- 1. Purpose and Scope
This Cards Privacy Statement (the “Privacy Statement”) explains how Cards Ltd., a Bulgarian company (“Cards”, “we”, or “us”) collect, use, store, process, disclose, and delete Personal Data (as defined in this Privacy Statement) you provide directly to us or that we receive from your authorized third parties including, without limitation, that you provide to us via our website, located at the cardnew.net domain, or any website of any one of our business units that post or link to this Privacy Statement (individually and collectively, “Website”), accessed through any medium, including via computer, mobile device, or other device (collectively, “Device”). This Privacy Statement also outlines your rights in respect to your Personal Data.
Cards is a distributor and reseller of IT products and services, headquartered in Sofia, Bulgaria. Cards delivers global technology and supply chain services to support technology distribution and information technology and security.
For more information about Cards, please see the “About Us” section of our Website.
Although we encourage you to read this entire Privacy Statement, this is a summary of some of the more important aspects of the Privacy Statement:
- We may collect both Personal Data and other information from you through a variety of sources, including Personal Data we have collected from you, whether on- or offline. We may also combine it with information we receive about you from other sources, such as Affiliates, publicly available information sources (including information from your publicly available social media profiles), and other third parties.
- We will not use or share your Personal Data except as described in this Privacy Statement.
- Where applicable, we honor opt out instructions from you for certain uses of your Personal Data under this Privacy Statement, such as, for example, when you opt out of receiving marketing email communications from us or request us to delete your Personal Data.
- We use appropriate technical and organizational controls to secure and protect your Personal Data, but we cannot ensure or warrant that your Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities.
- General Principles for the Processing of Personal Data
Personal Data will be collected, stored, processed and transmitted in accordance with Cards established policies and applicable EU and international laws, rules and regulations.
The principles of Cards with respect to the processing of Personal Data are as follows:
- Personal Data will be processed fairly and lawfully,
- Personal Data will be collected for specified, explicit, and legitimate purposes and not further processed for incompatible purposes,
- Personal Data collected by Cards will be adequate, relevant, and not excessive in relation to the purposes for which it is collected,
- Personal Data collected by Cards will be accurate and, where necessary, kept up to date to the best of our ability,
- Personal Data will be protected against unauthorized access and processing using appropriate technical and organizational security measures and controls; and
- Personal Data collected by Cards will be retained as identifiable data for no longer than necessary to serve the purposes for which the Personal Data was collected.
If Cards engages in the processing of Personal Data for purposes other than those specified in this Privacy Statement, Cards will provide notice of these changes, the purposes for which the Personal Data will be used, and the recipients of Personal Data.
- Collection of Information
Cards may collect Personal Data about you from a variety of sources, including, directly from you, from other Users, from resellers and distributors, from our vendors, from our service providers, from third party information providers, and through the operation of the Website.
“Personal Data” collected by Cards includes:
- your first and last name;
- billing or shipping address;
- credit card or payment information;
- government issued identification number;
- email address;
- phone number;
- purchase information and history;
- your account number;
- resume or professional information; and
- a combination of your username and password used to access the Website.
Cards collects your Personal Data as follows:
3.1. Information You Provide Voluntarily
We may collect Personal Data directly from you when you voluntarily provide it to us. For example, when you communicate with us over the telephone or through the Website by way of email, online chat, web form, or online account registration to obtain access to Offerings, register for an event or training, purchase an Offering, ask questions, attempt to resolve any issues related to the Website or Offerings, submit a job application, or submit feedback and comments.
The Personal Data that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your Personal Data.
3.2. Information that We Collect Automatically
When you visit our Website, we may collect certain information automatically from your Device. In some countries, including countries in the European Economic Area, this information may be considered Personal Data under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, your Media Access Control (MAC) Address, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and Other Website Usage Information.”
3.3. From Other Users
We may receive Personal Data about you from other users of the Website when they provide information to us. For example, we may receive information when they communicate with you or with us through the Website.
3.4. From Resellers and Distributors
We may obtain Personal Data about you from the resellers and distributors that purchase Offerings available from us and provide such Offerings to you.
3.5. From Our Vendors
We may obtain Personal Data about you from the third party vendors that make Offerings available through us.
3.6. From Third Party Information Providers
Cards may also obtain Personal Data from third parties that have obtained or collected information about you and that have the right to provide that Personal Data to us. Cards will only obtain this Personal Data where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your Personal Data to us. For example, if you register for the Website using a third party service or through a third party website or service, the information you provide to that third party will be provided to us to establish your account on the Website. We may also contract with third parties that are in the business of providing information to businesses such as ours to verify certain information about you or obtain information. We may use the Personal Data about you we receive from a third party outside of the Website in accordance with the terms we establish with that third party. We may also obtain Personal Data from publicly-available sources such as open government databases or other data in the public domain.
- Cookies and Other Website Usage Information
The Website may also monitor and collect information about how you access, use, and interact with the Website automatically through “cookies,” “flash cookies”, “web beacons,” and other automated tracking technology.
