Privacy Policy

HeyCarson ("we", "us", "our", or "HeyCarson") respects the privacy of every individual whose Personal Data (as defined below) we handle. Please read this Privacy Policy to understand how we may collect Personal Data from you through our website, https://www.heycarson.com, as well as all associated sites linked to https://www.heycarson.com by HeyCarson, its subsidiaries and affiliated companies (the "Site").

By using, visiting or accessing the Site or by providing Personal Data to us on or through the Site, you consent to the practices described in this Privacy Policy. 

1. Interpretation and Definitions

For the purposes of this Privacy Policy, these terms have the following meanings: 

Account means the unique account created for you to access our Services or parts of our Services.

Data Controller for the purposes of the General Data Protection Regulation (the "GDPR"), we are the Data Controller of your Personal Data, meaning that we determine the purposes and means by which your Personal Data are, or are to be processed.

Data Subject means any identified or identifiable natural person who is the subject of Personal Data.

Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites. 

Personal Data means any information, which on its own or combined with other information, relates to and identifies, whether directly or indirectly, a living individual. 

Services refers to the Site and related technology offered by HeyCarson.

2. Collection of Personal Data

We will only collect Personal Data that is necessary for and directly related to the provision of our Services. There are two types of data that we collect:

(i)Information You Provide to Us

We ask for and collection information, including Personal Data, about you when you use our Services. This information may include, but is not limited to:

• Business contact information such as your name, job title, organization, address phone number, and country;  
• Marketing information such as your contact preferences; and
• Account log-in credentials such as your e-mail address or username and password.

(ii)Information We Collect Automatically

When you use our Services, we may automatically collect or receive certain information about your usage of our Services (collectively the "Usage Data"). In some countries, including countries in the European Economic Area (the "EEA"), such information is considered Personal Data under applicable data protection laws. This includes:

• Device Information: We may collect certain information about the device you use, your unique device ID, the IP address of your mobile device, your operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.
• Log Data: Our servers keep log files that record general data and information each time a Data Subject or automated system calls up our Site. This includes, but is not limited to, the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system reaches our Site (so-called referrers), the sub-websites, the date and time (so-called timestamp) associated with usage, the originating IP address, the internet service provider (ISP) of the accessing system, and any other similar data and information that may be used in the event of attacks on our information technology systems. 

3. Sensitive or Special Categories of Personal Data

Different rules apply to the process of Personal Data concerning race, ethnic origin, political opinions or beliefs, religious or other beliefs, trade union memberships, physical or mental health, sexual life or orientation and any offences committed. We do not require, collect, or process such sensitive or special categories of Personal Data. 

4. Use of Personal Data

We will only process and use your Personal Data where we are permitted to do so by applicable laws. In particular, we may use the Personal Data we collect or receive for the following purposes: 

(i)To Provide, Improve and Develop our Services

• Enables you to access and use our Services;
• Enables you and HeyCarson to create, manage and update your Account;
• Enables you to have access to different functionalities of the Site that are only available to registered users;
• Enables us to deliver the content of our Site correctly;
• Enables us to manage your requests to us;
• Enables us to contact you by email or other equivalent forms of electronic communication, such as a mobile application, push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation;
• Enables us to maintain and continuously upgrade the quality of our Services;
• Enables us to provide customer service, respond to your inquiries, facilitate payment, refund and logistics, and after-sales services, and
• Enables us to optimize our Services and user experience by performing analytics and research. 

(ii)To Provide, Personalize, Measure and Optimize our Advertising and Marketing

• Enables us to provide you with news, special offers and general information about Services and events that are similar to those that you have already enquired about unless you have opted not to receive such information.

(iii)To Provide a Safe Website for Users and to Safeguard our Services and your Personal Data

• Enables us to detect and prevent fraud, spam, abuse, security incidents, and other harmful activities; 
• Enables us to verify or authenticate information or identifications provided by you; 
• Enables us to comply with and fulfill our legal obligations to users; and
• Allows us to stop unauthorized access to our Services and the distribution of malicious virus, malware, or software program on our Site; and
• Enables us to provide law enforcement authorities with the information necessary for criminal prosecution in case of cyber-attacks.

5. Disclosure of Personal Data

We may share your Personal Data in the following situations:

(i)Third Party Service Providers

We may share your Personal Data with third party service providers to monitor and analyze your use of our Site, to advertise on third party websites to you after you have visited our Site, to facilitate payment processing, and/or to contact you. These third-party service providers have access to your Personal Data only to carry out their specified task, and they are obligated not to disclose or use your Personal Data for any other purpose.

