Privacy Policy

We are committed to preserving the privacy of all our visitors to www.cardfactory.co.uk ("the Website"). Please read this policy to understand how we use and protect the information that you provide to us.

Note that this privacy policy also covers our web application, that is available on iOS and Android mobile devices ("the App"). If there are any differences between the Website and the App, we will make that clear. Otherwise, references to "the Website" will cover all platforms.

Who we are

The Website is operated by Sportswift Limited t/a cardfactory (a company registered in England and Wales with company number 03493972 whose registered office is at Century House, Wakefield 41 Industrial Estate, Wakefield, WF2 0XG ("cardfactory"). cardfactory is the data controller of the data you provide. For further information about your data please contact our Data Protection Officer at dpo@cardfactory.co.uk.

Your personal data

By either registering as a user of our Website or the App, or by using the Website generally, you are consenting and are in agreement in our use of your personal data. This use is in accordance with this privacy policy. Your use of the Website is also governed by the Website's general terms and conditions. Please ensure you have read and understood those terms and conditions in addition to this policy.

We collect and use certain types of your personal data, depending upon what activities you perform on our Website or App:

1. When registering with the Website or App:

Your name, address, email address, plus other contact details.

2. When making purchases via our Website or App:

Your name, address, email address plus other contact details and payment details, such as credit/debit cards or other payment types like PayPal. We do not store any of your payment details.

If you are sending a card or gift to someone, the recipients' personal data may be included, especially if the product is a personalised one. We will email you to notify you of your purchase status and delivery.

3. When contacting or communicating with us:

Depending upon the nature of the correspondence, your personal data may be included when you contact us, through our Website or App, via email, letter or social media. We may record and monitor incoming calls in order to maintain customer service standards and to assist staff training.

4. Website or App administration:

Your personal data, as listed above, can also be used to:

  1. notify you of important changes and developments regarding our Website or App. These message types are called Service emails and are separate to Marketing messages.

  2. to analyse your purchasing preferences (for example, market, customer and product analysis) to enable us to:
    1. to provide you with a personalised browsing experience when using the Website; and
    2. to review, develop and improve the products we offer.
Lawful Basis

We collect and use the personal data above with your consent and, when you are making a purchase, to complete the contractual obligation we have with you – ie to supply the products you are wanting to purchase.

Marketing

Should you opt-in to our Marketing messages, then we can lawfully process your personal data through consent and though legitimate interests. We perform a legitimate interest assessment to ensure that any personal data processed under this lawful basis is properly balanced so that your rights under data protection laws are considered and continue to be respected.

Our Marketing messages, (including goods and services of other companies within our group) include: information about our products and services; invites to complete surveys based on your experience with cardfactory or about our products and services; to provide you with special offers, discounts or general offers; or to invite you to enter competitions which we consider may be of interest to you, by any of the following methods:

  1. email;
  2. telephone;
  3. Push notifications;
  4. SMS text messages and other electronic messages such as picture messaging;
  5. Post; and/or
  6. social media.

You always have the means to opt out of receiving Marketing messages. Marketing emails will have an ‘unsubscribe' or ‘manage my preferences' link, which will allow you to change your marketing communications with us. You can also opt out through your account settings on our Website or our App. Push notifications will need to be adjusted through the App.

Event Reminders

This is an optional service that enables you to set up reminders for upcoming events either in your account or during the checkout process.

To activate the service, you must set up your reminder at least 3 weeks prior to the event. We will then send you push or email notifications before your event date, containing information on the event as well as any special offers that are active at the time.

It is important to note that each reminder is distinct from other cardfactory marketing activities. By setting up Event Reminders, you give us permission to email or notify you about the event date. Your existing choices regarding other marking activities will remain in place and it is not a condition to accept marketing messages in order to benefit from the Event Reminder service.

If you decide you no longer wish to receive Event Reminders, you must delete the specific ones you have set up from your personal account.