A “cookie” is a small text file that is stored on a user’s Device. Cookies allow us to collect information such as browser type, time spent on the Website, pages visited, and language preferences. We and our service providers use the information for security purposes, to facilitate navigation, display information more effectively, and to personalize your experience while using the Website.
Generally, the cookies that are used on the Website can be broken down in to the following categories:
- Strictly necessary cookies—These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website or use a shopping cart.
- Analytical/performance cookies—These cookies are used to analyze how the Website is used and to monitor its performance, which allows us to improve your experience in using the Website. These cookies help us to tailor the content of Website to reflect what users find most interesting and to identify when technical issues with the Website arises. We may also use this data to compile reports to help us to analyze how the Website is used, what the most common issues are and how we can improve the Website.
- Functional/tracking cookies—These cookies enable us to recognize repeat visitors to our Websites. By matching an anonymous, randomly generated identifier, a tracking cookie keeps track of where a user of our Websites came from, what search engine they may have used, what link they clicked on, what keyword they used and where they were in the world when they accessed the Website. By monitoring this data, we can make improvements to our Website.
- Targeting cookies—These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
- Session cookies—These cookies are used ‘in-session’ each time you visit and then expire when you leave a Website or shortly thereafter: they are not stored on your Device permanently, do not contain any Personal Data and help by minimizing the need to transfer Personal Data across the internet. These cookies can be deleted or you can refuse to allow their use, but this will hamper the performance and your experience in using the Website. These cookies also take time stamps that record when you access the Website and when you leave the Website.
- Persistent cookies—This type of cookie is saved on your Device for a fixed period (sometimes for a few hours, sometimes for a year or longer) and is not deleted when the browser is closed. Persistent cookies are used where we need to remember who you are for more than one browsing session. For example, this type of cookie can be used to store your language preferences, so that they are remembered for the next visit to the Website.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject any cookies. However, please be aware that if you disable or reject cookies, some features and services on our Websites may not work properly because we may not be able to recognize and associate you with your account(s). In addition, the Offerings we provide when you visit us may not be as relevant to you or tailored to your interests.
A “flash cookie” is a file similar to a cookie, except that they can store more complex data. Our use of Adobe Flash technology (including Flash Local Stored Objects (“Flash LSOs”)) allows us to, among other things, serve you with more tailored information, facilitate your ongoing access to and use of the Website, and collect and store information about your use of the Website. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Adobe Flash Website Storage Settings Panel available on the Internet. You can also control Flash LSOs by going to the Adobe Flash Global Storage Settings Panel available on the Internet and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to as “information” on the Adobe site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with this Website or our online content.
A “web beacon” (also known as a clear pixel or pixel tag) includes an electronic image imbedded in the Website interface that allows us to recognize when you visit that area of the Website. These may also be used in connection with some Website pages and HTML-formatted e-mail messages to, among other things, track the actions of Website users and e-mail recipients, measure the success of our marketing campaigns, and compile statistics about Website usage and response rates.
- Use of Information
Cards uses Personal Data we collect to operate our business and provide you with Offerings, which includes using this data to improve our Offerings and personalize your experiences. We also may use the data to communicate with you, for example, informing you about your account and product information.
Cards may use your Personal Data for a variety of purposes (the “Purposes”), including to:
- Provide, maintain, and improve the Website and our Offerings, including to operate certain features and functionality of the Website
- Understand user preferences to enhance users’ experience with Cards and its contractors, and business partners;
- Research and analyze the effectiveness of the Website and the marketing, advertising and sales efforts of Cards, its contractors, and business partners;
- Collect account receivables owed by customers of Cards;
- Process orders and payments made through the Website;
- Develop additional Offerings;
- Process job applications;
- Comply with a legal obligation or respond to lawful requests by public authorities (including national security or law enforcement requirements);
- Manage our everyday business needs;
- Prosecute and/or defend a court, arbitration or similar legal proceedings;
- Communicate directly with you by sending you newsletters, promotions and special offers or information about new products and services on an ongoing basis in accordance with your marketing preferences. You can unsubscribe from our marketing communications by clicking “Unsubscribe” at the bottom of the email or by contacting us using the “Questions and Contact Information” details.
- Communicate directly with you by phone to respond to customer service inquiries or comments through the Website, social media or otherwise, to discuss issues relating to your account or the Website, and to provide customer support.
- Deliver advertising to you, including to help advertisers and publishers serve and manage ads on the Website or on third party sites, and to tailor ads based on your interests and browsing histories. Please see the section on Cookies and Other Website Usage Information for additional information related to such advertising and your related controls;
- Compile aggregated statistics about the operation and use of our Website and to better understand the preferences of the visitors of our Website; and
- Other Purposes: To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you.
We may combine and enhance the Personal Data we collect about you with other information we receive from third parties.
We may also use the Personal Data we collect about you through the Website to generate anonymized, aggregated data. When we do so, we ensure that the anonymized, aggregated data is no longer personally identifiable and may not later be used to identify you. This will include, by way of example, storing the anonymized, aggregated data separately from any Personal Data.