(a)Analytics

• Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
• Hotjar: Hotjar is a behavior analytics and user feedback service that helps the Data Controller understand the behavior of the Site users and get their feedback through tools such as heatmaps, session recordings, and surveys. Hotjar Privacy Policy can be viewed at: https://www.hotjar.com/legal/policies/privacy/
• Facebook: On this Site, the Data Controller has integrated components of the enterprise Facebook. The data protection guideline published by Facebook (their Privacy Policy can be viewed at https://www.facebook.com/policy.php) provides information about the collection, processing and use of Personal Data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the Data Subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook, should the Data Subject opt to eliminate a data transmission to Facebook.

(b)Email Marketing

We may use third party e-mail marketing service providers to manage and send emails to you containing newsletters, marketing, promotional materials and other information that may be of interest to you. Such third party e-mail marketing service providers include but is not limited to Intercom, whose Privacy Policy can be viewed at https://intercom.com/legal/privacy.

You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us by following the instructions in Section 17 of this Privacy Policy. 

(c)Payment Processors

We provide paid Services on our Site and use third-party services for payment processing ("Payment Processors"). We will not store your payment card details as that information is provided directly to our Payment Processors whose use of your Personal Data is governed by their Privacy Policy. These Payment Processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The Payment Processors that we work with are:

• Stripe: Their Privacy Policy can be viewed at https://stripe.com/us/privacy
• PayPal: Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full

(d)Behavioral Remarketing

We use third-party remarketing services to advertise our Services on third party websites after you visit our Site. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Site. These third-party vendors include:

• Google Ads (AdWords): Google Ads (AdWords) remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: https://www.google.com/settings/ads and for more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
• Facebook: Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting https://www.facebook.com/help/164968693837950. To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217, and for more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation.

(ii)Affiliates

We may share your Personal Data with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates may include our parent company and any other subsidiaries, joint venture partners or companies that we control or are under common control with us.

(iii)Business Partners

We may share your Personal Data with our business partners to offer you certain products, services or promotions.

(iv)Third Parties Permitted By Law

Under certain circumstances, we may also share your Personal Data where disclosure is legally permissible and necessary, and this includes, but is not limited to (i) preventing, investigating, or taking action against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our agreements, or as otherwise required by law; and (ii) defending our legal rights, responding to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).

(v)Business Transfers

We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

6. International Transfers

Your information, including Personal Data, is processed at our operating offices and in any other places where the parties involved in the processing are located. This means that your Personal Data may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Regardless of where the Personal Data is transferred to, when we transfer your Personal Data to other countries, we will impose the same data protection safeguards as described in this Privacy Policy to offer an adequate level of data protection. 

Please contact us as per the instructions in Section 17 below if you would like to see a copy of the specific safeguards applied to the export of your Personal Data.

7. Storage and Retention of Personal Data

All Personal Data collected is subject to our strict data security policies. We will only retain your Personal Data for as long as is necessary for the purposes set out in this Privacy Policy and to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. In particular, we will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site, or we are legally obligated to retain this data for longer periods. If your Personal Data is used for two or more purposes, we will retain it until the purpose with the longer period expires, but we will stop using it for the purpose with the shorter period once that shorter period expires.

8. Security of Personal Data

We are continuously implementing and updating appropriate technical and administrative measures to help protect your Personal Data against unauthorized access, loss, misuse, destruction, or alteration. At HeyCarson, only authorized persons are provided access to the Personal Data we collect from you, and such individuals have agreed and are obliged to keep such information confidential.

However, while we strive to protect your Personal Data, we cannot guarantee its absolute security as there is no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, if you know or have reason to believe that your Personal Data, such as Account information, has been lost, stolen, misappropriated, otherwise compromised, or in any actual or suspected unauthorized use, please contact us by following the instructions in Section 17 of this Privacy Policy. We will assess the likely impact of the incident and take the necessary actions to bring the incident under control. Where necessary, we will also report to the appropriate authority, notify you of the incident and provide relevant information. 

