Privacy Policy

As a company that finds its roots in the European Union, and that considers compliance to privacy legislation Privacy a core principles of its organisation, Cardify has created this Privacy Policy based upon the foundations of the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).

As GDPR currently is the most advanced and elaborate data protection legislation in the world, Cardify uses GDPR as its main benchmark for its companywide privacy program.

Seeing the global activities of Cardify, it goes without saying that with this Privacy Policy, in addition to GDPR, Cardify also wants to take into account the principles of other applicable data protection legislations (such as the California Consumer Privacy act of 2018, or the UK Data Protection act 2018), which principles are either already incorporated through GDPR (in most of the cases) or either have specifically been added to this Privacy Policy.

The following interactions ("Interactions") will make this Privacy Policy to become applicable:

• Your use of and/or interaction with any website i) belonging to the getcardify.com domain, ii) managed by Cardify, iii) referring to any of the foregoing, or iv) operated by a third-party on behalf of Cardify ("Website");
• Your use of any content belonging to, or controlled by Cardify, as being made available to You by a collaborator of Cardify, including via the Cardify Product and Services;
• Your use of the Cardify Product and Services under an Administrator account;
• Direct Interactions with Cardify (e.g. certain sales and/or marketing interactions, face-to-face meetings, interactions at exhibitions, sales pitches, commercial gatherings, training session, webinars, social media interactions, events, email inquiries, interactions with Cardify through the Cardify Sales enablement Solution, job searches,...);
• Interactions (with (software) tools) related to the foregoing (e.g. direct marketing tools, job applications tools, account registrations, support, etc.); and/or
• Explicit acceptance of this Privacy Policy.

Be aware that the applicability of this Privacy Policy following your Interactions will be for the specific purpose (see A3) for which Your Personal Data is being processed by Cardify.

Cardify may (be required to) process certain Personal Data for one or more of the following purposes:

• Contract administration
• Supplier Management
• The use as administrator of the Product and Services / support
• The use of and/or interaction with the Website
• Downloads from the website
• Events/webinars & registration
• Job applications
• Lead Generation
• Direct Marketing
• Strategic Company initiatives
• Business Intelligence
• Other Purposes

3.1 Contract administration

This purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name, billing/financial information), and Your respective user account details (e.g. actions & activities, profile information, account analytics), in order to:

• negotiate, execute, renew and/or manage a contract with You, including in respect of the Product and Services provided thereunder;
• process billing information and payments related thereto; and/or
• communicate with You in respect of the above (including sending (legal) notifications) and other contract related items.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• "processing is necessary for the performance of a contract to which the data subject is party" or "in order to take steps at the request of the data subject prior to entering into a contract"; and/or
• "processing is necessary for compliance with a legal obligation to which the controller is subject" (e.g. retention of log files);
• "processing is necessary for the purposes of the legitimate interests pursued by the controller" (e.g. retention of log files).

The Processing of this Personal Data is an absolute requirement, without which Cardify will not enter into a contract (negotiation) with You, nor create an account, and even may mean that Your contract (negotiation) and account may be suspended or terminated by Cardify.

3.2 Supplier Management

This purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), and Your Professional Details (e.g. job title, company name, billing/financial information), in order to:

• negotiate, execute, renew and/or manage a contract with You;
• process billing information and payments related thereto; and/or
• communicate with You in respect of the above (including sending (legal) notifications) and other contract related items.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• "processing is necessary for the performance of a contract to which the data subject is party" or "in order to take steps at the request of the data subject prior to entering into a contract"); and/or
• "processing is necessary for compliance with a legal obligation to which the controller is subject";
• "processing is necessary for the purposes of the legitimate interests pursued by the controller".

The Processing of this Personal Data is an absolute requirement, without which Cardify will not enter into a contract with You.

