We are a company registered in England and Wales (registration number 3852652) under the name Moonpig.com; the address of our registered office is Unit 7, Metal Box Factory, 30 Great Guildford Street, London, SE1 0HS. We are registered as a data controller with the Information Commissioner's Office (registration number Z4843659). Moonpig.com has designated a Data Protection Officer who can be contacted by email at DPO@photobox.com or by post at our registered office.
What personal information do we collect about you ?
When you access and move around Moonpig, register an Account with Moonpig or purchase a Product from Moonpig, we may collect some or all of the following personal data about you:
- A username and password;
- Name, date of birth, age and sex;
- Billing and delivery addresses, email address and phone number(s);
- Payment Method (typically credit card or debit card) details;
- Your Images and other User Content;
- Correspondence with and from Moonpig;
- Your preferences about receiving communications from Moonpig;
- Information about your use of Moonpig, and your browsing and online purchasing activities; and details we may ask you to submit to verify your identity.
We may also collect some of this personal data from third parties who have your consent to pass your details to us.
In order to take advantage of some of our Services, you may need to supply us with the personal details of a third party (for example, their name and address if you wish to send them a Product). We will not use this information for anything other than providing the Services for which the information was supplied.
How do we use your personal information ?
Your personal data will be collected, processed, stored and used by us, and passed to and processed by our subsidiary and/or affiliated companies and other data processors acting under contract with us.
When you sign up to Moonpig and agree to our terms and conditions, we need to process certain data that allows Moonpig:
- To provide the Moonpig service to you in accordance with our agreement;
- To create personalised Products selected by you;
- To associate your Account, and your Product purchases, with you, and to verify your identity;
- If you elect to store an encrypted Payment Method with us, to associate that Payment Method with you when you place an order;
- To tailor aspects of Moonpig (including its search function and offers) to you;
- To process payments you make for Products;
- To pass your Product order for delivery by third party deliverers engaged by us;
- To provide customer support and improve your customer experience;
- To contact you by email and mobile communication (such as text (SMS) and "push" notification) in relation to the products or services you have purchased.
If you’ve told us it’s OK (or unless you’ve asked us not to after a purchase), we would like to contact you to provide information about products or services we think might interest you. You may withdraw this consent at any time.
For legitimate business reasons we will also process your data for customer satisfaction and customer experience improvement purposes, such as by analysing data we hold about you, and combining it with data held by third parties, in order to discern your interests, demography and other factors, and in consequence to offer goods and services that are likely to have the greatest value to you. We would also use this data in connection with the prevention and detection of fraud and other crime.
If you elect to store a Payment Method with us, that Payment Method will not in fact be stored by Moonpig itself, but instead it will be stored by a payment service provider under contract with us. The storing payment service provider will be required to comply with the Payment Card Industry Data Security Standard (PCI DSS). Note that, when using a stored Payment Method to make payment for your Moonpig order, certain techniques will be used to assist in maintaining the security of the details of your stored Payment Method. For example, not all of the payment card number will be visible to you (typically, all except the final four digits will be masked), and you will be required to provide certain information (such as, but not limited to, a CV2 card security number) in order to proceed with using that Payment Method. To remove or change a stored Payment Method, please follow the procedures specified on the Site or App, or contact our customer services team.
If you are asked to provide a phone number for a Product you are ordering, note that the phone number will be provided to the deliverer of your order – and (unless you specifically opt not to permit this) will appear on your order's packaging – to assist with the delivery process. If you do not wish your phone number to be used in this way, then please do not provide a phone number when placing your order.
We may use automatically collect anonymous information about your use of Moonpig. For example, we may automatically log which parts of Moonpig you access, which web browser you deploy and the website from which you linked to Moonpig. You cannot be identified from any of this information. It enables us to compile statistics about the use of Moonpig, and to help target aspects of Moonpig and advertising to you more accurately.
