1. INTRODUCTION
This privacy policy describes how and why we collect and process your personal data, including
when you use our website www.cardaxis-uk.com.
Ashley L Emmott t/a Cardaxis (referred to as we/us/our in this policy) is the data controller. This means we are responsible for your personal data.
By using our website or providing us with your data, you agree to our use of your personal data and you warrant that you are over 13 years of age.
2. THE DATA WE COLLECT AND WHY
Personal data is any information about an individual which can be used to identify them. We may process the following types of personal data about you:
• Customer data which includes data relating to any purchase of goods and/or services from us. This can include your name, billing and delivery address details, email address, phone number and details of your purchases.
We process this data so we can supply the goods and/or services you have purchased and to keep records of your transactions with us. Our lawful ground for processing this data is for the performance of the contract between us and you.
• Communication data which includes any communications that you send to us via any means including but not limited to our website contact form or chat function, email, text message, social media, or enquiries sent via external websites where we may advertise our services.
Our reason and lawful ground for processing this data is so we can communicate with you, to keep records and to establish, pursue or defend legal claims.
• User data which includes data about how you use our website together with data that you post on our website or other online services. We process this data so we can operate and ensure the security of our website, to maintain backup of our website and databases, and to provide you with relevant content.
Our lawful ground for processing this data is our legitimate interest to properly administer our website and business.
• Technical data which includes data about your use of our website such as: your IP address, login data, browser details, page views, length of your visit to pages, time zone and other technology on the device you use to visit our website.
Our data analytics tracking systems are the source of this data. We process this data so we can analyse your use of our website, to administer and protect our business and website, to deliver relevant website content and advertisements to you and so we can understand the effectiveness of our advertising.
Our lawful ground for processing this data is our legitimate interest to properly administer our website and business, and to grow our business and decide or marketing strategy.
• Marketing data which includes data about your marketing and communication preferences. We process this data so you can take part in our promotions, to deliver relevant website content and product or service information to you, and to understand the effectiveness of this advertising.
Our lawful ground for processing this data is our legitimate interest to measure how customers use our products and services, to grow our business and decide our marketing strategy.
• Reviews data which includes data relating to any reviews you submit about us on our website or by email, or via other online platforms such as Trustpilot or social media websites. This data can include your name and business or employer’s name and your email address.
We process this data to collect feedback about our products and services to ensure that your expectations have been met. We may publish your reviews on our website or social media profiles to promote our business.
3. HOW WE USE YOUR DATA
We may use the data set out in section 2 to deliver relevant website content and advertisements to you, and to measure and understand the effectiveness of such advertisements. Our lawful ground for processing this data is our legitimate interest to grow our business.
It is your responsibility to obtain consent from individuals to share their personal data with us. You must update us if consent is withdrawn by a data subject so we can remove all relating data from our systems.
We will only ever use your personal data for the purpose it was collected or for a reasonably compatible purpose if necessary. If we do need to use your data for a new unrelated purpose we will always let you know and will explain the legal grounds for the processing. Where required or permitted by law, we may process your personal data without your knowledge or consent.
4. SENSITIVE DATA
We do not collect sensitive data about you. Sensitive data refers to data such as your ethnicity, religious or philosophical beliefs, political opinions, health data or sexual orientation.
5. HOW WE COLLECT DATA
We may collect data about you when you provide it directly to us, such as when completing forms on our website or when emailing us. Our website uses cookies and other technology to automatically collect anonymous data about you when you use our website. We may receive data from third parties such as:
• Website analytics and search information providers such as Google based outside the EU.
• Advertising networks such as Facebook based outside the EU.
• Payment and delivery services such as data brokers or aggregators.
We may also receive publicly available data from Companies House and the Electoral Register based inside the EU.
6. DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with third parties. All third parties we engage with are required to treat your data in accordance with the law. Third parties are only allowed to process your personal data for specified purposes in accordance with our strict instructions. The types of third parties that we use include:
• Third party courier and delivery companies for the purpose of delivering physical goods.
• Third party suppliers for the purposes of fulfilling and delivering your order.
• System administration and IT services.
• Professional advisers such as financial services, insurers, and legal advisers.
• Third parties to whom we may sell, transfer or merge parts of our business or assets with.
7. INTERNATIONAL TRANSFERS
Some of our third party service providers are based outside the European Economic Area (EEA) which means the processing of your data may include transfer of the data outside the EEA.
If we transfer your data outside the EEA, we take steps to ensure your data is treated with a similar degree of security with at least one of the following safeguards in place:
• The country to which your data is transferred has been approved by the European Commission as providing an adequate level of personal data protection; or
• We may use US-based providers who are part of the EU-US Privacy Shield which means they have equivalent safeguards in place.
• We may use US-based providers who are part of the EU-US Privacy Shield which means they have equivalent safeguards in place.
If the above safeguards are not available, we may request your consent to any specific transfers. You have the right to withdraw this consent at any time.
8. DATA SECURITY
We store your data on encrypted hard drives and on sometimes on servers outside of the EU (see section 6). The personal data you send to us for the purpose of printing personalised ID cards and similar goods is stored on in-house encrypted hard drives, which are only accessed by authorised personnel who have a legitimate business need to access your data.
We have security measures in place to prevent your personal data from being lost, accessed, used, altered or disclosed without authorisation. Your personal data can only be accessed by employees and partners who have a business need to access such data.
We have measures in place to deal with any suspected personal data breach, and will notify you and the required regulators of a breach if we are legally required to.
9. DATA RETENTION
We only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for legal, accounting and reporting requirements.
When deciding for how long we should keep your data, we look at the amount, nature and sensitivity of the data along with the potential risk of harm from unauthorised use or disclosure of said data.
For tax purposes the law requires us to keep basic information about our customers which includes contact, identity, financial and transaction data for six years.
10. YOUR LEGAL RIGHTS
We want to make sure you are fully aware of your data protection rights. Every user is entitled to the following:
• The right to access – You have the right to request copies of your personal data. We may charge you a small fee for your request if it is clearly unfounded, repetitive or excessive.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to us processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
How to exercise your rights
If you wish to exercise any of your rights set out above, please email us: hello@cardaxis.co.uk or write to us: Ashley L Emmott t/a Cardaxis. 286 Bolton Road, Greater Manchester, M26 3GP.
We aim to respond to all legitimate requests within one month. If your request is complex or if you have made multiple requests, it may take us longer. We may also need to confirm your identity to ensure that personal data is not disclosed to any person who has no right to receive it.
If you wish to complain about our use of your personal data, please contact us. We will endeavour to resolve any problems and if we are unable to help, you have the right to submit a complaint to the Information Commissioner’s Office (ICO).
Learn more about your rights on the ICO website: www.ico.org.uk
11. THIRD PARTY LINKS
Our website may include links to third party websites and applications. Clicking on such links may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their own privacy statements.
12. COOKIES
Our website uses cookies. These are small text files that are placed on your computer by our website. Some of these cookies are essential for our website to work and some give us insight into how you use our website which we may measure so we can tailor our website structure and content to visitor needs.
You can set your browser to refuse all or some cookies. If you disable or refuse cookies our website may not function properly or may become inaccessible.
You can view our cookie policy here.
13. ABOUT US
Legal entity: Ashley L Emmott t/a Cardaxis™
Email address: hello@cardaxis.co.uk
Registered address: 286 Bolton Road, Greater Manchester, M26 3GP
Telephone: 0161 900 5383
If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
This document was last updated on 19th December 2022.