Privacy and Cookie Policy
Privacy Policy
Information on this Website is supplied by Card Factory plc and, where indicated, third parties. The pages on the website (the "Website") are published, hosted and supported by a third party on behalf of Card Factory plc and we are committed to preserving the privacy of all our visitors to the website. Please read this policy to understand how we use and protect the information that you provide to us.
Who we are
Card Factory plc (a company registered in England and Wales with company number 09002747 whose registered office is at Century House, Wakefield 41 Industrial Estate, Wakefield, WF2 0XG (“cardfactory”, “us” or “we”).
cardfactory is the data controller of the data you provide. For further information about your data please contact our Data Protection Officer at [email protected].
Your personal data
By registering as a user of our Website, or by using the Website generally, you are consenting and are in agreement in our use of your personal data. This use is in accordance with this privacy policy.
We collect and use certain types of your personal data, depending upon what activities you perform on our Website or App:
-
When registering for general email alerts or notifications:
Your name, address, email address, plus other contact details.
-
When registering for Franchise or Wholesale opportunity email alerts or notifications:
Your name, address, email address, plus other contact details will be used to:
- Email you from potential investors who want to discuss a wholesale or franchise opportunity, if you have completed the Partnerships > Contact Us page
-
When contacting or communicating with us:
Depending upon the nature of the correspondence, your personal data may be included when you contact us, through our Website via the Contact US page, or by email, letter or social media.
The Contact Us page requires you to supply your first name, surname and email address.
-
Website administration:
Your personal data, as listed above, can also be used to:
- notify you of important changes and developments regarding our Website. These message types are called Service emails and are separate to Marketing messages.
Lawful Basis
We collect and use the personal data above with your consent and through legitimate interests. We perform a legitimate interest assessment to ensure that any personal data processed under this lawful basis is properly balanced so that your rights under data protection laws are considered and continue to be respected.
Your rights in respect of your personal data
Under data protection law, you have a variety of rights. These include:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are ordinarily not required to pay any charge for exercising your rights. If you make a request, we have typically must respond back to you within one month.
If you would like to carry any of the above rights, or if you have any other questions about the data we hold about you, please contact our Data Protection Officer at [email protected].
Cookies
A cookie is an element of data that a website can send to your browser, which may then be stored on your device (computer, tablet, smartphone etc).
Cookie Functions
Cookies enable a number of different functions and typically grouped into the following:
- Strictly Necessary cookies. These are cookies that are deemed as being absolutely necessary for the website to function and as such cannot be switched off. Examples of these types of cookies include the ability to record the items in your shopping basket, and enabling you to place orders
- Functional cookies. These are cookies that enable the website to provide enhanced functionality and personalisation. If you do not allow these cookies then some or all of these services may not function properly.
- Performance cookies. These are cookies that allow us to count site traffic, ie the numbers of people who come to our site and where they came from, such as directly or by other links. These cookies also allow us to identify which pages are the most or least popular. All information captured by these cookies is aggregated and as such, means that they are anonymous and do not contain personal data. If these cookies are not allowed, then we will not know when you have visited our site.
- Targeting cookies. These are cookies that are typically used for advertising.
Cookie types
There are a few types of cookies, which are described as:
- First party cookies:We set these cookies and they can only be read by us.
- Third party cookies: these are cookies that are from Suppliers who set cookies on our Website in order to deliver the services that they provide.
- Persistent cookies: We may use persistent cookies which will be saved on your computer for a fixed period (usually 1 year or longer). They won’t be deleted when the browser is closed. We use persistent cookies to recognise your device for more than one browsing session so that, for example, you don’t have to re-enter your password each time you visit our Website.
- Session cookies:We may use session cookies which are only stored temporarily during a browsing session and will be deleted from your device when the browser is closed.
Disabling cookies
It is possible on most browsers to request that your computer does not accept cookies or that you are notified if a website tries to put a cookie on your computer. The cookie management tool also allows you to make choices to accept all cookies or variations of that.
More information
Details and functions of the cookies currently used on our Website are set out in the following tables. Note that these tables are regularly updated to reflect current usage.
