Our Commitment to Privacy
Cinder Cards has created this privacy statement in order to demonstrate our firm commitment to privacy.
Our principle guidelines are simple. We will be clear about the data we collect, store and use and the reasons why. We will also be clear about the choices you can make about the data we collect, and how you can control these decisions.
The prime purpose of collecting your data is to improve your experience and engagement with Cinder Cards and its online store. We will process your personal information in accordance with the applicable data protection laws for your territory and in accordance with this notice.
This policy applies to all information provided by you or collected by us through all products and services offered by Cinder Cards, via any Cinder Cards-controlled websites and other interactions including, but not limited to, email, telephone, meeting, event or social media.
The terms ‘we’, ‘us’, or ‘Cinder Cards’ are each intended as reference to Cinder Cards
EMEA Registered Address: We are not a company. Cinder Cards is an online store that resells second-hand collectibles. The only individual associated with running the store is based in Slough, Berkshire. As Cinder Cards is run by a private individual, we will provide address details of the owner of Cinder Cards but only if requested. You will need to provide a valid reason for us to provide you with our address details as it is a residential property.
EMEA Trading Addresses: We are not a company. Cinder Cards is an online store that resells second-hand collectibles. The only individual associated with running the store is based in Slough, Berkshire. As Cinder Cards is run by a private individual, we will provide address details of the owner of Cinder Cards but only if requested. You will need to provide a valid reason for us to provide you with our address details as it is a residential property.
How to Contact Us
DEFINITION OF PERSONAL DATA
This policy relates to the collection, use, storage and sharing of ‘personal data’ which is defined as:
- Information that relates to an identified or identifiable individual.
- What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address, a cookie identifier, or other factors.
- When considering whether information ‘relates to’ an individual, a range of factors, including the content of the information, the purpose or purposes for which you are processing it and the likely impact or effect of that processing on the individual, needs to be considered.
- It is possible that the same information is personal data for one controller’s purposes but is not personal data for the purposes of another controller.
Definition taken from the ICO (Information Commissioner’s Office), the Data Protection Regulator for the United Kingdom. More information available at https://ico.org.uk/.
WHY WE PROCESS YOUR DATA
We may use your information for the following purposes:
- Send you relevant content and updates that may be of interest to you.
- Send you relevant products/services that may be of interest to you.
- Process orders, and payments for products/services.
- Invite you to an event/webinar or competition that may be of interest to you.
- Seek your views/comments on the products/services that we provide.
- Notify you of changes to our services.
- Process a comment on our content.
- Request that you update your preferences.
OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
We will process personal data for any of four lawful reasons:
- Contractual obligation: For the purchase and delivery of products and services to Cinder Cards Customers.
- Legitimate interests: For all activities related to engagement with prospective Customers and Opportunities. Plus in engagement with Customers outside of Contractual obligation and for the completion of satisfaction and feedback surveys and reviews.
- Consent: For the purposes of ascertaining positive opt-in for marketing communications outside of Contractual Obligation and Legitimate interests.
- Legal Obligation: To enable us to perform our side of the Contractual Obligation with our customers and meet our legal obligations for financial reporting.
Where required and appropriate we will seek positive consent to ensure we provide information that you are interested in receiving. These topic areas are:
- Company & Products: e.g. news, updates, product features and benefits, offers and promotions.
- Testimonials: We may contact you to ask if you can provide a testimonial for our services that you have received.
- Events & Webinars: e.g. Cinder Cards and third party activities such as conferences, exhibitions, workshops and webinars.
- Blog Updates: If you subscribe to receiving monthly updates of blog posts.
Where consent is sought and not given or is withdrawn we will cease to communicate as instructed – whether for individual topics or wholesale communications.
Any communications sent will include links for you to update your Consent Preferences or unsubscribe to communications.
COLLECTING YOUR PERSONAL DATA
Information you provide to us: We collect information you voluntarily provide to us via on-line request/order forms, email, through social media, or verbally, including that termed as ‘personal information’ such as your name, phone number and email address; for instance, when you want to
- Learn more about Cinder Cards, its products and services.
- Request access to our content resources (such as videos, Guides and webinars).
- Complete feedback and surveys.
- Interact with us for assistance with your purchase or pre-purchase enquiry.
In addition for the purchase of products/services we collect financial information (such as account or credit card details) for billing/payment requirements.
Information we collect automatically: Cinder Cards makes use of a technology called “cookies” which stores small pieces of information on your computer.
We automatically collect information through cookies and similar technologies when you use, access or interact with us via our websites, landing pages, email, advertisements or apps.
The following types of cookies are implemented to help improve your engagements, identify repeat visitors and offer a personalised service as described below:
- Strictly necessary cookies: to enable you to navigate our site and gain full access to its features and secure areas.
- Performance cookies: allows us to analyse and improve the performance of our website to provide you with better on-line experiences.
- Preferences/Functionality cookies: remembers choices you made on previous visits to our site so we can provide enhanced, more personal features as well allowing automated completion of forms with information previously provided.
- Marketing cookies: are used to deliver adverts more relevant to your personal interests, to limit the amount of times you see an advert and measure the effectiveness of adverts.
