Privacy Policy

Privacy Policy

Effective Date: 01/04/2024

Introduction

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes Cardly’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights.

We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.

Important Information & What Cardly Does

Cardly is a data controller and is responsible for your personal data. We are a company based in Queensland, Australia that also operates in the United States, Canada and United Kingdom.

This Privacy Policy applies to the collection of personal information (also referred to as personal data) which is any information related to an identified or identifiable natural person (“PI”) by or on behalf of Cardly Pty Ltd ACN 605 282 255 (collectively referred to as “Cardly”, “we”, “us” or “our” in this privacy policy) and will explain how our organisation uses the personal data we collect from you when you use our Site.

For the meaning of “Site” and other capitalised terms that are not defined within this Privacy Policy, please refer to our website Terms and Conditions.

We are committed to the protection of your PI and meeting the standards set out in the Privacy Act 1988 (Cth) (“the Act”) and the National Privacy Principals (“NPPs”) together with the standards expected of the European Union General Data Protection Regulation (“GDPR”).

This policy sets out how we handle your PI and the rights and obligations that we both have in relation to that information.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us via dataprotection@cardly.net.

The Data Cardly Collects

You can generally visit this Site without telling us who you are or revealing other PI and we will not collect any PI about you except when you knowingly provide it.

The types of information that we collect from you will depend on the circumstances of collection and on the type of service you request from us, for example:

  • When you request products from us, we will collect details such as your name, address, birthdates, anniversaries, company details, billing address, shipping address, credit card information, email, wish list, or other favourites information.
  • Where you elect to store payment details with us, we may collect and store your encrypted credit card details. These details will not be stored directly by Cardly, but instead by one of our payment service providers under contract with us.
  • We may collect information provided by you in responses to surveys and quizzes and, where you or someone ordering products for you have provided this information to us, the name, address, birthdates, anniversaries, company details, shipping address, email, and phone contacts of the person receiving the Products ordered from us.
  • Where you are creating or using a business account, we may collect information related to your company, its size, industry and where you have provided it, your employees, customers and other data you may elect to provide in order to fulfill a service request.
  • When you are applying for a position with us we may collect any information required in the course of our recruitment process such as your resume, contact details, skills, qualifications, languages spoken, residency status, referees, etc.
  • Information collected automatically when you visit or interact with the Site (“Usage Information”). This Usage Information may be stored and/or accessed from your computer, tablet, mobile phone, or other device whenever you visit or interact with the Site. Usage Information may include, but is not limited to your IP address, mobile device identifier and other unique identifiers, device information, including device model, operating system version, device date and time, mobile network information, geolocation of your device and data on how you use and interact with the Site.

We do not sell personal information to anyone and only share it with third parties who are directly facilitating the delivery of our services.

From time to time, Cardly receives personal information about individuals from third parties. Typically, information collected from third parties will include further details on your employer or industry. We may also collect your personal data from a third party website (e.g. LinkedIn).

We take reasonable steps to ensure that your PI is accurate, complete and up-to-date whenever we collect or use it. If the PI we hold about you is inaccurate, incomplete or out-of-date, please contact us and we will take reasonable steps to correct this information.

How Your Personal Data Is Collected

We primarily collect PI directly from you through electronic, written and/or verbal means of communication when you interact with us. For example when:

  • You register online or place an order with us for any of our products or services.
  • You send us an email or post an entry on our Site.
  • You submit an entry into a competition or trade promotion.
  • You voluntarily complete a customer survey or provide feedback.
  • You explicitly request to join our marketing or other mailing lists.
  • You use or view our Site.
  • Data is made available from cookies stored on your device.
  • You engage with our customer support team.

As is true of most websites, Cardly’s platform collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Cardly’s website, including a history of the pages you view.

We may also receive personal data about you from third parties and public sources as outlined below.

  • Analytics, storage, tools and media providers based both within and outside the EU.
  • IP intelligence providers located both within and outside the EU.
  • Security and compliance tools based outside the EU;
  • Social media and media networks such as Twitter, LinkedIn, Instagram based outside the EU;
  • Email distribution and survey providers based outside the EU;
  • Identity and Contact data from providers of data feeds and hosting services provided inside the EU and outside of the EU.

