Privacy Policy

Policy version: This Privacy Policy was created on 18 May 2023.

Introduction

Cardpem is a trading name of CARDPEM Limited; the website is at: and the domain name: <cardpem.com> all belong to CARDPEM Limited (“We”), (“US”).

The Terms of Use (“Agreement”) for the Cardpem.com website is made as of the Effective Date, by and between Cardpem.com, (“CARDPEM LIMITED”), 71-75 Shelton Street, Covent Garden, WC2H 9JQ, London and you, the party identified as the user(“User”).

This privacy policy, together with our terms and conditions and any other policies referred to within, explains what information we gather about you, what and how we use that information, the lawful basis on which that information is used, and to whom we give that information. It also sets out your rights and our obligations concerning your information and whom you can contact for more information or queries.

Please print a copy of this privacy policy for future reference.

We are the controller of personal data obtained via our Site, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

We take your privacy very seriously. Please read this privacy policy carefully, as it contains important information on who we are and how and why we collect, store, use and shares any information relating to you (your personal data) in connection with your use of our website. It also explains your rights concerning your personal data and how to contact the relevant regulator or us if you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so, we are subject to the UK General Data Protection Regulations (UK GDPR).

Children

We understand the importance of protecting children’s privacy. Our Site is not designed for or intentionally targeted at children. It is not our policy to knowingly collect or store information about children.

Given the nature of our website, we do not expect to collect the personal data of anyone under 18 years old. If you are aware that any personal data of anyone under 18 years old has been shared with our Site, please let us know so that we can delete that data.

This privacy policy is divided into the following sections:

What this policy applies to
Personal data we collect about you
How your personal data is collected
How and why we use your personal data
Marketing
Who we share your personal data with
How long your personal data will be kept
Transferring your personal data out of the UK [and EEA] and US
Cookies [and other tracking technologies]
Your rights
Keeping your personal data secure
How to complain
Changes to this privacy policy
How to contact us
Do you need extra help?

What this policy applies to

This privacy policy relates to your use of our Site only.

Throughout our Site, we may link to other websites owned and operated by certain trusted third parties. Those third-party websites may also gather information about you under their privacy policies. Please consult their privacy policies as appropriate for privacy information relating to those third-party websites.

Personal data we collect about you

The personal data we collect about you depends on the particular activities carried out through our website. We will collect and use the following personal data about you:

your name, address and contact information, including email address and telephone number and company details
information to check and verify your identity, e.g. date of birth
your gender, if you choose to give this to us
location data, if you choose to give this to us
your billing information, transaction information, payment details
details of any information, feedback or other matters you give to us by phone, email, post or via social media
your account details, such as username and login details
your activities on, and use of, our website
your personal or professional interests
information about the services we provide to you
information about how you use our website
your responses to surveys, competitions, and promotions

You must provide this personal data, including your name; age; date of birth; gender; email address; home address; and country of residence unless we tell you that you have a choice.

Sometimes you can choose if you want to give us your personal data and let us use it.

Where that is the case we will tell you and give you the choice before you give the personal data to us. We will also tell you whether declining to share that personal data will affect your use of our website or any services on it.

We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data below.

How your personal data is collected

We collect personal data from you:

Directly when you enter or send us information, such as when you provide information by filling in forms on our Site. This may include information provided at the time of registering, subscribing to any of our services, posting material, sending messages and posting using our messaging tool, giving reviews, making or receiving payments through your CARDPEM User Account or requesting further services.

Details of transactions and projects you carry out via our Site.
We may ask you for information when you report an issue or concern or we have or receive a complaint or query about you (whether or not a formal dispute is raised).
We will keep accounts of reports of illegal activity made by Users or Third Parties regarding the use of the Site, including violation of the guidelines in the terms and conditions. This Report Data will consist of the user report reason and date/time.
We may keep a record of correspondence between you and us.
Please complete the surveys we use for research purposes, although you do not have to respond to them.
We may collect or obtain personal data from you because we observe or infer that data about you from the projects you undertake or the way you interact with us or others. For example, to improve your experience when you use our Site and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and Web beacons which may collect personal data.
Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookie Policy.

How and why we use your personal data

Under Data Protection Laws, we can only use your personal data if we have a proper reason, e.g.:

where you have given consent
to comply with our legal and regulatory obligations
for the performance of a contract with you or to take steps at your
request before entering into a contract, or
for our legitimate interests or those of a third party
the purposes for which we process your personal data
create and manage your account with us
providing the Site
to enforce legal rights or defend or undertake legal proceedings
retaining and evaluating the information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended
communications with you not related to marketing, including about changes to our terms or policies or changes to our Site or other important notices
protecting the security of systems and data used to provide the services
analysis of statistical data to help Users understand the level of engagement via the Site
updating and enhancing user records
disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, eg to record and demonstrate evidence of your consents where relevant
marketing our services to existing and former Users

We will only process your personal information for the above purposes, except for consent, because:

of our legitimate interests in the performance of activities that form part of the operation of our business;
of our legitimate interests in the effective and lawful operation of our business so long as such interests are not outweighed by your interests or fundamental rights and freedoms;
of the legal and regulatory obligations that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
the information is required in order to carry out the activities that form part of the operation of our business (e.g. the processing is necessary to perform our contractual obligations towards you).

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.

We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).

