Last Updated: January 2020
We will NEVER sell your personal data to anyone.
CartMagician considers data protection and privacy to be of paramount importance. We never sell personal data and we carry out all processing operations in strict compliance with the EU General Data Protection Regulation (“GDPR”) (specifically but not limited to Article 6(1)(b) to (f) and Article 28) as well as the Laws of Australia, where CartMagician is incorporated, and other applicable global privacy and data protection laws such as the California Consumer Privacy Act (“CCPA”) (collectively, the “Applicable Law”).
- WHAT KIND OF INFORMATION DO WE COLLECT?
2.1 We collect the following information (the Data) about you, depending on your use of our Site and/or Services:
(a) Information necessary for the use of our Site and Services. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. The legal basis for processing this information is Article 6(1)(b) of the General Data Protection Regulation (GDPR).
(i) Registration: Information that you provide to us when registering with our Site (including your name, email address and password).
(ii) Profile: Information that you provide when completing your profile on our Site (including your name, profile pictures, gender, date of birth, interests and hobbies, educational details and employment details, description, tags)
(iii) Purchase: Information relating to any purchases you make in respect of the Services and information you provide to the online payment service provider (including your name, email address and payment status).
(iv) Communication: Information contained in or relating to any communication that you send to us or send through our Site (including the communication content and metadata associated with the communication).
(b) Information we process automatically. We shall further also collect and process the following information for the purpose of providing you with the best possible Services on our Site. This information we process on the basis of your express consent pursuant to Article 6(1)(a) of the GDPR:
(i) Use of Site and/or Services: Potentially personally identifiable information about your computer and about your visits to and use of our Site and/or Services (including your IP address and geographical location, device type, device screen resolution, browser type and version, operating system, referral source, length of visit, page views, preferred language, mouse events (movements, location and clicks), keypress, referring URL and domain, pages visited, date and time Site was accessed and website navigation paths or any similar information that may be obtained by the Company directly or indirectly from third party providers.). Information that you provide to us when using our Site and/or the Services, or that is generated in the course of the use of those Services (including the timing, frequency and pattern of Service use).
(c) Information you choose to give us. We shall further also collect and process additional personal information in order to obtain a better user experience when using our Site and/or Services. This additional information will be processed based on your consent pursuant to Article 6(1)(a) GDPR:
(i) Notifications: Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address).
(ii) Posting: Information that you post to our Site for publication on the internet (including your name and photo).
(iii) Other: Any other personal information that you choose to send to us.
- WHAT DO WE USE YOUR DATA FOR?
3.2 Any personal information or content that you voluntarily disclose for posting to the Site, its related forums, message boards, your Public Projects, or similar publicly accessible areas or content become available to the public. We are not responsible for personally identifiable information and Data contributions that you choose to disclose publicly in these areas. If you remove information that you posted, copies may remain viewable in cached and archived pages, or if other users have copied or saved that information.
3.4 By providing us your email address, you consent to us using the email address to send you service-related notices, including any notices required by law, in lieu of communication by postal mail. [Subject to giving us express consent, we may also use your email address to send you other messages, such as newsletters, changes to Services, or special offers.] If you decide not to receive such messages anymore, you may unsubscribe by following the link provided in the email communication. Unsubscribing may prevent you from receiving messages regarding updates, improvements, or offers. You may not unsubscribe from service-related emails. If you correspond with us by email, we may retain the content of your email messages and our responses.
3.5 We may use certain information about you and/or certain of your Data without identifying you as an individual to third parties. We do this for purposes such as analyzing how the Site is used, diagnosing service or technical problems, maintaining security, and personalizing content. We may work with third party companies such as Google Analytics, Zendesk, Hotjar, ActiveCampaign, WooCommerce, Facebook, Instagram, and Later to help us understand how the Site is being used, such as the frequency and duration of usage, how users found our Site, and other non-personally identifiable information so we can deliver a better experience and improve the Site.
3.6 We reserve the right, but have no obligation, to monitor the information you post on the Site and related forums. If applicable, we reserve the right to remove any such information or material for any reason or no reason, including without limitation if in our sole opinion such information or material violates, or may violate, any applicable law or to protect or defend our rights or property or those of any third party. We also reserve the right to remove information upon the request of any third party.
