CardExchange Inc holds information about existing customers to enable us to conduct business and about individuals who may be interested in our products and services. As part of this we hold a small amount of personal data required which may include:
In addition, we automatically gather general statistical information about our website and visitors, such as IP addresses, browsers, pages viewed, number of visitors, goods and services purchased etc but in doing so we do not reference you by any personal data. We use this data to analyse how much our visitors use parts of our site so we can improve it.
We also automatically gather anonymous statistical information about our software products and, in some cases, connected printers such as license location, version, printer status and printer error logs. We use this data to analyse and improve our products by understanding how they are used and perform. This information does not reference you by any personal data unless you agree to do so when registering your license. If you do agree and depending on the product you have purchased, you can use the same data to help you view and manage the status of your software license(s) and printer(s).
CardExchange Inc is committed to ensuring that your privacy is protected in accordance with the law. We take privacy and your rights as an individual seriously.
We will use your data as outlined below:
More detailed information about how we use, store and protect your personal data can be found below:
We collect your personal data when you contact us requesting information, a trial download or when you make a purchase via our website, email or telephone. We also collect your personal data when you register a software license and if you register for our end user support forum.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We only hold the minimal amount of personal data required to carry out the activities outlined in section 1 above.
The personal data we hold may include your name, job title, position, email address, work address and telephone numbers. If your business operates from home, we may hold your postal address, too. This information will be added to our CRM system to help process your enquiries and in the case of license registrations, our license server too.
If you make an online purchase or have a subscription license we will process your card payments in conjunction with our payment processing partner; Stripe.
Legitimate interest is the legal basis we rely on to process your personal data as we may need to contact you about our products or services which you have enquired about, purchased or require support for.
The protection of your data is important to CardExchange Inc. Data is stored in a secure environment by our CRM partner (Salesforce) with strictly controlled access via a web browser. Credit card payments are handled directly by Stripe’s secure payment API with no data retained by CardExchange. User registration data is stored in a SQL Server database on Microsoft® Azure™ with strictly controlled access via a web browser or a database-management tool. Microsoft Azure is a secure environment that is maintained by Microsoft and regularly updated against threats. Access to Microsoft Azure and the database is protected by means of strong passwords.
Data can be exported from our database as a CSV file, typically to enable the information to be used to contact customers by phone, by email or for internal reporting. Our staff have been trained on how to handle and correctly depose of personal data.
We may pass your personal information, with you consent, to a local channel partner to fulfil requests for product quotations, purchases and local support.
We may also need to disclose information to Law enforcement agencies on request and report any suspicious activities regarding identity fraud.
Aside from this your data is only disclosed to employees of CardExchange Inc.
CardExchange Inc does not use your information for data profiling or automated decision making.
We will retain your personal data for sales and support purposes unless you ask us to remove your information as per section 12.
You may request that CardExchange Inc changes how we communicate with you, when and why and we will do so within 2 working days.
You may request that CardExchange Inc erases your personal data and we will do so within 2 working days. To avoid the possibility of re-adding your personal data again in the future, we will retain your name and email address (if available). You may request that we add your personal data back into our database at any time. If you request to have your personal data erased whilst an active software subscription is in place, we will set your subscription to cancel at the pre-agreed renewal date at which time we will also delete your data. Your personal data cannot be deleted whilst an active subscription is in place.
If you determine that the personal data we hold about you is incorrect you have the right to request rectification. We will immediately consider the request and rectify any errors found. If we do have reasons to believe that an error has not occurred, we will keep the information as previous. You will be informed of the outcome by email.
At any point, you have the right to submit a Subject Access Request to find out what data we hold about you. Within a 30 day period, we will respond to the request made. We will not charge a fee for any of the requests above unless the request is ‘excessive’. We also reserve the right to withhold personal data if disclosing it would ‘adversely affect the rights and freedoms of others’.
If at any point you feel we are being unfair or dismissing your rights as an individual please contact us and let us know. If you are still not satisfied, you can make a complaint to a supervisory authority, in this case, being the ICO. To make a complaint please visit the ICO website here https://ico.org.uk/
Your personal and business data may be stored on our servers or those of our partners (outlined in section 6 above) outside the EU but these are covered by the same levels of security, personal data protection and rights as they would be if located within the EEA.
We take the security of data seriously and follow industry standard practices including: