We take your privacy seriously and this privacy policy (Policy) sets out how we will collect, use and share your personal information securely and in accordance with your rights. Please read this policy carefully to understand how we will treat your personal information.

In this Policy, references to you or your shall mean you as a user of (our website) and/or as a user of our software solutions CURO Compensation Management, CURO Pay Equity and CURO Gender Pay Gap (our services).

About Us

CURO Compensation Limited (“CURO“, “we“, “us“, “our“) are classed as the “data controller” of your personal information under the terms of the General Data Protection Regulation (GDPR). Our registered office address is at Exchange Tower, 19 Canning Street, Edinburgh EH3 8EH.

Personal information we collect from you

We collect personal information from you when you provide it to us directly, for example, by filling in a request form on our website or if you contact us.

When you register to use our website and/or our services or make an enquiry, we may ask you to provide us with certain information including your name, company name, email address, job title, phone number, country and the number of employees in your company.

In order to assess the suitability of our services for you we may ask you to provide additional information about the compensation structures in your organisation (including salary, bonus and stock option awards).

If you are referred to us from a third party with whom we have a business referral relationship, we will collect the name and URL of the referring website to facilitate the business referral relationship with the referring third party.

If you do not provide us with the information that we ask for and that we require, we may not be able to provide you with our services.

Use of your personal information

We may use personal information you provide to us for the following purposes:

  • in the normal course of our business, to allow us to register you to receive our services and to provide you with our service on the basis that processing is necessary to perform our contract with you;
  • to allow us to manage your account to allow us to provide you with our services;
  • to communicate with you, where you have consented to receive communications or by sending you information about similar products or services which we think may be of interest to you. We will not send you marketing communications if you have opted out to receive marketing. You will be able to opt-out of such communications at any time by emailing us at; and
  • to comply with any legal obligations to which we are subject.

Legal basis for using your personal information

We will only use the personal information you provide where it is permitted by law and where:

  • we need to use your personal information to enter into a contract with you;
  • we need to use your personal information to comply with our legal obligations;
  • you have given us consent to use your personal information (if consent is needed); and
  • it is in our business interests and where there is no disadvantage to you.

Sharing your personal information

As part of using our services, we may share your personal information with service providers and third party partners who process and store data on our behalf.

We may also share personal information you provide to us with third parties:

  • in the event that our business or substantially all of its assets are acquired by a third party (in which case personal information about customers will be one of the transferred assets);
  • if we are under a duty to disclose or share that personal information in order to comply with any legal obligation; or
  • to protect our rights, property, or the safety of our employees, customers, or others.

Transferring your personal information outside of the UK

We may need to transfer the personal information you provide to us outside of the United Kingdom to countries where data protection laws may not provide the same level of protection as those in the European Economic Area. We shall ensure that any such transfers are lawful and that your personal information is kept secure.

Retaining your personal information

We keep the personal information you provide to us for as long as necessary for the purposes we have set out above. Normally, we will retain your information for up to seven years.

If you would like further information about our retention procedures, please contact us using the details at section 14 of this Policy.

Your Rights

Data protection laws give you a number of rights as set out below. If you would like to exercise any of your rights, please contact us using the details at section 14 of this Policy.

Right to access your personal information: you may request access to a copy of your personal information free of charge. Please send all requests for access in writing.

Right to withdraw consent: where you have given us consent to use your personal information to send you marketing, you can withdraw your consent at any time. Please contact us if you would like to withdraw your consent and we will delete your personal information in line with your right to erasure below.

Right to rectification: you may ask us to rectify any inaccurate information we hold about you. If you would like to update the personal information we hold about you, please contact us.

Right to erasure: you may ask us to delete your personal information. If you would like us to delete the personal information we hold about you, please contact us, specifying why you would like us to delete your personal information.

Right to portability: you may ask us to provide you with the personal information that we hold about you in a structured, commonly used, machine readable format, or ask for us to send such personal information to another data controller.

Right to restriction: you can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.

Right to object: you may object to our processing of your personal information pursuant to this Policy. Please contact us, providing details of your objection.

Right to make a complaint: you may make a complaint about our data processing activities by contacting us using the details located at section 14 of this Policy. Alternatively, you may make a complaint to the UK supervisory authority, which is the Information Commissioner’s Office, by visiting their website at, by phoning 0303 123 1113 (local rate) / 01625 545 745 (national rate), or by writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Cookies Policy

We may obtain information about your general internet usage by using cookies. A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. We use cookies on our website to:

  • recognise you whenever you visit our website (this speeds up your access to the website as you do not have to log in each time);
  • obtain information about your preferences, online movements and use of the internet;
  • carry out research and statistical analysis to help improve our content; and
  • make your online experience more efficient and enjoyable.

In most cases we will need your consent in order to use cookies on this website. The exception is where the cookie is essential in order for us to provide you with a service you have requested.

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this cookies information. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely.

We use the following cookies:

JESSIONID PHPSESSID – To allow our system to recognise you and provide continued authorisation to use our services.

How long does it last? – Duration of the users session, a new one is issued on each login.

_utmx – To collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. These cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they have visited.

How long does it last – 18 months (Google analytics cookie)

The information we obtain from our use of cookies will not usually contain your personal data and will not identify you personally.  For example, we may obtain information about your computer or other electronic device such as your IP address, your browser and/or other internet log information. We use IP addresses to help diagnose possible service interruptions and to administer our services and website. We also use IP addresses to analyse trends, track users’ movement and gather broad demographic information for aggregate use.

We work with third party suppliers who may also set cookies on our website. These third party suppliers are responsible for the cookies they set on our website. If you want further information please go to the website for the relevant party.

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to the ICO’s webpage on cookies:

Link to third party websites

Our website may contain links to other websites, not owned, associated or managed by us. Whilst we try our best to only link to reputable websites we cannot be held responsible for the security of information collected by sites not managed by us, nor can we accept responsibility or liability for them. We would recommend that you read the privacy information of the third party before using their website.

Data Security

We will treat all of the personal information you provide to us in strict confidence and we will take all reasonable steps to keep your personal information secure once it has been transferred to our systems. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of the personal information you provide to us. Please note that we cannot guarantee the security of any data you disclose to us online. You accept the inherent security risks of providing information and dealing online and will not hold us responsible for any loss or damage that you incur.

Changes to this Policy

We may modify this Policy from time to time, so please review it regularly.  We will let you know when we make any material changes to the Policy by means of notice on our website homepage or if appropriate, by contacting you directly. This Policy was last amended on 23 May 2018.

Contact Us

If you have any queries relating to this Policy or our use of your personal information or wish to exercise any of your rights, please email us at or write to us at Chief Information Security Officer, Curo Compensation Ltd, 2nd Floor, Playfair House, 6 Broughton Street Lane, Edinburgh EH1 3LY.