CardSnacks GDPR Data Protection

Mobigram LLC GDPR Data Protection Statement and Policy

August 2020

Mobigram LLC ("Company") is the owner of the cardsnacks.com website, including any of its subdomains or sections ("Website") as well as the CardSnacks mobile application ("App") currently accessed through devices using the iOS or Android operating systems.

This Data Protection Statement and Policy ("Policy") is written and enforced by the Company to comply with the General Data Protection Regulation ("GDPR") for the European Economic Area ("EEA"). This legal text applies to the information we collect from you ("User") when you visit and use our Website or our App (together, the "Services"), as in the following cases: user registration, using any of our services, subscription to any of services, subscription to any newsletters or similar information sources, or personal information provided when filling in online forms.

The Policy regulates the processing of Personal Data belonging to Users in the EEA, collected through the use of the Services and stored, processed, and/or used by Company. As per the GDPR, "Personal Data" is defined as any data about a User that either is identified or can be identified based on that data and does not apply to anonymous data.

By using and accessing our Services, the User acknowledges that they have read this Policy and that they fully agree with it. The latest update of this Policy is indicated at the top of this text and it will become effective immediately upon being posted. The Company therefore recommends reviewing this Policy from time to time. The sections herein address the collection and processing of Personal Data through the Services.

The Company may from time to time, offer additional services for both personal and business use ("Premium Services"), with increased cost to the User, that may offer enhanced functionality such as greater limits on usage and additional features and functionality.

Some of the Services offered by Company may be subject to specific privacy policies that will supplement this Policy. These additional privacy policies must be accepted by the User before initiating the corresponding Service. Additionally, the access and use of the Services are governed by the Privacy policy on the Website.

1. Data controller

MOBIGRAM LLC, as data controller, is responsible for the processing of Personal Data on the Services.

MOBIGRAM LLC
923 Saw Mill River Road, #213
Ardsley, NY 10502
United States of America
E-Mail: info@cardsnacks.com

2. Data protection officer

Mark Wachen
Chief Executive Officer
Mobigram LLC
E-Mail: info@cardsnacks.com

3. Data we collect

Company collects different types of Personal Data, which include:

  • Profile Data: profile settings (notification preferences, type of subscription, etc.)
  • Contact Data: name, email address and telephone number
  • Other Individual Data: birthday, user-created reminders, user-uploaded photos and videos
  • Payment Data: payment and billing information as well as other details related to information about the purchased services or subscriptions.
  • Technical Data: login information, language, Internet Protocol (IP) address, browser type and version, device type, time zone settings, operating system, browser plug-in types and versions and other technical data used by the User when using the Services
  • Usage Data: information about how the User uses the Services, including details on the mobile greeting cards and gift cards sent
  • Marketing and Communications Data: User’s preferences regarding marketing communications from Company and information about enabling and disabling notifications
  • Contact Data: information, including names, e-mail addresses, and telephone numbers, of recipients of messages from User as well as contact information in the User’s personal address book in the accessing device

Company does not collect any Personal Data related to sensitive categories (racial or ethnic origin, political opinion, religious or philosophic beliefs, organizational memberships, health information, or genetic or biometric data).

Company’s services are targeted to Users of legal age, and as such does not allow usage by Users under the age of 13.

In case the User is asked to provide Personal Data, by law or by contract terms, and chooses not to provide them, we may not be able to carry out the contract nor provide them with the Services. If this is the case, the User will be notified in advance.

4. How we collect data

Company collects data through different interactions, which include:

  1. Browsing the Website:


    Generally, Users navigate our Website anonymously without revealing any Personal Data to the Company. When a User visits and uses our Website, it stores and collects information automatically using technologies or automatic tools. In general, this collected information is related to technical information about the device, browsing activity and usage patterns. We collect this data through the use of cookies and similar technologies. If you want to learn more about it, you can consult our Privacy Policy. In addition, we use personal information to perform analyses that help us to improve the quality of our Website, offer new products, and ensure our Users’ satisfaction.
  2. Downloading and using the App or Website interface to the Services:


