Home
Privacy Notice

Privacy Notice

We are committed to preserving the privacy of all our visitors to our website www.cardfactoryinvestors.com (“the website”). We take the privacy and security of your personal information very seriously and we are committed to complying with our legal obligations under Data Protection legislation (the UK & EU General Data Protection Regulation (GDPR), and any other country specific legislation, such as the UK Data Protection Act 2018 (DPA)) or any subsequent updated legislation.

This notice explains how your personal data is created, used, stored and protected (“processed”) through your use of and access to this website and any other processing we undertake. This notice may be amended from time to time, so please check back regularly to review any changes to how we use your data.

Who we are

Sportswift Limited t/a cardfactory (a company registered in England and Wales with company number 03493972 whose registered office is at Century House, Wakefield 41 Industrial Estate, Wakefield, WF2 0XG (“cardfactory”). If you are a customer from the UK, cardfactory is the data controller of the data you provide and we are registered with the Information Commissioner’s Office, reference Z2121812

If you are accessing the site, or our products and services from the EU or elsewhere, the website also operates on behalf of Card Factory Ireland Limited, whose registered office is 6th Floor, 2 Grand Canal Square, Dublin 2 D02 A342 (“cardfactory Ireland”). Cardfactory Ireland is the Data Controller for your personal data.

For further information about your data in the UK or the EU please contact our Data Protection Officer at [email protected].

Your personal data

When you visit our website, we capture certain visitor information which includes the processing of a small amount of personal data and also the cookies you use on this website. If you sign up to any of our subscription email services or are one of our shareholders we will also process a small amount of personal data, see the details below.

We would also refer you to our Cookie Policy here which has further details relating to personal data and our cookie usage.

Data Protection principles

The GDPR is based on six principles which are to be considered when processing Personal Data. Under the GDPR, Article 5 (1) Personal Data should:

Be processed fairly, lawfully and transparently,
Be collected and processed only for specified, explicit and legitimate purposes,
Be adequate, relevant and limited to what is necessary for the purposes for which it is processed,
Be kept accurate and up to date and any inaccurate data must be deleted or rectified without delay,
Be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed,
Be processed in a manner that ensures appropriate security, using appropriate technical and organisational measures.

Additionally, the GDPR Article 5 (2) requires organisations to demonstrate compliance with all the above principles and is sometimes known as the seventh principle.

How we use your data

This table provides a broad overview of how we may use your personal data and our legal basis for processing:

Activity	Type of data	Purpose and lawful basis	Obtained from
Register for news and financial information	Name, email address, company name and country	To provide you with relevant information by email. Consent/Legitimate Interest	You
Register for Franchise or Wholesale opportunity via Partnerships	Name, company name & job title, email address, telephone number	To provide you with relevant information by email. Consent/Performance of contract	You
Register for Investor Stock Exchange news and financial information	Name, email address, company name and country	To provide you with relevant information by email. Consent/Performance of a contract	You
Contact us regarding any corporate matters	Name, email address, corporate query	To provide you with relevant information by email. Consent/Legitimate Interest	You
Use of our website	Relevant technical information (see our cookie policy for more information)	To operate our website. Legitimate interest.	Technical information (such as IP address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating systems etc). User information (such as URL, pages viewed & interaction information etc)
Shareholder data	Name, contact information (email address, home address, telephone number, share information	To contact you regarding our AGM, annual report and any relevant information. Performance of a contract	You

We will only use your personal information when the law allows us to do so. When we use your personal data for the purposes of our legitimate interests (as set out above), we will always consider if it is fair and balanced to do so and whether it would be within your reasonable expectations that we would use your data in this way. We will not process any special category data, nor do we intend for children to use this website and we do not knowingly collect data relating to children.

Your rights in respect of your personal data

Under data protection law, you have a variety of rights. These include:

Right to be informed by the provision of a privacy notice when your personal information is processed.
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
Request the transfer of your personal information to another party.
Request a review of automated decision making, including profiling.

If you want to exercise any of your rights, please contact our DPO [email protected] You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights) and we will generally respond within one month. However, we may charge a reasonable fee if your request for access is unfounded or excessive. Alternatively, we may refuse to comply with the request in certain circumstances.

Security of your personal data

We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We treat all of your information in strict confidence and we endeavour to take all reasonable steps to keep your personal information secure once it has been transferred to our systems.

However, as the internet is not a secure medium, we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful actions.

Data retention

We will retain your information in accordance with the retention periods in this notice for as long as the law requires. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Disclosure to third parties

We only share your information where we are strictly able to and only in accordance with Data Protection legislation. Third parties will only process your personal information on our instructions under contract and where they have agreed to treat the information as confidential and to keep it secure.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. A list of third parties who we may share your data with can be obtained from our DPO [email protected].

Links to other sites

This website contains links to other sites that are not owned or controlled by cardfactory, please be aware that we are not responsible for or have control over the privacy policies of these sites. This privacy notice applies only to information gathered on this site and we strongly encourage you to read the privacy statements of every site you visit that gathers personal data.

Complaints

If you are unhappy about the way in which we store or process your personal data, we would prefer it if we could understand your concerns and have an opportunity to address these. Please contact our DPO [email protected].

If you are not satisfied with the outcome of your complaint, you have the right to refer such matters to the supervisory authority (which is the ICO in the UK www.ico.org.uk). It is worth noting that supervisory authorities expect individuals to exhaust the complaints process internally before referring complaints to them.

Changes to this Notice

We keep our privacy notice under regular review. We may amend and update this notice from time to time. Any changes in the future will be posted to the Website and if required, through email.

This notice was last updated on 24/04/25