3.3 The use as administrator of the Cardify Product and Services / Support to Cardify Product and Services

This purpose relates to You as an administrator of the Product and Services, and the corresponding processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name, billing/financial information), Your respective user account details (e.g. actions & activities, profile information, account analytics, IP address, account preferences, uploaded content and information, device information, content/information shared and/or actions within the Product and Services related to You or as made available by You), in order to:

• set-up and manage the administrator account of the Product and Services;
• interact with You in respect of (the execution of) the Contract underlying to the Product and Services;
• be able to provide support in respect of the Product and Services;
• manage and respond to Your questions (e.g. technical, commercial or administrative); and/or
• manage and respond to Your tickets and requests for maintenance and support.

The Processing of this Personal Data is an absolute requirement. You not allowing us to process (all or some of) this Personal Data may mean that Cardify will not be able to provide You the Product and Services, as well as the related Support/Troubleshooting.

Additionally, we may also use such Personal Data in order to interact with You (as an administrator) in relation to the Product and Services (e.g. software updates, newsletter, product announcements, upcoming events related to the Product and Services, ...). You can manage Your preferences in respect to such interactions through the settings menu. Bear in mind that changes in the mailing preferences will not affect any communications we are required to make to you based on the above requirements.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• "processing is necessary for the performance of a contract to which the data subject is party" or "in order to take steps at the request of the data subject prior to entering into a contract";
• "processing is necessary for compliance with a legal obligation to which the controller is subject")(e.g. retention of log files; and/or
• "processing is necessary for the purposes of the legitimate interests pursued by the controller", and more specifically the fact that a close interaction between the administrator and Cardify as well as sufficient context in respect of support/troubleshooting, is necessary for the smooth working and operation of the Product and Services, in which situation the administrator plays a crucial role.

3.4 The use of and/or interaction with the Website

In case You are making use of the Website, this purpose relates to the processing of Your:

• In case interacting under an account: Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name, billing/financial information), Your respective user account details (e.g. actions & activities, profile information, account preferences, uploaded content and information, content and information shared and/or actions within the Product and Services related to You or as made available by You)
• In all circumstances: IP address, the (web) page you were visiting before you came to the Website, information you search for on the Website, and, Your interactions with the Website

We do this in order to:

• enable You to enjoy the use of, and easily navigate the Website; and/or
• better understand Your needs and interests in respect of our Website.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the legal ground where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes".

Also, we refer to our Cookie Policy (see below).

3.5 Downloads from the website

In case You are downloading content from the Website, this purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number) and Your Professional Details (e.g. job title, company name, billing/financial information) (all where such data is requested in the applicable form), as well as IP address, order to allow for downloads and/or access content on the Website.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes"; and/or
• "processing is necessary for the purposes of the legitimate interests pursued by the controller", and more specifically the fact that Cardify values and wishes to protect its intellectual property rights and/or trade secrets, which is a key asset to Cardify, for which Cardify needs to be able to at least know which persons receive such related information.

The Processing of this Personal Data is an absolute requirement. You not allowing us to process (all or some of) this Personal Data this Personal Data may mean that You may not be allowed access to the download in question.

3.6 Events/webinars & registration

This purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name, billing/financial information), as well as recordings (sound and/or video) made during such events, in order to:

• Process Your registration to the event as organised by Cardify (alone or jointly with another organiser) or organised by a third party on behalf of Cardify;
• Contacting you in respect to Your registration;
• Proceed with billing and payment of Your registration (if applicable);
• Invite You to similar events;
• Propose events to You which Cardify - in its reasonable opinion - may consider relevant or interesting to You;
• Sharing Your Personal Data with the other parties involved in the organisation of the event (including with respect to lead management);
• Sharing Your Personal Data with other participants to the same event (e.g. with regard to a participant list), however limited to first name, last name, job title and company name; and/or
• Publish photo/video recording of You participating at the event in related or relevant publications, Website and/or social media of the parties involved in the organisation of the event (including for educational, news or promotional purposes, whether in print, electronic or other media).

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes"; and/or
• "processing is necessary for the performance of a contract to which the data subject is party" or "in order to take steps at the request of the data subject prior to entering into a contract".