You may at any time opt-out of these cookies (except the Strictly Necessary Cookies). Please be aware that this may impact your experience of engaging with Cinder Cards as detailed above.
Cinder Card’s websites contain links to third party vendors, including Google, and may show our ads on other sites outside the Cinder Cards domains. Cinder Cards is not responsible for the privacy practices or the content of such websites.
Information obtained from other sources
We may receive information about you from other sources, including third parties, such as:.
- Social Media Platforms: we may also receive information about you from LinkedIn or other social platforms for instance, when you interact with us on these platforms or when we undertake research.
- Third Party Events: which we attend or sponsor.
- Lead Generation: third parties undertaking lead generation activities on behalf of Cinder Cards, such as telemarketing, comparison sites and content syndication.
- Facebook & Google Advertising: You may visit our website after clicking on a paid-for Facebook or Google Advertisement.
We protect data obtained from third parties according to the practices described in this Statement and we also apply any additional restrictions imposed by the source of data.
We will ensure that such data supplied meets the requirements of data protection legislation.
Information on Children
Cinder Cards does not target and is not intended to attract children under the age of sixteen. Although visitors of all ages may navigate through our websites or other activities, we do not knowingly collect or request personal information from those under the age of sixteen without parental consent. If we believe that a payment has been made to us by a child under the age of sixteen, by using whatever resource or information available to us, we will decline the purchase, refund it and delete the account or guest-purchase.
If, following a notification from a parent, guardian or discovery by other means, a child under sixteen has been improperly registered on our site by using false information, we will cancel the child’s account and delete the child’s personal information from our records.
Cinder Cards does not collect any sensitive information (for example, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on our websites or any other means.
STORING AND PROCESSING YOUR PERSONAL DATA
Your Personal Data may be in some instances, stored and processed outside of Europe due to the location of where some of the industry leading systems we use are hosted. The locations for each system are:
- Our Website Hosting: Based in Europe, utilising Godaddy Hosting.
- Financial Information: Data Based on European Servers of Godaddy Hosting.
- User Information: Based in Europe, utilising Godaddy Hosting.
- Email and office applications: United Kingdom own infrastructure.
- Marketing Automation Solution: United States of America (compliant to EU-U.S. Privacy Shield Framework).
- Feedback Surveys: United States of America (compliant to EU-U.S. Privacy Shield Framework).
Cinder Cards has implemented appropriate specific measures to ensure an adequate level of protection of your Personal Data when processed to countries outside of Europe.
SHARING YOUR PERSONAL DATA
We do not and will not sell your data or disclose any individually identifiable information about our users to third parties.
Sharing Data Outside of European Economic Area
We do not share personal data collected for individuals located within the UK or EU, with any bodies outside of the UK or EU. Our Website is hosted on Godaddy European Serves.
Godaddy is an American company. It may not explicitly access any data associated with a private individual without our permission.
HOW LONG WE KEEP DATA
Cinder Cards only processes personal data for as long as necessary to meet our legal & Accounting obligations or where we have a legitimate reason for keeping it. We review personal data on a case by case basis and document the period of retention for each.
For further information on how long Personal Data is likely to be kept before being removed from our systems and databases, please contact us directly.
YOUR RIGHTS IN RELATION TO YOUR DATA
Under Data Protection Law you have a number of Rights that are focused on placing you in control of how your data is processed:
- Right to be Informed: on how your personal data is processed
- Right to Access: to the personal information we hold about you.
- Right to Rectification: of any inaccurate personal information we hold about you.
- Right to Erasure: to request that we delete your data, or stop processing it or collecting it, in some circumstances.
- The Right to Object: to the processing of your data, such as requesting us to stop sending you marketing communications.
- Right to Data Portability: request your personal data to be sent to another service provider.
- Right to Lodge a Complaint: with relevant country relevant Data Protection Regulator.
You can reasonably request access to the personal data we hold on you, at any time, and we will provide that information free of charge within one month of your request at the latest.
You can request inaccurate or incomplete personal data held on you to be rectified or completed or for your personal data to be suppressed or erased, and we will respond within one month of your request at the latest.
We may request you to provide a copy of your ID card or otherwise evidence your identity.
We will supply any data you request in a Microsoft Word Document.
RIGHT TO OPT-OUT
You have the right to opt out of our marketing communications at any point, and we will deal with your request right away. You can unsubscribe from our emails automatically by submitting this unsubscribe form. Alternatively, you can amend your email preferences via our preference centre.
EMEA Region: To opt out of our direct mail or telephone marketing please email us at firstname.lastname@example.org
SECURITY OF PERSONAL DATA
At Cinder Cards we take the security of personal data extremely seriously. We have implemented a mixture of cyber security controls, encryption and Information Security Processes, and we are actively working towards Cyber Essentials Certification.
We assess security for Confidentiality, Integrity and Availability to ensure that data remains protected, accurate and available for its intended purposes. Some of the core controls we have implemented as part of these certifications are:
- Technical assessmentsof our systems for vulnerabilities and configuration.
- Controlled accessto only approved individuals.