Skip to content

    Data Protection Policy

    Data Protection Policy

    This Data Protection Policy outlines the commitment of Kurve Marketing Ltd (trading as "Kurve") to protect personal data and ensure compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    Kurve Marketing Ltd is a company incorporated in England and Wales under company number 15987136, with its registered office at Unit 4.07, The Tea Building, 56 Shoreditch High Street, London, England, E1 6JJ, United Kingdom.

    Website: https://kurve.co.uk

    This policy applies to all employees, contractors, consultants, temporary staff, and third parties working for or on behalf of Kurve. It sets out the rules for data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer, and store personal data.

    1. Definitions

    • Personal Data: Any information relating to an identified or identifiable natural person.
    • Processing: Any operation or set of operations performed on personal data, including collection, storage, retrieval, use, disclosure, deletion, or destruction.
    • Data Controller: The organisation that determines the purposes and means of processing personal data. Kurve acts as a Data Controller in relation to its own business operations and client relationships.
    • Data Processor: A third party that processes personal data on behalf of a Data Controller.

    2. Data Protection Principles

    Anyone processing personal data on behalf of Kurve must ensure that personal data is:

    • Processed lawfully, fairly and transparently.
    • Collected only for specified, explicit and legitimate purposes.
    • Adequate, relevant and limited to what is necessary.
    • Accurate and kept up to date where necessary.
    • Retained only for as long as necessary.
    • Processed securely using appropriate technical and organisational measures.

    3. Lawful Basis for Processing

    Kurve only processes personal data where a lawful basis exists under the UK GDPR. These may include:

    • Consent
    • Performance of a contract
    • Compliance with legal obligations
    • Legitimate interests

    4. Data Subject Rights

    Individuals whose data we process have rights under the UK GDPR, including:

    • The right to be informed
    • The right of access
    • The right to rectification
    • The right to erasure
    • The right to restrict processing
    • The right to data portability
    • The right to object
    • Rights relating to automated decision-making and profiling

    Any requests relating to personal data should be directed to: help@kurve.co.uk

    5. Data Security and Storage

    Kurve is committed to maintaining appropriate technical and organisational security measures to protect personal data and confidential information.

    • Access to personal data is restricted to authorised personnel only.
    • Strong passwords and multifactor authentication (MFA) should be used wherever available.
    • Personal data should not be stored on unsecured local devices or personal systems.
    • Data is primarily stored within secure cloud infrastructure and operational systems used by Kurve.
    • When data is no longer required, it should be securely deleted or anonymised where appropriate.

    6. Data Breaches

    A personal data breach includes accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

    Any suspected data breach must be reported immediately to management.

    Where legally required, Kurve will notify the Information Commissioner’s Office (ICO) within the applicable statutory timeframe.

    7. Third-Party Processors

    Kurve may use third-party providers including cloud infrastructure providers, analytics tools, CRM systems, communication tools, AI tooling, and operational software providers.

    Where appropriate, Kurve will ensure that suitable contractual protections and data processing agreements are in place with relevant third parties.

    8. Compliance and Accountability

    Kurve is responsible for demonstrating compliance with applicable data protection laws and maintaining appropriate internal procedures and safeguards.

    This policy may be reviewed and updated periodically to reflect changes in operational processes, legal requirements, or technology infrastructure.

    Failure by staff or contractors to comply with this policy may result in disciplinary action or termination of engagement.

    For any questions regarding this policy, please contact: help@kurve.co.uk