CardExchange, Inc. holds information about existing customers to enable us to conduct business and about individuals who may be interested in our products and services. As part of this we hold a small amount of personal data required which may include:
- Name and job title
- Contact information including postal address, telephone number and email address
- Credit card information
In addition, we automatically gather general statistical information about our website and visitors, such as IP addresses, browsers, pages viewed, number of visitors, goods and services purchased etc but in doing so we do not reference you by any personal data. We use this data to analyse how much our visitors use parts of our site so we can improve it.
We also automatically gather anonymous statistical information about our software products and, in some cases, connected printers such as license location, version, printer status and printer error logs. We use this data to analyse and improve our products by understanding how they are used and perform. This information does not reference you by any personal data unless you agree to do so when registering your license. If you do agree and depending on the product you have purchased, you can use the same data to help you view and manage the status of your software license(s) and printer(s).
CardExchange, Inc. is committed to ensuring that your privacy is protected in accordance with the law. We take privacy and your rights as an individual seriously.
1. How we use your personal information
We will use your data as outlined below:
- To follow-up ‘Contact Us’ enquiries
- To follow-up ‘Trial Download’ enquiries either directly or, with your consent, by an authorised CardExchange partner
- To create and manage your website account
- To process and deliver purchases and manage ongoing license subscriptions
- To keep you informed about important product releases and updates relating to your registered software license
- To keep you informed with occasional, relevant, marketing updates
- To fulfil ongoing email newsletter subscriptions
- To verify proof of purchase and product warranty
- To process technical support enquiries by phone, email, online forum and online ticket system
- For internal reporting and monitoring of sales and support department performance
More detailed information about how we use, store and protect your personal data can be found below:
2. The Data controller
3. How we collect your personal data
We collect your personal data when you contact us requesting information, a trial download or when you make a purchase via our website, email or telephone. We also collect your personal data when you register a software license and if you register for our end user support forum.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
5. Processing of personal data
We only hold the minimal amount of personal data required to carry out the activities outlined in section 1 above.
The personal data we hold may include your name, job title, position, email address, work address and telephone numbers. If your business operates from home, we may hold your postal address, too. This information will be added to our CRM system to help process your enquiries and in the case of license registrations, our license server too.
If you make an online purchase or have a subscription license we will process your card payments in conjunction with our payment processing partner; Stripe.
6. The legal basis for processing personal data
Legitimate interest is the legal basis we rely on to process your personal data as we may need to contact you about our products or services which you have enquired about, purchased or require support for.
7. Appropriate safeguards to ensure personal data is kept secure
The protection of your data is important to CardExchange Inc. Data is stored in a secure environment by our CRM partner (Salesforce) with strictly controlled access via a web browser. Credit card payments are handled directly by Stripe’s secure payment API with no data retained by CardExchange. User registration data is stored in a SQL Server database on Microsoft® Azure™ with strictly controlled access via a web browser or a database-management tool. Microsoft Azure is a secure environment that is maintained by Microsoft and regularly updated against threats. Access to Microsoft Azure and the database is protected by means of strong passwords.
Data can be exported from our database as a CSV file, typically to enable the information to be used to contact customers by phone, by email or for internal reporting. Our staff have been trained on how to handle and correctly depose of personal data.
8. Sharing of personal data
We may pass your personal information, with you consent, to a local channel partner to fulfil requests for product quotations, purchases and local support.
We may also need to disclose information to Law enforcement agencies on request and report any suspicious activities regarding identity fraud.
Aside from this your data is only disclosed to employees of CardExchange, Inc.
9. Profiling of personal data
CardExchange Inc does not use your information for data profiling or automated decision making.
10. How long do we hold personal data?
We will retain your personal data for sales and support purposes unless you ask us to remove your information as per section 12.
12. Your rights as an individual
12.1 Right to update communication preferences
You may request that CardExchange Inc changes how we communicate with you, when and why and we will do so within 2 working days.
12.2 Right to erasure
You may request that CardExchange Inc erases your personal data and we will do so within 2 working days. To avoid the possibility of re-adding your personal data again in the future, we will retain your name and email address (if available). You may request that we add your personal data back into our database at any time. If you request to have your personal data erased whilst an active software subscription is in place, we will set your subscription to cancel at the pre-agreed renewal date at which time we will also delete your data. Your personal data cannot be deleted whilst an active subscription is in place.
12.3 Right to request rectification
If you determine that the personal data we hold about you is incorrect you have the right to request rectification. We will immediately consider the request and rectify any errors found. If we do have reasons to believe that an error has not occurred, we will keep the information as previous. You will be informed of the outcome by email.
12.4 Right to request Information
At any point, you have the right to submit a Subject Access Request to find out what data we hold about you. Within a 30 day period, we will respond to the request made. We will not charge a fee for any of the requests above unless the request is ‘excessive’. We also reserve the right to withhold personal data if disclosing it would ‘adversely affect the rights and freedoms of others’.
13. Registering a complaint
If at any point you feel we are being unfair or dismissing your rights as an individual please contact us and let us know. If you are still not satisfied, you can make a complaint to a supervisory authority, in this case, being the ICO. To make a complaint please visit the ICO website here https://ico.org.uk/
14. Is any data stored or handled outside of the EEA (European Economic Area)
Your personal and business data may be stored on our servers or those of our partners (outlined in section 6 above) outside the EU but these are covered by the same levels of security, personal data protection and rights as they would be if located within the EEA.
15. Security of data
We take the security of data seriously and follow industry standard practices including:
- All personal data is encrypted at rest and in transit
- Our servers are firewalled and require logins to access
- Servers and associated software are regularly updated to latest versions to fix security vulnerabilities
- High risk vulnerabilities are patched as soon as identified and the patch is available
- Any passwords we collect are stored encrypted