Protecting your privacy is important to Cartio LTD.
Last updated: May 1, 2021
Protecting your privacy is important to Cartio Group LTD. (“Cartio.app”)
Personal Data is any information that would identify a person directly, or indirectly in combination with data from other sources. For example, a full name, home or work address, phone number, national identification number (SSN, SIN, etc.), email address, banking details, IP address, biometric data, usage data, or any information that may individually identify a person.
If you use a Cartio website, or conduct a transaction through a Cartio Service where Personal Data is essential, your consent is implied to collect and use your Personal Data to facilitate that use or complete that transaction requested or initiated by you only. Examples of instances in which Personal Data may be collected by Cartio are, without limitation:
During these instances, we may collect data such as, but not restricted to: areas of the Services or Cartio websites you visit, transaction type(s) you engage in or request (and amounts thereof), content you view, your IP address, data downloaded or submitted by you, payment information provided by you, shipping and billing information entered by you, as well as the nature, quantity and price of the goods or services you exchange and the individuals or entities with whom you communicate or transact business using the Services.
In the event Cartio requests Personal Data for scenarios independent of the above, such as marketing-related questions via questionnaires, surveys, and profile data, it will include a specific consent request. The consent request will include a clear purpose and goal for the collection of Personal Data, along with a means of withdrawing consent. In these scenarios, we may ask for data such as, but not limited to: your contact information (name, telephone numbers, email address, mailing address), date of birth, product and/or cosmetic concerns, which brands and products you use, user authentication and security information (e.g. username and password).
The Services offered by Cartio are directed towards and designed for the use of persons above the age of majority in your province, state, or country. Persons under the age of majority are not permitted to use the Services on their own, and Cartio will not approve applications of, or establish, or maintain accounts or memberships for, any persons below their respective region’s age of majority.
Cartio may use collected Personal Data for such purposes as:
Personal Data will only be retained by Cartio for the length of time required to fulfill the purpose or complete the transaction for which it was collected, or as may be required by law. Beyond that point, Personal Data in the possession or control of Cartio will be anonymized or securely destroyed.
In some cases, Cartio will ask for your consent to process your Personal Data. You may indicate your consent in a number of ways, including, as may be presented by Cartio and permitted by law, ticking a box (or equivalent action) to indicate your consent when providing us with your Personal Data through our Services or a form, or registering or creating an account with us. Note that certain country/region-specific rules regarding consent may also apply, depending upon the jurisdiction in which you reside.
Cartio maintains reasonable physical, technical, and administrative security measures to minimize the risk of unauthorized loss, theft, copying, misuse, access, disclosure, alteration, or destruction of your Personal Data.
If transactions are offered as part of a Cartio Service, transaction information is transmitted to and from Cartio in encrypted form using industry-standard Secure Socket Layer (SSL) connections to help protect such information, including Personal Data transmitted in the course of these transactions, from interception.
Cartio also restricts access to your Personal Information to only those persons who have a legitimate business need or legal requirement to view it in connection with the Services. You, as a Personal Data owner, may also authorize any persons you may choose to have access to your Personal Data.
Although Cartio does utilize security measures appropriate to the level of risk, no method of data transfer or storage on the internet is 100% secure and security risks cannot be eliminated entirely. As such, Cartio cannot guarantee perfect security, integrity, or confidentiality of Personal Data.
Cartio maintains a security incident response protocol to be put in place in the event that the security of your Personal Data in the possession or control of Cartio is compromised. In the event of a data breach or security incident involving the Services, Cartio will apply this protocol to enable Cartio to effectively and efficiently respond to, and contain, the breach or incident. Cartio may also seek to notify you in such an event. If notification is appropriate or required, Cartio may notify you by email, messaging to your device, or other reasonable means.
Cartio does not provide Personal Data to unaffiliated third parties for their use in marketing directly to you. We may use unaffiliated companies, or trusted third party service providers, to help maintain and operate our Services for reasons related to our business operations and to better serve you, and those companies may receive your Personal Data for that purpose. For example, Cartio may use third party payment processor services in connection with the Services and its websites, and the payment information that you provide to Cartio may be disclosed to and used by these payment processors for the purposes of completing and executing transactions requested or initiated by you. When Cartio shares Personal Data with third-party services that support our delivery of the Services, we require that they use your Personal Data only for the purposes we’ve authorized, and that they protect your Personal Data to at least the same standards used by Cartio.
