Privacy, Cookies and GDPR
This website is not intended for children and we do not knowingly collect data relating to children.
- The user and The Handcrafted Card Company Ltd undertake to comply with the provisions of the General Data Protection Register (GDPR), and any applicable Data Protection and Privacy legislation applicable in any jurisdiction in so far as the same relates to the provisions and obligations of this agreement. The Handcrafted Card Company Ltd collects Personal Information when you use our Services, which may also include information about the devices you use to do so.
- It is your sole responsibility to ensure that the Personal Information you provide for use with our services does not infringe the GDPR or applicable legislation regarding the permission to hold and process Personal Information (See 3). For the avoidance of doubt, The Handcrafted Card Company Ltd accepts no responsibility whatsoever for any such infringement or alleged infringement.
- The GDPR defines Personal Information as information which is related to, or could directly or indirectly identify an individual or identifiable natural person. When we provide Services This includes, but is not restricted to: Names, addresses, phone numbers, dates of birth, identification numbers, gender, cultural or religious information, IP addresses, device information (MAC Addresses), cookies and advertising identifiers, marketplace logins and IDs, financial information, geo-location information, social media information and preferences. The Handcrafted Card Company Ltd does not consider data that has been anonymised or aggregated to be Personal Information where it no longer can be used to identify a specific natural individual either directly, or in combination with other information. A recorded message if you call us, or we call you, for any reason at all, including the date and time of when you called us, or any other correspondence and communication with us, including emails and letters, your user name and information used to identify you before disclosing any personal data with you.
- The Handcrafted Card Company Ltd holds certain Personal Information about you, as a customer that uses our services. This information (Name, Address, Phone Number, Email Address) is provided when we establish a contract for the provision of goods and/or services, and is held for the purposes of providing those services, including billing for them, visiting you, or posting physical items to you (if required). Other information that you may provide for specific Services or Applications is provided voluntarily as it is necessary to provide the Service(s). The act of paying for the service after being given the opportunity to review these Terms & Conditions is taken as consent to enter into the contract.
- Why do we collect personal information about you and what we do with it?
- Where we have an obligation as a provider of goods and services (for the ‘performance of a contract’). To provide you with the product or service that you have purchased from us.
- Where we have your permission (‘consent’).
- To provide you with news about exciting offers and deals that we think will be interesting to you. We will only contact you in the ways you have given us permission to do so. You can change your mind at any time by completing a contact form or by emailing us on firstname.lastname@example.org
- Where we have a justifiable reason (‘legitimate interests’
- To enhance or improve your experience with us. This may mean that we learn about your preferences and habits and then tailor our communications with you to make sure that what we send is relevant to you (‘profiling’).
- To put your information together with other customers data and external non personal information so that we better understand our market through analysis and segmentation to ensure that we keep offering competitive products and services and improve our website.
- To send you marketing materials where we can demonstrate a relationship with you and you have not told us that you do not want to receive these.
- To maintain our list of people who have asked not to receive direct marketing material from us.
- To help keep our website safe and secure.
- To allow our internal business processes to function- for example transacting with our partners, carrying out audits, producing management information and dealing with complaints.
- To undertake market research.
- To request feedback on our performance.
- To help prevent fraud and maintain security.
- To assist in training, quality assurance and compliance.
- Where we have to do something by law (‘legal obligation’)
- To ensure that your rights are met under the UK Data Protection Act.
- To meet our obligations with law enforcement agencies, courts and other organisations.
- To comply with anti-money laundering regulations.
- In exceptional circumstances (‘vital interests’)
- We may use your information in rare situations where vital interests of yourself or another person needs protecting, for example, to trace a missing person or in an emergency.
- Where does the Data come from?
- Most of the information you provide directly to us yourself. We also collect other pieces of information which can be regarded as observed, that is data we capture as part of providing you the service, for example, location data provided when you use the internet to purchase goods. Additionally, we collect, derive or infer some of your data from 3rd parties, for example, during a credit check, if this is necessary when using our services.
- The Supply and Dispatch of Merchandise
- To provide services of supply and dispatch of merchandise purchased through our online shop, including maintaining your account with us. For this purpose we collect the list of data detailed under ‘Categories of Personal Data’. You give us permission to collect and process all or some of this data by agreeing to a contract between us. The ‘Performance of a Contract’ is the basis we use to process your data.