    When a User downloads the App (or uses a Website interface to the Services, if available), we collect information about the User’s device, including device type and operating system. When a User uses the App, in order to provide the Services, the App will ask for the following:
    • Consent to store and process data outside of the European Union ("EU")
    • User’s name, e-mail address, mobile phone number, and birthday (only e-mail address or phone number is required to use the services, and birthday is optional);
    • If User would like to receive greeting cards and messages directly from Company via text;
    • Access to User’s contacts in mobile phone; this access is not required to use the Services but can enhance the User’s experience;
    • User-entered reminders of key dates, which may include birthdays, anniversaries, and similar events related to the User or the User’s friends and family;
    • Access to User’s photos and videos if User chooses to customize a message with a personal photo; and
    • Credit Card information for payment for any gift cards sent in messages – credit card data will be sent directly to the corresponding external payment service provider which is in charge of processing the payment.
  3. Purchasing and using Premium Services:


    When a User purchases any of the Premium Services, they will be asked to provide additional data such as their name and payment/billing data (e.g. credit card data), so that we can process and perform the services requested by the User. Payment and billing data will be sent directly to the corresponding external payment service provider which is in charge of processing the payment.
  4. Requests for information about products, services or publications, and requests for support services:


    Company may post on its Website or App e-mail addresses or contact forms to allow Users to contact the Company for purposes related to usage, technical questions, employment, or other personal or business purposes. Any information received by Company from such e-mails and forms will be stored in a file of Company and will be used to respond to such inquiries by Users. Such information includes names, contact information, responses to surveys, and information supplied the User, which may include curriculum vitae, suggestions, questions, or any other comments sent to Company.

5. Our purpose and legal basis of data we collect

We primarily use Personal Data in the following cases:

  • To manage and implement the Services
  • To create and manage User accounts
  • When the User agrees that their Personal Data can be collected
  • To provide the Services and the Premium Services
  • To enter into a contract
  • Whenever it is required in compliance with legal obligations
  • Whenever it is necessary to ensure the legitimate interest of Company or third parties

The User can withdraw their consent at any time by modifying the settings on the User Account or by consulting the section on the exercise of rights below.

A summary table is provided below to show the different ways in which Personal Data can be used and the legal basis to process this information.

Collection of dataTypes of dataPurposeLegal basis to process data
Browsing the WebsiteTechnical data
Number of downloads Searches by anonymous user
Website's usage patterns
Improving our services and User’s experience
Managing and ensuring compliance with the Terms of Use of the Website
Legitimate interests
Downloading and using the App or Website interface to the ServicesDevice and OS
Name
E-mail address
Phone number
Birthday**
Photos**
Consent for data outside the EU
Consent to receive messages from Company**
User’s contacts***
Reminders***
Credit Card information, including billing address***
User identification
Managing user account
Communication with User
Using and Providing the Services
Fraud Protection
User Consent
Contractual
Necessity
Legal Obligation
Purchasing and using Premium ServicesName
E-Mail
Credit Card information, including billing address***
Using and providing the service
Service charges
Fraud Protection
User Consent, Contractual, Necessity, Legal Obligation
Requests for information about products, services or publications, and requests for support servicesName
E-Mail
Comments/Questions**
Curriculum vitae**
Answering inquiries, suggestions, occurrences or claims, managing recruiting processUser Consent
** optional
*** required only for certain features

6. Communications from company

The Company will send communications to a User if:

  • The User is registered or has accessed any of the Services
  • The User requests information through any form or e-mail
  • The User has opted-in to receive promotional communications

7. How we keep data

We store personal information for as long as is needed to fulfill the purposes outlined in this Policy and, then as long as it is permitted by applicable law.

8. Disclosure of data

Company does not transfer nor share Personal Data with third parties external to the Company except it may disclose personal information of our Users to the following third parties only in cases when it is strictly necessary for Company to perform the Services or to ensure compliance with applicable laws, including:

  • Service providers, to manage systems and information technology;
  • Payment platforms, banks and companies involved in the transaction process, to ensure the fulfillment of the necessary transactions;
  • Third party fulfillment companies, as in the case of gift card processing;
  • Recipients of messages and gift cards as initiated by a User (information shared shall be limited to sender’s name, contact information, and other data required to fulfill the transaction).

