Diem-logo
Privacy Policy

Effective date: 1 October, 2020

We at DIEM know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy and our practices regarding your personal data. By using or accessing the Services in any manner or visiting www.cartediem.org you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent to the practices described in this policy.

Remember that your use of DIEM’s Services is at all times subject to the Terms of Use, available, which incorporates this Privacy Policy cartediem.org/terms , which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.

For the purposes of the Data Protection Act 1998, the data controller for data other than retailer-provided information is DIEM Ltd, whose registered address is at 69 Wilson Street, London, EC2A 2BB. For all retailer-provided information (e.g., customer purchase histories, retailer account details), the data controller is the retailer who supplied the information. Please refer to the respective retailer’s Privacy Policy for all matters relating to retail-provided information

Our nominated Data Protection Officer for the purposes of the Data Protection Act/GDPR is Rigers Cupi, who can be contacted at security@carterdiem.org.


What does this Privacy Policy cover?

This Privacy Policy covers our treatment of information that can be used to identify an individual ("Personal Information") that we gather when you are accessing or using our Services, but does not extend to the practices of companies we don’t own or control, or people we don’t manage. We gather various types of Personal Information from our users, as explained in more detail below, and we use this Personal Information internally in connection with our Services, including to personalise, provide, and improve our services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, to fulfil your requests for certain products and services, and to analyse how you use the Services. In certain cases, we may also share some Personal Information with third parties, but only as described below.

As noted in the Terms of Use ( www.cartediem.org/terms ) we do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please contact us at privacy@carterdiem.org.


Will DIEM ever change this Privacy Policy?

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on the DIEM.org website at http://www.cartediem.org/privacy and DIEM applications, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you are deemed to agree to all of the changes.


What information does DIEM collect?

Information You Provide to Us:

We may collect, process and store any information you knowingly provide to us, including, for example, the following information:

  • Registration information. Through the registration process and/or through your account settings, we may collect and store Personal Information such as your name, email address, and club or membership numbers associated with certain retailers or resellers. Certain information may be required to register with us or to take advantage of some of our features; for example, we may collect your phone number and home address in the event that we need to arrange for the pickup of a product or shipment of a product to you.
  • Technical information. Including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use.
  • Contacts information. Information stored on your device, including if you give us access to contact information from your contacts list. The DIEM app will regularly collect this information in order to stay up to date (but only if you have given us permission).
  • Payment information. You may provide us with certain payment information (e.g., credit card numbers and expiration dates; bank account numbers) that may enable you to take advantage of certain features of the Services, for example, to purchase a product, or receive payment for resale of a product. You may provide payment information to DIEM directly or indirectly through a third party. For example, the Services may allow you to submit payment information to DIEM via a third party, whose use of such information is governed by its own Privacy Policy.
  • Third Party information. If you provide your Third Party Account credentials to us, or otherwise sign in to the Services through a Third Party site or service, you understand some content and/or information in those accounts may be transmitted into your account with us, and that Third Party Data transmitted to our Services is covered by this Privacy Policy. Additionally, you may be able to sign in to the Services through a third party social media site such as Facebook, and we may obtain certain information that is stored in your account with that site. Publicly available information from social media websites or apps may also be provided to us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).However, we will never collect or store any passwords or payment information saved within or associated with your Third Party Accounts. The third party should also have made you aware that some of your Personal Information will be transmitted to us, and we will notify you when we receive Personal Information from a third party and the purposes for which we intend to use that information.
  • User Submissions. As described in the Terms www.cartediem.org/terms we may collect and store other information you provide to us, including communications with other users, feedback, questions, comments, survey responses, suggestions, or ideas, so that we can provide and improve the Services for our users, We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may email you about your use of the Services or, if you have given us explicit permission, send you promotional email offers on behalf of other businesses. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. If you do not want to receive communications from us, please indicate your preference by contacting us at contact@carterdiem.org.

Information Collected Automatically:

Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we may transfer to your browser or device that allow us to recognise your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features..

If you click on a link to a third party website or service, a third party may also transmit cookies to you. Again, this Privacy Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices. Please be aware that cookies placed by third parties may continue to track your activities online even after you have left our Services, and those third parties may not honour “Do Not Track” requests you have set using your browser or device

We may use this data to customise content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible.


How does DIEM use information collected about you?

