Wishing You™ is a postcard app that allows you to send postcards to your contacts. Wishing You
is wholly developed and maintained by CFH Docmail Limited.
Wishing You Privacy Notice
CFH Docmail Limited (“we”, “our”, “us”) respects the
rights that individuals (“you”) have in relation to their personal data. This
privacy notice (“privacy notice”) will inform you about how we look after
personal data, provide details of your privacy rights and how the law protects you.
We care about your privacy and we will always endeavour to comply with the General Data
Protection Regulation ((EU) 2016/679) and the Data Protection Act 2018, as amended
(“data protection law”) and we will never pass your personal
data to third parties except where we are required to do so by law. We will keep personal
data secure and will respect the rights you have in relation to your personal data.
If you have any questions regarding our processing of personal data, you can contact us via
the following methods and location:
CFH Docmail Limited (Reg. Co. No.: 01716891)
Postal address: CFH Docmail Limited, St Peters Park, Wells Road, Radstock, BA3 3UP
Telephone number: 01761 416311
Postal address: CFH Docmail Limited, Starlaw Business Park, Livingston, EH54 8SF
We are registered with the Information Commissioner’s Office (ICO) under registration number Z5722574.
What is the purpose of this privacy notice and who does it cover?
This privacy notice provides information about how we collect and process personal data when:
you are our customer, when you accept the terms and conditions upon which we will provide services to you or you enter into a contractual agreement with us; or
you are not our customer, but we collect your contact details from you, you attend an event or you interact with us for information regarding our products, services and latest offers.
Our Docmail services and our website are not intended for use by children.
It is important that you read this notice together with any other privacy notice we may
provide on specific occasions when we are collecting or processing personal data about you,
so that you are fully aware of how and why we are using personal data. This notice
supplements the other notices and is not intended to override them.
This privacy notice deals with the questions below and you can go directly to a specific section by
clicking on each heading.
Who is the controller and who is the processor for personal data
and how can I make a complaint?
The answer to this question will depend on your relationship with us.
If you are a customer of ours, you will be the data controller and we will be the data processor for the data which you provide to us to enable us to perform our services.
If you are a customer of ours, you may provide us with the personal data belonging to others with whom you wish to communicate and where that is the case, you will be the data controller and we will be the data processor.
If you are not a customer of ours, but you provide us with your personal data, we will be the data controller and processor of that personal data.
In either case, you have certain rights with regard to the processing of personal data (see below) and you can make a complaint to the ICO, (www.ico.org.uk) if you feel we have infringed those rights. We would, however, appreciate the chance to deal with any concerns you may have before you approach the ICO.
What happens if this privacy notice is updated or personal data
We will publish any changes to this notice on our website. The last update
was: April 2019.
It is important that the personal data we hold about you is accurate and
current. Please keep us informed if there are any changes during your
relationship with us by contacting the Wishing You support team using the
details set out below:
As a data subject, you have the following rights under data protection law:
Right to be informed – When we collect personal data,
we have to tell you what we are going to do with it as set out in this Privacy
Right of access – You have the right to contact us
to request details of the information we hold about you.
Right of rectification – You have the right to ask
us to rectify information that we hold about you if this is inaccurate or
Right to erasure - This is also known as the right
to be forgotten and gives you the right to request your information to be
removed if there is no compelling reason for its continued processing. We keep a
list of people who have asked not to be contacted which is used to ensure that
you receive no further marketing information from us. Without this list your
personal data could enter our system again from another source and we would
have no record of the fact that you asked us not to contact you.
Right to restrict processing – this is the
alternative to erasure and gives you the right to tell us to stop processing
your data but allowing us to keep enough information about you to ensure that
you’re wishes are respected in the future.
Right to data portability – this gives you the
right to ask the holder of your information to transfer that information to
another business. This right would be most commonly used if you were switching
banks, insurance companies, utility companies or mobile phone companies.
Right to object – you have the right to object to
the processing of your data for marketing purposes and profiling for marketing
purposes. Your rights and freedoms override our interests.
Rights related to automated decision-making including
profiling – we do not use automated decision-making processes which
would have a potentially damaging effect on the information we hold about you.