- ON WHAT BASIS DO WE PROCESS YOUR DATA?
4.1 In addition to legal basis mentioned above, we may process any Data to comply with our statutory obligations pursuant to Article 6(1)(c) GDPR or to protect our legitimate interests pursuant to Article 6(1)(f) of the GDPR, for example in cases of fraud prevention, network and information security, direct marketing purposes and transmission of Data between us and our subsidiary Applause Digital Pty Ltd., with its registered PO Box1317 Sunshine Coast QLD 4573 Australia where there is a legal obligation for us to do so.
4.2 We shall process your Data in accordance with applicable law and protect your Data against misuse and/or any unlawful disclosure.
- HOW WE SHARE YOU DATA?
5.3 We may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings; or
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
5.5 Personally Identifiable Information: We may share your personally identifiable information with third parties solely for the purpose of providing services to you, including for the processing of financial transactions as set forth in Section 9 below. We may store personal information in locations outside our direct control (for instance, on servers or databases co-located with hosting providers).
5.6 We do not share your personally identifiable information or personally-identifiable location information with third-party companies for their direct marketing use.
- DO WE TRANSFER YOUR DATA TO THIRD COUNTRIES?
- Access and Disclosure to Third Parties
CartMagician does not sell, and has not sold, consumers’ Personal Data at any time. Except as provided below, we also do not share or disclose your Personal Data.
We've created a list of the categories of personal information we’ve collected and the categories of sources from which we got the information and how we might share this information.
We use a select number of trusted external service providers for certain technical data analysis, processing and/or storage offerings. These service providers are carefully selected and meet high data protection and security standards. We only share information with them that is required for the services offered and we contractually bind them to keep any information we share with them as confidential and to process Personal Data only according to our instructions. In addition to services providers, other categories of third parties may include:
- Vendors/public institutions.
To the extent that this is necessary in order to make use of certain services requiring special expertise (such as legal, accounting or auditing services) we may share your personal data with vendors of such services or public institutions that offer them (e.g. courts). The legal basis of this data processing is Art. 6(1)(f) GDPR.
- Disclosures to Protect Us or Others.
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity; depending on the concrete issue, the legal basis for such processing may be Art. 6(1)(b), (c) or (f) GDPR.
- Disclosure in the Event of Merger, Sale, or Other Asset Transfers.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract. The legal basis for such processing would be Art. 6(1)(f) GDPR as such processes are in the legitimate interest of CartMagician.
- Vendors/public institutions.
Other than the cases mentioned above, we will only pass your data on to third parties without your express consent if we are obliged to do so by statutory law or an instruction by a public authority or court as outlined in our Terms of Service.
Notice regarding Third-Party Websites
The Services may contain links to other websites, and other websites may reference or link to our website or other Services. These other websites are not controlled by CartMagician. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
In plain English: We use third-parties.
As part of providing the Services our affiliates, agents, contractors, representatives, trusted business partners, and third-party service providers (including without limitation, the following entities) may have access to your personal data:
We use Google Ads, Facebook Ads, Twitter Ads, Instagram Ads, ActiveCampaign, and LinkedIn Ads to reach our target audience with relevant ads. We use the data to track sales and other business goals, all the data is being masked, and the company can’t identify any action from a specific customer or user.
We use CloudFlare to accelerate our web pages and Amazon AWS to store host and store content.
We use Facebook Messenger and ActiveCampaign Conversations to communicate with our users; each interaction is logged in Facebook Messenger or ActiveCampaign respectively.
We use ActiveCampaign, Google Ads, Facebook Ads, Twitter Ads, Instagram Ads and Later to send promotional and support communications to our users.
We use Google Analytics and Hotjar to analyze page interactions, marketing goals and to integrate different data sources together so that we can provide the best experiences for our users.
We use Xero, PayPal, and Stripe for our payment processing and accounting.
- FOR HOW LONG SHALL WE BE PROCESSING YOUR DATA?
8.1 Except as provided otherwise by law, we will process your Data in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed (that may include the time when you continue to use our Site and/or Services and/ or the whole time during which the purpose of processing your Data continues).
8.2 We shall be also authorised to process your Data after you stop using our Site and/or Services, if it is necessary to
(a) meet our legal obligations; or
(b) establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
- HOW CAN I WITHDRAW MY CONSENT?
