Privacy Policy

This privacy notice tells you what to expect us to do with your personal information. Please read this Privacy Notice and any other notices provided, as it helps you to understand the information collected, why and how the information is collected and how you can manage, update, delete or export your information.

This policy works alongside all other policies and does not intend to override them.

We respect your privacy and will not or do not sell you formation to any third party.

Terms:

Re-Curo – ‘We’ ‘Our’

Users/Visitors of website and social media platforms – ‘you’

Who is Re-Curo

Re-Curo is an artist and creative based within a home studio within Northumberland in the United Kingdom.

Re-Curo is the data controller, and will do some data processing, but the majority of the data processing will be handled by service providers such as WIX, Google, Microsoft and Meta. I follow the GDPR, PECR, and ICO guidelines and determine what information is collected, how the information will be used and protected when within my remit. Please see WIX, Google, Microsoft, Meta’s own privacy policies which cover how your data is collected, used and processed within their remits as processers and service providers.

This includes any information collected through the website, lone messages, social media platforms and email correspondence.

Contact details

If you have any concerns or questions about this policy, other policies on this website, or the processing of your data please contact me via:

• The contact form on my website or,

• By email: recuroartanddesign@gmail.com

What Is Personal Data?

Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

What information we collect, use, and why

Information is collected in order to record and support your participation in the activities you select, such as browsing the website or contacting us.

Depending upon your use of My Site, I may collect and hold some or all of the personal and non-personal data mentioned below, please also see the section on Cookies further along within this policy and our Cookies Policy.

Please note the no special category data is collected or used under this website or notice.

We only collect the minimum amount of data necessary to provide our website and services to you.

Different data types may be collected, stored or transferred for processing depending on the nature of interactions between you and our website, social media platforms and service providers.

The general types of personal and non-personal data collected directly through actions and consent or indirectly through service providers and analytics, are listed below:

• Name and contact details

• Email Address

• Consent and status

• Comments, queries and correspondence

• Analytical and Statistical data for website usage, maintenance and improvements, such as pages views, traffic sources, browser types, IP addresses, devices and operating systems, new or returning visitors, session amount and time, bounce rate (left site after one page only), buttons clicked, average time per page and exit route.

  • To the extent that you voluntarily provide personal information to us, our systems may associate automatically collected information with your personal information.

​​

​​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

​​

We collect or use the following information for service updates or marketing purposes:

• Names and contact details

• Email Addresses

• Marketing preferences

• Location data

• Purchase or viewing history

• IP addresses

• Website and app user journey information

• Records of consent, where appropriate

• Comments or queries raised that may impact future correspondence

Where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you.

You can opt-out of us using your personal information for marketing purposes by following the unsubscribe link included in each marketing email or by the contact form on my website or, by emailing recuroartanddesign@gmail.com

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details

• Relevant information from previous investigations

• Correspondence​

We will only disclose personal information when we have your explicit consent to do so or if we are required to by law.

Use by children

We do not knowingly collect personal information from children under 18.

This Website is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Website. If you are under 18, do not use or provide any information on this Website or on or through any of its features or social media platforms related to this Website.

If we learn we have collected or received personal information from a child under 18, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at recuroartanddesign@gmail.com

Where we get personal information from

• Directly from you, given during your interaction with the site and platforms.

• Service providers and Third parties:

  • WIX

  • Google

  • Microsoft

  • Meta

  • Usercentrics

Cookies

Our website uses cookies to improve your user experience, and ensure the website operates effectively and securely. Cookies are small text files that are stored on your device when you visit our website. You can control the use of cookies through your browser settings. Please see our Cookies Policy for more details, which runs along side this policy.

Lawful bases and data protection rights

We follow UK and EU General Data Protection Regulations (GDPR), the Privacy and electronic Communications Regulation (PECR) and the Information Commissioners Office (ICO) guidelines.

Under UK and EU data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK and EU GDPR. You can find out more about lawful bases on the ICO’s website.

Our main lawful bases for this website are consent, legitimate interest and contracts.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exceptions which means you may not receive all the information you ask for. You can read more about this right here.

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.

• Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.

• Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

Further information about your rights can also be obtained from the Information Commissioner’s Office.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using our contact details.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

• Consent - we have permission from you after we give you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • To be able to ensure the website is updated and running for the best user experience and security.

  • To be able to respond to any queries or correspondence we receive and to keep people up to date with our activities as requested by the user.

  • To deal with any Data Protection requests, such as 'Do Not Contact' or data deletion requests.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Consent - we have permission from you after we give you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • To be able to ensure the website is updated and running for the best user experience and security.

  • To be able to respond to any queries or correspondence we receive and to keep people up to date with our activities as requested by the user.

  • To deal with any Data Protection requests, such as 'Do Not Contact' or data deletion requests.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Law and other use of data

Law

• The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities. Along with the awareness of the user’s data may be used by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this website or the related services.

• Users are responsible for any third-party Personal Data obtained, published or shared through this website and confirm that they have the third party’s consent to provide the Data to the Owner.

Commenting

• Content commenting services allow Users to make and publish their comments on the contents of this Website or using social media platforms. Users are responsible for the content of their own comments.

• If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.

Email

• If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received online.

• We are committed to keeping your data confidential. We do not sell, rent, or lease data to third parties, and will not disclose your data to third parties unless required by law.

• In compliance with GDPR, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact the sender. In addition, all e-mail messages will also contain concise information on how to request that you receive no further e-mail communication from us.

Disclosure and Who we share information with

As a rule, we do not sell, rent, lease or otherwise transfer any information collected whether automatically or through your voluntary action.

We will store some of your data in the UK. This means that it will be fully protected under the Data Protection Legislation.

If we sell, transfer, or merge parts of the business or assets, your personal data may be transferred to a third party. Any new owner of the business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.

We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights or when compelled by a court or other governmental entity to do so.

We will, in some circumstances and where the law allows, share your data with third parties, we require all third parties to respect the security of your Personal Data and to treat it in accordance with the law, such as to our service providers for the purpose of providing our services to you.

We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your data for specified purposes and in accordance with our instructions. We ensure that the personal data being supplied is also limited with the minimum being used for each of the services provided by the third-party service providers.

We may share your personal information with the below organisations that help us manage our business and deliver our products, applications, or services, or where we are legally obliged to share information.

​

Sharing information outside the UK

Please note that we may send personal information outside of the country generally for, but not limited to, reasons relating to processing and storage by our service providers.

When we do this, we will ensure it has an appropriate level of protection, and the transfer is made in line with Data Protection Law. Often, this protection is set out under a contract with the organisation that receives that information.

Data processors and Organisations used

• WIX and WIX’s third party processors

This data processor does the following activities for us: Processes and manages website and website data analytics

• Google

This data processor does the following activities for us: Provides website data analytics and the email service for Re-Curo

• Microsoft

This data processor does the following activities for us: Provides website data anaytlics and the email service for Re-Curo

• Meta

This data processor does the following activities for us: Provides social media platform services for Re-Curo, such as Instagram and Facebook.

• Usercentrics

This is a consent management service. Usercentrics for Wix is used on the website as a processor for the purpose of consent management.

​

​

Others we share personal information with

​

• Organisations we’re legally obliged to share personal information with

• Publicly on our website, social media or other marketing and information media

• Suppliers and service providers

Where necessary, we and our data processors may/will share and transfer personal information outside of the UK. When doing so, we comply with the GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above or see the organisations’ own data transfer policies and data processing agreements (DPA).

Organisation name: WIX (including WIX’s third party processors)

Category of recipient: Website Host

Country the personal information is sent to: Worldwide (mainly EU & Israel)

How the transfer complies with UK data protection law: GDPR (General Data Protection Regulation) in UK and Europe, CCPA (California Consumer Privacy Act) in the US, and LGPD (Brazilian General Data Protection Law).

Organisation name: Google

Category of recipient: Analytics and Email Service

Country the personal information is sent to: Worldwide (mainly USA)

How the transfer complies with UK data protection law: GDPR (General Data Protection Regulation) in UK and Europe and EU-U.S. and Swiss-U.S. Data Privacy Frameworks

Organisation name: Microsoft

Category of recipient: Service Provider

Country the personal information is sent to: Worldwide (mainly USA)

How the transfer complies with UK data protection law: GDPR (General Data Protection Regulation) in the UK and Europe, the California Consumer Privacy Act (CCPA) in the US, and the Data Protection Addendum

Organisation name: Meta

Category of recipient: Service Provider

Country the personal information is sent to: Worldwide (mainly USA)

How the transfer complies with UK data protection law: GDPR (General Data Protection Regulation) in the UK and Europe, EU-US Data Privacy Framework, the California Consumer Privacy Act (CCPA) in the US, Federal Trade Commission, and the Data Protection Addendum,

Organisation name: Usercentrics

Category of recipient: Consent management service via WIX

Country the personal information is sent to: Worldwide (mainly EU)

How the transfer complies with UK data protection law: GDPR (General Data Protection Regulation) in the UK and Europe, EU-US Data Privacy Framework, the California Consumer Privacy Act (CCPA) in the US, Federal Trade Commission, and the Data Protection Addendum,

How long we keep information (Retention Schedule)

We will keep your Personal Data in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.

The User can always request that the Data Controller  (Re-Curo) to suspend use of or remove the data.

How we protect your data

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, use, or disclosure. We regularly review and update our security measures to ensure they are effective. These binding corporate rules are a set of common rules which all our group companies are required to follow when processing personal data. For further information, please refer to the Information Commissioner’s Office.

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties that have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We have procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office when legally required to do so.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many Information Security Risks that exist and take appropriate steps to safeguard your own information.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Email is not recognized as a secure medium of communication. For this reason, we request that you do not send private information to us by email. However, doing so is allowed, but at your own risk.

We may use software programs to create summary statistics, which are used for such purposes as assessing the number of visitors to the different sections of our site, what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.

For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor and secure the website provided by WIX as a website hosting provider, please see WIX’s own policies and procedures for details.

For security relating to the data processors for this site, please see the appropriate policies on the induvial organisations’ website site.

How Can I Access My Personal Data?

If you wish to access the personal data we have about you, this is known as a “subject access request”.

All subject access requests should be made in writing and sent via the contact form on the website or to the email listed as contact email address within this policy.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) an administration fee may be charged to cover the administrative costs in responding.

Response to your subject access request within one month of receiving it. Normally, providing a complete response, in some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date the request is received. You will be kept fully informed during the progress of your request.

Policy Changes

The date the privacy policy was last revised is identified at the bottom of the page.

We may change this Privacy Policy from time to time. This may be necessary, for example, for changes in the type, or if we change the nature of how and what data we collect, and it affects personal data protection.

Any changes will be immediately posted on our website, and you will be deemed to have accepted the terms of the Privacy Policy on your first use of the site following the alterations. We recommend that you check this page regularly to keep up to date.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the following organisations depending on which localaity is applicabale:

​

UK:

​

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Or The Ombudsman Services, whose contact details can be found at https://www.ombudsman-services.org

EU:

If any complaint with us is not satisfactorily resolved, you can contact the relevant Data Protection Agency, by selecting the details for your area via the website for the European Data Protection Board.

California Users and Residents:

 If any complaint with us is not satisfactorily resolved, you can contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone Main: (800) 952-5210, Hearing-impaired persons: 711, or 1-800-735-2929 (TTY), or  California Relay Service: 1-800-735-2922 (Voice).

For Brazilian Users and Residents:

If any complaint with us is not satisfactorily resolved, you can contact the Controladoria-Geral da União (Controller General of the Union), via Fala.BR, the Plataforma Integrada de Ouvidoria e Acesso à Informação (Integrated Ombudsman Platform and Access to Information).

For Canadian Users and Residents:

If any complaint with us is not satisfactorily resolved, you can contact the Office of the Privacy Commissiner of Canada (Commissariat à la protection de la vie privée du Canada) via https://www.priv.gc.ca.

For South African Users and Residents:

If any complaint with us is not satisfactorily resolved, you can contact the Information Regulator (South Africa) via https://inforegulator.org.za/complaints.

For Australian Users and Residents:

If any complaint with us is not satisfactorily resolved, you can contact the Office of the Australian Information Commissioner, via https://www.oaic.gov.au/privacy/privacy-complaints.

Last updated: June 2025

​

​

​