This privacy statement discloses the privacy practices for Curo Compensation Ltd (“Curo”, “our”, “us” and “we”) and associated CuroComp Service offering.
We want to demonstrate our commitment to your privacy and we have agreed to disclose our information practices. We agree to notify you of:
- What personally identifiable information of yours or third party personally identification is collected from you through our websites.
- The organization collecting the information.
- How the information is used.
- With whom the information may be shared.
- The choices available to you regarding collection, use and distribution of the information.
- The security procedures that are in place to protect the loss, misuse or alteration of information under our control.
- How you can correct any inaccuracies in the information.
The following discloses our information gathering and dissemination practices for the website that you have accessed and our services, as described in our Master Service Agreement (“MSA”, “Service” or “Services”).
Our Information Practices
We collect, use and disclose the following categories of information in the following ways, subject to the Exceptions section, which follows below:
Company Contact Information
When customers and prospective customers contract for Services or inquire about our Services, we ask them to provide us with company contact information, some examples of which are the company’s name, address, number of employees and industry classification. We use company contact information to provide information to customers and prospective customers regarding our Services and to maintain a record of inquiries regarding our Services. We will also send customers and prospective customers email messages using company contact information in the following circumstances:
- Welcoming customers to our Service;
- Explaining the new features of our Service as our Service develops and grows;
- Notifying customers and prospective customers of Service promotions; and
- Communication with customers about their use of our Service.
When our employer customers utilise our Services to manage and communicate employee information on behalf of their employees, they provide us with information typically provided by an employee to an employer’s human resources and/or payroll departments. Such information often includes, but is not limited to, the employee’s title, name, address, social security number, date-of-hire, job details and both salary and bonus history. We utilise this information provided to deliver Services to our employer customers and their employees.
Unless directed by our customers, we do not share employee information provided by our customers with anyone. When directed by our customers, we communicate company employee information to third party service providers such as payroll service bureaus and potentially 3rd party administrators, among others.
We may also aggregate employee information from multiple employer customers to perform analyses. When used to perform such analyses, information provided by an employer customer or its employees is never disclosed in a level of detail sufficient to permit the identification of any individual employer customer or individual employee record.
Our Service requires users to provide us with login identification and a password, which we will use to verify your identity and for our internal use in maintaining your customer account.
Referencing Web Site
If a prospective customer is referred to us from a third party with whom we have a business referral relationship; we collect the name and URL of the referring web site to facilitate the business referral relationship with the referring third party.
We gather user IP addresses when customers and their employees use our Service and websites. We use IP addresses to help diagnose possible Service interruptions and administer our Service and websites. We also use IP addresses to analyse trends, administer the site, track users’ movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Service Activity Logging
Our application has the capability to monitor, audit and log all of your actions while using our Service. We utilize this information to understand the use of our Services to diagnose problems and enhance the features and functionality of our Service. Such information may be shared with our employer customers with respect to their individual employee users.
Except as described above, we will not otherwise use or disclose any personally identifiable customer or employee information, except to the extent reasonably necessary:
- To correct technical problems and to technically process your information;
- To protect the security and integrity of our websites and Service, including without limitation to enforce our Master Service Agreement with you;
- To protect our rights and property and the rights and property of others;
- To take precautions against liability;
- To respond to claims that your information violates the rights or interests of third parties;
- To the extent required by law or to respond to judicial process; or
- To the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety, as applicable.
- You understand and agree that technical processing of your information is and may be required (a) to send and receive messages in your use of the Service; (b) to conform to the technical requirements of connecting networks; (c) to conform to the limitations of our Service; and (d) to conform to other, similar technical requirements.
Storage of Information
We store customer and prospective customer information for up to seven (7) years for business purposes. We store employee information during the term of a customer’s Master Service Agreement. Upon termination of such Master Service Agreement, all customer and associated employee information is automatically deleted from our Service and underlying systems.
Links to Other Web sites
Our websites may contain links to other external websites. We are not responsible for the privacy practices or the content of other such external websites.
Security Our websites use next generation threat protection firewall technology as a standard security measure to prevent the loss, misuse and alteration of the information under our control. Our servers are located in a high security and high availability co-location facility professionally managed by a third party vendor, certified to ISO 27001 standards. The servers that we store personally identifiable information on are kept in a secure environment, within dedicated locked cages.
Curo takes every precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected both online and off-line.
When you type data in to any of our pages, that information is encrypted and is protected with industry standard encryption software. Insecure and weak encryption ciphers and protocols are explicitly disabled to enforce the strongest possible security controls.
While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user information off-line. All of our users’ information is restricted in our offices. Only employees who need the information to perform a specific job are granted access to personally identifiable information. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information. Furthermore, ALL employees are kept up-todate on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers’ information is protected.
Cookies are very small text files that are stored on your computer when you visit some websites, including ours.
JESSIONID PHPSESSID Essential for the system to recognise you and provide continued authorisation to use our Services.
_utmx These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. These cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited.
You can set your browser to reject all cookies, but please note that this may stop our Service from functioning properly.
Notification of Changes
Chief Information Security Officer (CISO)
Curo Compensation Ltd
2nd Floor, Playfair House
6 Broughton Street Lane
Edinburgh, EH1 3LY