- Information Sharing
We share your Personal Data with your consent or as necessary to complete any transaction or provide any Offering you have requested or authorized. We also share Personal Data with third party vendors, resellers and distributors, third party service providers, Affiliates and business units, when required by law or to respond to legal process, to protect our customers, to protect lives, to maintain the security of our Offerings, and to protect the rights or property of Cards.
We may disclose your Personal Data as follows:
Cards may share Personal Data about you with the third party vendors that make Offerings available through us. For example, we may share your Personal Data with a third party vendor if you purchase or access an Offering through us, or an Cards reseller or distributor, and that vendor requires verification of an Offering purchase in order to register that Offering.
6.2. Resellers and Distributors
Cards may share your Personal Data with the resellers and distributors that purchase Offerings available through the Website. For example, we may share your Personal Data if you purchase or access an Offering through a reseller or distributor, and that reseller or distributor leveraged our reseller tools and services.
6.3. Third Party Service Providers
Cards may provide your Personal Data to third parties that provide services to assist us with the Website and with achieving the Purposes. For example, these third parties may include providers of customer service, payment processing, email and messaging support, hosting, management, maintenance, information analysis, Offering fulfilment or delivery, or other services we may receive on an outsourced basis. We will endeavor to require that these third parties use your Personal Data only as necessary for such reasons and protect your Personal Data consistent with this Privacy Statement and applicable law. A list of third party service providers is available upon request.
6.4. Business Units
Cards may share your Personal Data with our Affiliates, regardless of whether these entities share the Cards brand. We may also share your Personal Data with other business units that also offer products or services under the Cards brand or one of our other brands. Our business units will use your Personal Data we share with them in a manner consistent with this Privacy Statement.
6.5. Other Users
Cards may share your Personal Data with other users when you elect to interact with those users (or request that we communicate with them on your behalf) through the Website. This may include facilitating communications with other users or enabling posting of Personal Data to areas of the Website accessible by other users. You should be aware that any Personal Data (or other information) you provide in these areas may be read, collected, and used by others who access them.
6.6. Law Enforcement and Safety
Cards may share your Personal Data with any competent law enforcement, regulatory, government agency, court, other governmental officials, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
6.7. Sale or Acquisition of Assets
If Cards transfers ownership or control of any portion of Cards or the Website to an actual or potential buyer, whether in the context of an acquisition, merger, reorganization, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings), we may transfer your Personal Data to that actual or potential buyer, provided that the use of your Personal Data by that third party remains subject to applicable law.
We may share your Personal Data with any other person with your consent to the disclosure.
We may also share aggregated, anonymized data with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information we collected through your use of our Website. If we are required under applicable law to treat such information as Personal Data, then we will only disclose it as described above.
- Other Important Privacy Information
Below you will find additional privacy information you may find important.
7.1. Security of Personal Data
Cards uses appropriate technical and organization controls and measures to secure and protect your Personal Data from unauthorized loss, misuse, and disclosure, such as strong user access controls, segmented network architecture, and comprehensive employee policies and training. Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while Cards attempts to protect all Personal Data, Cards cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. Cards will notify you in the event we become aware of a security breach involving your personally identifiable information (as defined by the applicable foreign, federal, state, and local laws) stored by or for us, in accordance with applicable laws.
7.2. Legal Basis for Processing Personal Data (EEA Visitors Only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the Personal Data information described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only (i) where we need the Personal Data to perform a contract with you (such as to fulfill your purchase of an Offering), (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services and Offerings to you, and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests, and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Questions and Contact Information” heading.
It is your responsibility to provide Cards with accurate Personal Data. Except as otherwise set forth in this Privacy Statement, Cards shall only use Personal Data in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. To the extent necessary for these purposes, Cards shall take reasonable steps to ensure that Personal Data is accurate, complete, current and relevant to its intended use.
7.4. International Data Transfers
Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, our primary Website servers are located in Bulgaria, and our third party service providers and partners operate around the world. This means that when we collect your Personal Data we may process it in any of these countries. However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Statement. These include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Data between our Affiliates, which require us to protect Personal Data they process from the EEA in accordance with European Union data protection law. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
7.5. Retention Period
We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with an Offering you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
7.6. Sensitive Information
Unless we specifically request or invite it, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) on or through this Website or otherwise to us. In those cases where we may request or invite you to provide sensitive personal data, we will do so with your express consent.
7.7. Third Party Websites
Cards may from time to time revise this Privacy Statement in its sole and absolute discretion to reflect changes in our business practices. If we revise this Privacy Statement, we will notify you by posting the updated Privacy Statement on this Website. Changes to the Privacy Statement will become effective and will apply to the information collected starting on the date Cards posts the revised Privacy Statement on the Website. If we are required by applicable data protection laws to seek your consent to any changes in use of your Personal Data described in our updated Privacy Statement, then we will do that.
If you are a resident of the European Union, all the Personal Data related to you and received and stored by Cards are erased after 5 years, save for any Personal Data in documents and files we must keep for a longer period under applicable laws. For example, we cannot erase personal data appearing on VAT invoices before we can delete the invoices from our systems