Get Curve Pay

Curve UK & EEA Privacy Policy

Version 5 - Published 9 May 2025

At Curve, we’re committed to protecting your data. This privacy policy describes what data we process about you, what we do with it and why. 

Curve is made up of more than one company. The company you’ll have a relationship with is dependent on where you’re based. We’ll tell you who you have a relationship with when you first sign up for or use a Curve product or service; this Curve company will be the ‘controller’ of your personal data. In short:

  • Curve UK Limited (UK) controls your data if you’re based in the United Kingdom (UK).

  • Curve Europe UAB (Lithuania) controls your data if you’re based in the European Economic Area (EEA).

  • Curve Credit Limited (UK) controls your data if you use our credit services in the UK.

  • Thackeray DAC (Ireland) may process your data if you’re based in the EEA  as the merchant on record.

  • Curve Netherlands B.V. (Netherlands) may process your data if you’re based in the EEA as the merchant on record. 

  • Curve US, Inc. (US) is our US company. If you’re based in the US, this policy is not applicable. You can find the Curve US privacy policy here, which provides you with transparent information on  data processing.

  1. What data do we process about you?

Type of personal data:

Details:

Identity Data

  • Full name

  • Date of birth

  • Gender

  • Identification documents (for example your passport) and any other information you provide to prove you are eligible to use our services)

  • Your image and facial scan data as extracted from your image (known as ‘biometric data’) for Know-Your-Customer checks

  • Employment status and industry

Financial Data

  • Details of the payment source(s) added to your Curve Wallet (including card number, expiry date, CVV number, name and billing address) 

  • Curve Card data (including card number, expiry date, CVV number, name and billing address)

  • Details of your credit history held by credit reference agencies, and any other information you provide when you apply for credit (for example, your income)

  • Data from accounts you hold with third party financial institutions (e.g. when you activate the Open Banking permissions, which may be used for our credit checks) 

Contact Data

  • Home address

  • Shipping address

  • Billing address

  • Email address

  • Mobile number

Transaction Data

  • Information about your transactions

  • Information about rewards

  • Information about your purchases

Device Data

  • Internet Protocol (IP) address, browser type, time zone setting

  • Model of your phone or mobile device

  • Geo-location

  • Information about your visit on our website or the Curve Wallet, including what you have clicked on, what you viewed and for how long and other page interaction information (such as scrolling and clicks)

Profile Data

  • Records of our discussions (including records of phone calls)

  • Communication preferences

  • Social media handles

  • Feedback

  • Survey / questionnaire responses

  1. How do we obtain your data? 

From direct interactions we have with you and information you give us, including:

  • Creation of a Curve Account

  • Use of one of our products or services, including giving us access to your other financial accounts through Open Banking permissions 

  • Participation in any of our competition or rewards programs, including on social media

  • Subscription to marketing

  • Contacting Curve, for example when speaking to our customer support team or reaching out to us via social media

  • Providing feedback and responses to our surveys

From our automatic collection due to your use of our products and services, including:

  • Technical data from your electronic devices, browsing actions and patterns when you use our website or access your Curve Wallet. This is usually collected using cookies, server logs and similar technologies.

  • Information on transactions and your use of the Curve Wallet, including the date, time, amount, currency and location of your transactions. 

From third parties or publicly available information, including: 

  • Analytics providers

  • Payment service providers and third party digital wallet providers

  • Customer service providers

  • Electoral register

  • Governmental agencies

  • Financial crime prevention agencies

  • Credit reference agencies

  • Regulatory bodies

  • Social media websites or apps

  • Intermediaries 

  1. What do we use your data for? 

We use your data to provide the best experience possible. We always have a lawful basis to process your data. This section provides you with information about our use of your data.