We use Personal Information collected about you in the following ways:

  • Information you give to us. We will use this information:
    • to carry out our obligations arising from any contracts entered into between you and us, and to provide you with the information and services you request from us;
    • subject to your consent on the relevant subscription form, to provide you with information about other services we offer that are similar to those you have already purchased or enquired about;
    • subject to your consent on the relevant subscription form, to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous contract or negotiation with you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
    • to notify you about changes to the Services;
    • to ensure that content from our website is presented in the most effective manner for you and the device you are using to access the website.
  • Information we collect about you. We will use this information:
    • to administer our website and apps, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • to improve our website and apps to ensure that content is presented in the most effective manner for you and for the device you are using to access the website;
    • to allow you to participate in any interactive features of our Services, when you choose to do so;
    • as part of our efforts to keep our website and apps safe and secure;
    • to measure or understand the effectiveness of any advertising we serve to you and others, and to deliver relevant advertising to you;
    • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
  • Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).


Legal Bases for Processing your Personal Information

Generally, where we process Personal Information about you, it will be to comply with our agreement with you to provide Services. The legal basis for the processing of Personal Information for such purposes is therefore “contract”: the processing is necessary for a contract we have with you or as a precursor to entering into that contract. This applies to processing to carry out our obligations arising from contracts entered into between you and us and to provide you with the information and services that you request from us. It is also the basis for using your Personal Information to inform you about changes to the Services.

Some of our processing, such as the anonymisation of your Personal Information prior to providing aggregate usage information to retailers, product manufacturers and others, relies on the legal basis of our “legitimate interests”: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your Personal Information which overrides those legitimate interests. Our legitimate interest here is the need to sell anonymised, aggregate usage and item resale information as a means of offering you a higher price on your used items than we could without the sale of such information.

Our processing of your Personal Information to provide you with information about other services we offer that are similar to those you have already purchased or enquired about is based on our legitimate interest in keeping you informed of services that might be of interest to you, and in helping us achieve our public mission of reducing waste.

Our use of your Personal Information to ensure that content from our app and website is presented in the most effective manner for you and the device you are using to access the app or website is based on our legitimate interest in making our services as intuitive and user-friendly as possible.

Where we process your Personal Information to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you, that will be based on your consent, which can be withdrawn at any time by contacting us at privacy@carterdiem.org.


Will DIEM share any of the Personal Information it receives?

We may share your Personal Information with third parties as described in this section:


Information that’s no longer personally identifiable: We may anonymise your Personal Information so that you are not individually identified, and provide that information to our partners. We may also provide aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal customer experience. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally.

We may use third party analytics services, such as Mixpanel and Google Analytics, to grow our business, to improve and develop our Services, to monitor and analyse use of our Services, to aid our technical administration, to increase the functionality and user-friendliness of our Services, and to verify that users have the authorization needed for us to process their requests. These services may collect and retain some information about you.

You can opt-out of Mixpanel’s automatic retention of data collected while using our Services by visiting https://mixpanel.com/optout/ If you get a new computer, install a new browser, erase or otherwise alter your browser's cookie file (including upgrading certain browsers), you may clear the Mixpanel opt-out cookie, and you will need to re-visit the opt-out page. Note that Mixpanel’s opt-out cookies will not stop us from sending other data about you from our servers to Mixpanel, nor will it prevent any other data collection methods. To learn more about the privacy policy of Mixpanel, visit https://mixpanel.com/privacy/.

Google Analytics collects the IP address assigned to you on the date you use the Services, but not your name or other personally identifying information. We do not combine the information generated through the use of Google Analytics with your Personal Information. Although Google Analytics plants a persistent cookie on your web browser to identify you as a unique user the next time you use the Services, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your use of the Services is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You may find additional information about Google Analytics at www.google.com/policies/privacy/partners/ Finally, you can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout/.

Supplier Businesses:Occasionally your full legal name and IBAN might be shared with IT and delivery suppliers to help us provide our services to you. Additionally, Our banking and financial-services partners and payments networks, including Visa and Mastercard, might require this info. This includes banking and lending partners, banking intermediaries and international payment-service providers.

Affiliated Businesses: In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognise when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service; for example, when you choose to take an action with regard to a particular item you purchased from a participating retailer, we may share that information with that participating retailer, or when you elect to resell an item through a third party resale marketplace such as eBay, we will provide that marketplace with the information they need to perform the transaction and pay you the proceeds. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to a participating retailer or an affiliated website or business, please review all such businesses’ or websites’ terms and conditions and privacy policies.

