Last updated: July 2022
If you are an EEA or UK customer, you can find the information relevant to you in section 13 of this policy.
1. Information We Collect
Personally Identifiable Information (“PII”): Subject to your specific knowledge and consent, we collect personally identifiable information that can identify you such as your name, address, social security number, telephone number, cell phone number, and email address.
Non-Personally Identifiable Information (“NPII”): We also collect demographic data, online activity data, and other information which could not be used to identify you.
PII and NPII are collectively referred to as “Information.”
2. How We Collect Information
Information Collected Automatically: We use third party server log analysis tools (such as Google Analytics) to gather statistics from your computer, mobile phone, or other access device regarding the Site’s usage, such as the number of hits received and errors experienced through browsers and platforms used to connect to our Site. The Site may place and/or store code or other types of information and/or devices (e.g., “cookies”) on your computer, mobile or other device (collectively “Local Device Storage”). We may use Local Device Storage for any lawful business purpose, including without limitation to determine which of our messages have been opened by recipients so we can gauge the effectiveness of marketing campaigns, to track usage patterns, the movements of individual users, and your geographic location, to help diagnose problems with our servers, to gather broad demographic information, to analyze trends, to conduct research, to deliver editorial content, to record registration and personalization information, and to otherwise administer the Site and/or Service.
The following are examples of information about you that we may collect whenever you visit the Site:
The Internet Protocol (IP) address and domain used. (The IP address is a unique numerical identifier assigned either to your Internet service provider or directly to your computer.)
Type of browser and operating system used
Device type and ID
Date and time of your visit to the Site
Web pages you visited
Actions you performed or attempted, including clickstream data
Codes that correspond to the status of your actions
The geographic location of the computer or mobile device you use to access the Site
We may also capture your email address when you enter it on one of our application forms, regardless of whether you submit the entire form
The above information is used to improve the content and/or layout of the Site. We do not sell or rent any information we collect automatically. We also do not share this information with third parties; provided, however, that we may share information with our service providers in order to process any Services you have requested or other everyday business purposes, such as fraud prevention. We may also engage in geo-tracking and/or geotagging activities.
In addition to Local Device Storage, we may use web beacons, web bugs, clear gifs, and similar technologies (collectively, together with Local Device Storage, the “Tracking Technologies”). We use Tracking Technologies for all or some of the same lawful business purposes we describe above for use of Local Device Storage.
Information You Provide to Us: We may collect, store, and use personal or financial information you provide to us when using the Site or our Services. This Information could be provided via an online form, over the phone, or via other means in which you interact with our Services. Financial information includes any information you have provided using the Site regarding your bank accounts, credit or debit cards, or other financial relationships or circumstances. We may use information you provide to:
process any Services you have requested;
for fraud prevention purposes;
to make the Site more useful and easier to use; and
for everyday purposes in operating our business.
We may share the information you provide with our service providers in connection with any of the foregoing uses. We do not sell or rent such information to third parties and, except as described in this paragraph, we do not share such information with third parties.
Information from Service Providers and other Third Parties: In the course of providing our Services, Information about you may be collected from third party service providers, such as contractors, social networks, credit bureaus, and other data vendors who have data on your financial profile or other demographic information. Any Information we collect through these sources is treated the same as Information we collect automatically and Information you provide to us.
3. How We Use Your Information
We may use your Information to:
Deliver the Services you requested and otherwise operate our business
Improve our Site and customize your experience
Improve customer service
Communicate with you about your online Curve account (“User Account”), credit requests, or other products or services that may be of interest to you
We may also use your Information for certain legal reasons. We reserve the right to access, use, preserve, transfer or disclose, at any time without notice to you, any Information (including PII) as reasonably necessary to:
Protect the rights, safety, and security of our Users, our Services or equipment, or any third party partner or service provider
Detect, prevent, investigate, or otherwise mitigate fraud, security or technical issues related to our Services or our business partners
Comply with any applicable law, regulation, subpoena or legal process; respond to any governmental requests; and/or cooperate with law enforcement, if we believe such action is required or permitted by law
4. Who Do We Share Your Information With?
Lending Partners: When you submit your Information to us on the Site, you agree that Curve may share your Information with these Network Partners so that they can provide or assist in providing the products or services you requested. The lending partners with whom we share your Information may retain or use your Information whether or not you buy their products or use their services. You should contact these Network Partners directly to learn about their own privacy and information sharing practices.
Curve Vendors and Contractors: To the extent necessary, we may share your Information with vendors that perform certain services on our behalf. Vendors may include, but are not limited to, credit and other types of data bureaus, marketing companies, business analysis firms, and technology providers. We may also share your Information with our partner contractors to the extent necessary to provide the Services offered through the Site.
When you publicly post information or content: We may provide opportunities on the Curve Site for you to publicly post reviews, comments, or other content, which may include Personal or User Profile Information, like your name or username. Please carefully consider what you decide to share in these public forums.
Other Situations: We may also disclose your Information in the following circumstances, at our sole discretion:
In response to a court order, subpoena, or similar investigative demand; a request for cooperation from a law enforcement agency, self-regulatory body, or other governmental agency; to establish or exercise our legal rights or defend against legal claims; or as we reasonably believe is required by law. In such cases, we may raise or waive any legal objection or right available to us.
In order to detect, prevent, or otherwise address security or technical issues related to our Services or the services of our Providers or other partners.
In connection with state and/or federal licensing and registration requirements which may require the reporting of Information from loan inquiries we receive from you. You authorize Curve to obtain any and all required information from Providers whose products or services you have purchased in order for us to comply with current laws and regulations, as well as with any requests from state or federal regulators. This information could include, but is not limited to, the terms of the loan you selected.
In connection with a corporate transaction, such as a sale, divestiture, merger, consolidation, asset sale, or bankruptcy of Curve or any entity, brand or division thereof.
We may share NPII with third parties, at our sole discretion.
There may also be certain situations in which we share your PII after receiving your express consent.
5. Interest-Based and Third-Party Advertising
Disclosure Regarding Google Analytics Tracking and Advertising Features: In addition to services from other analytics and advertising vendors, we use Google Analytics to analyze traffic on the Site. Google Analytics collects data including details about your web browser and the computer you use to access our Site, such as the hostname, browser type, referrer, language, and screen resolution. Google Analytics also sets and reads first-party cookies to obtain user session and ad campaign information from your page request.
Google provides users an opportunity to opt-out of Google Analytics Features through Google Ads Settings and their web browser opt-out plugin (https://tools.google.com/dlpage/gaoptout/). For additional information on opting out of interest-based ads by Google, please visit https://support.google.com/ads/answer/2662922?hl=en&ref_topic=2941003.
Do Not Track Signals: Our Site does not currently respond to automated signals regarding online tracking, such as “do not track” instructions from your web browser. Please note that blocking cookies may affect your browsing experience on the internet, and may limit your use of certain parts of our Services, including many of the personalized offers and other customized features we may provide.
Other Third-Party Content: We may display other third-party content or links to third-party websites or applications on the Curve Site. Such content could include features that allow you to connect your Curve User Account with your social media, financial institution, and other third-party accounts. Please be advised that when you leave our Services or interact with a third-party feature, you should read the applicable privacy policies and terms of service of those parties so that you understand their own information collection and sharing practices.
6. Accessing and Updating Your Information on the Site
You are responsible for maintaining the accuracy of the information you provide to us, such as your User Profile information.
7. Deactivating Your User Account
If you decide you no longer want to use our Services, you can deactivate your User Account by contacting our Customer Care Department by email at firstname.lastname@example.org or by calling us at 855-501-2350.
Due to regulatory recordkeeping and information retention requirements, we do not delete your Information when you deactivate your User Account. We will, however, disable your account and stop sending you communications.
8. How We Protect Your Information
We maintain what we believe to be industry standard technical, physical and administrative security procedures and practices to protect your PII against unauthorized access, disclosure, destruction, use, alteration, or disclosure. We use encryption in the transmission of your Information between your system and ours, and we use firewalls and other intrusion detection and prevention controls to help prevent unauthorized persons from gaining access to your Information. We require any service providers that may have access to your PII to implement and maintain industry standard security procedures and practices. We also require employees to comply with information security safeguards.
Because no data transmission is completely secure, and no system of physical or electronic security is impenetrable, however, we cannot guarantee the security of the information you send to us or the security of our servers, networks or databases, and by using the Service you agree to assume all risk in connection with the information sent to us or collected by us when you access, visit and/or use the Service, including without limitation your personally identifiable information or other information, and we are not responsible for any loss of such information or the consequences thereof.
Moreover, if you elect to store information, such as your personally identifiable information or other user account information, where others may access it, we are not responsible for any loss of such information or the consequences thereof. If you lose a computer, mobile or other device, or it is stolen, that contains your personally identifiable information or other information, it is up to you to take all the steps necessary to protect yourself.
In the unlikely event that we believe that the security of your information in our possession or control may have been compromised, we may seek to notify you. If notification is appropriate, we may notify you via your computer, mobile or other device.