- For the purposes of meeting different legal obligations under UK law, The Handcrafted Card Company Ltd, if instructed to do so, must process all, or some of the data under ‘Categories of Personal Data’ for the period defined in the different laws. For example: In the interests of national security, preventing and detecting crime and other reasons as may be required. For this purpose, we don’t ask for your permission, as we rely on the lawful basis of ‘Legal Obligation’ placed upon The Handcrafted Card Company Ltd (as the Controller of your data). Legal obligation which The Handcrafted Card Company Ltd must adhere for invoicing, accounting and audit The Handcrafted Card Company Ltd must retain your personal data for VAT, taxation, finance, accounting, and audit purposes. The detail we need to process is detailed under ‘Categories of Personal Data’, excluding ‘Connecting to our website’ for this purpose, we don’t ask for your permission, as we rely on the obligation placed upon The Handcrafted Card Company Ltd (as the Controller of your data).
- Invoicing data
- Name, customer reference number, address, telephone number, email address, details of the Services we are providing to you as detailed on your invoice, invoice number, date of collection of payment, method of payment, amount and rate of VAT, details of merchandise you have bought with us, whether the bill is paid or not.
- Legal obligations We must adhere by law for invoicing and accounting; For purposes of invoicing, VAT, taxation, and accounting and auditing obligations, we retain data under ‘Invoicing data’ data for a period of 7 years as required under UK law. Credit management and referencing For the purposes of using and sharing data with 3rd party credit referencing, fraud protection agencies and debt collection agencies, we retain this data from the period you apply for our services, during the period you are supplied with our services, and until all monies owed to us have been paid, or until the debt has been sold to a debt collection agency. If your application to supply merchandise is rejected based on information we receive from these Credit Reference Agencies, we retain your data for up to 3 months.
- Credit management and referencing: It may be necessary to share your personal data with Credit Reference Agencies, Fraud Protection Agencies, and Debt Collection Agencies, and they will provide us with information about you, including your financial history.We need to do this to check your identity to confirm you are who you say you are, and assess whether you can afford to pay for the merchandise you have requested. The detail we need to process for this purpose, is all the details under ‘Categories of Personal Data’, excluding ‘Data when connecting to our website’. When we share your data with these agencies in order to request information relating to you and analysis of your financial history, they will place a search footprint on your credit file that may be seen by other organisations. These agencies will also be linked with information about your spouse or partner, or any financial associate. Before applying for our Services, you must ensure that you also have your spouse/partner/financial associate’s permission to share their data. The permission we use for processing for this purpose is ‘entering into, or performance of a contract’.
- When you enter into a contract with The Handcrafted Card Company Ltd, you are contracting with: The Handcrafted Card Company Ltd, The Clockhouse, Hempstalls Lane, Newcastle Under Lyme ST5 0SN. We are the Data Controller for the information you provide to us, or the Data Processor where our products or services are using the data you provide to us. We may store the Personal Information you provide on servers based in the UK, or in other countries based on the partners we use for cloud and dedicated server storage, including the US.
- Keeping your personal information secure
- We take the security of your personal information seriously. We’ve implemented technology and security policies, rules and measures to protect the personal information we have under our control, both on and offline, from improper access, use, alteration, destruction and loss.
- We will take all reasonable and proportionate steps to protect your personal information. All Personal Information that is held by The Handcrafted Card Company Ltd is stored securely and encrypted for the purposes of protecting your privacy. Access is restricted to our own staff excepting where permission is given or implicit in providing a service to you.
- You acknowledge that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.
- We do not sell your information to anyone and only pass it to our trusted partners and service providers who work with us to run our business. See individual privacy policies for more product specific details.
- We may pass your information to:
- Service providers who work for us such as marketing agencies, marketing survey sites, website hosts and printers. Our subsidiary companies who work for us in providing services. Regulatory bodies, courts and law enforcement agencies.
- We use a number of service providers or categories of service providers to help us deliver our Services to you, this includes for example, hosting companies, payment services organisations who allow us to process payments, and credit and fraud detection agencies. We are also obliged to share your data with regulatory authorities, such as HMRC, and law enforcement authorities when requested. Some of these providers have obligations of their own in terms of processing your data that we provide to them directly, or they can also derive some data from other sources, such as credit scoring agencies.
- UK Government www.gov.uk for dealing with taxation investigations, including HMRC
- Law enforcement or regulatory authorities, courts, or public authorities, if we are required to share by law
- Information Commissioners Office – www.ICO.gov. uk if there is an investigation of any nature.
- Payment providers – in order to facilitate any payments made on our site, we facilitate the sharing of your Financial Data with payment providers.
- Experian (www.experian.co.uk) and Equifax (www. equifax.co.uk) who we use to do credit reference and fraud protection checks.
