Users are responsible for maintaining the confidentiality of any account they initiate or maintain, and for restricting related access to computers and/or mobile devices signed into accounts. Users agree to accept responsibility for all activities that occur in relation to accounts or passwords subject to their control, including but not limited to submitting information for printing and delivery. Users who choose to include sensitive information in Content, such as phone numbers, postal addresses, emails, ID numbers or other information that could be used to identify any person, do so at their own risk. CCT reserves the right to refuse service, limit service or terminate any account in its sole discretion.
CCT is responsible for maintaining the security of the data associated with user accounts and will strive to safeguard users’ personal information in strict accordance with legal requirements and industry best practices. We are committed to compliance with privacy laws and regulations throughout our global community, including but not limited to the EU General Data Protection Regulation and The UK’s Data Protection Act. All data received via CCT user accounts, or data which is processed in the course of creating Products for users, is protected by studious implementation and continued optimization of current security technology.
CCT collects personal identifying information typically associated with e-commerce activities: names, emails, physical addresses, phone numbers, Internet Protocol addresses, payment data. Additionally, order related information is retained as well, including a record of our customers’ orders and the CCT Products related to such orders.
We obtain the personal information listed above from the following sources:
User data will be processed to process the order, to supply products and to to provide customer support.
CCT will retain users personal data only during the required period to carry out the purposes for which they were collected, while not revoking the consents granted when applicable. Subsequently, if necessary, the information will be blocked by the legally established deadlines.
In the case of the personal data provided to CCT, the data will be stored for five year from the date of the capture. After this period, the data will be deleted, unless users indicate otherwise.
Users always have the right, within 30 days of their request, to view records of their orders, including associated personal information, or to delineate limits on transmission and retention of such information, by making such requests via our customer care team.
CCT at all times will respect any users right to demand compliance with the laws governing personal privacy in their jurisdiction and to be free from retaliation or discrimination resulting from doing so.
CCT DOES NOT SELL USER DATA TO ANYONE. Where we provide personal information to any third party, we generally do so as a matter of operational necessity in utilizing print manufacturers, transaction service providers, technology vendors and other associates we trust to maintain the integrity and security of our operations. We do not otherwise share user data, personal or otherwise except where 1) we are explicitly authorized by a user to share specific information and 2) such dissemination is otherwise lawful, or 3) where we are required to disclose personal information in response to lawful requests by public authorities based on law enforcement or national security requirements.
Data shared on an as-needed basis with trusted providers of printing, shipping and merchant bank services includes personally identifiable Content items as outlined above as well as customers’ mailing address, telephone number, and order specifications.
Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it:
|Service provider||Data collected or shared||Purpose||Place of processing|
|Stripe, Inc.|| ||
CCT uses Stripe for the processing of the payments.
|EU and US|
Users will be able to exercise user rights of access, rectification, erasure, or objection at any time, as well as the rights of restriction of processing and the right to data portability under the GDPR regarding users personal data, by sending a written communication attaching a copy of the identity card or another document proving the identity and stating the right the user wants to exercise to the following address: email@example.com.
The Court of Justice of the European Union issued a decision on July 16, 2020 invalidating the Privacy Shield self-certification for privacy compliance due to an issue that is unlikely to affect our customers, namely that US governmental authorities’ potential access to EU residents’ personal data under certain circumstances would not comply with the General Data Protection Regulation. Users should know that creating an account or placing an order with us theoretically poses a risk to user data privacy under the GDPR, should the US Government impose its authority to demand access to user data.
In every other respect Privacy Shield has established the gold standard for the security of data transferred from the EU to the US, and we will continue to collect, process and store customer data using that framework, ensuring that data users share with CCT continues to be as private as it always has been. CCT will continue to monitor this evolving situation and take every step available to ensure continued protection of users personal data and compliance with EU regulations.
In compliance with the Data Protection Act 2018 and the Privacy Shield Principles, CCT commits to resolve complaints about the collection or use of personal information.
EU individuals with inquiries or complaints regarding the Privacy Shield policy should first contact CCT at firstname.lastname@example.org. Users who do not receive a timely response to an inquiry or request may contact the UK Data Protection Authorities (“UK DPAs”) and EU Data Protection Authorities (“EU DPAs”) for more information or to file a complaint. The services of the EU DPAs are provided at no cost. Under certain conditions, where dispute resolution procedures have not produced a satisfactory result (more specifically described at https://www.privacyshield.gov/article?id=ANNEX-I-introduction), EU individuals may be entitled to invoke binding arbitration.
Users shall indemnify and hold harmless CCT, its contractors and licensors, and their respective directors, officers, employees and agents from and against any and all claims and expenses, including attorneys’ fees, arising out of users’ use of the CCT websites and Services, or other resources and Services provided by CCT, including but not limited to claims arising out of users’ violation of these Terms of Service.
By visiting any website provided by CCT and utilizing the related Services, users confirm their agreement that the laws of England and Wales, UK, without regard to principles of conflict of laws, will govern these Terms of Service and any dispute with CCT that might arise. Users further agree that in the event any user is engaged in a dispute with CCT which cannot be resolved through informal negotiation, before seeking resolution in any court of law, either party to that dispute must first attempt to resolve the matter cost effectively by retaining a mutually acceptable provider of mediation services for up to four hours of mediation sessions. Otherwise, where these more informal measures are not effective, the parties may seek traditional legal and equitable remedies in the appropriate courts in England and Wales.
The following are the sole exceptions to the above legal venue and dispute resolution terms: In situations where CCT is required to seek an injunction or restraining order, or where a customer has not met payment obligations to CCT, CCT may seek legal remedies without prior negotiation or mediation. Also, privacy related matters affecting users residing in the European Union are governed by the above provisions regarding the Privacy Shield Framework and related Recourse Mechanisms.
If any of these terms are deemed invalid or unenforceable for any reason, then the invalid or unenforceable provision will be severed from these Term and the remaining Terms will continue to apply. Failure of CCT to enforce any of the provisions set out in these Terms of Service, or failure to limit or terminate any user’s Services access for any length of time, shall not be construed as waiver of such provisions and shall not affect the validity of these Terms of Service, or the right thereafter to enforce each and every provision. These Terms of Service shall not be amended, modified, varied or supplemented in the absence of written notification by CCT.
Where appropriate, users addressing privacy matters may request direct contact with CCT via email email@example.com
Mail should be sent to:
124 Finchley Road, London NW3 5JS