If you are, or believe you have become, a victim of identity theft, or if you become aware that your personal information has been compromised, you may want to contact one of the three nationwide credit reporting agencies identified below to report possible fraudulent activity under your name and learn more about fraud alerts and security freezes that you can place on your credit reports, your right to obtain a free copy of your credit report from each of the credit reporting agencies, and other preventive measures you can take now to help detect and prevent the improper use of your information:
P. O. Box 105788, Atlanta, GA 30348
P. O. Box 9554, Allen, TX 75013
P. O. Box 6790, Fullerton, CA 92834-6790
You may also visit the website of the Federal Trade Commission at https://www.identitytheft.gov for free information to help you guard against identity theft and for guidance on the recovery steps you can take if you have been the victim of identity theft, including information on how to file an identity theft complaint.
Compliance with Children’s Online Privacy Protection Rule
We do not knowingly collect, use, or disclose PII from anyone under the age of 18. If we determine that a User is under this age, we will not use or maintain their PII without consent from a parent or guardian. If we become aware that we have collected PII from a child under the age of 18, we will make reasonable efforts to delete such information from our systems and records.
9. California Consumer Privacy Act
If you are a California resident, the CCPA provides you certain rights and choices regarding how we collect, share, use, and protect your “personal information” and how you can exercise those rights. The CCPA defines “personal information” as information that identifies, relates to, describes, or is reasonably capable of being associated with, or could reasonably be linked, directly, or indirectly, with a particular consumer or household.
This CCPA Notice does not apply to the personal information we collect, use or disclose about consumers who initiate or complete the process of applying for financial products. Such information is subject to the Gramm-Leach-Bliley Act, or other federal privacy regulations, and is in our Financial Privacy Notice which can be accessed here.
To the extent that we collect “personal information” that is subject to the CCPA, that information, our practices, and your rights are described below.
Categories of Personal Information:
Identifiers: Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers
Customer records information: Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, other financial information, medical information, health insurance information
Biometric information: Hair color, eye color, fingerprints, height, retina scans, facial recognition, voice, and other biometric data
Internet or other electronic network activity information: Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement
You can ask us to delete the personal information that we collected or maintain about you. We are required to verify your identity before we can act on your request. We may have a reason under law why we do not have to comply with your request or why we may comply with it in a more limited way that you anticipated. If so, we will explain that to you in our response.
11. How to Submit a Request
To exercise rights described above, please submit a verifiable consumer request to us by either calling us at 855-501-2350 or emailing us at email@example.com. You may only make a verifiable consumer request twice within a 12 (twelve) month period.
Making a verifiable consumer request does not require you to open an account with us. We must be able to verify your identity or authority to make the request and confirm the personal information relates to you. We will only use information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We require that you and the individual complete notarized affidavits to verify the identity of the authorized agent and confirm that you have authorized that person to act on your behalf.
We will try and respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period, not to exceed 90 days, in writing. Any disclosure we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. We do not charge a fee to process or respond to your verifiable consumer request.
12. Nevada Residents
Nevada Residents: Nevada residents have the right to opt out of the sale of certain pieces of their information. We do not sell “personal information” of Nevada residents, but, if you are a Nevada resident who has questions or who wants to make this type of request, please send your email to firstname.lastname@example.org
13. For EEA & UK Residents
If you are an EEA or UK Curve customer who has chosen to enroll in a rewards program offered by Curve, US we will control your personal data relating to such rewards program(s).
The Data We Process
As a data controller, we process the following personal data for the outlined purposes, in accordance with the General Data Protection Regulation (“GDPR”);
Your full name, email address and home address. We must process your name, email address and home address in order to process your account information and provide you with your Crypto Rewards. We may also process your email address in order to send you marketing communications relating to Crypto Rewards.
Transaction History. We must process your transaction history so we can calculate the rewards you’ve earned and exchange such rewards to Cryptocurrency in order to update your account accordingly.
Crypto Wallet Balance. We must process your Crypto wallet balance so we can show you the amount(s) you’ve earned and continue to provide with Crypto Rewards.
Passport, National ID or Drivers’ Licence. Curve, US must collect this information and provide it to Zero Hash, as Zero Hash must comply with relevant legal obligations to verify the identity of customers it is purchasing Cryptocurrency on behalf of.
Your Crypto Rewards queries / complaints. Curve US provides Crypto Rewards and therefore our Customer Experience Team handles your queries or complaints in relation to Crypto Rewards.
Our Lawful Basis
In accordance with Article 6 (1)(F) of the GDPR, Curve, US has a lawful basis to process this personal data. This processing is necessary for ours and Zero Hash’s legitimate interests to provide customers with Crypto Rewards, where they choose to opt into this program. This processing is necessary and proportionate, as it is required to exchange customers’ rewards into Cryptocurrency.
