We process personal data on behalf of our clients, such as their prospects’ and customers’ data, to enable content sharing via our platform.
If you have any questions about this policy, please contact us (see Section 13).
What Personal Data We Collect
As a data controller, we may collect:
Identification data (e.g., name, email address, company name)
Contact details (e.g., phone number, business address)
Account credentials (e.g., username, password)
Payment information (e.g., billing address, payment card details)
Usage data (e.g., IP address, device information, access logs)
Communication records (e.g., support tickets, emails)
Marketing preferences
As a data processor, we process on behalf of our clients:
Prospects’ and customers’ contact details (e.g., name, job title, email address)
Any other data clients upload to the platform for content sharing
Metadata related to content delivery and engagement
Children’s Data:
Our services are not intended for children under 16 years of age and we do not knowingly collect data relating to children. If you believe we have collected such data, please contact us immediately.
Lawful Basis for Processing
We process your personal data under the following lawful bases:
Contractual necessity: To perform our contract with you or to take steps at your request before entering into a contract.
Legitimate interests: For our legitimate business interests, provided these are not overridden by your rights and interests.
Legal obligation: To comply with applicable laws and regulations.
Consent: Where you have given clear consent for processing (e.g., for marketing communications).
As a data processor, we process data strictly on the instructions of our clients (the data controllers), who are responsible for ensuring a lawful basis for their processing activities.
How We Use Your Data
As a controller, we use your data to:
Provide, operate, and maintain our platform and services
Manage your account and provide customer support
Communicate with you about updates, security, and relevant information
Send marketing communications (where permitted)
Improve our services and user experience
Comply with legal and regulatory obligations
As a processor, we use data only to:
Enable our clients to share content with their prospects and customers via our platform
Support our clients in managing and tracking their content sharing activities
Fulfil our contractual obligations to clients
Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals. If this changes, we will update this policy and notify affected individuals.
Data Sharing and Disclosure
We may share your data with:
Sub-processors: Trusted third-party service providers (e.g., cloud hosting, support, analytics) who process data on our behalf under strict contractual terms.
Clients: Data uploaded by clients remains under their control; we do not use this data for our own purposes.
Legal or regulatory authorities: Where required by law, regulation, or court order.
Professional advisers: Such as lawyers, accountants, or auditors, where necessary.
We do not sell your personal data.
International Data Transfers
If we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:
UK International Data Transfer Agreements (IDTAs)
Standard Contractual Clauses (SCCs)
Transfers to countries deemed adequate by the UK Government
You may request further information or a copy of these safeguards by contacting us.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law.
Controller data: Retained for the duration of your relationship with us and as required for legal or regulatory purposes.
Processor data: Retained in accordance with our contract with the client; deleted or returned upon client request or termination of service.
Data Security
We implement appropriate technical and organisational measures to protect your data, including:
Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments and staff training
Incident and breach response procedures
Data Breach Notification
In the unlikely event of a data breach, we will:
Notify affected clients and/or individuals without undue delay, where required by law
Cooperate with the Information Commissioner’s Office (ICO) and other relevant authorities as necessary
Your Rights
Under the UK GDPR, you have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Erase your data (“right to be forgotten”)
Restrict or object to processing
Data portability (to receive your data in a structured, commonly used format)
Withdraw consent at any time (where processing is based on consent)
Not be subject to automated decision-making (where applicable)
To exercise your rights:
Please contact us using the details in Section 13. We may need to verify your identity before responding. We aim to respond within one month.
For data we process on behalf of clients:
Please direct your request to the relevant client (the data controller). We will support our clients in responding to such requests.
Complaints
If you have concerns about how we handle your personal data, please contact us first so we can address your concerns.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: https://ico.org.uk/
Helpline: 0303 123 1113
Data Protection Officer
We are not required to appoint a Data Protection Officer (DPO) to oversee our data protection compliance, however the directors of Curaley are the primary point of contact.
Contact:
Email: mc@curaley.com
Address :
Ashton,
Hillbrow Road,
Esher,
England, KT10 9UD
Last updated: January 3rd 2026
Version: 1.3
Curaley Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Curaley Limited is a company registered in the United Kingdom, providing Software as a Service (SaaS) solutions to clients.
As a data controller: We determine how and why we process personal data relating to our own business operations (such as our clients, website visitors, and staff).
As a data processor: We process personal data on behalf of our clients, such as their prospects’ and customers’ data, to enable content sharing via our platform.
