Privacy Policy

Carson ("we", "us", "our", or "Carson") respects the privacy of every individual whose Personal Data (as defined below) we handle. Please read this Privacy Policy to understand how we may collect Personal Data from you through our website, https://heycarson.com, as well as all associated sites linked to https://heycarson.com by Carson, its subsidiaries and affiliated companies (the "Site").

By using, visiting or accessing the Site or by providing Personal Data to us on or through the Site, you consent to the practices described in this Privacy Policy. 

1. Interpretation and Definitions

For the purposes of this Privacy Policy, these terms have the following meanings: 

Account means the unique account created for you to access our Services or parts of our Services.

Data Controller for the purposes of the General Data Protection Regulation (the "GDPR"), we are the Data Controller of your Personal Data, meaning that we determine the purposes and means by which your Personal Data are, or are to be processed.

Data Subject means any identified or identifiable natural person who is the subject of Personal Data.

Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites. 

Personal Data means any information, which on its own or combined with other information, relates to and identifies, whether directly or indirectly, a living individual. 

Services refers to the Site and related technology offered by Carson.

2. Collection of Personal Data

We will only collect Personal Data that is necessary for and directly related to the provision of our Services. There are two types of data that we collect:

(i)Information You Provide to Us

We ask for and collection information, including Personal Data, about you when you use our Services. This information may include, but is not limited to:

(ii)Information We Collect Automatically

When you use our Services, we may automatically collect or receive certain information about your usage of our Services (collectively the "Usage Data"). In some countries, including countries in the European Economic Area (the "EEA"), such information is considered Personal Data under applicable data protection laws. This includes:

3. Sensitive or Special Categories of Personal Data

Different rules apply to the process of Personal Data concerning race, ethnic origin, political opinions or beliefs, religious or other beliefs, trade union memberships, physical or mental health, sexual life or orientation and any offences committed. We do not require, collect, or process such sensitive or special categories of Personal Data. 

4. Use of Personal Data

We will only process and use your Personal Data where we are permitted to do so by applicable laws. In particular, we may use the Personal Data we collect or receive for the following purposes: 

(i)To Provide, Improve and Develop our Services

(ii)To Provide, Personalize, Measure and Optimize our Advertising and Marketing

(iii)To Provide a Safe Website for Users and to Safeguard our Services and your Personal Data

5. Disclosure of Personal Data

We may share your Personal Data in the following situations:

(i)Third Party Service Providers

We may share your Personal Data with third party service providers to monitor and analyze your use of our Site, to advertise on third party websites to you after you have visited our Site, to facilitate payment processing, and/or to contact you. These third-party service providers have access to your Personal Data only to carry out their specified task, and they are obligated not to disclose or use your Personal Data for any other purpose.

(a)Analytics

(b)Email Marketing

We may use third party e-mail marketing service providers to manage and send emails to you containing newsletters, marketing, promotional materials and other information that may be of interest to you. Such third party e-mail marketing service providers include but is not limited to Intercom, whose Privacy Policy can be viewed at https://intercom.com/legal/privacy.

You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us by following the instructions in Section 17 of this Privacy Policy. 

(c)Payment Processors

We provide paid Services on our Site and use third-party services for payment processing ("Payment Processors"). We will not store your payment card details as that information is provided directly to our Payment Processors whose use of your Personal Data is governed by their Privacy Policy. These Payment Processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The Payment Processors that we work with are:

(d)Behavioral Remarketing

We use third-party remarketing services to advertise our Services on third party websites after you visit our Site. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Site. These third-party vendors include:

(ii)Affiliates

We may share your Personal Data with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates may include our parent company and any other subsidiaries, joint venture partners or companies that we control or are under common control with us.

(iii)Business Partners

We may share your Personal Data with our business partners to offer you certain products, services or promotions.

(iv)Third Parties Permitted By Law

Under certain circumstances, we may also share your Personal Data where disclosure is legally permissible and necessary, and this includes, but is not limited to (i) preventing, investigating, or taking action against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our agreements, or as otherwise required by law; and (ii) defending our legal rights, responding to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).

(v)Business Transfers

We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

6. International Transfers

Your information, including Personal Data, is processed at our operating offices and in any other places where the parties involved in the processing are located. This means that your Personal Data may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Regardless of where the Personal Data is transferred to, when we transfer your Personal Data to other countries, we will impose the same data protection safeguards as described in this Privacy Policy to offer an adequate level of data protection. 