Services provided by third parties are necessary for the development of Company’s business activity. The processing of Personal Data is at all times subject to a contract which establishes the duties of the data processor towards the data controller. Under no circumstances will personal information be used for other purposes and it will be managed in compliance with Company policy guidelines, the privacy policy, and the applicable data protection regulation. Company, in compliance with User privacy and data protection of Users, will only rely on service providers which adopt enough and proper technical and organizational measures to ensure that data processing complies with the applicable law regarding data protection and guarantee the protection of Users rights.

9. Rights of the user

Company guarantees the exercise of rights established in the GDPR. The User can exercise the rights described below in the following ways: using the included functionality in the User account within the Services, accessing the support form available on the Website, or by emailing the Company at info@cardsnacks.com. Please note that Company may require the User to verify their identity before taking action on the request for the exercise of rights.

The User has the following rights:

  1. Right to Access: The User has the right to obtain from Company confirmation about whether or not Personal Data concerning them are being processed and, if that is the case, receive information about it;
  2. Right to Rectification: The User has the right to request us to correct Personal Data where it is inaccurate or incorrect. When requesting for rectification, the User must indicate the data to be rectified and provide the correct information. In addition, where necessary, the request must be sent together with supplementary documentation that accounts for the incomplete or inaccurate data;
  3. Right to Erasure: The User has the right to request the erasure of Personal Data concerning their personal account. Therefore, individuals can close their User Account at any moment in an easy and straightforward way by emailing us at info@cardsnacks.com. When requesting for terminating the account and, therefore, erasing all personal information, the User must note the following:
    1. Company may keep and use personal information where it is necessary in compliance with the legal obligations enforced by fiscal obligations and connected to judicial information and auditing.
    2. If the User sends an erasure request, the Personal Data will be erased from the safety back-up systems at Company when the next back-up is done;
  4. Right to Object: The User has the right to object to the processing of their Personal Data by Company at any time. In some cases, we may continue processing personal information because of legitimate grounds or for the exercise or defense of possible legal claims. Please note that when the User requests for terminating with data processing for marketing purposes, the request can be submitted in the following ways:
    1. By clicking on the "unsubscribe" link that the User can find in our emails.
    2. By sending an e-mail to info@cardsnacks.com;
  5. Right to Restrict Processing: The User has the right to request the restriction of Personal Data where they have particular reason for wanting the restrictions. This right entitles the User to request the restriction of Personal Data in the following circumstances:

    1. The accuracy of the Personal Data is contested by the User, while Company verifies the accuracy of the Personal Data; and
    2. The User has objected to processing their data, pending the verification whether the legitimate grounds of the controller override those of the User.
    3. Furthermore, the User has the right to request us to retain their Personal Data when:
    4. The processing is unlawful and the User opposes the erasure of the Personal Data and requests the restriction of their use instead; and,
    5. Company no longer needs the Personal Data for the purposes of the processing, but they are required by the User for the establishment, exercise or defense of legal claims;
  6. Right to Data Portability: The User has the right to request a copy of the personal information provided to Company in a structured form and of common and legible use.
  7. Right to Withdraw Consent: In the cases in which the User has authorized their data processing, the User has the right to withdraw their consent at any time. The withdrawal of consent can be made effective by changing the settings in their User Account, through the support form available on the Website, or by emailing us to info@cardsnacks.com, indicating specifically the consent they wish to revoke. Please note that revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal.

The User can access and update some of their personal information in the settings of the User Account; the User is responsible for updating such personal information.

10. Data security

Company implements appropriate administrative, technical, and organizations measures to safeguard User’s personal information against loss, misuse, unauthorized access, disclosure or alteration. However, Users should be aware that no method of data transmission over the Internet is 100% secure and, moreover, that some personal information is retained on the device that used to access the Website. Users are responsible for securing access to their device.

11. International data transfers

The Company is headquartered outside of the EEA and Personal Data is stored by the Company outside of the EEA. In addition, some external service providers of Company are outside the EEA. Therefore, User’s personal information shall be stored in countries outside the European Union. However, in order to ensure compliance with GDPR, the Company shall do the following:

  • Obtain User consent to allow data transfer outside of the EEA
  • Ensure that transfers of personal information outside the EEA comply with this Policy and meet any applicable law regarding data protection regulations of the European Union.

12. Complaint submission

If you, the User, do not agree with the way Company processes your Personal Data, you can contact us by sending an email to info@cardsnacks.com or by contacting directly the relevant data protection agency in your country of residence.