9.1 You may withdraw your consent at any time by contacting [email protected].
- WHAT ARE YOUR RIGHTS AND OBLIGATIONS?
10.1 You are entitled to:
(a) Access to your Data: In particular to:
(i) request information about the purpose of their processing,
(ii) categories of processed Data,
(iii) identifying the recipient to whom the Data are to be provided, and
(iv) duration of processing and collecting your Data.
(b) Correction of your Data: In case you acknowledge that we are processing Data about you, which are not correct, please inform us about this matter and we shall correct such incorrect data without undue delay.
(c) Erasure of your Data (Right to be forgotten): We shall erase your Data if:
(i) the Data are no longer necessary in relation to the purpose for which they were collected,
(iii) you object to the processing of your Data,
(iv) in case your Data have been obtained by us unlawfully,
(v) we have a legal obligation to do so and
(vi) the Data have been collected in relation to the offer of information society services.
(d) Restriction of Data processing: You have the right to restriction of your Data processing if: (i) the accuracy of your Data is contested by you for a period which shall enable us to verify the accuracy of your Data, (ii) the processing of your Data is unlawful and you request restriction of such Data use instead of erasure, (iii) we no longer need your Data for the purpose of processing, but are required by you for the establishment, exercise or defence of legal claims, and (iv) you have objected to the processing of your Data pending the verification whether our legitimate grounds override yours.
(e) Data portability: You are entitled to receive your Data processed by us in a structured, commonly used and machine-readable format for the purpose of transmitting such Data to another data controller.
(f) Object Data processing: You have the right to object the processing of your Data based on the grounds of legitimate interest, marketing purposes, profiling related to direct marketing.
(g) Lodge a complaint with a supervisory authority: If you consider that your rights relating to the processing of your Data have been infringed you have the right to lodge a complaint with a supervisory authority.
- DO WE USE AUTOMATED INDIVIDUAL DECISION-MAKING? AND HOW DOES IT WORK?
11.1 Your personal data are not a subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you.
- CHILDREN’S PRIVACY
12.1 Protecting the privacy of young children is especially important. For that reason, we do not knowingly collect or solicit personal information from anyone under the age of . If you are under , please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age  is allowed to provide any personal information to or on the Site. In the event that we learn that we have collected personal information from a child under age  without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under , please contact us at [email protected].
- PROCESSING FINANCIAL TRANSACTIONS
- HOW DO WE COOPERATE WITH THIRD PARTY WEBSITES?
14.1 Our Site includes hyperlinks to, and details of, third party websites.
14.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
- HOW DO WE COOPERATE WITH THIRD PARTY WEBSITES?
- WHAT KIND OF COOKIES DO WE USE?
17.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser on your mobile device or computer to identify you (usually based on an anonymous identifier). The identifier is then sent back to the server each time the browser requests a page from the server in order to identify your visit to a particular page, the list of ads you have responded to, the type of browser you are using, and also to remember information you have filled in on our website.
17.3 The purpose of using Cookies is to be able to adapt to your needs, to distinguish you from other users, to prevent the display of irrelevant ads in your web browser and to prevent the need for your repeated login to our Interface.
17.4 Cookies may be either "persistent" cookies or "session" cookies or third-party cookies:
(a) A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date;
(b) a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed;
(c) third-party cookies are cookies that are set by a website other than our Site. For example, a website might have a social media like button on their site. That like button will set a cookie that can be read by social media provider. The aim of third-party cookies is often to collect certain information to carry out various research data like behavior, demographics and for targeted marketing of their service.
17.5 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
17.6 We use session, persistent and third-party cookies on our Site and/or with respect of our Services. According to different purpose, there are other subcategories we may use. In the list below, you can find all cookies we use on Our Interface:
Cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
You can set your browser to block or alert you about these cookies, but some parts of the site will not work in such case. These cookies do not store any personally identifiable information.
19.1 We use security cookies to verify your identity when logging in, to prevent fraudulent use of your login information and to prevent your user data from unauthorized access.
19.2 Please acknowledge that blocking and/or deleting cookies will have a negative impact upon the usability of the Site and/or our Services.
Last updated: January 2020