We receive your personal data from Curve Europe UAB or Curve UK Limited, depending on the original data controller. We share your personal data with a number of third party service providers;
Zero Hash. We share this data (including identification data) with Zero Hash, in order for them to lawfully establish a crypto wallet and exchange cash rewards to Cryptocurrency for Curve customers who’ve opted into this program.
Onfido. We share your proof of identification with Onfido as they are our trusted third party provider who securely assess and store such identification on behalf of Curve.
Curve UK Limited (Curve UK). We share this data with Curve UK to ensure UK customers’ accounts contain accurate data and Curve’s overall offering can be provided effectively. We also rely on Curve UK for a number of services, such as cloud storage.
Curve Europe UAB (Curve Europe). We share this data with Curve Europe if the customer is an EEA customer whose personal data is otherwise controlled by Curve Europe. This is to ensure customers’ accounts contain accurate data and Curve’s overall offering can be provided effectively by Curve Europe.
We receive the personal data of EEA & UK data subjects from Curve’s UK and Europe entities respectively in accordance with the European Commission’s approved standard contractual clauses and / or the UK equivalent.
We may transfer this personal data to organisations outside of the EEA & UK. In the event we perform such transfers, we do so lawfully and in accordance with Article 46 of the GDPR.
The period for which we retain data about you will depend on:
the purposes for which the data was collected,
whether you have requested deletion of the data, and;
whether we have a legal or regulatory obligation to retain the data.
We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected. We may keep your personal data for a longer period where it is necessary for legal, regulatory or operational purposes.
In accordance with the GDPR, you have rights over your personal data.
Access the personal data we process about you.
Rectify your personal data by asking us to correct it for you.
Delete your data, by asking us to delete it. There are times when we may not be able to delete data for legal purposes.
Restrict or object to our processing of your data for direct marketing.
Withdraw any consent you’ve given us to use your personal data in a specific way.
Request a review of any automated decision made by technology. NB: we do not currently use your personal data for automated decision making or profiling.
If you want to do any of the above, please contact us at email@example.com and provide as much information as possible about your request.
We have one month to respond unless your request is complicated, in which case we may need more time. If that’s the case, we’ll let you know.
This is almost always free but we’re allowed to charge a reasonable fee or refuse your request if it’s clearly unfounded, repetitive or excessive.
Our representative in Europe is Curve Europe UAB, whose Data Protection Officer can be contacted at DPO@imaginecurve.com.
Should you wish to make a complaint regarding our processing of your personal data or another general data protection matter, we urge you to contact our Data Protection Officer in the first instance. They will work to assist and resolve any such complaints as quickly as possible.
Alternatively, you have the right to lodge a complaint with a data protection supervisory authority. The Information Commissioner’s Office (UK) and the Lithuanian State Data Protection Inspectorate (EU) are Curve’s Lead Supervisory Authorities under the GDPR.
How to Contact Us
What Does Curve Do With Your Personal Information
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
■ Social Security number and income
■ account balances and payment history
■ credit history and credit scores
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons we choose to share; and whether you can limit this sharing.
Reasons we can share your personal information that we DO share and you CANNOT limit this sharing -
For our everyday business purposes— such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
For our marketing purposes— to offer our products and services to you
For joint marketing with other financial companies
For our affiliates’ everyday business purposes — information about your transactions and experiences
For our affiliates’ everyday business purposes — information about your creditworthiness
Reasons we can share your personal information that we DO share and you CAN limit this sharing -
For our affiliates to market to you
For nonaffiliates to market to you
To limit our sharing
Email us at firstname.lastname@example.org
Call us at 855-501-2350
If you are a new customer, we can begin sharing your information the same day that we send this notice. When you are no longer our customer, we continue to share your information as described in this notice.
However, you can contact us at any time to limit our sharing.
Contact us at email@example.com or go to Curve.com
Who is providing this notice?
Curve US, Inc., and Hatch Bank
What we do
How does Curve protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures include computer safeguards and secured files and buildings.
How does Curve collect my personal information?
We collect your personal information, for example, when you:
Applying for an account or apply for a loan
show us your driver’s license or government-issued ID or other form of KYC
give us income information, wage statements, or bank account data
We also collect your personal information from credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only
sharing for affiliates’ everyday business purposes— information about your creditworthiness
affiliates from using your information to market to you
sharing with nonaffiliates who market to you
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
We share information with Curve OS Ltd, under a formal agreement to provide operational support for Curve USA Inc.’s products issued by Hatch Bank
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
■ Non-affiliates we share with can include companies such as retailers and membership clubs
Other Important Information
CA: We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with California privacy law.
VT: We will not share your information with companies outside of Curve, except as permitted by law or as authorized by you. We will not disclose credit information about you with our affiliates except with your consent or as required or permitted by law.