Agents: We employ other companies and people to perform tasks on our behalf as part of any contract we enter with you and need to share your information with them to provide products or services to you. For example, if you want to sell or donate products that are registered with the Services, we may share certain information with third parties that arrange such resale or donation. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.

DIEM User Profiles and Submissions: Certain user profile or account information, including your name, DIEM User ID, and any video or image content that you have uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for the Services. Please remember that any Content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your DIEM User ID may also be displayed to other users if and when you transfer products to them, send messages or comments, or upload images or videos through the Services, and other users may be able to contact you through messages and comments. Additionally, if you sign into the Services through a third party social networking site or service, your list of “friends” from that site or service may be automatically imported to the Services, and such “friends,” if they are also registered users of the Services, may be able to access certain non-public information you have entered in your Services user profile or account. Again, we do not control the policies and practices of any other third party site or service.

Business Transfers: n the event we choose to buy or sell any business or assets, we may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.

Protection of DIEM and Others: We reserve the right to access, read, preserve, and disclose any information we believe is necessary to comply with law or court order; enforce or apply our Terms of Use (www.DIEM.org/terms) and other agreements; respond to claims that any content violates the rights of third parties; or protect the rights, property, or safety of DIEM, our employees, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.


Is Personal Information about me secure?

Your account is protected by a password for your privacy and security. If you access your account via a Third Party site or service, you may have additional or different sign-on protections via that Third Party site or service. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Once we have received your Personal Information, however, we will use strict procedures and security features to try to prevent unauthorised access.


Where do we store your Personal Information?

The data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us, or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your Personal Information, you agree to this transfer, storing or processing. DIEM will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this privacy policy.

Some of our external third parties are based outside the EEA, so their processing of your Personal Information will involve a transfer of data outside the EEA. Whenever we transfer your Personal Information out of the EEA to third parties, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or,
  • where we use certain service providers, we ensure they adhere to specific contracts approved by the European Commission which give your Personal Information the same protection it has in Europe. For example, we work with Mixpanel, and they comply with the EU-US Privacy Shield Framework (you can find details here ).For further details, see European Commission: Model contracts for the transfer of personal data to third countries

Please contact us at privacy@carterdiem.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorised access.


What Personal Information can I access?

You may access, delete and, in some cases edit the following information you’ve provided to us:

UserID;

Name;

Email address;

Mailing address;

Mobile phone number;

Third Party retailer club or membership numbers;

Note that the password you use to access your account is stored in your Apple iCloud Keychain, and is never shared with us

User profile or account information, including images, messages and comments you have uploaded to or transmitted through the Services.

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at privacy@carterdiem.org.

Under the UK Data Protection Act and the EU General Data Protection Regulation, you have rights under certain circumstances in relation to your Personal Information. These include the rights:

  • of access to information held about you without charge;
  • to erasure of your Personal Information;
  • to object to processing of your Personal Information;
  • to request restriction of processing of your Personal information;
  • to the transfer of your Personal information; and
  • the right to withdraw your consent, where consent is relied upon as the legal justification for processing.


As we provide an international service, we may need to transfer your personal data outside the United Kingdom or European Economic Area (EEA) in order for us to provide our services. For example, if you ask to make an international payment, we will send funds to banks outside of the United Kingdom or EEA. We might also send your personal data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements and to provide ongoing support services.
We may share your personal data with credit-reference agencies and fraud-prevention agencies that are based outside of the United Kingdom or EEA. We will take all reasonable steps to make sure that your personal data is handled securely and in line with this privacy policy and data protection laws. If you require notice of the information held about you or wish to exercise any of the other rights, please submit a written request to privacy@carterdiem.org

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


What choices do I have?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features. You have the right to ask us not to process your Personal Information for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your Personal Information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at privacy@carterdiem.org. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

You may be able to add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. Please note that we may be required (by law or otherwise) to retain your account information or any other information associated with it and not delete it (or to keep this information for a certain period of time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Some information may remain in our records after your deletion of such information from your account. We may use any aggregated data derived from or incorporate your Personal Information after you update or delete it, but not in a manner that would identify you personally. We may also be required to keep certain Personal Information about you (such as an email address) in order to ensure we comply with a request from you not to be contacted, for example.


What if I have questions about this Privacy Policy?

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@carterdiem.org, and we will try to resolve your concerns. If you have any complaints, these should be addressed to our Data Protection Officer at security@carterdiem.org or the Information Commissioner’s Office (ICO). The ICO helpline is on 0303 123 1113 or you can visit the ICO website for further information https://ico.org.uk/concerns/.