Disclosing your personal data
We will not disclose any of your personal data, other than to subsidiary and/or affiliated companies and data processors (including deliverers and payment service providers) under contract with us. To enable us to provide our service, we share data with the following categories of organisations:
- Information technology (hardware and software) companies
- Payment processing companies
- Manufacturers, wholesalers and retailers
- Delivery and courier services
- Fraud prevention companies
- Advertising and marketing services companies
- Other companies in the Photobox group (Photobox, Hofmann and PosterXXL). Should companies join or leave the group, this policy will be updated to reflect the new group structure.
We will not share your data with any other categories of organisation without your permission unless:
- we are legally entitled to do so (for example, pursuant to a court order or for the purposes of prevention or detection of crime or fraud);
- we are in negotiations with a third party for the sale or purchase of any of Moonpig's business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- Moonpig, or substantially all of its assets, is acquired by a third party, in which case personal data held by Moonpig about its customers will be one of the transferred assets; or
Email and Text preferences
When you sign up, we will ask you if you’d like to receive information about other products and services. The emails and mobile communication (such as text (SMS) and "push" notification). You can change your preferences at anytime on the Account Details page. Alternatively, you can click “Unsubscribe” on any email you receive or reply “STOP” to an SMS.
You can also choose to receive reminders when it’s time to send your friend or relative another card or gift. You can control these on your My Reminders page.
To thank you for being a loyal customer, you can also sign up for our Moonpig Rewards Loyalty Programme. When you join the programme and while you’re a member, you may receive emails and SMS messages. To stop these, you may leave the programme at anytime by visiting My Rewards or unsubscribe as above.
When you make a purchase or when we have important information to tell you about your account, you will receive service messages to keep you up to date.
We may transfer personal data that we collect from you to third party data processors located in countries that are outside of the European Economic Area (EEA) and to other Photobox group companies in connection with the above purposes. Please be aware that countries outside the EEA may not offer the same level of data protection as the United Kingdom; however, we always require that third party data processors deal with your personal data in accordance with this privacy notice. Any transfers are done in accordance with the standards laid down by the EU Commission and/or decisions of the European Court of Justice.
If you have not logged into your account for 40 months, your personal details and any photos or other content will be deleted. Any photos you have uploaded will be kept for longer in a depersonalised form (i.e they can no longer be associated with you or your account) for research and analytical purposes. We retain other minimal data for tax, anti-fraud and other purposes in accordance with our data retention policy.
Under the EU General Data Protection Regulation 2016/679 (GDPR) you have a number of rights you can exercise over your data. Your rights are:
- The right to receive a copy of your data free of charge (know as a Subject Access Request)
- The right to receive certain data in an electronic format that can be given to another provider (a portability request)
- The right to have data corrected if it is inaccurate
- The right to ask us to stop processing or object to processing under certain circumstances
- The right to ask us to erase data in certain circumstances
- The right to withdraw consent at any time when that is the legal basis for our processing
To discuss any of these rights, please contact Customer Services.
Additionally, you have the right to lodge a complaint with the Data Protection regulator. In our case, this is the Information Commissioner's’ Office in the UK. Details of how to contact them can be found at ICO.org.uk.
Links to third party sites
Our Site may, from time to time, contain links to the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for those websites or their policies.
We employ significant technical and organisational measures to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. We believe the measures implemented by our site reduce the likelihood of security problems to a level appropriate to the type of data involved.
We have security measures in place to protect our database of Users and access to this database is restricted internally. However, there are things we can all do to help stay safe and secure online:
- ensure no-one else uses Moonpig through your Account;
- log off or exit from your Moonpig Account when not using it;
- keep your password or other access information secret;
- use different passwords for different services you use online
- ensure you’re using the most up-to-date versions of your software.
We will never ask you to confirm the details of your Account or Payment Method by email or mobile communication. If you receive such contact, please do not respond to it.
Updates to this notice
This privacy notice was last updated on 10th April 2018 Please check back regularly to keep informed of changes to this Notice.