The Processing of this Personal Data is an absolute requirement in case where You are actually engaging in or registering for an event. You not allowing us to process (all or some of) this Personal Data may mean that Cardify will not be able to register Your participation to the event or even means that Your registration may be suspended or terminated by Cardify.

3.7 Job applications

In case You are responding to a job opening at Cardify, Cardify has otherwise received your CV or professional details (e.g. from a job agent), or where Your application has been retained by Cardify, this purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name, CV), Your respective user account details (e.g. actions & activities, profile information, account analytics, account preferences, uploaded content), in order to:

• (have) Process(ed) Your job application; and/or
• Get in contact with You regarding Your job application & onboarding.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes";
• "processing is necessary for the performance of a contract to which the data subject is party" or "in order to take steps at the request of the data subject prior to entering into a contract"; and/or
• "processing is necessary for the purposes of the legitimate interests pursued by the controller"), including the fact that Cardify needs to be able to verify and/or crosscheck Your claimed capabilities per Your application and to enter into contact with you.

The Processing of this Personal Data is an absolute requirement. You not allowing us to process (all or some of) this Personal Data may mean that Cardify will not be able to process or retain Your job application or verify Your claimed capabilities.

3.8 Lead Generation

This purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number) and Your Professional Details (e.g. job title, company name) resulting from Personal Data:

• Publicly disclosed by You (e.g. website, LinkedIn, memberships...):
• From interactions You have (had) with Cardify;
• Obtained from third parties that are allowed to share such Personal Data with Cardify; or,
• From research performed by (or under instruction of) Cardify,

in order to allow Cardify to qualify and process leads in Cardify"s CRM and/or BI tools.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes"; and/or
• "processing is necessary for the purposes of the legitimate interests pursued by the controller".

3.9 Direct Marketing

This purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name), in order to provide You with further information (and offers from us or partners of Cardify that Cardify believes You may find useful or interesting), including newsletters, marketing, events or promotional materials and other information on Product and Services offered by us or third parties.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the legal ground where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes".

Be aware that this purpose is in addition to and leaves unharmed any other purpose as per this Privacy Policy (e.g. lead generation).

To the extent that this is required per applicable Data Protection law (e.g. GDPR), before Cardify will directly contact You under this purpose, Cardify shall first seek Your consent (opt-in).

However, when sending direct marketing communications to You, Cardify shall ensure to do so in line with the applicable direct marketing legislation (e.g. EU directive (2002/58/EC), CAN-Spam,...)(e.g. as allowed as direct or indirect consent under such legislation or authority supervising such legislation, You were in a prior (pre-) contractual engagement with Cardify and Cardify likes to inform you of its own similar events / Cardify Product and Services, You have yourself initiated or requested a (commercial) response from Cardify,...).

For avoidance of doubt, where applicable to You per applicable Data Protection law (e.g. GDPR), You shall have the right to object at any time to processing of Your Personal Data for direct marketing purposes, in which case Your Personal Data shall no longer be processed for this purpose. In such case, You may opt-out of receiving such promotional messages from us at any time by following the instructions on those messages, or alternatively, by contacting us at privacy@getcardify.com.

3.10 Strategic Company initiatives

This purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name, billing/financial information), Your respective user account details (e.g. actions & activities, profile information, account analytics), resulting from Personal Data:

• Publicly disclosed by You (e.g. website, LinkedIn, memberships...):
• From interactions You have (had) with Cardify;
• Obtained from third parties that are allowed to share such Personal Data with Cardify; or,
• From research performed by (or under instruction of) Cardify,

in order to allow Cardify to perform analysis allowing to determine Cardify"s (customer) strategy.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes"; and/or
• "processing is necessary for the purposes of the legitimate interests pursued by the controller".