But if we did you have the right to obtain human intervention, express your
point of view and obtain an explanation of the decision and challenge it.
Rights to withdraw consent at any time where
relevant – you have the right to withdraw your consent to the
processing of your information at any time and we must provide you with the
information to need to do so at the time we collect your data and each time we
What personal data do you collect?
Personal data means any information about an
individual from which that person can be identified. It does not include
personal data where the identity has been removed (anonymous data).
Special categories of personal data mean any
information about you which includes details about your race or ethnicity,
religious or philosophical beliefs, sex life, sexual orientation, political
opinions, trade union membership, information about your health and genetic
and biometric data. We do not collect any special categories of personal data
We collect, use, store and transfer different kinds of personal
data about you which we have grouped together as follows. The terms below are
mainly used to explain why we use the personal data in the way we do:
Communication this could include the channel and method
by which we communicate with you.
Contact this could include billing address.
Identity this could include your name, title and any
Marketing this could include your preferences in
receiving marketing from us.
Transaction this could include details about payments
Technical this could include internet protocol (IP)
address, browser type and version, app type and version, time zone
setting, operating system and platform.
Usage this could include information about how you use
our website, apps and services.
How do you collect personal data?
We use different methods to collect personal data from and about you
including through the following interactions set out below:
Direct interactions. You give us your Identity,
Communication, Contact, Transaction and Financial data by filling in forms or by
corresponding with us by post, phone, email or online. This could include personal
data you provide when you:
request information about our services;
enter into a contract for the provision of services with us;
request marketing to be sent to you;
give us your business card and contact details.
Automated technologies or interactions. As you
interact with our website, we may automatically collect Technical data about
your equipment, browsing actions and patterns. We collect this personal data by
using cookies, server logs and other similar technologies.
Third parties. We receive personal data about you
from the third parties below:
Technical data from analytics providers such as Google;
Contact, Identity, Financial and Transaction data from providers of
technical, payment and delivery services.
What happens if I provide you with personal data about another
In order for us to provide our services to you, we may need to process
personal data about other individuals, for example your customers or another
individual. In this situation we will not have direct contact with those
individuals and it will not be appropriate for us to provide them with a
copy of this privacy notice.
You are required to ensure that you have satisfied all legal
requirements before passing this personal data to us, including providing
them with a copy of this privacy notice and you must ensure that we can use
any personal data that you pass to us in accordance with this privacy notice
and data protection law.
You must also comply with any data protection provisions set out in the terms
of business or contract we have entered into with you.
How do you use personal data?
We will only use personal data when the law allows us to. We may process
personal data without your knowledge or consent where this is required or
permitted by law. Most commonly, we will use personal data in the following
circumstances and for the following purposes:
Legal or regulatory obligation – to comply with a
legal or regulatory obligation to which we are subject.
Legitimate interest – where it is in our
legitimate interests or that of another third party. We will always make sure we
consider and balance any potential impact on you (both positive and negative)
and your rights before we process personal data for our legitimate interests. We
do not use personal data for activities where our interests are overridden by
the impact on you (unless we have your consent or are otherwise required or
permitted to by law). You can obtain further information about how we assess our
legitimate interests against any potential impact on you in respect of specific
activities by contacting us at firstname.lastname@example.org
Performance of contract – where it is necessary
for us to process personal data for the performance of a contract to which
you are a party or to take steps at your request before entering into such a
Consent – we may rely on consent as a legal basis
for processing personal data. If we do, you can withdraw your consent at
any time by following the opt-out links on any marketing communications sent to
you or by contacting us at email@example.com.
What do you use personal data for and why?
We have set out in the table below, a description of all the ways
we use personal data, and which of the legal bases we rely on to do so. We
have also identified what our legitimate interests are where appropriate. We may
process personal data for more than one legal basis depending on the
specific purpose for which we are using the personal data.
We will only use personal data for the purposes for which we
collected it, unless we consider that we need to use it for another reason and
that reason is compatible with the original purpose.
If we need to use personal data for an unrelated purpose, we
will notify you and we will explain the legal basis which allows us to do so.
