Last updated: 27 April 2021
Effective Date: 27 April 2021
Card Baste Designs respects your privacy and is committed to protecting your personal data.
This privacy notice applies to all websites, mobile applications or apps, social features or networking, online services, widgets, downloads, or other outlets of cardbastedesigns.co.uk (the Website) that are owned or controlled by Card Baste Designs (“Company”, “we”, “us”) and that post or include a link to this privacy notice, regardless of whether accessed by computer, mobile device, or otherwise.
Purpose of This Privacy Notice
This privacy notice explains how we look after your Personal Information whenever that information is provided to us. This includes when you request information from us, contact us (or we contact you), buy products and services from us, use the Website services, or connect with us via social media or link to or from our Website. It also tells you about your privacy rights and how the law protects you. It has been updated to include additional data protection requirements for residents of the European Union (EU), United Kingdom, Liechtenstein, Switzerland, Norway, and Iceland under the General Data Protection Regulation (GDPR), and other relevant data protection laws, including the California Consumer Privacy Act (CCPA).
By accessing and otherwise using the Website, you agree to the collection, use, and disclosure of your information as described in this privacy notice, and agree to the applicable Terms of Service, which are incorporated by reference. If you do not agree, please do not access or use our Website or otherwise provide us with your Personal Information.
1. IMPORTANT INFORMATION AND WHO WE ARE
Consumers residing in California have some additional rights with respect to their Personal Information under the CCPA. If you are a California resident, Paragraph 11 applies to you and supplements our main privacy notice.
The Website is not intended for children, and we do not knowingly collect information from persons younger than the age of sixteen (16). We would ask parents please to ensure that their children under the age of 16 do not provide us with Personal Information without your permission. If we learn that we have inadvertently collected information from a person younger than the age of 16, we will take commercially reasonable efforts to delete that information from our databases.
Card Baste Designs is the controller of your personal data and responsible for the Website.
For individuals located in the EU or European Economic Area (EEA), you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk ) or Wycliffe House, Water Lane, Wilmslow, SK9 5AF. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance, using our contact details at the end of this privacy notice.
Changes to the Privacy Notice and Your Duty to Inform Us of Changes
This privacy notice was last updated on 26 September 2020. We may change this Privacy Notice at any time without notice to you. We may also provide notice to you in other ways at our discretion, such as through contact information you have provided. Any changes will be effective immediately upon the posting of the revised privacy notice. However, unless you consent, we will not use your Personal Information in a manner materially different than what was stated in our posted privacy notice at the time your Personal Information was collected.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. THE DATA WE COLLECT ABOUT YOU
When you register or become a member of our Website you are invited to provide us with your personal data or personal information, which is any information about an individual from which that person can be identified (Personal Information). It does not include data where the identity has been removed, de-identified, or made anonymous.
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
Identity Data includes first name, last name, username or similar identifier.
Contact Data includes billing address, home address, email address and telephone numbers.
Financial Data includes payment, credit or debit card details.
Transaction Data includes details about products and services you have bought from us, and details about your trading history, including payments received, and when you have requested information or raised queries, membership and card sending history, including Recipient Data and personal messages or sentiments that you enter for card sending.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website/or any apps.
Profile Data includes your username and password, products and services bought by you, queries, feedback and survey responses.
Recipient Data includes the first name, last name, email address, or significant dates (such as birthdays or anniversaries) that you provide for card sending.
Usage Data includes information as to how you use our website.
Marketing and Communications Data includes your preferences as to whether you are happy to receive marketing from us.
If You Do Not Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a contract you have with us, but we will notify you if this is the case at the time.
We take every reasonable step to ensure that your Personal Data that we process are to the Personal Data reasonably required in connection with the purposes set out in this Policy.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We collect data from and about you in different ways, including through:
Your direct dealings with us. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, via this Website, apps or on social media, or otherwise. This includes personal data you provide when you:
subscribe to our newsletter and/or other publications;
request promotional or marketing materials to be sent to you;
register as a member on our Website;
buy products and/or services via our Website;
ask us for help and give us feedback.