3.11 Business Intelligence

This purpose relates to the processing of Your Contact Details (e.g. first name, last name, address, email, telephone number), Your Professional Details (e.g. job title, company name, billing/financial information), Your respective user account details (e.g. actions & activities, profile information, account analytics), resulting from Personal Data:

• Publicly disclosed by You (e.g. website, LinkedIn, memberships...):
• From interactions You have (had) with Cardify;
• Obtained from third parties that are allowed to share such Personal Data with Cardify; or,
• From research performed by (or under instruction of) Cardify,

in order to allow Cardify to perform analysis allowing to improve upon business intelligence.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the following legal grounds:

• where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes"; and/or
• "processing is necessary for the purposes of the legitimate interests pursued by the controller".

3.12 Other Purposes

with Your consent

Cardify processes Personal Data about You where you have given us consent to do so for a specific reason not addressed within this Privacy Policy. For example, we may publish testimonials, case studies, featured customer stories etc. where you have consented thereto.

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the legal ground where the data subject "has given consent to the processing of his or her Personal Data for one or more specific purposes".

as a legitimate interest

Cardify may process additional information or enrich personal data Cardify processes for the purposes stated in this Provacy Policy, with personal data which:

• Has been publicly disclosed by You (e.g. website, LinkedIn, memberships...):
• Results from interactions You have (had) with Cardify;
• Is Obtained from third parties that are allowed to share such Prersonal Data with Cardify; or,
• Results from research performed by (or under instruction of) Cardify,

To the extent required to inform You per applicable Data Protection law, Processing of Personal Data for this Purpose is based upon the legal ground that "processing is necessary for the purposes of the legitimate interests pursued by the controller".

Cardify may share Your personal data with its (as well as its affiliates"):

• Employees and collaborators in respect of purposes described in this Privacy Policy;
• Third-party technology and service providers in respect of their services as used for the purposes described in this Privacy Policy;
• Cardify investors represented in the Cardify Board of Directors to the extent related to services and strategic advice being offered by these investors to Cardify;
• Third-party maintenance & support recipients (including related service/technology providers);
• Cardify Partners (including in respect of offers of partners of Cardify, which Cardify, in its reasonable opinion, may believe to be of interest to You);
• Other third parties to the extent Cardify has good faith belief that such disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request from a public or law enforcement authority; (b) national security (c) protect the safety of any person from death or serious bodily injury; (d) prevent fraud or abuse; (e) as necessary to protect or enforce our legal rights & those of our collaborators as well as the integrity of our Product and Services.
• If our ownership or control over all or part of our services and associated resources changes, we may transfer Your data to the new owner.

Such disclosures shall always be limited to the Personal Data as required for the specific purpose of the recipient while taking into account the necessary provisions on confidentiality, integrity, availability and security of the data involved.

For avoidance of doubt, Cardify does not sell or otherwise commercialise the Personal Data.

To the extent required as per applicable Data Protection law, Cardify shall remain responsible to ensure that such export occurs in a legally compliant way, as well that the performance of the sub-processors Cardify has engaged remains in line with the applicable data protection legislation.

You share Your information through Virtual Cards

You have full control over your Virtual, and Physical Cards and can choose whom You share the information with, either through link-sharing, QR-codes, email, and more. You can choose which information and content is linked to Your (virtual/physical) card by making various Virtual Cards, each containing different information and content.

Cardify cannot be held responsible if someone is able to scan/load Your card while You weren"t aware of this. To prevent this from happening we suggest to keep track of where You share Your card-urls.
With respect to your Physical Card, we suggest to store it in a secure wallet such as Segrid or to temporarily disable this card through the app.

Cardify transfers Personal Data if and when required by:

• Its and its affiliates" employees and collaborators;
• Third-party technology and service providers as used for the purposes described in this Privacy Policy;
• Third-party maintenance & support recipients (including related service/technology providers);
• Cardify Partners (including in respect of offers of partners of Cardify, which Cardify, in its reasonable opinion, may believe to be of interest to You);
• Other third parties to the extent Cardify has good faith belief that such disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request from a public or law enforcement authority; (b) national security (c) protect the safety of any person from death or serious bodily injury; (d) prevent fraud or abuse; (e) as necessary to protect or enforce our legal rights & those of our collaborators as well as the integrity of our Product and Services.