- In addition we are obliged to include the following link which describes how the Credit Reference Agency (CRAIN) process your data – http://www.experian.co.uk/crain/index.html#question1
- Other service providers or categories of service providers that we use to process your data on our behalf, will be under our instruction only, for example:
- Hosting companies, ISP’s and network providers
- Cloud storage providers – we use cloud computing platforms that securely store all of our data, including customer details.
- Email service providers – in order to send you marketing content and transactional emails, we share your details with our email service providers.
- Analytics tools – we use analytics tools to track the way that users interact with our website.
- Profiling tools – we use profiling tools to understand how you engage with our website and show you content we think will be most relevant to you, based on our understanding of your interests and preferences.
- Royal Mail/DPD and other dispatch organisations in order to package and mail your orders to you, it is necessary to share your information with the delivery provider.
- Marketing and insights providers – marketing and insights tools allow us to understand our customers better so that we may provide you with the best possible website, products and customer service experience. We may share certain information about our customers to facilitate this process eg ‘Send In Blue’.
- Customer service platforms – when you interact with our customer service team, your details are shared with our customer service platform providers
- Feedback forms – when you make a purchase, we engage a third party to send out feedback forms on our behalf.
- Finance and Payments
- Where we collect payment from you, if that payment is not via direct Bank Transfer, then we do not hold or store any Personal Information relating to payment. This data is instead stored by the payment processor, be it PayPal or another specialist partner.
- Where you do pay us via Bank Transfer, we will have access to Personal Information about the account you use to pay us from those transactions.
- We are based in the UK, and under the provisions of UK Law we must retain data relating to financial transactions for 7 full financial years after the transaction. We will destroy such Personal Information after that point.
- We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. We only use the data you provide to us directly for this purpose along with the Aggregated Data provided to us by our analytics partners and we do not track what other websites you may visit after visiting our site, though in common with most websites, we may register the site which referred you to our site (e.g. a search engine).
- We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
- We only send electronic marketing – such as email marketing – to people who have previously bought similar products from us and this is in our legitimate interests. We will always offer a way out of receiving this marketing when you first purchase our products and in every marketing communication afterwards. We may on occasion send out postal marketing for the purpose of growing our sales which is in our legitimate interests and in this scenario we will rely on you to let us know if you do not want to receive this by opting out of marketing (see Opting out below).
- Where you have not previously bought from us but have registered your details with us (for example by entering a competition or signing up for a newsletter), we will only send you marketing communications if you opted into receiving marketing at the time and so given us your express consent (which you may withdraw at any time – see Opting out below).
- We may also share certain data with third party social media platforms in order to show you targeted ads when you visit them. We do this by:
- We may also provide these platforms with your email address to create ‘audiences’ of users fitting within a certain demographic/category so that we can target our marketing.
- Please check the social media platforms’ terms for more details of these services. This is in our legitimate interests of sending you direct marketing. See ‘Opting out’ below for details of how you can adjust your marketing preferences. Our Cookies Policy also explains how you can adjust your cookies preferences.
- Opting Out
- You can ask us to stop sending you marketing messages at any time by logging into your account and adjusting your preferences, by following the opt-out links on any marketing message sent to you or by contacting us at any time.
- If you opt out of receiving email marketing from us, we will no longer share your email address with social media platforms (see ‘External Third Parties’ below). However, you may continue to see our ads through them, due to their general demographic targeting. Please check the social media platforms for more detail of how to opt out from seeing these ads.
- EU citizens’ Personal Information is protected by the GDPR. Should you wish to request details of the Personal Information we hold about you, (Right of Access), a copy of the Personal Information we hold about you (The Right to Portability), or to ask us to clear such Personal Information from our system (Right to Erasure), please contact us at the following email address email@example.com. We undertake to make reasonable efforts to comply with your request within thirty (30) days.
- Retention Periods
- How long we keep your personal information depends on why we have it and what we’re doing with it. Where we hold Personal Information that does not need to be saved for financial purposes (for example you have not made a purchase), and we have not received a request from you otherwise, we will undertake to delete this Personal Information within eighteen (18) months of you ceasing your contract. This is so that we can respond to any complaints or disputes that may arise. Data collected from using the website such as IP address is deleted after 28 days. However, when connecting to our website in order to view and / or purchase merchandise, we only retain data concerning your connection to the website, as well as information from your devices, excluding data collected by way of Cookies. Cookies retention period will depend on the type of cookie, and your chosen preferences.
- Supply and dispatch of merchandise. We will keep other personal information about you if it is necessary for us to do so to comply with the law. For this purpose, we retain some or all of the data under ‘Categories of Personal Data’ for the duration you have an account with us, and until Seven (7) years after you last used your account.