If you have any questions about this policy, please contact us (see Section 13).
What Personal Data We Collect
As a data controller, we may collect:
Identification data (e.g., name, email address, company name)
Contact details (e.g., phone number, business address)
Account credentials (e.g., username, password)
Payment information (e.g., billing address, payment card details)
Usage data (e.g., IP address, device information, access logs)
Communication records (e.g., support tickets, emails)
Marketing preferences
As a data processor, we process on behalf of our clients:
Prospects’ and customers’ contact details (e.g., name, job title, email address)
Any other data clients upload to the platform for content sharing
Metadata related to content delivery and engagement
Children’s Data:
Our services are not intended for children under 16 years of age and we do not knowingly collect data relating to children. If you believe we have collected such data, please contact us immediately.
Lawful Basis for Processing
We process your personal data under the following lawful bases:
Contractual necessity: To perform our contract with you or to take steps at your request before entering into a contract.
Legitimate interests: For our legitimate business interests, provided these are not overridden by your rights and interests.
Legal obligation: To comply with applicable laws and regulations.
Consent: Where you have given clear consent for processing (e.g., for marketing communications).
As a data processor, we process data strictly on the instructions of our clients (the data controllers), who are responsible for ensuring a lawful basis for their processing activities.
How We Use Your Data
As a controller, we use your data to:
Provide, operate, and maintain our platform and services
Manage your account and provide customer support
Communicate with you about updates, security, and relevant information
Send marketing communications (where permitted)
Improve our services and user experience
Comply with legal and regulatory obligations
As a processor, we use data only to:
Enable our clients to share content with their prospects and customers via our platform
Support our clients in managing and tracking their content sharing activities
Fulfil our contractual obligations to clients
Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals. If this changes, we will update this policy and notify affected individuals.
Data Sharing and Disclosure
We may share your data with:
Sub-processors: Trusted third-party service providers (e.g., cloud hosting, support, analytics) who process data on our behalf under strict contractual terms.
Clients: Data uploaded by clients remains under their control; we do not use this data for our own purposes.
Legal or regulatory authorities: Where required by law, regulation, or court order.
Professional advisers: Such as lawyers, accountants, or auditors, where necessary.
We do not sell your personal data.
International Data Transfers
If we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:
UK International Data Transfer Agreements (IDTAs)
Standard Contractual Clauses (SCCs)
Transfers to countries deemed adequate by the UK Government
You may request further information or a copy of these safeguards by contacting us.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law.
Controller data: Retained for the duration of your relationship with us and as required for legal or regulatory purposes.
Processor data: Retained in accordance with our contract with the client; deleted or returned upon client request or termination of service.
Data Security
We implement appropriate technical and organisational measures to protect your data, including:
Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments and staff training
Incident and breach response procedures
Data Breach Notification
In the unlikely event of a data breach, we will:
Notify affected clients and/or individuals without undue delay, where required by law
Cooperate with the Information Commissioner’s Office (ICO) and other relevant authorities as necessary
Your Rights
Under the UK GDPR, you have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Erase your data (“right to be forgotten”)
Restrict or object to processing
Data portability (to receive your data in a structured, commonly used format)
Withdraw consent at any time (where processing is based on consent)
Not be subject to automated decision-making (where applicable)
To exercise your rights:
Please contact us using the details in Section 13. We may need to verify your identity before responding. We aim to respond within one month.
For data we process on behalf of clients:
Please direct your request to the relevant client (the data controller). We will support our clients in responding to such requests.
Complaints
If you have concerns about how we handle your personal data, please contact us first so we can address your concerns.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: https://ico.org.uk/
Helpline: 0303 123 1113
Data Protection Officer
We are not required to appoint a Data Protection Officer (DPO) to oversee our data protection compliance, however the directors of Curaley are the primary point of contact.
Contact:
Email: mc@curaley.com
Address :
Ashton,
Hillbrow Road,
Esher,
England, KT10 9UD
Curaley allows you to go further together
© Curaley Ltd — 2025. All rights reserved.
Contact
hello@curaley.com
Company details
16369305
Ashton, Hillbrow Road,
Esher, England, KT10 9UD
Curaley allows you to go further together
Contact
hello@curaley.com
Company details
16369305
Ashton, Hillbrow Road,
Esher, England, KT10 9UD
© Curaley Ltd — 2025. All rights reserved.