Such disclosures shall always be limited to the Personal Data as required for the specific purpose of the recipient while taking into account the necessary provisions on confidentiality, integrity, availability and security of the data involved.

In the current set-up of the Cardify organisation, such export of personal data shall occur.

To the extent required as per applicable Data Protection law, where such export occurs, Cardify shall ensure that such transfer occurs under the necessary legal provisions as required by the applicable legislation.

To the extent data is being (re)transferred outside of the European Economic area and/or or United Kingdom ("EEA&UK"), Cardify shall ensure to that such (re)transfer occurs under such instruments as allowed per the GDPR and providing for an adequate level of protection of Your Personal Data (e.g. adequacy decision of the EU commission (e.g. EU-US Privacy Shield), binding corporate rules, or EU standard contractual clauses,...).

In all circumstances You have the right to:

• Obtain access to and/or rectification of Your Personal Data as processed by Cardify;
• Request to receive Your Personal Data in a format at the discretion of the Cardify (e.g. excel, .CSV file, via the Cardify API,...), that allows for the data portability of such data to a similar service, and;
• Have Your Personal Data deleted ('right to be forgotten') so it can no longer be processed by Cardify and viewed by third parties (this results in deleting your entire account);

Where such right is entrusted to You by Applicable Data Protection Law (E.g. GDPR, UK Data Protection act 2018), You have the right to:

• Withdraw Your consent for processing of Your Personal Data (be advised that such leaves unharmed and does not affect the prior lawful processing of Your Personal Data, or the continuation of processing of (part of) Your Personal Data as allowed under an applicable legal ground (see A3.)
• The restriction of processing of Your Personal Data under article 18 GDPR and/or right to object to the processing of Your Personal Data under article 21 GDPR.

In order to exercise Your rights as set forth under A6, please contact privacy@getcardify.com, or use the means available to you under Your user account (to the extent offered by Cardify).

Exercising Your rights can occur by Yourself or through an agent, under the conditions of the following paragraphs and by providing sufficient and verifiable written proof that such agent is acting on Your behalf.

In exercising Your rights under this section, You shall provide proof of Your identity to the satisfaction of Cardify by either identification through Your respective user account (to the extent possible), or, by providing copy of an official government issued document (e.g. ID Card, driver"s license,...) and Your telephone number (so we can verbally interact with You to confirm/verify). Such proof is essential in order to i) verify the validity of your request, ii) to safeguard security of Your Personal Data, and iii) to avoid unauthorised disclosures. Please be aware that without such proof, we may not be able to proceed with your request.

Where we are communicating with You (e.g. newsletter, product announcements, upcoming events,...) You can manage Your preferences in respect to such communications through the mailing preferences. Please follow the link in each such communication to enter the mailing preferences.

Upon receipt of a request we strive to respond to your request without undue delay and in any event within one month of receipt of the request which period we may extend by two further months where necessary, taking into account the complexity and number of requests.

Requests whereby the requestor"s identity cannot be verified, which are unduly repetitive, or, create a substantial, articulable and unreasonable risk to the security of the Personal Data may be discarded by Cardify in whole or in part.

Response to your request shall be provided by electronic means only.

Exercising Your rights under this Privacy Policy:

• leaves unharmed and does not affect the prior lawful processing of Your Personal Data, or the continuation of processing of (part of) Your Personal Data as allowed under an applicable legal ground (see A3.)
• shall not lead to unjustified pricing discriminatory treatment by Cardify towards You (e.g. unjustified denying goods or services, unjustified charging different prices compared to the same product in the same version, unjustified providing different quality compared to the same product in the same version).

