Mobigram LLC GDPR Data Protection Statement and Policy
Mobigram LLC ("Company") is the owner of the cardsnacks.com website, including any of its subdomains or sections ("Website") as well as the CardSnacks mobile application ("App") currently accessed through devices using the iOS or Android operating systems.
This Data Protection Statement and Policy ("Policy") is written and enforced by the Company to comply with the General Data Protection Regulation ("GDPR") for the European Economic Area ("EEA"). This legal text applies to the information we collect from you ("User") when you visit and use our Website or our App (together, the "Services"), as in the following cases: user registration, using any of our services, subscription to any of services, subscription to any newsletters or similar information sources, or personal information provided when filling in online forms.
The Policy regulates the processing of Personal Data belonging to Users in the EEA, collected through the use of the Services and stored, processed, and/or used by Company. As per the GDPR, "Personal Data" is defined as any data about a User that either is identified or can be identified based on that data and does not apply to anonymous data.
By using and accessing our Services, the User acknowledges that they have read this Policy and that they fully agree with it. The latest update of this Policy is indicated at the top of this text and it will become effective immediately upon being posted. The Company therefore recommends reviewing this Policy from time to time. The sections herein address the collection and processing of Personal Data through the Services.
The Company may from time to time, offer additional services for both personal and business use ("Premium Services"), with increased cost to the User, that may offer enhanced functionality such as greater limits on usage and additional features and functionality.
1. Data controller
MOBIGRAM LLC, as data controller, is responsible for the processing of Personal Data on the Services.
923 Saw Mill River Road, #213
Ardsley, NY 10502
United States of America
2. Data protection officer
Chief Executive Officer
3. Data we collect
Company collects different types of Personal Data, which include:
- Profile Data: profile settings (notification preferences, type of subscription, etc.)
- Contact Data: name, email address and telephone number
- Other Individual Data: birthday, user-created reminders, user-uploaded photos and videos
- Payment Data: payment and billing information as well as other details related to information about the purchased services or subscriptions.
- Technical Data: login information, language, Internet Protocol (IP) address, browser type and version, device type, time zone settings, operating system, browser plug-in types and versions and other technical data used by the User when using the Services
- Usage Data: information about how the User uses the Services, including details on the mobile greeting cards and gift cards sent
- Marketing and Communications Data: User’s preferences regarding marketing communications from Company and information about enabling and disabling notifications
- Contact Data: information, including names, e-mail addresses, and telephone numbers, of recipients of messages from User as well as contact information in the User’s personal address book in the accessing device
Company does not collect any Personal Data related to sensitive categories (racial or ethnic origin, political opinion, religious or philosophic beliefs, organizational memberships, health information, or genetic or biometric data).
Company’s services are targeted to Users of legal age, and as such does not allow usage by Users under the age of 13.
In case the User is asked to provide Personal Data, by law or by contract terms, and chooses not to provide them, we may not be able to carry out the contract nor provide them with the Services. If this is the case, the User will be notified in advance.
4. How we collect data
Company collects data through different interactions, which include:
Browsing the Website:
Downloading and using the App or Website interface to the Services:
When a User downloads the App (or uses a Website interface to the Services, if available), we collect information about the User’s device, including device type and operating system. When a User uses the App, in order to provide the Services, the App will ask for the following:
- Consent to store and process data outside of the European Union ("EU")
- User’s name, e-mail address, mobile phone number, and birthday (only e-mail address or phone number is required to use the services, and birthday is optional);
- If User would like to receive greeting cards and messages directly from Company via text;
- Access to User’s contacts in mobile phone; this access is not required to use the Services but can enhance the User’s experience;
- User-entered reminders of key dates, which may include birthdays, anniversaries, and similar events related to the User or the User’s friends and family;
- Access to User’s photos and videos if User chooses to customize a message with a personal photo; and
- Credit Card information for payment for any gift cards sent in messages – credit card data will be sent directly to the corresponding external payment service provider which is in charge of processing the payment.
Purchasing and using Premium Services:
When a User purchases any of the Premium Services, they will be asked to provide additional data such as their name and payment/billing data (e.g. credit card data), so that we can process and perform the services requested by the User. Payment and billing data will be sent directly to the corresponding external payment service provider which is in charge of processing the payment.
Requests for information about products, services or publications, and requests for support services:
Company may post on its Website or App e-mail addresses or contact forms to allow Users to contact the Company for purposes related to usage, technical questions, employment, or other personal or business purposes. Any information received by Company from such e-mails and forms will be stored in a file of Company and will be used to respond to such inquiries by Users. Such information includes names, contact information, responses to surveys, and information supplied the User, which may include curriculum vitae, suggestions, questions, or any other comments sent to Company.
5. Our purpose and legal basis of data we collect
We primarily use Personal Data in the following cases:
- To manage and implement the Services
- To create and manage User accounts
- When the User agrees that their Personal Data can be collected
- To provide the Services and the Premium Services
- To enter into a contract
- Whenever it is required in compliance with legal obligations
- Whenever it is necessary to ensure the legitimate interest of Company or third parties
The User can withdraw their consent at any time by modifying the settings on the User Account or by consulting the section on the exercise of rights below.
