Privacy Policy

Last updated: October 2025

Scope

This Privacy Policy informs users of this website in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws about the nature, scope, and purpose of the collection and use of personal data by the website operator Card4U ([email protected]).

Card4U takes your data protection very seriously and treats your personal data confidentially and in accordance with legal requirements. Please note that data transmission on the internet may have security vulnerabilities. Complete protection against unauthorized access by third parties cannot be guaranteed.

What Personal Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Email address, username, password (encrypted), display name, language preferences, and account creation date
  • Postcard & Order Data: Recipient's name and address, sender address, postcard content and design files, page count, and order metadata (creation date, status, tracking information)
  • User Preferences: Notification preferences, marketing communication preferences, and postcard sharing preferences
  • Contact Information: Name, email address, and message content when you contact us
  • Payment Information: Payment method details (processed securely through SumUp), transaction history, and account balance
  • Technical Data: IP address, browser type, operating system, pages visited, referring website, and session information

Access Data & Server Log Files

The website operator logs access data and stores it as "server log files". The following data is logged:

  • Time of access
  • Amount of data transmitted in bytes
  • Source/referrer from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used

The collected data is used for statistical evaluations and website improvements. However, the website operator reserves the right to subsequently review server log files if there are concrete indications of unlawful use.

Cookies

This website uses cookies—small text files stored on your device. Your browser accesses these files. Cookies enhance the user-friendliness and security of this website.

Most browsers offer the option to prevent cookies from being stored. However, if you disable cookies, you cannot be assured that you will have unrestricted access to all functions of this website.

Handling of Personal Data

The website operator collects, uses, and forwards your personal data only if this is permitted by law or you consent to the data collection. Personal data includes all information that can identify your person and can be traced back to you—for example, your name, email address, and phone number.

User Account

To place orders through this service, each customer must set up a password-protected customer account. This account provides an overview of orders placed and active order processes. When you leave the online shop, you are automatically logged out.

The operator assumes no liability for password misuse unless caused by the operator itself.

Order Process

The following personal data is collected and stored during the order process:

  • First name and surname
  • Recipient address (street, city, postal code, country)
  • Sender address information
  • Postcard content and design files
  • Email address
  • Payment data
  • Order metadata (creation date, status, tracking information)

Data that is required for delivery or order processing is forwarded to third-party service providers (printing and postal services). Once data storage is no longer required or legally mandated, it will be deleted.

Handling of Contact Data

When you contact the website operator through available contact options, your information is stored to process and answer your inquiry. Without your consent, this data will not be shared with third parties.

Newsletter Subscription

The website operator offers you a newsletter in which you are informed about current events and offers. To subscribe to the newsletter, you must provide a valid email address. No additional data is collected. The stored data will not be passed on to third parties. You can unsubscribe from the newsletter at any time.

Data Sharing & Third-Party Service Providers

We may share your personal data with the following service providers:

  • Payment Processors (SumUp): For secure payment processing
  • Printing & Postal Services: Address information and design files necessary to print and deliver postcards
  • Email Service Providers: For sending transactional and newsletter emails
  • Analytics Providers: For anonymous usage analytics
  • Cloud Storage Providers: For secure data backup and storage

We may also share data when required by law, such as with law enforcement authorities or government agencies.

Shared Postcard Links

Important Security Notice: Postcards can be accessed via unique sharing links based on randomly generated tokens. Please note that these links do not require authentication—anyone with the link can view your postcard's content. We recommend not sharing postcard links publicly if they contain sensitive personal information. Only share links with trusted recipients.

Data Retention

We store your personal data for as long as this is necessary to achieve the respective storage purpose. After that, we delete your data unless we are obliged by tax, commercial, or other legal retention or documentation requirements to retain it for longer, or you have consented to further storage of your data.

Your Rights: Information, Correction, and Deletion

You have the right to request free information about what personal data is stored about you. If you wish, you can also request correction of incorrect data and blocking or deletion of your personal data—except where this conflicts with legal retention obligations (such as tax record retention).

Under GDPR, you also have the right to:

  • Data Portability: Receive your data in a structured, machine-readable format
  • Object to Processing: Opt out of marketing communications and analytics
  • Withdraw Consent: Withdraw previously given consent at any time
  • Lodge a Complaint: With your local supervisory authority (data protection authority)

Exercising Your Rights

To exercise any of these rights, please contact us:

Email: [email protected]
Subject Line: "Data Subject Request"

Please provide sufficient information to identify your account. We will respond within 30 days.

Data Security

We implement technical and organizational security measures to protect your personal data:

  • SSL/TLS encryption for data transmission (https)
  • Encrypted storage for sensitive data (passwords, payment information)
  • Restricted access to personal data
  • Regular security audits
  • Employee data protection training

Note: While we implement security measures, no internet transmission is completely secure. We cannot guarantee absolute security but take appropriate measures to minimize risks.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated to you via email or prominent website notice.

Contact Information

Website Operator:
Card4U
Email: [email protected]
Website: card4u.org

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.