Last Updated: 30 January 2021
Effective Date: 1 January 2020
Microcourt Limited (trading as, jacquielawson.com) respects your privacy and is committed to protecting your personal data.
This privacy notice applies to all websites, mobile applications or apps, social features or networking, online services, widgets, downloads, or other outlets of jacquielawson.com (the Website) that are owned or controlled by Microcourt Limited ("Microcourt", "we", "us") and that post or include a link to this privacy notice, regardless of whether accessed by computer, mobile device, or otherwise.
Purpose of This Privacy Notice
This privacy notice explains how we look after your Personal Information whenever that information is provided to us. This includes when you request information from us, contact us (or we contact you), buy products and services from us, use the Website services, or connect with us via social media or link to or from our Website. It also tells you about your privacy rights and how the law protects you. It has been updated to include additional data protection requirements for residents of the European Union (EU), United Kingdom, Liechtenstein, Switzerland, Norway, and Iceland under the General Data Protection Regulation (GDPR), and other relevant data protection laws, including the California Consumer Privacy Act (CCPA).
By accessing and otherwise using the Website, you agree to the collection, use, and disclosure of your information as described in this privacy notice, and agree to the applicable Terms of Service, which are incorporated by reference. If you do not agree, please do not access or use our Website or otherwise provide us with your Personal Information.
1. Important information and who we are
Consumers residing in California have some additional rights with respect to their Personal Information under the CCPA. If you are a California resident, Paragraph 11 applies to you and supplements our main privacy notice.
The Website is not intended for children, and we do not knowingly collect information from persons younger than the age of sixteen (16). We would ask parents please to ensure that their children under the age of 16 do not provide us with Personal Information without your permission. If we learn that we have inadvertently collected information from a person younger than the age of 16, we will take commercially reasonable efforts to delete that information from our databases.
Microcourt is the controller of your personal data and responsible for the Website.
For individuals located in the EU or European Economic Area (EEA), you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk (opens a new window)) or Wycliffe House, Water Lane, Wilmslow, SK9 5AF. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please Contact us in the first instance, using our contact details at the end of this privacy notice.
Changes to the Privacy Notice and Your Duty to Inform Us of Changes
This privacy notice was last updated on October 30, 2020. We may change this Privacy Notice at any time without notice to you. We may also provide notice to you in other ways in our discretion, such as through contact information you have provided. Any changes will be effective immediately upon the posting of the revised privacy notice. However, unless you consent, we will not use your Personal Information in a manner materially different than what was stated in our posted privacy notice at the time your Personal Information was collected.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. The data we collect about you
When you register or become a member of our Website you are invited to provide us with your personal data or personal information, which is any information about an individual from which that person can be identified (Personal Information). It does not include data where the identity has been removed, deidentified, or made anonymous.
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
Identity Data includes first name, last name, username or similar identifier.
Contact Data includes billing address, home address, email address and telephone numbers.
Financial Data includes payment, credit or debit card details.
Transaction Data includes details about products and services you have bought from us, and details about your trading history, including payments received, and when you have requested information or raised queries, membership and card sending history, including Recipient Data and personal messages or sentiments that you enter for card sending.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website/or any apps.
Profile Data includes your username and password, products and services bought by you, queries, feedback and survey responses.
Recipient Data includes the first name, last name, email address, or significant dates (such as birthdays or anniversaries) that you provide for card sending.
Usage Data includes information as to how you use our Website and Digital Products.
Marketing and Communications Data includes your preferences as to whether you are happy to receive marketing from us.
If You Do Not Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a contract you have with us, but we will notify you if this is the case at the time.
3. How is your personal data collected?
We collect data from and about you in different ways, including through:
Your direct dealings with us. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, via this Website, apps or on social media, or otherwise. This includes personal data you provide when you:
subscribe to our newsletter and/or other publications;
request promotional or marketing materials to be sent to you;
register as a member on our Website;
buy products and/or services via our Website;
enter reminders in your address book (for significant dates of family and friends); or
ask us for help and give us feedback.
Third Parties. Certain functions on the Website may permit interactions between the Website and a third-party website or interactive service (Social Features). If you choose to use Social Features (e.g., the "like button, share this card on Facebook"), certain information, which may include your personal information, may be publicly displayed, and the third party website or interactive service used in connection with the Social Features (and its users) may have access to information about you and your use of the Website.
Information You Provide About Third Parties. The Website may permit you to provide Personal Information about third parties (Recipient Data), such as mailing address, email addresses, or significant dates (such as birthdays or anniversaries). If you use the Website to send an ecard, or any other content, we collect certain Personal Information about the recipient (such as name, mailing address, and email address, as applicable). We may share the information regarding your transaction with third parties as necessary to process your transaction (i.e., to create, send, or deliver the card). If you choose to provide Recipient Data we will store that information only in connection with your relationship with us (e.g., to send greeting cards).
