Privacy Policy

Introduction

Card Companion is committed to safeguarding the privacy of our business clients and partners. This privacy policy outlines our practices concerning the handling of any information that can be directly or indirectly associated with our business clients and partners but clarifies that we do not collect and store personal data from users of our services.

Operating within the United Kingdom, Card Companion adheres to the principles of data protection and privacy in compliance with the UK's General Data Protection Regulation (UK GDPR).

Information Collection

Our application utilizes Shopify’s APIs to gather a diverse array of information essential for optimizing our app’s functionality and enriching the user experience.

We do not collect personal data from customers of the merchants that user our services. This includes, but is not limited to, names, addresses, email addresses, or any other information that could be used to identify an individual personally.

We actively collect information from merchants who utilize our app, ensuring we can provide a service that meets their business needs. This information encompasses:

Merchant Contact Details: Communication information to support interactions and provide assistance.
Business Information: Merchant’s details that help us understand their operational needs & best serve them.
App Usage Data: Insights into how merchants engage with our app, including frequency of use, features accessed, and specific preferences. This data is crucial for continuous improvement and personalization of our service.

Use of Information

We use the information collected for several key purposes, which include, but are not limited to:

App Functionality: Enhancing and maintaining the functionality of our Shopify app, including managing and uploading TCG cards to stores.
Customer Service: Providing customer support and responding to inquiries, feedback, or concerns.
App Improvements: Analyzing usage patterns to improve our app's features and user experience.
Compliance and Legal Obligations: Complying with legal requirements and enforcing our terms and conditions.
Marketing and Communication: If consented to, sending updates, newsletters, or promotional materials related to our app and services.

It is important to note that the information collected is used solely for the purposes listed above and related activities. We do not share, sell, rent, or trade personal information with third parties for their commercial purposes.

Data Storage and Retention

Location and Storage: All collected data is securely stored within the UK. Our storage solution's advanced security measures ensure compliance with data protection regulations, providing a secure storage environment.

Retention Policy: We retain personal data for the necessary duration to fulfill its collection purposes, including legal, accounting, or reporting requirements. Following the retention period, personal data is securely deleted or anonymized.

Data Security: Protecting your personal data's security is our priority. We employ various security technologies and procedures to safeguard your data from unauthorized access, use, or disclosure. These include using encryption and implementing access controls.

We understand the importance of data security in the digital age and are committed to continuous improvement of our security practices to ensure the highest level of data protection.

Data Transfer and Processing

All our data is stored within the UK, most data processing activities occur domestically. This ensures compliance with UK data protection laws and regulations.

International Transfers: In the event of a need to transfer data outside the UK, such actions will be in compliance with GDPR and other relevant data protection laws. This includes ensuring adequate levels of data protection and security in line with GDPR requirements.

Processing Activities: Data processing activities are conducted with the utmost care and in accordance with legal requirements. This includes, but is not limited to, data analysis, data management, and providing app functionality.

We are committed to upholding high standards of data privacy and security in all our data transfer and processing activities, ensuring that your data is handled responsibly and ethically.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with data protection laws. The DPO is responsible for monitoring internal compliance, informing and advising on data protection obligations, and acting as a contact point for data subjects and the supervisory authority.

If you have any questions about our data protection practices or the handling of your personal data, please feel free to contact our DPO using the following details:

Name: Privacy Officer
Email: privacy@cardcompanion.co.uk

Our DPO is equipped to address all your queries or concerns regarding our data handling practices and your privacy rights.

User Rights

Under the General Data Protection Regulation (GDPR) and other relevant data protection laws, users have certain rights regarding their personal data. These rights include:

Right of Access: You have the right to request access to your personal data that we hold.
Right to Rectification: You can request the correction of your personal data if it is inaccurate or incomplete.
Right to Erasure: In certain circumstances, you can request the deletion or removal of personal data where there is no compelling reason for its continued processing.
Right to Restrict Processing: You have the right to request that we suspend the processing of your personal data.
Right to Data Portability: Where applicable, you can request the transfer of certain personal data to another party.
Right to Object: You have the right to object to the processing of your personal data in certain circumstances.

If you wish to exercise any of these rights, please contact us at privacy@cardcompanion.co.uk. We will respond to your request in accordance with applicable data protection laws.

We are committed to upholding the privacy rights of our users and will take all reasonable steps to comply with your requests in respect of your personal data.

GDPR Compliance for Marketing

In accordance with the General Data Protection Regulation (GDPR), we adhere to strict standards when using personal data for marketing purposes. Key aspects of our compliance include:

Consent for Marketing: We obtain explicit consent from users before using their data for marketing purposes. This consent meets the heightened standard required by GDPR, ensuring that it is freely given, specific, informed, and unambiguous.
Use of Sensitive Data: We do not use sensitive personal data as defined under GDPR for marketing purposes unless explicit consent has been obtained. Sensitive data includes details about race, ethnic origin, political opinions, religious beliefs, and health information.
Profiling and Automated Decision-Making: If we engage in profiling or automated decision-making for marketing, we ensure transparency and provide users with the ability to opt-out. We also ensure that such activities comply with GDPR regulations, including providing necessary safeguards to protect user rights and freedoms.

Our marketing practices are designed to respect user privacy and choice, adhering closely to legal requirements. For any questions or concerns about our use of your data for marketing purposes, please contact us at privacy@cardcompanion.co.uk.

Legal Consultation

This privacy policy has been prepared with the assistance of legal professionals to ensure compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

We advise users to seek their own legal advice to understand the implications of these data protection laws on their personal data. It is important for users to be aware of their rights and responsibilities under these laws.

If you have any specific questions or concerns about how these laws relate to our handling of your personal data, or if you require further clarification on any aspect of our privacy policy, please contact us at privacy@cardcompanion.co.uk.

We are committed to adhering to the highest standards of data protection and privacy and continuously monitor legal developments to update our practices as necessary.

Updates and Changes

Our privacy policy may be updated or changed periodically to reflect changes in our practices, legal requirements, or the way we operate our business. We are committed to maintaining transparency and will ensure that our users are informed of any significant changes to this policy.

Notifications of updates will be communicated through our app's notification system and/or via email to all registered users. We recommend users to review the privacy policy regularly to stay informed about how we are protecting your personal data.

Continued use of our app after any changes or updates to this policy will be deemed as your acceptance of those changes.