Third Parties. Certain functions on the Website may permit interactions between the Website and a third-party website or interactive service (“Social Features”). If you choose to use Social Features (e.g., the “like button, share this card on Facebook”), certain information, which may include your personal information, may be publicly displayed, and the third party website or interactive service used in connection with the Social Features (and its users) may have access to information about you and your use of the Website.
Information You Provide About Third Parties. The Website may permit you to provide Personal Information about third parties (Recipient Data), such as mailing address, email addresses, or significant dates (such as birthdays or anniversaries). We may share the information regarding your transaction with third parties as necessary to process your transaction (i.e., to create, send, or deliver the card). If you choose to provide Recipient Data we will store that information only in connection with your relationship with us (e.g., to send greeting cards).
4. HOW WE USE YOUR PERSONAL INFORMATION
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you. You have the right to withdraw consent at any time by Contacting us.
Purposes for Which We Will Use Your Personal Data
We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.
Type of data
Lawful basis for processing including basis of legitimate interest
To respond to an enquiry from you
Necessary to take steps at your request prior to entering into a contract with you.
To provide products and/or services to you, take payment for them, and to collect and recover money owed to us, and to keep records of our dealings with you, including auto-renewal of your membership.
Performance of a contract with you
Necessary for our legitimate interests (to operate our business and obtain payment).
To manage our relationship with you which will include:
Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to understand how customers use our services, what they think of our products, and how we can improve them)
Where you have agreed to receive it, to provide our newsletter/marketing materials/ promotions
To administer and protect our business and Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud
Necessary to comply with a legal obligation
To deliver relevant website content to you and measure or understand the effectiveness/ usability of our Website
Necessary for our legitimate interests (to study how customers use our websites and services, to develop and improve them)
To use data analytics to improve our Website, products, services, marketing and member relationships
Necessary for our legitimate interests (to understand customers for our products/ services, to keep our website updated and relevant, and to develop and grow our business)
To deal with issues, complaints or disputes arising out of our relationship with you/your business, and to prevent or detect crime, including fraud
Necessary for our legitimate interests in managing our business.
Necessary to establish, exercise or defend legal claims.
For the substantial public interest of preventing and detecting crime and preventing fraud, subject to safeguards.
When we refer to legitimate interests we mean the interest of our business in conducting and managing our business to enable us to give you the best service and products. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
5. DISCLOSURES OF YOUR PERSONAL DATA
We do not rent, lease or sell your Personal Information to third parties for money or their direct marketing purposes.
We may have to share your personal data with the categories of parties set out below for the purposes set out in the table in paragraph 4 above.
Credit card companies and other payment processors;
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
Analytics and search engine providers that assist us in the improvement and optimisation of our services and Website;
Professional advisers, including lawyers, banks, auditors and insurers;
HM Revenue and Customs, regulators and other authorities;
When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract or complying with legal requirements.
Where these third parties are our processors, we require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Some of the third parties mentioned above, for example many professional advisers and HM Revenue and Customs, are controllers who, like us, are subject to specific obligations under data protection law, and who will have their own privacy notices setting out how they deal with personal data.
6. INTERNATIONAL TRANSFERS
We do not transfer your personal data outside of the UK.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Processors we appoint will only process your personal data on our instructions and they are subject to a duty of confidentiality.
You should be aware, however, that transmission of information via the internet is not completely secure.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different types of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data by following the Request to Erase right as outlined in paragraph 9.
9. YOUR LEGAL RIGHTS
You have rights under data protection laws in relation to your personal data, including:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. If we are not be able to comply with your request for erasure for specific legal reasons, we will tell you at the time of your request.
Object to processing of your personal data where we are relying on our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following situations: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please Contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to enable us to deal with your request or to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or we have received a number of requests. In this case, we will notify you and keep you updated.
We may monitor or record while you are on the cardbastedesigns.co.uk website only, your:
web, traffic, and site activities.
These are to ensure that we carry out your instructions accurately, for training purposes and to improve our services, and to ensure security and prevent fraud.