4. How we use your personal information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you. You have the right to withdraw consent at any time by Contacting us.
Purposes for Which We Will Use Your Personal Data
We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To respond to an enquiry from you||(a) Identity
|Necessary to take steps at your request prior to entering into a contract with you.|
|To provide products and/or services to you, take payment for them, and to collect and recover money owed to us, and to keep records of our dealings with you, including auto-renewal of your membership.||(a) Identity
|Performance of a contract with you
Necessary for our legitimate interests (to operate our business and obtain payment).
|To manage our relationship with you which will include:
(b) Answering your questions or asking you for feedback
(d) Marketing and Communications
|Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to understand how customers use our services, what they think of our products, and how we can improve them)
|Where you have agreed to receive it, to provide our newsletter/marketing materials/ promotions||(a) Identity
(d) Marketing & communications
|To administer and protect our business and Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud
Necessary to comply with a legal obligation
|To deliver relevant website content to you and measure or understand the effectiveness/ usability of our Website||(a) Identity
|Necessary for our legitimate interests (to study how customers use our websites and services, to develop and improve them)|
|To use data analytics to improve our Website, products, services, marketing and member relationships||(a) Technical
|Necessary for our legitimate interests (to understand customers for our products/ services, to keep our website updated and relevant, and to develop and grow our business)|
|To deal with issues, complaints or disputes arising out of our relationship with you/your business, and to prevent or detect crime, including fraud||(a) Identity
|Necessary for our legitimate interests in managing our business.
Necessary to establish, exercise or defend legal claims.
For the substantial public interest of preventing and detecting crime and preventing fraud, subject to safeguards.
When we refer to legitimate interests we mean the interest of our business in conducting and managing our business to enable us to give you the best service and products. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
5. Disclosures of your personal data
We do not rent, lease or sell your Personal Information to third parties for money or their direct marketing purposes.
We may have to share your personal data with the categories of parties set out below for the purposes set out in the table in paragraph 4 above.
Our parent company, American Greetings Corporation, for the provision of products or services and management reporting, and other companies in the American Greetings Group of Companies for the provision of IT and other infrastructure services;
Credit card companies and other payment processors;
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and third-party service providers who perform services for us or on our behalf; and in some instances, our service providers may collect information from you directly. Such services may include, for example, hosting or maintaining the Website, providing customer support, monitoring the Website, data storage or warehouse, sending email, direct mail or other communications, fulfilling orders, mailing paper cards or sending gift cards, providing marketing assistance, research or business intelligence services, providing analytics services product safety or testing, processing payments or transactions, printing services, or performing other administrative services.
Analytics and search engine providers that assist us in the improvement and optimisation of our services and Website;
- Professional advisers, including lawyers, banks, auditors and insurers;
HM Revenue and Customs, regulators and other authorities;
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or parts of them or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract or complying with legal requirements.
Where these third parties are our processors, we require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Some of the third parties mentioned above, for example-many professional advisers and HM Revenue and Customs, are controllers who, like us, are subject to specific obligations under data protection law, and who will have their own privacy notices setting out how they deal with personal data.
6. international transfers
American Greetings Corporation and members of the American Greetings Group are located in the USA. In addition, some of the external third parties we deal with are based outside the European Economic Area (EEA) or process personal data outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we look to ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we transfer data to American Greetings Corporation or other members of the American Greetings Group, and when we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Processors we appoint will only process your personal data on our instructions and they are subject to a duty of confidentiality.
You should be aware, however, that transmission of information via the internet is not completely secure.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data retention
How Long Will You Use My Personal Information For?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different types of your personal data are available in our retention policy which you can request from us by Contacting us.
In some circumstances you can ask us to delete your data by following the Request erasure right as outlined in paragraph 9.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Your legal rights
You have rights under data protection laws in relation to your personal data, including:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. If we are not be able to comply with your request for erasure for specific legal reasons, we will tell you at the time of your request.
Object to processing of your personal data where we are relying on our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following situations: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please Contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to enable us to deal with your request or to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or we have received a number of requests. In this case, we will notify you and keep you updated.
We may monitor or record while you are on the jacquielawson.com website only, your:
i. transactions; and
ii. web, traffic, and site activities.
These are to ensure that we carry out your instructions accurately, for training purposes and to improve our services, and to ensure security and prevent fraud.
11. California residents - privacy notice
We are providing this California Consumer Privacy Act Notice (CCPA Notice) to supplement the information and disclosures already contained in our Privacy Notice. This CCPA Notice applies only to California Consumers visiting the Website. Any term defined in the CCPA has the same meaning when used in this CCPA Notice. In the event of a conflict between any other AG Company policy, statement, or notice and this CCPA Notice, this CCPA Notice will prevail as to California Consumers and their rights under the CCPA.
