Privacy Policy (CardsInspired.co.uk)

Last updated: 22 January 2026

Cards Inspired (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you visit or purchase from cardsinspired.co.uk (the “Website”).

This policy is intended to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1) Who we are (Data Controller)

Data Controller: Cards Inspired (trading as “Cards Inspired”)

Address: 25 Grenaby Way, Murton, County Durham, SR7 9GW, United Kingdom

Email: mail@cardsinspired.co.uk

ICO registration number: We are not registered with the Information Commissioner’s Office (ICO).

2) The personal data we collect

We may collect and process the following types of information:

A) Information you provide to us

• Identity & contact details: name, billing address, delivery address, email address, phone number
• Account details (if you create an account): login details and order history
• Order information: items purchased, delivery preferences, and any notes you provide (for example, gift notes or card messages, if applicable)
• Customer support: messages you send us and information needed to handle returns, refunds, or complaints
• Marketing preferences: your communication choices (opt in/out)

B) Information collected automatically

• Device & usage data: IP address, browser type, device type, pages visited, approximate location (derived from IP), and how you interact with the Website
• Cookies and similar technologies: see section 6

C) Information from third parties

• Payment status confirmations from payment providers (we do not receive full card details)
• Delivery tracking updates from couriers
• Fraud prevention and security signals (where enabled)

3) How we use your personal data

We use your data to:

• Process orders (take payment, fulfil and deliver purchases, send order updates)
• Provide customer service (handle enquiries, returns, refunds, complaints)
• Manage your account (if you create one)
• Improve the Website (analytics, performance monitoring, troubleshooting)
• Prevent fraud and maintain Website security
• Send marketing communications (only where you have opted in and you can opt out anytime)
• Comply with legal obligations (for example, tax/accounting and consumer law)

4) Legal bases for processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract: where processing is needed to fulfil your order or provide services you request
• Legal obligation: where we must comply with the law (e.g., record keeping)
• Legitimate interests: to run and improve our business, keep the Website secure, and prevent fraud (balanced against your rights)
• Consent: for marketing and non-essential cookies where required

5) Marketing

If you opt in, we may send you marketing communications (for example, by email). You can opt out at any time by:

• using the unsubscribe link in any marketing email, or
• contacting us at mail@cardsinspired.co.uk.

We do not sell your personal data to third parties for their own marketing.

6) Cookies and similar technologies

We use cookies and similar technologies to:

• ensure the Website works properly (for example, keeping items in your basket),
• remember your preferences,
• understand how visitors use the Website (analytics), and
• support advertising (only if enabled).

Managing cookies: You can control cookies through your browser settings. If we use a cookie banner/preferences tool, you can also manage your choices there. Please note that blocking some cookies may impact Website functionality.

7) Sharing your data

We may share your personal data with trusted service providers where necessary to operate the Website and fulfil orders. This includes:

Payment processing

We use Stripe and PayPal to process payments. When you pay, your payment information is handled directly by Stripe and/or PayPal. We do not store full payment card details.

Depending on your chosen method, we may share information such as:

• name, email address, billing address, delivery address
• order amount, currency, and transaction identifiers
• fraud-prevention and security information (where applicable)

Stripe and PayPal act as independent controllers (or sometimes processors) for certain payment data they handle for compliance, fraud prevention, and service delivery, in accordance with their own privacy notices.

Other service providers

We may also share data with:

• Website hosting / ecommerce platform providers (to run the store)
• Delivery and fulfilment partners (to deliver your order and provide tracking)
• Email/customer service tools used to send order updates and respond to enquiries
• Analytics and security providers to help keep the Website working and secure

We require service providers to protect your data and use it only for providing services to us.

We may also disclose your data when required by law or to protect our rights (for example, in relation to fraud prevention).

8) International transfers

Some of our suppliers (including payment providers) may store or process personal data outside the UK. Where this happens, we ensure appropriate safeguards are in place in line with UK GDPR requirements (for example, UK adequacy regulations or approved contractual safeguards).

9) Data retention

We keep personal data only as long as necessary for the purposes described in this policy, including legal, accounting, or reporting obligations.

Typical retention periods include:

• Order and invoice records: typically 6 years (for UK tax/accounting requirements)
• Customer support correspondence: typically 12–24 months after resolution (unless needed longer for legal reasons)
• Marketing records: until you unsubscribe or request removal

10) Security

We use appropriate technical and organisational measures to protect your personal data. Payments are handled securely by Stripe and PayPal, and we take reasonable steps to secure your information.

No method of transmission or storage is completely secure. However, we work to protect your data and improve our security measures over time.

11) Your rights (UK GDPR)

You have rights over your personal data, including:

• Access – request a copy of your data
• Rectification – correct inaccurate or incomplete data
• Erasure – request deletion (in certain circumstances)
• Restriction – request limited processing (in certain circumstances)
• Objection – object to processing based on legitimate interests and for direct marketing
• Data portability – receive certain data you provided in a structured, commonly used format
• Withdraw consent – where we rely on consent (e.g., marketing and some cookies)

To exercise your rights, contact mail@cardsinspired.co.uk. We may need to verify your identity before responding.

12) Complaints

If you have concerns, please contact us first at mail@cardsinspired.co.uk and we will try to resolve the issue.

You also have the right to complain to the UK supervisory authority:

Information Commissioner’s Office (ICO) (UK)

13) Children’s privacy

Our Website is not intended for children and we do not knowingly collect personal data from children.

14) Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and the “Last updated” date will be revised.

15) Contact us

Cards Inspired

25 Grenaby Way, Murton, County Durham, SR7 9GW, United Kingdom

Email: mail@cardsinspired.co.uk