Purpose: Sign you up as a Curve customer and create your Curve Account

Data: How you signed up, Identity, Contact, Financial, Device

Lawful basis:   Contract, Legal obligation (the law requires us to verify your identity)

Purpose: Confirm your identity and help prevent financial crime

Data: Identity, Contact, Financial, Transaction, Device

Lawful basis:  Legal obligation, Legitimate interests (to ensure we use the best financial crime prevention providers when performing our services)

Purpose: Provide you with Curve services and the Curve Wallet and/or Card and manage your Curve Account

Data: Identity, Contact, Financial, Transaction

Lawful basis: Contract, Legitimate interests (to provide you with services and recover fees), Legal obligations

 Purpose: Conduct credit checks, verify your identity and provide Curve credit products and services

Data: Identity, Contact, Financial, Transaction

Lawful basis:  Contract, Consent, Legitimate interests (to provide you with relevant services only)

Purpose: Process your payment transactions

Data: Identity, Contact, Financial, Transaction, Device

Lawful basis: Contract, Legal obligation, Legitimate interests (to facilitate transactions and maintain integrity of Curve systems)

 Purpose: Provide you with third-party services, including Samsung Pay+

Data: Identity, Financial, Transaction, Profile

Lawful basis: Contract, Consent (for profile data), Legitimate interests (to provide you with relevant services only)

Purpose: Manage our relationship, including updates to our terms of service and providing top-notch customer support

Data: Identity, Contact, Transaction, Profile, Device

Lawful basis: Contract, Legal obligation, Legitimate interests (to keep our records updated and improve our product)

*Please note that we may record your calls with our customer services team for training and monitoring purposes.

Purpose: Improve our services and troubleshoot, including preparing anonymous statistical datasets for forecasting purposes or understanding how you use our services

Data: Identity, Contact, Device

Lawful basis:  Legitimate interests (to improve our products), Contract

Purpose: Suggest goods, services, programmes or activities that may be of interest to you 

Data: Identity, Contact, Device, Profile, Financial, Transaction, Survey Responses

Lawful basis: Consent, Legitimate interests (to develop our product offering and grow our business)

Purpose: Send you marketing communications and ask your opinion about our services

Data: Identity, Contact, Profile, Device, Transaction

Lawful basis:  Consent, Legitimate interests (to ensure you are kept up to date with our services)

Purpose: Comply with regulatory and legal obligations, including enforcing our rights

Data: Identity, Contact, Financial

Lawful basis: Legal obligation

We only use your personal data for the purpose we collected it or a similar, connected purpose. If we ever need to use your information for an unrelated purpose, we’ll inform you and explain why. We may also be required by law to process your personal data without your knowledge or consent.

  1. Who do we share your data with and why? 

When we share data with third parties, they can only process it for specific purposes and in accordance with our instructions. 

Here’s who we may share data with and why:

The Curve group. 

We share personal data within the Curve group of companies in order to provide you with the best service(s), improve existing, or develop new services, send you information about our services we think you may be interested in hearing about and performing any other necessary activities, as described above. 

Identity checking and financial crime prevention partners.

To perform sign-up and verification checks.

When Curve shares data with identity and financial crime prevention partners, they may become a joint controller of your data to determine how your data will be used to best provide their services.

IT vendors including cloud storage providers.

Hosting and IT services; IT vendors including cloud storage providers to securely store your personal data.

Card manufacturing, personalisation and delivery companies.

To make and send your Curve Card.

Social media sites and advertising companies. 

Social media sites, for the purposes of conducting market research and running marketing campaigns. When sharing data with these sites, we ensure that your data is only used in accordance with our instructions.

We may share your data with our advertising partners but this will be done, as far as possible, in an aggregated or anonymised way. The advertising partner, or any social media sites used for marketing purposes, will only be allowed to use the data to (i) send adverts to you if we think you may be interested in a Curve service, (ii) not send adverts to you if you already use the service, or (iii) send adverts to people who have a similar profile with you.

If you don’t want us to use your information in this way, you can contact us at privacyrequests@imaginecurve.com.

Financial services providers.

To facilitate payment processing, we share your data with certain financial services providers alongside your payment, including card issuers, network schemes (such as Mastercard and Visa),  payment processors and banking partners to facilitate any payment transactions you make.