A summary table is provided below to show the different ways in which Personal Data can be used and the legal basis to process this information.
|Collection of data
|Types of data
|Legal basis to process data
|Browsing the Website
Number of downloads Searches by anonymous user
Website's usage patterns
|Improving our services and User’s experience
|Downloading and using the App or Website interface to the Services
|Device and OS
Consent for data outside the EU
Consent to receive messages from Company**
Credit Card information, including billing address***
Managing user account
Communication with User
Using and Providing the Services
|Purchasing and using Premium Services
Credit Card information, including billing address***
|Using and providing the service
|User Consent, Contractual, Necessity, Legal Obligation
|Requests for information about products, services or publications, and requests for support services
|Answering inquiries, suggestions, occurrences or claims, managing recruiting process
*** required only for certain features
6. Communications from company
The Company will send communications to a User if:
- The User is registered or has accessed any of the Services
- The User requests information through any form or e-mail
- The User has opted-in to receive promotional communications
7. How we keep data
We store personal information for as long as is needed to fulfill the purposes outlined in this Policy and, then as long as it is permitted by applicable law.
8. Disclosure of data
Company does not transfer nor share Personal Data with third parties external to the Company except it may disclose personal information of our Users to the following third parties only in cases when it is strictly necessary for Company to perform the Services or to ensure compliance with applicable laws, including:
- Service providers, to manage systems and information technology;
- Payment platforms, banks and companies involved in the transaction process, to ensure the fulfillment of the necessary transactions;
- Third party fulfillment companies, as in the case of gift card processing;
- Recipients of messages and gift cards as initiated by a User (information shared shall be limited to sender’s name, contact information, and other data required to fulfill the transaction).
9. Rights of the user
Company guarantees the exercise of rights established in the GDPR. The User can exercise the rights described below in the following ways: using the included functionality in the User account within the Services, accessing the support form available on the Website, or by emailing the Company at firstname.lastname@example.org. Please note that Company may require the User to verify their identity before taking action on the request for the exercise of rights.
The User has the following rights:
- Right to Access: The User has the right to obtain from Company confirmation about whether or not Personal Data concerning them are being processed and, if that is the case, receive information about it;
- Right to Rectification: The User has the right to request us to correct Personal Data where it is inaccurate or incorrect. When requesting for rectification, the User must indicate the data to be rectified and provide the correct information. In addition, where necessary, the request must be sent together with supplementary documentation that accounts for the incomplete or inaccurate data;
- Right to Erasure: The User has the right to request the erasure of Personal Data concerning their personal account. Therefore, individuals can close their User Account at any moment in an easy and straightforward way by emailing us at email@example.com. When requesting for terminating the account and, therefore, erasing all personal information, the User must note the following:
- Company may keep and use personal information where it is necessary in compliance with the legal obligations enforced by fiscal obligations and connected to judicial information and auditing.
- If the User sends an erasure request, the Personal Data will be erased from the safety back-up systems at Company when the next back-up is done;
- Right to Object: The User has the right to object to the processing of their Personal Data by Company at any time. In some cases, we may continue processing personal information because of legitimate grounds or for the exercise or defense of possible legal claims. Please note that when the User requests for terminating with data processing for marketing purposes, the request can be submitted in the following ways:
- By clicking on the "unsubscribe" link that the User can find in our emails.
- By sending an e-mail to firstname.lastname@example.org;
Right to Restrict Processing: The User has the right to request the restriction of Personal Data where they have particular reason for wanting the restrictions. This right entitles the User to request the restriction of Personal Data in the following circumstances:
- The accuracy of the Personal Data is contested by the User, while Company verifies the accuracy of the Personal Data; and
- The User has objected to processing their data, pending the verification whether the legitimate grounds of the controller override those of the User. Furthermore, the User has the right to request us to retain their Personal Data when:
- The processing is unlawful and the User opposes the erasure of the Personal Data and requests the restriction of their use instead; and,
- Company no longer needs the Personal Data for the purposes of the processing, but they are required by the User for the establishment, exercise or defense of legal claims;
- Right to Data Portability: The User has the right to request a copy of the personal information provided to Company in a structured form and of common and legible use.
- Right to Withdraw Consent: In the cases in which the User has authorized their data processing, the User has the right to withdraw their consent at any time. The withdrawal of consent can be made effective by changing the settings in their User Account, through the support form available on the Website, or by emailing us to email@example.com, indicating specifically the consent they wish to revoke. Please note that revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The User can access and update some of their personal information in the settings of the User Account; the User is responsible for updating such personal information.
10. Data security
Company implements appropriate administrative, technical, and organizations measures to safeguard User’s personal information against loss, misuse, unauthorized access, disclosure or alteration. However, Users should be aware that no method of data transmission over the Internet is 100% secure and, moreover, that some personal information is retained on the device that used to access the Website. Users are responsible for securing access to their device.
11. International data transfers
The Company is headquartered outside of the EEA and Personal Data is stored by the Company outside of the EEA. In addition, some external service providers of Company are outside the EEA. Therefore, User’s personal information shall be stored in countries outside the European Union. However, in order to ensure compliance with GDPR, the Company shall do the following:
- Obtain User consent to allow data transfer outside of the EEA
- Ensure that transfers of personal information outside the EEA comply with this Policy and meet any applicable law regarding data protection regulations of the European Union.
12. Complaint submission
If you, the User, do not agree with the way Company processes your Personal Data, you can contact us by sending an email to firstname.lastname@example.org or by contacting directly the relevant data protection agency in your country of residence.