Be advised however that:

• Use of the Product and Services, or the processing for the Purposes under this Privacy Policy, may be impeded or even rendered impossible in absence of a complete data set;
• Erasure of Your Personal Information may be exercised by Cardify through the actual deletion of Your Personal data, anonymizing Your Personal Data and/or aggregating Your Personal Data.

Cardify retains Your Personal Data (i) as long as Your Personal Data is relevant for the purpose, (ii) for the duration of any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise. After such period, Cardify either deletes and/or anonymizes the Personal Data.

You can manage the content and data on Cardify by editing Your account settings and Virtual Cards, or modifying the content and information.

If You want to remove all information, You can delete an account at any time. When You decide to do this, we deactivate the account first. After 30 days, the information You have shared will be permanently deleted. Remember that information that others have collected from You, through interacting with You and your information, is not part of your account and is therefore not deleted together with the account.

Also, understand that deleting the Cardify application does not result in a deletion of Your account.

If you have deactivated Your account, You can reactivate this within 30 days.

However, if this period has expired, You can no longer activate your account and must You create a new one.

Cardify has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymisation and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

Cardify shall thereto take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

The Cardify Products and Services, as well as the activities of Cardify are intended for a commercial application in a professional environment. Cardify is not knowingly or intentionally targeting children under the age of 18 year.

If a parent or guardian becomes aware that his or her child has provided Personal Data that is processed by Cardify without their consent, he or she should contact Cardify at privacy@getcardify.com. If we become aware that a child has provided us with Personal Data, Cardify will take the reasonable and necessary steps to have that Personal Data irrevocably removed.

Cardify does not use the Personal Data You have provided hereunder for any automated decision-making processes or techniques which create or deny rights to You.

Cardify only processes Your Personal Data as per this Privacy Policy, Cardify does not sell, trade or otherwise commercialise Your Personal Data.

Cardify does NOT process any payment card information (PCI). Any payment card operations and information is controlled and processed directly and solely by a third-party provider.

In case You have a complaint about the way Cardify is processing Personal Data, You can always contact us directly at privacy@getcardify.com and we will listen to Your complaint and see if we can help You to resolve this. Upon receipt of a complaint we strive to respond to your request without undue delay and in any event within one month of receipt of the complaint which period we may extend by two further months where necessary, taking into account the complexity and number of complaints.

If You, as an EEA&UK citizen, have an unresolved complaint, You always have the right to log a complaint with the competent "data protection authority". Information on the competent data protection authority and the way of logging a complaint can be found here (or the URL as updated by the European Commission).

Cardify BV, located in Belgium, acts as so-called "main establishment" in the EEA under GDPR. As a result, the competent Data Protection Authority for Cardify BV is the Belgian DPA (Drukpersstraat 35, 1000 Brussel / +32 (0)2 274 48 00 / contact@apd-gba.be / dataprotectionauthority.be).

When visiting the Website or when You are making use of the Cardify (mobile) applications ("Applications"), a Cookie or similar technology (e.g. device fingerprinting, web beacons, html5-local storage,...), is a tiny data file that may be placed on Your end device or used during Your use of the Website, Application of related items (e.g. emails).

A Cookie enables certain features and functionalities of the Website or Applications. A cookie does not contain or collect information in isolation, but when read by a server via Your web browser or through the Applications, it can provide information to such server (e.g. to facilitate a more user-friendly service by registering users" preferences, detect errors, account information, device identification, statistical data,...).

When You disable one or more cookies, You will probably still be able to browse the Website and use the Applications, however certain features may not work as expected or may be deactivated as a result therefrom.

Cookies may either be placed by Cardify through the Website and/or Applications, however, may also be placed by third parties who may or may not have a cooperation with the Website and/or Applications.