How We Use Your Personal Data

We will only use the PI we collect from you where we have a genuine and legitimate need to do so. This is in line with our obligations under data protection laws. These circumstances may include, but are not limited to;

  • Setting up your user account.
  • For the main purpose(s) for which it was disclosed at the time of collection which is to process your order for our products and services and manage your account.
  • To provide our printers who print your cards with the necessary information they require to print those details on the Products, create the envelopes and supply the related shipping documentation required to fulfill your Order.
  • Administering and managing products and services.
  • To create any personalised QR codes required to fulfill your Order.
  • To email you with special offers or other products or services and marketing.
  • Where you have consented to the use or disclosure including to our partner companies so that they may offer you their products and services.
  • For the purpose of internal business analysis, improving our products, services, and marketing activities, and resolving technical issues reported about the Site.
  • When you are applying for a position with us, to facilitate your job search, process your employment application, and preparing related governmental and internal reports.
  • To comply with the law and protect the wellbeing, safety, rights, property and security of Cardly, its employees, officers, agents, contractors, related parties and advisors, users of the Site and the general public, including investigating and preventing fraud, harassment, violence and threats of violence, illegal activities, and activities that violate our policies or Website Terms and Conditions.
  • To contact you regarding your use of the services and, in our discretion, changes to our policies.
  • To comply with EU and/or UK law;
  • In the furtherment of our legitimate interests, including, without limitation, those interests further described above;
  • Upon notice to you at the time of collection or use of a feature, or otherwise with your consent.

We will use and disclose your personal information for the following purposes:

  • To provide the products or services you have requested;
  • To answer your enquiry;
  • To facilitate the running of, and your participation in, trade promotions and other competitions;
  • For direct marketing of products or services by us and to keep you informed of new developments we believe may be of interest to you; and
  • To establish and maintain your relationship as an applicant for a position, including providing you with interviews and reference checking.

Marketing & Advertising

Cardly strives to provide you with control around use of your personal data, particularly with relation to marketing and advertising efforts.

We may send marketing materials about our own products and services if you have opted in to receiving such communications. If you wish to cease receiving marketing or other communication from us, you may opt out at any time via unsubscribe links in the footer of all marketing-related email. You may also update your communication preferences within your Cardly account.

You may also contact us on the details below so that we can update your preferences.  You have the right to at any time to stop us from contacting you for marketing purposes or giving your PI to approved third parties.

You may also choose to receive reminder emails from us for events such as anniversaries and birthdays of contacts added to your address book. You may disable these notifications at any time via your communication preferences within your Cardly account, or by disabling individual reminders as necessary.

Promotional Offers

Cardly may use provided personal information to form a view on products or services that may be of interest to you. We will only ever contact you with such offers if you have opted in to receiving marketing mail from us.

Third-party marketing

Where Cardly works in partnership with third parties for promotional offers, we’ll get your explicit consent before providing your data to such parties for marketing purposes.

Transactional Email

Where you choose to not receive marketing or reminder related email, Cardly will still send you confirmations of orders, shipments and other transactional information. Such communications are directly connected to fulfillment of your requested products or services, or to notify you of upcoming credit expiry, subscription renewals or other key events requiring your attention.

Use of Cookies

You may refuse Cardly access to some or all browser cookies. Please note, however, that  our platform’s functionality may be impaired if you do so, and you may be unable to access our services effectively. For information on the cookies we use and their purpose, please refer to our Cookie Policy.

Payment Processing

We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How We Use Non-Personal Information

Cardly uses the non-personal information we collect to understand and improve the performance of our Site. For example, most information collected when you visit our Site is statistical and not linked to you personally. This can include information about pages visited, software versions used, device identifiers (like IP address), referring websites, preferences you choose and other activities such as links clicked.

We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our servers and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

We use Google Analytics including Remarketing with Google Analytics and Google Analytics Demographics and Interest Reporting to understand how our services are used and who uses them. We make no attempt to identify you using this information, and we do not pass on this information to other third parties.

If you would prefer to opt out of providing this information, you may use the Google Analytics Opt-out Browser Add-on.

Sensitive Information

As required by the NPPs, we do not collect or use Commonwealth government identifiers when interacting with you.

Cardly will not require you to provide sensitive information unless:

  • you have consented to do so; or
  • the collection of the information is specifically authorised or required by law.

Where any sensitive information is collected, Cardly will ensure any storage of this data is encrypted at rest and not transferred to third parties unless explicitly required by law.

Anonymous Users

Where practical, you may deal with us on an anonymous basis, however if you do not provide us with your personal information we we may not be able to provide you with the requested product or service.

For example, we may not be able to deliver products to the intended address, or if we require your details in connection with a competition we are running, we cannot provide you with a prize should you be a prize winner and we cannot contact you.