Strictly Necessary cookies
|
Cookie Name |
Description |
Expiry Duration |
|
CookieControl |
Set when the user accepts the cookie policy. |
3 months |
|
UMB_UCONTEXT |
These cookies are essential for the site, but are only seen by site administrators whilst accessing the website content management system (CMS). They are used in maintaining the session state of the logged in user. |
Session |
|
UMB_UCONTEXT_C |
||
|
UMB-XSRF-V |
||
|
UMB-XSRF-TOKEN |
||
|
.AspNetCore.Antiforgery.9fXoN5jHCXs |
This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. |
Session |
|
disclaimer-cookie |
Set when the user successfully opens a page that previously was protected by a Disclaimer popup/page. |
1 year |
Performance and Targeting cookies
|
Cookie Name |
Description |
Expiry Duration |
|
_ga |
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
1 Year |
|
_gid |
This cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number of visitors, the source of their income, and the pages visited in an anonymous form. |
1 day |
|
__Secure-3PSIDCC |
Builds a profile of website visitor interests to show relevant and personalized ads through retargeting |
2 years |
|
__Secure-1PSIDCC |
||
|
__Secure-3PAPISID |
||
|
__Secure-1PSID |
||
|
__Secure-1PAPISID |
||
|
__Secure-3PSID |
||
|
__Secure-3PSIDTS |
The cookie collects information about your interactions with Google services and ads. |
2 Years |
|
_Secure-1PSIDTS |
||
|
SIDCC |
This cookie is used by Google Maps. The purpose of this cookie is to provide the identification of secure traffic. |
1 Year |
|
SID |
This cookie is placed by Google Ads Optimization. The cookie is used to provide ad delivery or targeting. |
2 years |
|
APISID |
||
|
SSID |
||
|
SAPISID |
||
|
HSID |
||
|
OTZ |
Links activities of website visitors to other devices that are previously logged in via the Google account. In this way, advertisements are tailored to different devices. |
1 month |
|
AEC |
This cookie ensure that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user's knowledge. |
6 months |
|
DV |
These cookies are used to collect information about how visitors use the Site and use the information to compile reports and to help improve the Site. The cookies collect information in an anonymous form, including the number of visitors to the Site, where visitors have come to the Site from and the pages they visited. |
1 day |
|
NID |
The cookie is used to provide ad delivery or retargeting, store user preferences. |
6 months |
|
__Secure-ENID |
Used by Google to prevent fraudulent login attempts. |
6 months |
|
1P_JAR |
This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. |
1 month |
Other third-party cookies not previously referenced
|
Cookie Name |
Description |
Expiry Duration |
|
_cf_bm |
Cloudflare's bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions. |
30 minutes |
|
OptanonAlertBoxClosed |
This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down |
1 year |
|
OptanonConsent |
The functionality is to store cookie consent preferences. |
1 year |
|
language |
This cookie is used to remember any selection a user has made about language on ico.org.uk, using the language selector, so that the site will be shown in their chosen language when returning to the site. |
7 months |
Security of your personal data
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We treat all of your information in strict confidence and we endeavour to take all reasonable steps to keep your personal information secure once it has been transferred to our systems.
However, as the Internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the Internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful actions.
We also employ an anti-spam policy and follow the guidelines as set out in the Privacy and Electronic Communications Regulation (PECR). Spam, also known as junk mail, is an unsolicited commercial email message, commonly sent in bulk email messages. “Unsolicited” means that the recipient has not consented to the message being sent. “Bulk” means that the message is sent as part of a larger collection of messages, all having substantively identical content. The term 'spamming' refers to transmitting, distributing or delivering any unwanted commercial e-mail correspondence, especially in mass quantities, through the electronic means of communication.
Data retention
We will retain your information in accordance with the retention periods in this policy or for as long as the law requires. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Subscribers to the Investors tools is retained until the user terminates from the service. Unsubscribing will take a maximum of seven (7) days.
Aggregated data
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Children
This Website is not intended for children and we do not knowingly collect data relating to children. Children’s data is not needed to enable our Website to function.
Complaints
If you are unhappy about the way in which we store or process your personal data, we would prefer it if we could understand your concerns and have an opportunity to address these. Please contact our Data Protection Officer at [email protected] regarding this.
You can also complain to the Information Commissioners’ Office (ICO) if you are unhappy with how we have used your data.
The ICO’s postal address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Their helpline number is: 0303 123 1113
Their website is: and they have a dedicated ‘make a complaint’ section on the front page.
Changes to this Policy
We keep our privacy policy under regular review. We may amend and update this policy from time to time. Any changes in the future will be posted to the Website and where appropriate, through email.
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to [email protected].
This policy was last updated on 1 February 2024.