Cardify may employ the following Cookies in respect of the Website and/or the Applications:

Essential & functional Cookies (services requested by You / necessary for the communication)

These Cookies are necessary for providing an information society service as requested by You. These Cookies are used by Cardify to make the Websites and/or Applications work the way they are expected and to allow for the correct communication to take place. These Cookies are essential and if the use of this type of Cookies is not allowed, we can't provide the services You have asked for. Such Cookies may include, but are not limited to:

1. Logging in / "Remember me" options;
2. Acceptance logging;
3. remembering previous actions (e.g. user entered text) when navigating back to a page;
4. processing an order;
5. Managing and passing security tokens to different services within a website;
6. Your website Preferences (language, region, ...);
7. Content tracking / Content suggesting;
8. Initiating actions You have requested (e.g. commenting, ...).
9. To route customers to specific versions/applications of a service (e.g. during a technical migration); and/or
10. Multimedia content player session cookies (such as flash player cookies).

Refusing or disabling such Cookies may have a serious impact on (parts of) Your use of the Website and/or Applications.

For these Cookies - based on the recommendation 01/2015 of 4 February 2015 of the Belgian Data Protection authority and the EU Directive 2002/58 - there legally is no implicit or explicit consent required.

Performance & analytical cookies

Cardify uses these cookies to analyse how in general usage is made of services and Applications, and to monitor our Websites. This information helps us understand how people use our service, our Website as well as our Applications, and it gives us information about the kind of experience people have, all of which helps us learn how to make the Cardify experience even better, to find out about general user engagement, and to generally provide more relevant information to users. Such Cookies may include, but are not limited to:

1. Web analytics (e.g. measuring the time of requests to our servers and our responses, to record statistics about Website usage, to track activities on the Website, which pages visitors go to most often, managing the performance and design of the Website, ...)
2. Error management (e.g. Measuring errors, service improvement, complaint management, ...)
3. Testing designs (e.g. Testing variations of design, typically using A/B or multivariate testing, to ensure a consistent look and feel is maintained for the user of the site in the current and subsequent sessions;
4. Load balancing session cookies;
5. Response rates (click-through rates).

For these Cookies - based on the recommendation 01/2015 of 4 February 2015 of the Belgian Data Protection authority and the EU Directive 2002/58 - there legally is no implicit or explicit consent required.

(re-)marketing Cookies

Cardify uses (re)marketing cookies to collect non-personally identifiable information about Your visits to certain pages of Cardify.com for the purpose of serving Cardify ads to You when You are on certain third-party sites. No Personal Data, account information or any other identifiable information is shared with a third party as part of this process.

Cardify uses (re)marketing Cookies to offer more relevant content to You, based on Your specific interests. They are also used to limit the display frequency of an ad and to measure, control & improve the effectiveness of advertising campaigns, and lead generation. They register whether users have visited a website or not, and which contents were used. This information may possibly also be shared with third parties, such as advertisers, for example.

The use of these Cookies is subject to your acceptance, which - based on the recommendation 01/2015 of 4 February 2015 of the Belgian Data Protection authority - occurs through the Cookie banner as made available on the Website.

Social media Cookies

Show social cookies are cookies that enable the functionalities of social media platforms, including showing social media content on the Website/ Applications, as well as sharing Website / Applications content to such social media platforms (e.g. YouTube videos shown on our Website, showing locations on Google maps, Facebook "like" button, ...)

The use of these Cookies is subject to your acceptance, which - based on the recommendation 01/2015 of 4 February 2015 of the Belgian Data Protection authority - occurs through the Cookie banner as made available on the Website.

Web browser

Most web browsers (e.g. Internet Explorer, Mozilla Firefox, Safari, and Google Chrome) have cookies automatically enabled. You can decide on whether and to what extent cookies will access Your end device by changing the settings of the browser You use. If You do not agree with the use of cookies as mentioned below, please change Your browser settings and limit or disable cookies.

Online assistance

More information on cookies and the way to manage or refuse cookies per browser type (e.g. Internet Explorer, Mozilla Firefox, Chrome, Safari, ...) can be found at:

allaboutcookies.org

aboutcookies.org or

youronlinechoices.eu

Tools

Certain tools (e.g. "Ghostery", "Disconnect", ... ) may provide you with more granular options in order to manage cookies.