Right to Know What Personal Information We Collect: We collect information about you as detailed in our Privacy Notice in Paragraph 2 - THE DATA WE COLLECT ABOUT YOU. The chart below outlines the categories and illustrative CCPA-examples of Personal Information that American Greetings has collected and/or disclosed, as indicated, for a business purpose in the preceding 12 months.
Category Examples Collected/Disclosed A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. Yes/Yes B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Yes/Yes C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). No/No D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes/Yes E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No/Not Applicable F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. Yes/Yes G. Geolocation data. Physical location or movements. Yes/Yes H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. Yes/No I. Professional or employment-related information. Current or past job history or performance evaluations. Yes/No J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. No/Not Applicable K. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes/Yes
Vendors and service providers, including for data analytics, payment processing, and marketing and advertising our products and services to you.
Third parties integrated into our Website.
Other third parties for whom we have obtained your permission to disclose your Personal Information.
For the preceding 12 months, we have disclosed Personal Information in connection with the specific CCPA business and commercial purposes as follows:
To create, maintain, customize, and secure your account with us.
To provide, support, personalize, and develop our Website, products and services.
To process your requests, purchases, transactions, and payments and prevent transactional fraud.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses (e.g., recorded customer service calls).
To personalize your experience on our Website and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
To help maintain the safety, security, and integrity of our Website, products and services, databases, and other technology assets, and business.
For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Right to Request Information: You or your authorized representative have the right to request information about our collection, use, and disclosure of your Personal Information over the past twelve months, including what information we have collected, the purpose behind such collection, what third parties we share such information with, and the business purpose behind such sharing of Personal Information. To request this information, or a copy of your Personal Information, please email us at firstname.lastname@example.org. You may make this request twice per 12-month period.
Right to Delete Your Personal Information: If you wish for us to delete all or some of your Personal Information, please contact us at email@example.com. Please take note that some Personal Information (like your email address) is necessary to maintain an account through the Website. In addition, we may retain some Personal Information for as long as you have an open, permissioned account with us or as otherwise detailed in Paragraph 8 – Data Retention.
Personal Information Sales Opt-Out and Opt-In Rights: You have the right at any time to opt-out of the sale of your Personal Information. You can exercise this opt-out right by contacting us here with the subject line "California Do Not Sell Request" and provide us with your full name, membership email address and zip code. Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Information for at least 12 months.
Non-Discrimination Rights. We will not discriminate against you for exercising any of your rights under the CCPA. We will not deny you use of our Platform, charge you different prices or rates, or provide you a lower quality of products and services if you exercise your rights under the CCPA. We may, however, offer different tiers of our Platform services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the products or services you receive related to the value of Personal Information that we receive from you.
DO NOT SELL: We do not sell or share your Personal Information in exchange for money; we may disclose, however, certain Internet and electronic network activity (e.g., cookies or tracking tags) information, as a Platform subscriber or user.
Other California Privacy Rights.
We do not share Personal Information as defined by California Civil Code Section 1798.83 (Shine the Light Law) with third parties for their direct marketing purposes absent obtaining your specific consent. If you are a California resident and you have questions about our practices with respect to sharing information with third parties for their direct marketing purposes and your ability to exercise choice, please send your request to the following email address: firstname.lastname@example.org or write to us at the following mailing address: American Greetings Corporation, One American Boulevard, Westlake, OH 44145.
You must put the statement "Your California Privacy Rights" in the subject field of your email or include it in your writing if you choose to write to us at the designated mailing address. You must include your name, street address, city, state, and zip code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.
If you are a California resident under the age of 18, and a registered user of any Platform, California Business and Professions Code Section 22581 permits you to request and obtain removal of content that you have publicly posted. To make such a request, please send an email with a detailed description of the specific content to email@example.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information that you have posted and there may be circumstances in which the law does not require or allow removal even if requested.
12. Nevada resident rights
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at firstname.lastname@example.org with the subject line "Nevada Do Not Sell Request" and providing us with your name. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.
13. Do not track
Do Not Track (DNT) is a preference available in many web browsers that allow you to inform websites that you visit that you do not want them collecting information about you. The Website do not currently support recognition of DNT signals sent by a browser, which means we may collect information about you. We operate, however, as described in this Privacy Notice whether or not a DNT signal is received. For more information regarding DNT you can visit https://allaboutdnt.com/(opens a new window).
14. Contacting us
If you have a technical problem or any problem with your membership or payments, please use our Help pages to contact us.
If you need to write to us on any other matter please use the address below.
Microcourt Limited, trading as jacquielawson.com,
Mill Street East,