Use of Artificial Intelligence

From time to time Cardly may use artificial intelligence to provide new services or improve the experience of our platform. This may include;

  • Analysing customer feedback and card content.
  • Providing personalised recommendations for products.
  • Developing new products, services or features.
  • Augment the security of our platform.

We don’t and have no plans to use AI to process your personal data. All use of AI by Cardly will be in accordance with our stated Privacy Policy and applicable laws.

Disclosures of Your Personal Data

We will disclose personal information across the Cardly group of companies and our related bodies corporate (in accordance with this Privacy Policy). We will also provide PI to:

  1. third parties engaged by us to provide functions on our behalf such as mailouts, debt collection, payment processing and advertising; and
  2. third parties authorised by you to receive PI held by us, including data processors who are required to be engaged by us in order to deliver products you may order from us.

We may disclose PI to unrelated third parties (for example, our professional advisors and government authorities or agencies) where the disclosure is reasonably required to obtain advice, prepare for legal proceedings, investigate suspected improper conduct or wrongdoing, to assist a lawful authority in the discharge of its duties and/or by law.

We may disclose your information in connection with a corporate transition such as a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, including during the course of any due diligence process. By providing your personal information, you agree that we may transfer such information to the other entity in such a transaction without your further consent.

When we process your order, we may send your data to, and also use the resulting information from credit reference agencies to prevent fraudulent purchases.

On occasion, it’s necessary for Cardly to provide some parts of your personal information to authorities, such as the police. This may be for the purposes of preventing or investigating fraud, crime, or misuse of our service. When we do provide information to authorities in this way, Cardly will ensure only information legally necessary is disclosed, and it is up to the third party to provide protection of this data once it’s in their possession.

We do not otherwise reveal your personal data to non-Cardly persons or businesses for their independent use unless:

  1. you request or authorize it;
  2. it’s in connection with Cardly-hosted and Cardly co-sponsored conferences as described above;
  3. the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
  4. the information is provided to our agents, vendors or service providers who perform functions on our behalf;
  5. to address emergencies or acts of God; or
  6. to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.

We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.

The Cardly website connects with third party services such as Facebook, LinkedIn, Twitter and others. If you choose to share information from the Cardly website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

How We Protect Your Data

To prevent your personal data from being lost, altered, disclosed, used or accessed in an unauthorized way, Cardly has implemented appropriate security measures and monitoring processes. Cardly also restricts data on a needs-only basis to employees, agents, contractors and other third parties. Your personal data will only be processed by these agents on our instruction, and these parties are subject to confidentiality and non-disclosure obligations.

We have also put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Rights

You have a right to:

Be informed: by being advised about the type of PI or other data being collected, how it will be used, how long it will be kept and whether it will be shared with third parties.

Access your PI: by requesting that we provide you with copies of the PI you provide us. This enables you to view the data we have collected about you and confirm we are lawfully processing it.

Rectification: by requesting we take reasonable steps to correct any information you believe is inaccurate. You also have the right to request we take reasonable steps to complete any information you believe is incomplete.

Erasure: by requesting that we take reasonable steps to erase the PI you provide us under certain conditions.
Note, however, that we may not always be able to facilitate your request for specific legal reasons which will be notified to you, if applicable, when you make your request.

Restrict processing: to enable us to suspend processing your personal data if;

  • If you need us to establish the data's accuracy.
  • Where our use of the data is unlawful, but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Object to processing: by objecting to us processing the PI you provide us under certain conditions. You have the right to request Cardly cease processing your personal data for direct marketing purposes. In some circumstances, we may demonstrate that we have a legitimate legal or regulatory obligation to fulfill that overrides your rights and freedom to object to processing your data.

Data portability: by requesting that we transfer the PI that we have collected to another organisation or directly to you, under certain conditions.

Choice regarding automated decision-making including profiling: by objecting to having decisions made about you by automated processes or profiling.

In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Cardly processes your personal data. When technically feasible, Cardly will - at your request - provide your personal data to you.

To Make A Request

To request Cardly erase any personal data we may have collected about you, please contact us at dataprotection@cardly.net.

If you would like to make any other request above, we have one month to respond to you.  If you would like to exercise any of these rights please contact us at dataprotection@cardly.net.

Time to Respond

Cardly endeavours to respond to all reasonable requests within one month. On occasion it may take us longer to respond to complex queries or requests, or if you have made several requests. In these cases, we’ll notify you of any anticipated delays and do our best to keep you informed of progress.