Companies that you transfer money to from your Curve Card and/or Curve Wallet.

Where you make a payment from your Curve Account (if applicable), we will share your first and last name with the recipient in their transaction history.

Third-party payment partners.

Third party payment service partners, including Apple Pay and Samsung Pay+.

Curve will only share your data with a third-party payment partner if you have opted to use their service with your Curve Wallet and/or Curve Card. When we share your data with third-party payment partners, they will become an independent controller of your data to determine how your data will be used to best provide their services.

Open banking partners, including TrueLayer.

We partner with TrueLayer to allow you to view Account information from certain other payment providers on the Curve Wallet. If you would like to use this feature, TrueLayer will prompt you to connect your other payment accounts to the Curve  Wallet. This data will be sent to Curve to display in the Curve Wallet. This allows you to see your various account transactions and balances in one place.

When you consent to the use of your data and enable this feature, both Curve and TrueLayer will become independent controllers of your data as we will independently determine the best means of processing your data to deliver the service to you.

We may also anonymise the data collected from TrueLayer to improve our products and services.

For more information on how TrueLayer will use your data, please see their Privacy Policy.

We also share your data with Software as a Solution partners who provide open banking compliance solutions, such as partners providing a gateway which allows you to securely provide third party providers with access to your Curve Account for the purposes of retrieving financial account data. Where you consent to such access, your account, transaction and account holder details will be processed to the extent that you request that such information is made available to the relevant third party provider.

Credit reference agencies.

If you apply, use or register for credit products, we may perform credit and identity checks on you with one or more credit reference agencies (CRAs) or other providers of credit information. We may also make periodic soft credit checks on you to manage your Account with us or fulfil our services.

To do this, we may supply your personal information to CRAs and they will give us information about you.  We will use this information to:

  • Assess your creditworthiness and whether you are suitable for Curve products.

  • Verify the accuracy of the data you have provided to us.

  • Confirm your identity and prevent criminal activity, fraud and money laundering.

  • Manage your Curve Account and determine an appropriate credit limit for you.

  • Trace and recover debts.

  • Ensure any offers provided to you are appropriate to your circumstances.

  • Provide you with access to your credit bureau data where you have asked us to.

The Credit Reference Agency Information Notice (CRAIN) describes how the three main credit reference agencies in the UK each use and share personal data. The CRAIN is available on the credit reference agencies’ websites:

If you are a Lithuanian customer, you can find more information about this processing by visiting:

Further information relating to Lithuanian credit offerings and data sharing is set out in the below row (Credit Bureau UAB - Creditinfo Lietuva).

We may continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

Hard credit checks will appear on your credit file and may affect your credit rating. Soft credit checks will not appear on your file and will not affect your credit rating.

We may also request information on your other payment accounts to perform an affordability check. You will be prompted to connect your other payment accounts on the Curve Wallet. This information will be shared directly with Plaid and subsequently shared with Curve (see “Open banking partners, including Plaid”). 

SME credit products.

When you apply for SME credit products, we will conduct commercial credit checks on your business and you, as a director or equivalent, using one or more CRAs.

We will use this information to assess your creditworthiness and the affordability of repayments.

We will continue to exchange information about your business with CRAs while you have a relationship with us. We will also inform the CRAs about your business’ settled accounts and if your business has any outstanding debt. This information may be supplied to other organisations by CRAs.

Credit Bureau - UAB Creditinfo Lietuva.

If you are a Lithuanian customer using a credit product and fail to meet the relevant obligations for more than 30 days, your data (identity, contact information and credit history, i.e. financial and property-related obligations and fulfilment, debts and repayment) will be provided to the Credit Bureau UAB Creditinfo Lietuva (Company Reg. No.: 111689163, address: A. Goštauto St. 40A, LT 01112 Vilnius, Lithuania, www.manocreditinfo.it, phone (+370 5) 2394131). 

The Credit Bureau shall process and provide to third parties (financial establishments, telecommunications companies, providers of insurance services, suppliers of electricity and utility services, retail companies, etc.) your information in order to pursue its purpose, i.e. to evaluate your credit rating and manage debts. Evaluation of your credit rating shall involve the evaluation of your personal aspects in an automated manner (profiling), which in the future may affect your opportunity to conclude transactions. The evaluation in an automated manner helps to lend responsibly and involves evaluation of the credit information provided by the respective person, his credit history, public information, etc. The automated evaluation methods shall be regularly reviewed to ensure they are fair, effective and impartial.

The credit history data shall be processed for 10 years after the fulfilment of the respective obligation. You can consult your credit history by directly contacting the Credit Bureau or by means of the Finpass app.

You have the right to request that your data be corrected or deleted or that the processing of your data be restricted as well as the right to disagree to the processing of your data, demand human involvement in the automated decision-taking process, present your view and contest a decision, and the right to have the data transferred. For further information about the implementation of these rights, the restrictions applicable to them and the evaluation of aspects in an automated manner (profiling), please visit www.manocreditinfo.lt. You may contact their Data Protection Officer by e-mailing  duomenu.apsauga@creditinfo.lt or by calling the above phone number. You can lodge a complaint with the State Data Protection Inspectorate in relation to Credit Bureau UAB Creditinfo Lietuva.

Financial crime prevention agencies.

The personal data we have collected from you will be shared with financial crime prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity.

If financial crime is detected, you could be refused certain services, finance, or employment. Further information can be found here.

Samsung Pay+.

If you are a Samsung Pay+ customer, we will have to share your data with Samsung to provide you with services as per our terms of service. 

For more information on how Samsung will use your data, please see their Privacy Policy. Please note that Curve is not responsible for the security of Samsung Pay or any third party provider to Samsung. Any information you give them is covered by their own Terms and Conditions.

Support tools.

Support tools include analytics and search engine service providers, customer-service providers, survey providers, communications services providers and customer experience support platforms which we use to help deliver our services, send you emails, text messages and other notifications, and optimise and improve our services.

Debt collection agencies. 

We may need to send your information to debt collection agencies in order to manage and recover debts that you owe or may end up owing to Curve. 

Curve Vendors, Partners, and Contractors.

We may share your information with other vendors, partners, and contractors that perform certain services on our behalf / help us to provide our services and products (for example our cashback rewards) or that may prepare anonymous datasets about your spending patterns for forecasting purposes or to understand how you use your Curve Card and/or payment sources. Such data will never be linked back to you as an individual.

Third parties we may sell the business to or acquire.

In the event of a business reorganisation or sale, we may share your data to third parties we sell the business to or acquire. 

We may also share anonymised, aggregated data with selected e-wallet and data analytics service providers. This means your data is bundled up with other people’s data and you aren’t identifiable as an individual. 

Government, law enforcement and tax authorities, and regulatory authorities.

When we need to comply with a legal obligation applicable to us, we may share your data with the aforementioned authorities. This also includes instances where, for example, fraud is deducted and we must comply with applicable disclosure laws. 

  1. What are your rights? 

You have rights over your personal data: 

  • Access the personal data we process about you.
  • Rectify your personal data by asking us to correct it for you.
  • Delete your data, by asking us to erase it. There are times when we may not be able to delete data for legal purposes. For example, because we are a regulated financial services provider and our regulatory responsibilities take priority, we are required to keep certain information about you to comply with Anti-Money Laundering regulations. 
  • Restrict or object to our processing of your data for direct marketing or if we’re using it for legitimate interests. Where we are using your data based on the legitimate interests lawful basis, we may not be able to accept your request without closing down your Curve Account or if there is an overriding reason why we need to use it. 
  • Withdraw any consent you’ve given us to use your personal data in a specific way.
  • Request a human review of any automated decision made by technology.

If you want to do any of the above, or if you have questions relating to Curve’s data processing please get in touch with us at privacyrequests@imaginecurve.com. Before processing such requests, we may need to ask for proof of ID to ensure your data does not end up in the wrong hands.We have one month to respond unless your request is complicated, in which case we may need more time. If that’s the case, we’ll let you know. 

This is almost always free but we’re allowed to charge a reasonable fee or refuse your request if it’s clearly unfounded, repetitive or excessive.

  1. Do we make automated decisions about you?

Depending on the Curve products or services you use, we may make automated decisions about you. This means that we may use technology that can evaluate relevant factors about you and your circumstances to predict risks or outcomes. We do this for the efficient running of our services and to make sure that the decisions we make are fair, consistent and based on the correct information.

Where we make an automated decision about you, you have the right to ask that it is manually reviewed by a human. 

For example, we may make automated decisions about you in accordance with the below table:

What does the automated decision relate to?

Logic involved:

Significance and the envisaged consequences of such processing for you:

Approving your credit application and determining your credit eligibility. 

We use technology and third party providers to check your credit history, which includes borrowing and repayment patterns, income and outstanding debts. Based on this information, our systems make a decision on whether to provide credit services to you and to what extent.

  • Your credit application may be accepted or rejected or terminated at a different point in time, including due to eligibility criteria.

  • This will impact the credit limit we can provide you with and how this may change over time.

The opening of your Curve Account

We use technology and third party providers (including Open Banking providers where available) in order to assess your eligibility to open a Curve Account. This may include verifying the information provided during the onboarding process. This process lets us defend our systems and the financial system from illicit and criminal behaviours. 

  • Identity and address check, including for KYC, anti-money laundering and sanctions checks.

  • We may be unable to onboard you as a Curve customer, including due to eligibility criteria. 

  • Where required by law, we may need to transfer data to law enforcement authorities.

Detection of fraud or criminal behaviour 

We use technology and third party providers that allow us to monitor your Account (e.g. transaction monitoring) in order to detect fraudulent or criminal behaviour.

  • We can suspend or terminate your Curve Account and/or Curve card.

  • Where required by law, we may need to inform law enforcement authorities about your actions.

Our legal basis for our use of automated decision making is to enable us to fulfil our contract with you or because we have a legal obligation to do so.

  1. How long do we keep your data? 

The period for which we may retain data about you will depend on:

  •  the purposes for which the data was collected; 

  • whether you have requested deletion of the data; and 

  • whether we have any legal or regulatory obligations to retain the data. 

We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected. We will typically keep your data for up to 10 years after you last completed onboarding or had an active Account or product with us. 

We may keep your personal data for a longer period where it is necessary for legal, regulatory or operational purposes. 

  1. Do we transfer data internationally?

We may transfer and store your data outside the EEA and the UK, in order to enable us to provide you with the services you have requested.

 When we do this, we ensure that:

  • the country or organisation processing the data has adequate data protection laws in place, in accordance with the European Commission or the UK Information Commissioner’s Office (as applicable); and/or

  • Curve and the other organisation(s) have formally agreed to data protection clauses in a written contract, as approved by the European Commission or the UK Information Commissioner’s Office (as applicable).

You can contact us at privacyrequests@imaginecurve.com to obtain more information about the safeguards we have in place to enable compliant international data transfers. 

  1. How can you opt-out of marketing? 

You can ask us to stop sending you marketing emails at any time by following the “unsubscribe” links at the bottom of any Curve marketing message. You’ll still receive operational emails we need to send you, such as updates to our terms and conditions.

If you would like to stop receiving Curve receipt emails (for each of your payments), you can change your preferences for each of your payment sources on the Curve Wallet app.

  1.  How can you contact us? 

You’re most welcome to drop us an email at privacyrequests@imaginecurve.com to exercise a right, ask a question, lodge a complaint or offer a suggestion. 

  1. How can you submit a complaint?

We encourage you to contact us directly if you aren’t happy with how we’ve handled a request or another data protection matter. Should you wish to contact our Data Protection Officer, you can email them at DPO@imaginecurve.com

You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office or the Lithuanian State Data Protection Inspectorate, depending on which Curve entity is the subject of your complaint.