1. Who we are

Certus Card Group is a trading name used by:

• Precision Card Services Ltd
• Incodia International Ltd

For the purposes of data protection law, these companies act as joint controllers of your personal data.
We have an arrangement in place to ensure your personal data is handled appropriately between our companies.
If you have any questions about this policy or how your data is used, you can contact us at: talk@certuscardgroup.com

2. What personal data we collect

We may collect and process the following types of personal data:

Information you provide to us

• Name
• Email address
• Phone number
• Company details
• Any information you include in enquiries or messages

Technical and usage data

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on the website
• Referring URLs and interaction data

Marketing and tracking data

• Cookie identifiers
• Behavioural and engagement data
• Preferences and interests inferred from website usage

3. How we use your personal data

We use your personal data for the following purposes:

Where we rely on legitimate interests, we ensure our use of your data is fair and does not override your rights.

4. Marketing

We may contact you about our products and services where:

• You have given consent, or
• You are an existing customer and we rely on the “soft opt-in”

You can opt out at any time by:

• Clicking the unsubscribe link in emails
• Contacting us at talk@certuscardgroup.com

5. Cookies and tracking technologies

We use cookies and similar technologies to:

• operate and secure our website
• understand how it is used
• improve performance
• support marketing and advertising

Some cookies are necessary and do not require consent.
All other cookies (including analytics and advertising cookies) are only used where you have given your consent.

For full details, please see our Cookie Policy.

6. Sharing your personal data

We may share your personal data with trusted third parties, including:

• Website hosting and infrastructure providers
• Analytics providers (e.g. Google Analytics)
• Marketing platforms (e.g. HubSpot)
• Advertising platforms (e.g. Google Ads, LinkedIn)
• Embedded content providers (e.g. YouTube)
• Security providers (e.g. Cloudflare, reCAPTCHA)

These providers may process personal data such as IP address, device information and usage data.

7. International data transfers

Some of our third-party providers may process personal data outside the United Kingdom.

Where this happens, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations, or
• Standard contractual clauses or the UK International Data Transfer Agreement (IDTA)

8. Data retention

We only retain your personal data for as long as necessary:

• Enquiries: up to 12 months
• Customer data: for the duration of the relationship and as required for legal purposes
• Marketing data: until you unsubscribe or withdraw consent
• Analytics data: in line with platform settings (typically up to 50 months)

9. Your rights

Under UK data protection law, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Restrict processing
• Object to processing
• Withdraw consent at any time
• Request data portability

To exercise your rights, please contact: talk@certuscardgroup.com

10. Complaints

If you are not satisfied with how we handle your personal data, you can complain to the Information Commissioner’s Office (ICO): https://ico.org.uk

We would encourage you to contact us first so we can resolve your concern.

11. Third-party links

Our website may contain links to other websites. We are not responsible for the privacy practices of those websites.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, guidance or our practices.

Any updates will be published on this page and the “Last updated” date will be revised.