As part of agreements with merchants who have installed Cartio Apps and the execution of transactions on behalf of merchants that make use of Cartio Apps in connection with their online stores, we may disclose Personal Data which has been collected by us that is specific to that merchant’s store and your transactions in connection therewith.
Cartio may also disclose Personal Data about you in connection with legal requirements, such as in response to an authorized subpoena, governmental request or investigation, or as otherwise permitted by applicable law (including, without limitation, to prevent fraud or abuse, or to protect Cartio’s legal rights, property, or the safety of Cartio, its employees, users or others).
Finally, as Cartio’s business develops, it may sell or buy corporate assets, and in such transactions Personal Data may be one of the transferred business assets. If Cartio, its internet businesses, or substantially all of its shares or assets, is acquired or an acquisition is contemplated, Personal Data may be one of the assets assessed or transferred in connection with that transaction.
Where Personal Data is transferred from the European Economic Area to a country that has not received an adequacy decision by the European Commission, Cartio relies on appropriate safeguards, such as for example the European Commission-approved Standard Contractual Clauses and EU-U.S. Privacy Shield Frameworks, to transfer the Personal Data.
The Cartio websites, or the third-party companies used to host, operate, or maintain these websites, may place a “cookie” on your computer in order to allow you to use these websites and to personalize your experience.
A “cookie” is a small piece of data, or an alphanumeric identifier, that can be sent by a web server to your computer or device, which then may be stored by your browser on your computer or device. Cookies allow Cartio to recognize your computer or device while you are on our websites and help customize your online experience and make it more convenient for you. Cookies are also useful in allowing more efficient log-in for users, tracking transaction histories, and preserving information between browsing sessions. The information collected from cookies may also be used to improve website functionality.
Most web browsers have features that can notify you when you receive a cookie or prevent cookies from being sent. If you disable cookies, however, you may not be able to use certain personalized functions of Cartio websites.
In certain circumstances, you may have the right to have your Personal Data, or certain components of your Personal Data, erased by Cartio, to have your Personal Data moved, copy or transmitted from Cartio’s systems to other systems, or to object to or restrict certain processing of your Personal Data by Cartio. In the event that you wish to inquire about, or seek to exercise any of these rights (as they may be applicable), please contact Cartio.
To the extent that Cartio’s processing of your Personal Data is subject to the General Data Protection Regulation, (or applicable laws covering the processing of Personal Data in the United Kingdom), Cartio relies on its legitimate interests, described above, to process your data. Cartio may also process other information that constitutes your Personal Data for direct marketing purposes, and you have a right to object to Cartio’s use of your Personal Data for this purpose at any time.
If you are a customer of a merchant who uses Cartio’s Apps and wish to exercise these rights, please contact the merchants you interacted with directly – we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.
If you are unhappy with the response that you receive from us, we hope that you would contact us to resolve the issue but you also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction at any time. Please visit here for more information including our data protection addendum.
This section provides additional details about California consumers and the rights afforded to them under the California Consumer Privacy Act or (“CCPA”). If you need to access this notice in an alternative format, please contact us via the method in Contact & Questions section below.
Under CCPA “Personal Information” is defined as anything that identifies, relates to, describes or is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular California consumer of household. For more details about the Personal Information we have collected over the last 12 months, including the categories of sources, please see the Personal Data and Consent and Collection of Personal Data section above. We collect this information for the business and commercial purposes described in the Personal Data Use section above. We share this information with the categories of third parties described in there. Cartio does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we may use third-party cookies for our advertising purposes as further described in our Cookies and Advertising section above.
The CCPA requires opt-in consent to information use for minors under the age of 16 and verified parental consent for children under the age of 13. We do not knowingly collect or process the information of children.
Subject to certain limitations, the CCPA provides California consumers the right to request, free of charge, to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
Cartio Services may contain links to other websites, apps, or services, including those of advertisers or third-party content providers who offer downloads as part of a Cartio Service. Cartio is not responsible for the privacy practices or the content of other websites, apps, or services. We encourage you to read the Privacy Policies published by such third parties before divulging your Personal Data to them.