11. CALIFORNIA RESIDENTS — PRIVACY NOTICE
We are providing this California Consumer Privacy Act Notice (CCPA Notice) to supplement the information and disclosures already contained in our Privacy Notice. This CCPA Notice applies only to California Consumers visiting the Website. Any term defined in the CCPA has the same meaning when used in this CCPA Notice. In the event of a conflict between any other AG Company policy, statement, or notice and this CCPA Notice, this CCPA Notice will prevail as to California Consumers and their rights under the CCPA.
Right to Know what Personal Information we collect: We collect information about you as detailed in our Privacy Notice in Paragraph 2 — THE DATA WE COLLECT ABOUT YOU. The chart below outlines the categories and illustrative CCPA-examples of Personal Information that American Greetings has collected and/or disclosed, as indicated, for a business purpose in the preceding 12 months.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, colour, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioural, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.
Vendors and service providers, including for data analytics, payment processing, and marketing and advertising our products and services to you.
Third parties integrated into our Website.
Other third parties for whom we have obtained your permission to disclose your Personal Information.
For the preceding 12 months, we have disclosed Personal Information in connection with the specific CCPA business and commercial purposes as follows:
To create, maintain, customize, and secure your account with us.
To provide, support, personalize, and develop our Website, products and services.
To process your requests, purchases, transactions, and payments and prevent transactional fraud.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses (e.g., recorded customer service calls).
To personalize your experience on our Website and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
To help maintain the safety, security, and integrity of our Website, products and services, databases, and other technology assets, and business.
For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Right to Request Information: You or your authorized representative have the right to request information about our collection, use, and disclosure of your Personal Information over the past twelve months, including what information we have collected, the purpose behind such collection, what third parties we share such information with, and the business purpose behind such sharing of Personal Information. To request this information, or a copy of your Personal Information, please email us at firstname.lastname@example.org . You may make this request twice per 12-month period.
Right to Delete Your Personal Information: If you wish for us to delete all or some of your Personal Information, please contact us at email@example.com . Please take note that some Personal Information (like your email address) is necessary to maintain an account through the Website. In addition, we may retain some Personal Information for as long as you have an open, permissioned account with us or as otherwise detailed in Paragraph 8 — Data Retention.
Personal Information Sales Opt-Out and Opt-In Rights: You have the right at any time to opt-out of the sale of your Personal Information. You can exercise this opt-out right by contacting us here with the subject line “California Do Not Sell Request” and providing us with your name. Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Information for at least 12 months.
DO NOT SELL: We do not sell or share your Personal Information in exchange for money; we may disclose, however, certain Internet and electronic network activity (e.g., cookies or tracking tags) information, as a Platform subscriber or user.
Non-Discrimination Rights. We will not discriminate against you for exercising any of your rights under the CCPA. We will not deny you use of our Platform, charge you different prices or rates, or provide you a lower quality of products and services if you exercise your rights under the CCPA. We may, however, offer different tiers of our Platform services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the products or services you receive related to the value of Personal Information that we receive from you.
Other California Privacy Rights.
We do not share Personal Information as defined by California Civil Code Section 1798.83 (Shine the Light Law) with third parties for their direct marketing purposes absent obtaining your specific consent. If you are a California resident and you have questions about our practices with respect to sharing information with third parties for their direct marketing purposes and your ability to exercise choice, please send your request to the following email address: firstname.lastname@example.org
You must put the statement “Your California Privacy Rights” in the subject field of your e-mail. You must include your name, street address, city, state, and zip code. We are not responsible for notices that are not labelled or sent properly, or do not have complete information.
If you are a California resident under the age of 18, and a registered user of any Platform, California Business and Professions Code Section 22581 permits you to request and obtain removal of content that you have publicly posted. To make such a request, please send an e-mail with a detailed description of the specific content to email@example.com . Please be aware that such a request does not ensure complete or comprehensive removal of the content or information that you have posted and there may be circumstances in which the law does not require or allow removal even if requested.