Purpose for processing
Legal basis relied on
Wishing You Customers
To deliver services to you including managing payments, fees and
charges and collecting and recovering any money owed to us
Performance of a contract
Legitimate interests – to recover debts due to us
Wishing You Customers
To manage our relationship with you including notifying you about
changes to our terms
Performance of a contract
Legal and regulatory obligation
Wishing You Customers
To invite you to events and/or workshops and to manage your
attendance at those events and/or workshops
Legitimate interests – to grow and expand our business
Prospective Wishing You Customers
To contact you to provide you with information about us and our
services which you have requested when you are not our client
Legitimate interests – to respond to requests for
information from you
All website visitors
To administer and protect our business and our website including
troubleshooting, data analysis, testing, system maintenance,
support, reporting and hosting of data which may include the use of
Legal and regulatory obligation
Legitimate interests – to run our business, provide
administration and IT services, network security and to
All website visitors
To deliver relevant website content to you and measure or understand
the effectiveness of our website
Legitimate interests – to study how clients and prospective
clients use our services, to develop them, to grow our
business and to inform our marketing strategy
All website visitors
To use data analytics to improve our website, services, marketing,
customer relationships and experiences
Legitimate interests – to identify individuals for our
services, to keep our website updated and relevant, to
develop our business and to inform our marketing strategy
How do you use personal data for marketing and how can I opt
We use the information provided to us to contact you
regarding our products, services and latest offers (we define this as marketing).
You will receive marketing communications from us if you have provided your consent.
You can ask us to stop sending you marketing communications at any
time by following the opt-out links on any marketing communications sent to you
or by contacting us at
To whom do you disclose personal data?
We may have to share personal data with the parties set out
below for the purposes set out in the table above:
Service providers based in the EEA who provide IT and system
administration services and access to platforms we use for operational
purposes to run our business;
Professional advisers including lawyers, barristers, bankers, auditors
and insurers who provide consultancy, banking, legal, insurance and
Third parties who require access to the personal data we process for the
purposes of the prevention or detection of crime or for the purposes of
HM Revenue & Customs, regulators and other authorities based in the UK
who require reporting of processing activities in certain circumstances,
for example to ensure we are complying with legal and regulatory
External auditors who provide auditing and similar compliance services
to us to ensure we are complying with our legal and regulatory
obligations when we provide services to you, process personal data
or where we are certified under any relevant schemes or certifications;
Financial providers who provide us with financial services and
We require all third parties to respect the security of personal
data and to treat it in accordance with the law and the terms of the contract we
have in place with them where they are our third-party service providers. We do
not allow our third-party service providers to use personal data for their own
purposes and only permit them to process personal data for specified purposes
and in accordance with our instructions.
To where do you transfer personal data?
CFH Docmail Limited do not transfer the personal data to any third
countries outside the EEA.
How do you safeguard personal data?
We have appropriate security measures in place to prevent
personal data from being accidentally lost, used or accessed in an unauthorised
way, altered or disclosed.
We also have in place procedures to deal with any suspected
personal data breach and will notify you and any applicable regulator of a
breach where we are legally required to do so.
How long will you use personal data for?
We will only retain personal data for as long as necessary to
fulfil the purposes for which we collected it. Postcards will be retained
for 14 days after despatch.
Third-party links on this website
Our website may include links to third-party websites, plug-ins and
applications. Clicking on those links or enabling those connections may allow
third parties to collect or share personal data about you. We do not control
these third-party websites and are not responsible for their privacy policies.
When you leave our website, we encourage you to read the privacy notice of every
website you visit.
What are cookies and how are these used?
Cookies are small files of letters and numbers stored on your
browser or device that enable the cookie owner to recognise the device when it
visits websites or uses online services. The website you visit may set cookies
directly, known as first-party cookies, or may trigger cookies set by other
domain names, known as third-party cookies. While we may automatically use some
cookies that are strictly necessary to provide the services you request or
enable communications, we request your consent for all of our other cookie uses.
For more information about cookies please visit
Most web browsers allow you to directly block all cookies, or just
third-party cookies, through your browser settings. Using your browser settings
to block all cookies, including strictly necessary ones, may interfere with
proper site operation.