- “Data Protection Legislation” shall mean the General Data Protection Regulation and any legislation implemented in connection with the General Data Protection regulation and any replacement legislation coming into effect from time to time.
- “General Data Protection Regulation” (“GDPR”) shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
- “Personal Data” shall have the meaning given to that term in the Data Protection Legislation in force from time to time
- “Carte Blanche” shall mean all Companies who are part of the Carte Blanche Group, including but not limited to, Carte Blanche Greetings Limited and Is It Art Limited.
Collecting & Using Information
We always look to provide the best possible service to you, our customer, we may need to collect personal information to do so. When handling this kind of personal information, we promise to keep all personal information safe and secure, and to always respect your privacy.
What information about you do we collect?
The type of Personal Data we may collect and the purposes for which it is processed are set out below
- Username & Password
- First Name and Surname
- Date of Birth
- Billing and delivery addresses, email addresses & telephone number(s)
- Payment method
- Correspondence with and from Me to You
- Your preference about receiving communication from Me to You
- Information about your use of Me to You, and your browsing and online purchasing activities.
How do we use your personal information?
Your personal data will be collected, processed, stored, and used by us. When you place an order with us you agree to our terms and conditions. We need to process certain data to allow us to:
- Despatch the goods that you have ordered in accordance with our agreement
- To associate your account and your product purchases with you and to verify your identity
- To tailor aspects of Me to You to you
- To process payments you make for goods
- To pass your product order for delivery by a third party, arranged by us
- To provide customer support and improve your customer experience
- To contact you by email or telephone in relation to the products you have purchased
- Administration, support, improvement and development of Carte Blanche / Me to You business generally
- Marketing of new product ranges sold by Carte Blanche / Me to You
You will be given an opportunity to tell Carte Blanche whether you wish to receive direct marketing materials and communications from Carte Blanche at the time that you provide Personal Data to Carte Blanche. This is not compulsory, and you are able to opt out at any time. You acknowledge that it is within the legitimate interests of Carte Blanche to obtain, record and use Personal Data in connection with any orders placed.
Personal Data is as a minimum held for 7 years when an order has been placed to meet legal and regulatory obligations, such as addresses on invoices retained for HMRC requirements.
We will not share any information with any third party outside the Carte Blanche Group without your consent. Where Carte Blanche transfers Personal Data to third parties to enable them to process it on Carte Blanche's behalf, it will ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure. Where Personal Data is transferred to a country or international organisation outside of the UK / EEA, it will also comply with the relevant legal rules governing such transfers. For instance, we will share your data with our payment partner for payment of goods to be processed. We do not retain any payment information other than the shipping address. Payment details are stored to enable us to process returns but these details are stored by a payment service provider under contract with us.
It is of utmost importance to us that the security of your information is to a high standard. This is why we use unique names and passwords for registration. You are responsible for ensuring that your password is known only to yourself. Whilst we do not guarantee that your information will not be accessed, altered, or destroyed by outside sources, we make sure your privacy is as secure as possible from breaches. If your information is breached, we will notify our customers via email as soon as possible to inform you about the situation.
You have certain rights in relation to your Personal Data, although those rights will not apply in all cases or to all Personal Data that Carte Blanche holds. For example, Carte Blanche may need to continue to hold and process Personal Data to establish, exercise or defend its legal rights. Alternatively, the rights may not be enforceable until the General Data Protection Regulation comes into force. You may have the right to request that Carte Blanche / Me to You.
- Provides a copy of Personal Data that it holds
- Updates Personal Data where it is out-of-date or incorrect
- Deletes personal information that it holds
- Restricts the way in which Carte Blanche process Personal Data
- Considers any valid objections to its processing of the Reseller's Personal Data
Carte Blanche will respond to any request from the you (including providing information on whether the rights apply in the circumstances) within the applicable statutory time period.
Our website is as secure as we can make it, with up-to-date security features. The website uses 128-bit SSL (Secure Sockets Layer) encryption technology which is the most advanced level of security that is currently available for online purchasing. When you are in a secure area of the website, such as the checkout screens, you should see a solid padlock in your browser status bar to indicate that the encryption is taking place
We may collect analytics data which helps us track traffic and usage of our website. the information collected includes browser device, page visits, visit duration and other information. We use this to improve our website and the ease of use. This information is collected and aggregated so that an individual user’s data is not used singularly.
What happens in the event of a change of control?
We may sell/transfer the company or any combination of its products, services, assets and/or businesses. Your information such as customer names and email addresses, User Content and other user information we might hold may be among the items sold or otherwise transferred in these types of transactions. This would be for your benefit, meaning you will not have to register your details with the site in the case of this happening. We may also sell, assign or otherwise transfer such information during corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company.
Instances where we are required to share your information
Your choices about your information
You may update and edit your account information and email-communication preferences at any time by logging in to your account and changing your settings. You can also stop receiving promotional email communications from us if you wish to do so. Please allow 10 working days for data to be removed.
We make every effort to process all unsubscribe requests on a prompt basis. As noted above, you may not opt out of Service-related communications (e.g. account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices).
If you have any questions on how your data is being used, then please get in touch via our contact form.
Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. Depending on your type of device, it may not be possible to delete or disable tracking mechanisms on your mobile device. Note that disabling cookies and/or other tracking tools prevents Me to You from tracking your browser’s activities in relation to the Service, and for use in targeted advertising activities by third parties. However, doing so may disable many of the features available through the Service.
You will be asked whether you want to receive marketing communication from us at the point of purchase. You can change your marketing preference at any time by going to your account page. Alternatively, you can unsubscribe from communication through the ‘unsubscribe’ link at the bottom of emails.
When you place an order with us, but do not opt in to receive marketing communications we will still contact your if there is important information to tell you about your account, your order, delivery, or personal data.
We do not knowingly collect or solicit any information from anyone under the age of 16 or knowingly allow such persons to register as Users. The Service and its content are not directed at children under the age of 16. If we learn that we have collected personal information from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible.
Links to other websites and services
Phishing Emails & Calls
Phishing is the process of gaining someone’s personal data illegitimately. This is often done by email and telephone, with the phisher claiming to be from an official or legitimate source. Never share your personal information with someone claiming to be from us. If we need to legitimately contact you regarding your payment method or delivery (for example), we will ask you to call. If you believe someone is attempting to deceive you into passing your personal data over, please let us know as soon as possible. If you would like to learn more about phishing, please see the Action Fraud website.
If you have any questions on this policy, please feel free to get in touch through our contact form or e-mail GDPRenquiries@cbg.co.uk