Examples of the ‘legitimate interests’ referred to above are:

to benefit from cost-effective services (e.g. we may opt to use certain IT platforms offered by suppliers);
to verify the accuracy of information provided by a third party.
to prevent fraud or criminal activity.
to safeguard the security of our IT systems, architecture and networks, and of our physical premises; and to the extent that we process any sensitive personal data relating to you for any of the purposes outlined above, we will do so because either: (i) we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti money laundering’ obligations (or other legal obligations imposed on us); (ii) the processing is necessary to carry out our obligations under employment, social security or social protection law; (iii) the processing is necessary for the establishment, exercise or defence of legal claims; or (iv) you have made the data manifestly public.

Who we share your personal data with

We routinely share personal data with:

third parties we use to help deliver the Site
other third parties we use to help us run our business, e.g., marketing agencies, payment partners or website hosts and website analytics providers
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We or the third parties mentioned above occasionally also share personal data with our professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations, law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations

How long your personal data will be kept

We will hold your personal data on our systems for the longest of the following periods: (i) as long as is necessary for the relevant activity (which is typically 7 years); (ii) any retention period that is required by law or regulation; or (iii) the end of the period in which litigation or investigations might arise in respect of our activities.

Cookies and other tracking technologies

We use cookies on our Site.

Please see our Cookie Policy below:

Cookies Policy

We use cookies to ensure that we give you the best experience on our website to personalise content and adverts and to analyse our traffic using Google Analytics. What’s a cookie?

A “cookie” is a small file that is stored on your computer’s hard drive and which records your navigation of a website (if you allow) so that, when you revisit that website, it can present tailored options based on the information stored about your last visit.

Cookies can also be used to analyse traffic and for advertising and marketing purposes. Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings.

How do we use cookies?

We use cookies to:

• Track your use of our website to compile aggregate data about site traffic and interaction.

• Remember preferences and information about you so you don’t have to provide it again This enables us to understand how you use the site and track any patterns that emerge. This helps us to develop and improve our website and services in response to what our visitors want and need.

The table below lists the cookies that we use and describes their purpose.

Cookie Name	Type	Session / Persistent	Description
PHPSESSID	Session	Session	Where login functions are required, this prevents you from having to log into each page.
language_id	Functionality	Session	Used to track website usage. An anonymous ID to help differentiate users on the Google Analytics platform, but with an expiration date of just 24 hours.

We use Google Analytics service on our website to help track which content is popular and to track the effectiveness of any advertising campaigns.

To help the analytics service work, cookies are stored on your computer. A table can be found below which lists the cookies and their purpose.

Cookie Name	Type	Session / Persistent	Description
_ga	Performance	Persistent	Used to track website usage. An anonymous ID to help differentiate users on the Google Analytics platform with a 2 year expiration date.
_gid	Performance	Session	Used to track website usage. An anonymous ID to help differentiate users on the Google Analytics platform, but with an expiration date of just 24 hours.
_gat	Performance	Persistent	Used to throttle (reduce the frequency) of requests to Google Analytics service

There are different types of cookies:

First party cookies: these are set by the website you’re visiting and only that website can read them.

Third party cookies: these are set by someone other than the website you’re visiting. Some website pages may feature content from other sites such as Twitter and YouTube which may have their own cookies. Sharing a website page on another service page e.g. Stripe may also set a cookie on your browser.

Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any information from your computer.

Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We use persistent cookies for Google Analytics and for personalisation (see below).

Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when applying for a job, and therefore cannot be turned off. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.

Functionality cookies: These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised.

Personalisation cookies: These cookies help us to advertise details of products or services that we think may be of interest. These cookies are persistent (for as long as you are registered with us) and mean that when you log in or return to the website, you may see advertising for products or services that are similar to information that you have previously browsed.

How long do cookies last?

Some cookies are removed when you finish your session and exit the browser. Others are more long-term, sometimes indefinite, and are saved onto your device so they’re there when you return to the website.

How to reject cookies

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies if you don’t want to receive cookies that are not strictly necessary to perform basic features of our site. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.

If you disable cookies, some of the features that make your site more efficient, may not function properly.

Cookies can be disabled at any time, even if you have previously accepted them.

For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.

Your rights

You generally have the following rights, which you can usually exercise free of charge:

Access to a copy of your personal data	The right to be provided with a copy of your personal data
Correction (also known as rectification)	The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)	The right to require us to delete your personal data—in certain situations
Restriction of use	The right to require us to restrict use of your personal data in certain circumstances, e.g., if you contest the accuracy of the data
Data portability	The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object to use	The right to object: —at any time to your personal data being used for direct marketing (including profiling) —in certain other situations to our continued use of your personal data, eg where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you We do not make any such decisions based on data collected by our website
The right to withdraw consents	If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time You may withdraw consents by contacting Us at info@cardpem.com. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under UK GDPR.

If you would like to exercise any of those rights, please write to us at info@cardpem.com

providing enough information to identify yourself (e.g., your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you and

let us know which right(s) you want to exercise and the information to which your request relates

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it. We also have procedures to deal with suspected data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

No personal information will be shared with third parties/ affiliates for marketing/ promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

How to complain

Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with the Information Commissioner in the UK.

The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

Changes to this privacy policy

We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example via email info@cardpem.com and the update privacy policy will be published on our website.

How to contact us

Individuals in the UK and US

You can contact us via by post, or email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under Data Protection Law or to make a complaint.

Our contact details are shown below:

Our contact details	Our Data Protection Officer’s contact details
CARDPEM LIMITED 17-75, Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom info@cardpem.com	Boye T 17-75, Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom info@cardpem.com