Requirements From You

To verify the legitimacy of your request, we may require specific information or processes completed to confirm your identity as the data subject. We’ll do so to ensure unauthorised parties are unable to access, amend or delete your personal information without your knowledge. We may also from time to time contact you in order to verify information to speed up our response to received requests.

Typically No Fee Required

Generally, Cardly will not require a fee to access your personal data or exercise any of your other rights above. However, should your request be clearly unfounded, excessive, repetitive or vexatious we may elect to charge a reasonable fee to fulfill your request. In extreme or nuisance circumstances, we may choose to refuse to comply with your request.

Data Retention Policy

Your personal data is stored by Cardly on its servers, and on the servers of the cloud-based database management services the Cardly engages, located in Sydney, Australia.

Cardly retains service data for the duration of the customer’s business relationship with Cardly and for a period of time thereafter, to fulfill the purposes we collected it for. This includes for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

When determining an appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data. We also consider the reasons for which we collected your personal data and the applicable legal, regulatory, tax, accounting or other requirements which may require a longer retention period.

Business customers may specify the period for which we retain order-related information via their business portal’s data retention settings. However, Cardly may be required to retain some or all of this data for a longer period in order to fulfill legal, regulatory, tax, accounting or other requirements.

All personal data that Cardly controls may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at  dataprotection@cardly.net.

International Data Transfers

Cardly has its headquarters in Australia. By using our services, you acknowledge that your personal information will be processed in Australia. Australia has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR.

Pursuant to Article 46 of the GDPR, Cardly is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved.

Depending on the circumstance, Cardly also collects and transfers to Australia personal data

  • with consent;
  • to perform a contract with you; or
  • to fulfill a compelling legitimate interest of Cardly in a manner that does not outweigh your rights and freedoms.

Data which we collect from you may be stored and processed in, and transferred to, countries outside of the UK and European Economic Area (EEA) including our data storage facilities in Australia. This could also occur if our servers are located in a country outside Australia, the UK or EEA or one of our service providers is situated in a country outside Australia, the UK or EEA.

We will only transfer PI outside Australia, the UK or EEA where it is compliant with applicable data protection laws and the means of transfer provides adequate safeguards in relation to your PI, including, for example, by way of data transfer agreements incorporating the current standard contractual clauses adopted by the European Commission.

Cardly endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Cardly and the practices described in this Privacy Policy.

Cardly also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, Cardly has received zero government requests for information.

For more information or if you have any questions, please contact us at dataprotection@cardly.net.

Children’s Data

Our websites and services are not designed to be accessed by children and we do not knowingly collect data relating to children.

Contacting Us

Cardly has appointed an internal data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Cardly’s data protection officer below:

Data Protection Officer
Cardly Pty Ltd
Postal Address: PO Box 1633, Buderim, QLD 4556, Australia
Email Address: dataprotection@cardly.net


EU GDPR Representative
Adam Brogden
Postal Address: Office 2, 12A Lower Main Street, Lucan Co. Dublin, K78 X5P8 Ireland
Email Address: contact@gdprlocal.com


UK GDPR Representative
Adam Brogden
Postal Address: 1st Floor Front Suite, 27-29 North Street, Brighton, England BN1 1EB
Email Address: contact@gdprlocal.com

Complaints

Should you wish to report a complaint, or if you feel that we have not addressed your concern in a satisfactory manner you may contact the relevant information commissioner’s office. We would, however, appreciate the opportunity to handle your concerns before you do, so please contact us in the first instance.

If you are in Australia, you may make a complaint to the Australian Government Office of the Australian Commissioner by calling 1300 363 992.

If you are in the UK, you may make a complaint to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk) or the Data Protection Commission (DPC), the Ireland regulator for data protection issues (https://www.dataprotection.ie/).

Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.

Third Party Websites

Our websites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our websites, we encourage you to read the privacy policy of every website you visit.

Changes To This Policy

From time to time, Cardly may need to update this Privacy Policy to reflect our changing business practices and to ensure the Privacy Policy remains compliant with applicable laws. We may therefore change this Privacy Policy at any time by posting the changed Privacy Policy on this Site.

All PI collected and held by us will be governed by our most recent Privacy Policy, as posted on this Site.

Governing Law

This Policy is governed by, and must be construed according to, the laws of Queensland, Australia and the parties submit to the exclusive jurisdiction of the courts exercising jurisdiction there.

Keep It Personal

Cardly For Business

Our Artists

Contact Us

Follow Us