12. NEVADA RESIDENT RIGHTS
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at firstname.lastname@example.org with the subject line “Nevada Do Not Sell Request” and providing us with your name. Please note that we do not sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.
13. DO NOT TRACK
Do Not Track (DNT) is a preference available in many web browsers that allow you to inform websites that you visit that you do not want them collecting information about you.
14. CONTACTING US
If you have a technical problem or any problem with your payments, please contact us at email@example.com or use the contact form on our website.
This website and its content are provided as is and excludes to the fullest extent permitted by applicable law any warranty, express or implied, including, without limitation, any implied warranties of merchantability, satisfactory quality or fitness for a particular purpose.
The functions embodied on, or in the materials of, this website are not warranted to be uninterrupted or without error. You assume the entire cost of all necessary servicing, repair or correction due to your use of this website.
We take all reasonable steps to ensure the accuracy, correctness and reliability of the content, but we make no representations or warranties as to the accuracy, correctness or reliability of the content.
This website may contain links to other websites; we are not responsible for any content contained on these websites or any loss suffered by you in relation to your use of such websites. You waive any and all claims against Card Baste Designs regarding the inclusion of links to other websites or your use of those web sites.
This Notice is issued by Card Baste Designs (“Company”, “we”, “us” and “our”).
This Notice applies to the following website that is operated or controlled by Card Baste Designs:
What are cookies?
Cookies are small text files that may be stored on your computer or other device when you visit a website. They are generally used to make websites work, to keep track of your movements within the website, to remember your login details, and so on.
There are different types of cookies, and they can be distinguished on the basis of their origin, function and lifespan. Important characteristics of cookies include the following:
First party cookies are cookies that are placed by the website you are visiting, while third party cookies are placed by a website other than the one you are visiting. Please note that we do not control the collection or further use of data by third parties.
Necessary cookies are necessary to allow the technical operation of a website (e.g., they enable you to move around on a website and to use its features).
Performance cookies collect data on the performance of a website such as the number of visitors, the time spent on the website and error messages.
Functionality cookies increase the usability of a website by remembering your choices (e.g. language, region, login, and so on).
Targeting/advertising cookies enable a website to send you personalized advertising.
Session cookies are temporary cookies that are erased once you close your browser while persistent or permanent cookies stay on your device until you manually delete them or until your browser deletes them based on the duration period specified in the persistent cookie file.
More information on all aspects of cookies can be found on www.allaboutcookies.org. Please note that this organisation has no affiliation with, and is not responsible for, this third-party website.
Which cookies do we use ?
We use the following cookies
- Google Analytics is a web analytics service offered by Google that tracks and reports website traffic, currently as a platform inside the Google Marketing Platform brand. Google launched the service in November 2005 after acquiring Urchin.
- As of 2019, Google Analytics is the most widely used web analytics service on the web. Google Analytics provides an SDK that allows gathering usage data from iOS and Android app, known as Google Analytics for Mobile Apps. Google Analytics can be blocked by browsers, browser extensions, firewalls and other means.
Information on web beacons can be found at http://www.allaboutcookies.org/faqs/beacons.html . Please note that this organisation has no affiliation with, and is not responsible for, this third-party website.
How can you control cookies and web beacons?
Most internet browsers are set to automatically accept cookies. Depending on your browser, you can set your browser to warn you before accepting cookies, or you can set it to refuse them. Please refer to the ‘help’ button (or similar) on your browser to learn more about how you can do this.
Disabling cookies may impact your experience on our websites.
If you use different devices to access our websites, you will need to ensure that each browser of each device is set to your cookie preference.
More information on how to manage cookies is available from: http://www.allaboutcookies.org/manage-cookies/. Please note that Card Baste Designs has no affiliation with, and is not responsible for, this third-party website.
In addition, you may opt-out from cookies by visiting the following sites and selecting which company cookies you would like to opt-out from: http://www.aboutads.info/choices/#completed and http://www.youronlinechoices.com/. Please note that Card Baste Designs has no affiliation with, and is not responsible for, these third-party websites.
Last updated: 27 April 2021