- Your Rights and Choices
- Direct Marketing: You have the right to object to direct marketing. This is done by completing our contact form or by calling 01782639733. You can also send an email to firstname.lastname@example.org
- Where we use your information on this basis, you have the right to withdraw that consent.
- Access: You can request a copy of all the personal information we hold about you and other data relating to how we use your information by contacting us.
- Correction (‘Right to Rectification’): We always want to use the most up to date information about you so please get in touch if you think we don’t have that.
- Deletion (‘Right to be Forgotten’): In some circumstances, including where we are relying on your consent to use your data, you have a right to request us to delete your information.
- ‘Right to Portability’: If we have collected your data because you have given us consent, or because we need it in order to provide you with a product or service (under a contract), you have the right to receive the information you gave to us back in a ‘machine-readable’ format.
- ‘Right to Object’ and ‘Right to restriction of processing’: If we are using your data for activities under the ‘legitimate interest’ justification and in other circumstances, then you have a right to request restriction of processing and also a right to object to that processing.
- Right to obtain human intervention where automated processing has taken place where consent has been given or under a contract and where the processing has a legal or similarly significant effect.
- Complain: you have the right to lodge a complaint with the Information Commissioner’s Office if you think that our use of your information doesn’t meet the law. For more information, visit the ICO website. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The Handcrafted Card Company Ltd value our relationship with our customers, and the trust our customers place in us. As such, we are very careful how we treat their personal information when it is in our care. When accessing our websites, not limited to, www.wowvow.co.uk and www.thehandcraftedcardcompany.com or services offered you consent to the terms of this Policy, and agree to be bound by it and the Terms and Conditions.
Please read this Policy carefully, so that you can make informed decisions about sharing your data with us. Where the defined terms are common with our Terms and Conditions, they share the same meaning. The Policy defines the guidelines, obligations & requirements that apply to The Handcrafted Card Company Ltd, its staff, its customers and users of the website.
This Policy contains details of how the information is stored, processed and utilised.
As a UK-Based website, the site and its owners take all appropriate steps to protect the privacy of users throughout their visit. This website complies with all applicable laws, regulations and requirements for user privacy.
The Handcrafted Card Company Ltd provides a range of products and services including, but not limited to, sale of products to consumers and businesses.
As part of this activity, we may store Data about individuals and companies that includes Personal Information. We define “Personal Information” as information that can be used to identify individuals, and includes, but isn’t limited to:
• Email Address
• Postal address
• Postal Code
• Telephone Number
• Bank information
We may collect this information at a number of different times. These include:
• Placing an order on one of our websites
• Commenting on a blog article
• Contacting our support team
• Direct Contact & Communication including via social media
You contact this website and/or it’s owners at your own discretion. We store your details privately and securely when required, or with your specific permission (As detailed in the General Data Protection Register). We make every effort reasonable to secure information submitted by email, also (including forms), but warn customers and other users that information is submitted at their own risk.
The information you provide while using our websites may be used to provide you with additional information about the products and services we offer with your permission, including answering any questions you may have. We will NOT pass your details on to third parties.
Email Marketing and Newsletters
We may subscribe you to email communications or newsletters, but you would need to give permission at the time we were provided with the information. We will always provide the option to unsubscribe, in compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003. Our email information services may include offering specific email alerts relating to areas of interest you have enquired about or pursued with us previously, where you have indicated a preference.
This is not an exhaustive list of your user rights regarding contacting you by email. We will NOT pass your details on to third parties.
While this website only looks to include quality, safe and relevant links to external websites and resources, users are advised to adopt a cautious policy before clicking on any external links on this web site (An External Link is defined as text or images, including ‘banners’, that will launch/lead to another website. An example would be the BBC, or a blog).
As these sites are outside of the control of the owners of this website, their content cannot be verified or guaranteed past the time when the link is created. Users should therefore be aware that they click on any such link at their own risk, and the website, its owners or staff cannot be held liable for any damages or implications caused by, or arising from clicking on a link.
Social Media Platforms
Any communications, engagement or other actions taken through external social media platforms that this website, and the owners of this website participate in are custom to the terms and conditions (and privacy policies) held by the social/media platform(s) involved respectively.
You, as a user, are advised to use Social Media wisely, and cautiously. You should apply care with regards to your personal information and privacy. This website, or its employees, will never ask for personal or payment details via Social Media, and encourage users wishing to discuss such matters to contact us via primary communication channels such as the telephone or email.
This website may use Social Sharing buttons to share content we post via various Social Media platforms directly. Users are advised that using such buttons are at their own discretion, and to remember that the social media platform may save information about that share, it’s originating point, and other data available to it.