9. Privacy Obligations under the GDPR

Under the GDPR, our use of your Personal Data must be justified under one of several legal grounds. The principal legal grounds that justify our use of your Personal Data is as follows: 

• Consent: You have given us your consent for processing your Personal Data for one or more specific purposes.
• Contract Performance: The use of your Personal Data may be necessary to enter or perform our contract with you, our terms and conditions, and/or other policies under which we provide our Services.
• Legal Obligations: The use of your Personal Data is necessary for us to comply with our legal obligations. 
• Vital interests: The use of your Personal Data is necessary in order to protect your vital interests or of another natural person.
• Public interests: The use of your Personal Data is related to a task that is carried out in the public interest or in the exercise of an official authority vested in us.
• Legitimate Interests: The use of your Personal Data is necessary to achieve a legitimate interest. In such circumstances it is for us to ensure that these interests are not overridden by your data protection interests or fundamental rights and freedoms

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement.

10. Access and Correction of Personal Data

You have the following rights under this Privacy Policy, and by law, if you are within the EEA, to:

• Access. You have the right to access, update or delete Personal Data that we are processing about you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your Account settings. If you are unable to perform these actions yourself, please contact us to assist you.

• Correction. You have the right to rectify or correct any incomplete or inaccurate Personal Data that we hold about you. 

• Right to Object: You have the right to object to our processing of your Personal Data where we are relying on a legitimate interest as the legal basis for processing your Personal Data or if we are processing your Personal Data to send you direct marketing materials.

• Restriction: You have the right to restrict us from processing your Personal Data if you think the Personal Data is inaccurate (until or unless such Personal Data is corrected or confirmed to be correct), if the processing is unlawful, or if it is no longer necessary for us to process the Personal Data, subject to any legal or other obligation that we have that overrides your rights herein;

• Deletion: You have the right to request that we delete Personal Data that we do not have a legal basis to hold.

• Data Portability: You have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, provided that it is Personal Data that you provided to us and the processing is carried out by automated means or is based on your consent or for contract performance.

• Withdraw Consent: You have the right to withdraw your consent to us using and processing your Personal Data. However, if you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Site.

Please note that we may ask you to verify your identity before responding to such requests, and we reserve the right to charge a reasonable fee for processing any data access or correction request. 

If you are in the EEA, you also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.

11. Tracking Technologies and Cookies

Cookies are text files that are stored in a computer system via an Internet browser. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. We use cookies and similar tracking technologies to track the activity on our Site and to automatically collect and store certain information, which may include Personal Data, and this enables us to users of this Site with more user-friendly Services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our Site can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our Site users. The purpose of this recognition is to make it easier for users to utilize our Site. For example, the Site user that uses cookies does not have to enter access data (login credentials) each time the Site is accessed, because this is taken over by the Site, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

(i) Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These cookies are essential to provide you with services available through the Site and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user Accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

(ii) Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies identify if users have accepted the use of cookies on the Site.

(iii) Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies allow us to remember choices you make when you use the Site, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personalized experience and to avoid you having to re-enter your preferences every time you use the Site.

(iv) Tracking and Performance Cookies

Type: Persistent Cookies

Administered by: Third-Parties

Purpose: These cookies are used to track information about traffic to the Site and how users use the Site. The information gathered via these cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Site. We may also use these cookies to test new pages, features or new functionality of the Site to see how our users react to them. The Data Subject may, at any time, prevent the setting of cookies through our Site by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the Data Subject deactivates the setting of cookies in the Internet browser used, not all functions of our Site may be entirely usable.

12. "Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Services do not respond to Do Not Track signals. However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

13. Links to Other Sites

Our Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

14. Children's Privacy

We do not direct our Services to individuals under the age of 18, nor do we knowingly collect any Personal Data from individuals under the age of 18. Individuals under the age of 18 are requested to NOT provide any Personal Data through our Services. If you become aware that an individual under the age of 18 has provided us with Personal Data without parental consent, please contact us using the information at Section 17 of this Privacy Policy. If we become aware that an individual under 18 has provided us with Personal Data, we take commercially reasonable steps to remove such information from our systems.

15. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice prior to the change becoming effective, and we will update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

16. Contact Us

For the purposes of this Privacy Policy, we are the Data Controller of your Personal Data:

Swift Commerce Limited,
Unit 2A, 17/F, Glenealy Tower,
No1 Glenealy,
Central, HKG
Email: hello@heycarson.com

If you have any questions about this Privacy Policy, you can contact us at the address or e-mail listed above, or by visiting this page on our website: https://www.heycarson.com/contact-us.