Please contact us as per the instructions in Section 17 below if you would like to see a copy of the specific safeguards applied to the export of your Personal Data.

7. Storage and Retention of Personal Data

All Personal Data collected is subject to our strict data security policies. We will only retain your Personal Data for as long as is necessary for the purposes set out in this Privacy Policy and to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. In particular, we will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site, or we are legally obligated to retain this data for longer periods. If your Personal Data is used for two or more purposes, we will retain it until the purpose with the longer period expires, but we will stop using it for the purpose with the shorter period once that shorter period expires.

8. Security of Personal Data

We are continuously implementing and updating appropriate technical and administrative measures to help protect your Personal Data against unauthorized access, loss, misuse, destruction, or alteration. At Carson, only authorized persons are provided access to the Personal Data we collect from you, and such individuals have agreed and are obliged to keep such information confidential.

However, while we strive to protect your Personal Data, we cannot guarantee its absolute security as there is no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, if you know or have reason to believe that your Personal Data, such as Account information, has been lost, stolen, misappropriated, otherwise compromised, or in any actual or suspected unauthorized use, please contact us by following the instructions in Section 17 of this Privacy Policy. We will assess the likely impact of the incident and take the necessary actions to bring the incident under control. Where necessary, we will also report to the appropriate authority, notify you of the incident and provide relevant information. 

9. Privacy Obligations under the GDPR

Under the GDPR, our use of your Personal Data must be justified under one of several legal grounds. The principal legal grounds that justify our use of your Personal Data is as follows: 

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement.

10. Access and Correction of Personal Data

You have the following rights under this Privacy Policy, and by law, if you are within the EEA, to:

Please note that we may ask you to verify your identity before responding to such requests, and we reserve the right to charge a reasonable fee for processing any data access or correction request. 

If you are in the EEA, you also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.

11. Tracking Technologies and Cookies

Cookies are text files that are stored in a computer system via an Internet browser. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. We use cookies and similar tracking technologies to track the activity on our Site and to automatically collect and store certain information, which may include Personal Data, and this enables us to users of this Site with more user-friendly Services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our Site can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our Site users. The purpose of this recognition is to make it easier for users to utilize our Site. For example, the Site user that uses cookies does not have to enter access data (login credentials) each time the Site is accessed, because this is taken over by the Site, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

(i) Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These cookies are essential to provide you with services available through the Site and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user Accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

(ii) Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies identify if users have accepted the use of cookies on the Site.

(iii) Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies allow us to remember choices you make when you use the Site, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personalized experience and to avoid you having to re-enter your preferences every time you use the Site.

(iv) Tracking and Performance Cookies

Type: Persistent Cookies

Administered by: Third-Parties

Purpose: These cookies are used to track information about traffic to the Site and how users use the Site. The information gathered via these cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Site. We may also use these cookies to test new pages, features or new functionality of the Site to see how our users react to them. The Data Subject may, at any time, prevent the setting of cookies through our Site by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the Data Subject deactivates the setting of cookies in the Internet browser used, not all functions of our Site may be entirely usable.

12. "Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Services do not respond to Do Not Track signals. However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

13. Links to Other Sites

Our Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

14. Children's Privacy

We do not direct our Services to individuals under the age of 18, nor do we knowingly collect any Personal Data from individuals under the age of 18. Individuals under the age of 18 are requested to NOT provide any Personal Data through our Services. If you become aware that an individual under the age of 18 has provided us with Personal Data without parental consent, please contact us using the information at Section 17 of this Privacy Policy. If we become aware that an individual under 18 has provided us with Personal Data, we take commercially reasonable steps to remove such information from our systems.

15. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice prior to the change becoming effective, and we will update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

16. Contact Us

For the purposes of this Privacy Policy, we are the Data Controller of your Personal Data:

Swift Commerce Limited,
Unit 2A, 17/F, Glenealy Tower,
No1 Glenealy,
Central, HKG
Email: hello@heycarson.com

If you have any questions about this Privacy Policy, you can contact us at the address or e-mail listed above, or by visiting this page on our website: https://heycarson.com/contact-us.