As part of the Event Reminder set up process, you will be given the opportunity to opt-in to other marketing communications. If you do opt in, you can expect to receive promotional content and newsletters that may not be directly relevant to your event reminders. Any promotional content or newsletters will be about cardfactory products and services.

However, those who opt out of marketing (or people who already have opted-out prior to setting up any Event Reminders) will only receive communications regarding their Event Reminders.

This doesn't affect the issuing of Service Messages, which are information-only notifications about your account or the Website and not considered to be Marketing messages.

Your rights in respect of your personal data
Under data protection law, you have a variety of rights. These include:

  1. Your right of access - You have the right to ask us for copies of your personal information.
  2. Your right to rectification - You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  3. Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  4. Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  5. Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  6. Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are ordinarily not required to pay any charge for exercising your rights. If you make a request, we have typically must respond back to you within one month.

If you would like to carry out your right to erasure, please contact the Data Team at datateam@cardfactory.co.uk.

For any of the other rights, or if you have any other questions about the data we hold about you, please contact our Data Protection Officer at dpo@cardfactory.co.uk.

Cookies

Our site uses cookies to enable the site to operate, along with other functions. Please see our dedicated cookie policy page for more info.

Security of your personal data

We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We treat all of your information in strict confidence and we endeavour to take all reasonable steps to keep your personal information secure once it has been transferred to our systems.

However, as the Internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the Internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful actions.

We also employ an anti-spam policy and follow the guidelines as set out in the Privacy and Electronic Communications Regulation (PECR). Spam, also known as junk mail, is an unsolicited commercial email message, commonly sent in bulk email messages. "Unsolicited" means that the recipient has not consented to the message being sent. "Bulk" means that the message is sent as part of a larger collection of messages, all having substantively identical content. The term 'spamming' refers to transmitting, distributing or delivering any unwanted commercial e-mail correspondence, especially in mass quantities, through the electronic means of communication.

Data retention

We will retain your information in accordance with the retention periods in this policy or for as long as the law requires. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Aggregated data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Third parties

In order to provide you with the services, cardfactory does employ third parties. These third parties are grouped into broadly the following types:

  1. Infrastructure, which includes all aspects of the website, eg the building of, maintenance, hosting;
  2. Service fulfilment, which includes the selection, design and delivery of the goods you buy from our website;
  3. Communications and marketing, which includes goods emailing update and notification services, handling and managing of our tell cardfactory online customer panel, assistance with our email and marketing campaigns.

Regardless of type, all our suppliers are required to conform to the same data protection standards that you expect from us. We ensure that appropriate due diligence activities are carried out prior to engaging with prospective suppliers, we only use contracts that can be legally upheld by English courts and audits are carried out with them as we need to.

We only share data as required to fulfil the contractual obligations, if we are under a duty to disclose your personal data in order to comply with any legal requirements, or as defined in this Privacy Policy. If we wish to use your personal data differently to that you have already agreed to and that we are reliant upon your consent to do so, we will ask you in advance.

Children

Our Website and App are not intended for children. You may include children's personal data on products you purchase, but we do not knowingly collect data relating to children, nor is it needed to enable our Website or App to function.

Complaints

If you are unhappy about the way in which we store or process your personal data, we would prefer it if we could understand your concerns and have an opportunity to address these. Please contact our Data Protection Officer at dpo@cardfactory.co.uk regarding this.

You can also complain to the Information Commissioners' Office (ICO) if you are unhappy with how we have used your data.

The ICO's postal address is:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Their helpline number is: 0303 123 1113

Their website is: https://www.ico.org.uk and they have a dedicated ‘make a complaint' section on the front page.

Changes to this Policy

We keep our privacy policy under regular review. We may amend and update this policy from time to time. Any changes in the future will be posted to the Website and where appropriate, through email. All comments, queries and requests relating to our use of your information are welcomed and should be addressed to dpo@cardfactory.co.uk.

This policy was last updated in March 2024.