Privacy Policy

Wishing You™ is a postcard app that allows you to send postcards to your contacts. Wishing You is wholly developed and maintained by CFH Docmail Limited.

Wishing You Privacy Notice

CFH Docmail Limited (“we”, “our”, “us”) respects the rights that individuals (“you”) have in relation to their personal data. This privacy notice (“privacy notice”) will inform you about how we look after personal data, provide details of your privacy rights and how the law protects you.

We care about your privacy and we will always endeavour to comply with the General Data Protection Regulation ((EU) 2016/679) and the Data Protection Act 2018, as amended (“data protection law”) and we will never pass your personal data to third parties except where we are required to do so by law. We will keep personal data secure and will respect the rights you have in relation to your personal data.

If you have any questions regarding our processing of personal data, you can contact us via the following methods and location:

We are registered with the Information Commissioner’s Office (ICO) under registration number Z5722574.

What is the purpose of this privacy notice and who does it cover?

This privacy notice provides information about how we collect and process personal data when:

Our Docmail services and our website are not intended for use by children.

It is important that you read this notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using personal data. This notice supplements the other notices and is not intended to override them.

This privacy notice deals with the questions below and you can go directly to a specific section by clicking on each heading.

    1. Who is the controller and who is the processor for personal data and how can I make a complaint?

      The answer to this question will depend on your relationship with us.

    2. If you are a customer of ours, you will be the data controller and we will be the data processor for the data which you provide to us to enable us to perform our services.
    3. If you are a customer of ours, you may provide us with the personal data belonging to others with whom you wish to communicate and where that is the case, you will be the data controller and we will be the data processor.
    4. If you are not a customer of ours, but you provide us with your personal data, we will be the data controller and processor of that personal data.
    5. In either case, you have certain rights with regard to the processing of personal data (see below) and you can make a complaint to the ICO, ( if you feel we have infringed those rights. We would, however, appreciate the chance to deal with any concerns you may have before you approach the ICO.
    1. What happens if this privacy notice is updated or personal data changes?

      We will publish any changes to this notice on our website. The last update was: April 2019.

      It is important that the personal data we hold about you is accurate and current. Please keep us informed if there are any changes during your relationship with us by contacting the Wishing You support team using the details set out below:


      Telephone: 01761 409701

    1. What are my rights under data protection law?

      As a data subject, you have the following rights under data protection law:

    2. Right to be informed – When we collect personal data, we have to tell you what we are going to do with it as set out in this Privacy Policy.
    3. Right of access – You have the right to contact us to request details of the information we hold about you.
    4. Right of rectification – You have the right to ask us to rectify information that we hold about you if this is inaccurate or incomplete.
    5. Right to erasure - This is also known as the right to be forgotten and gives you the right to request your information to be removed if there is no compelling reason for its continued processing. We keep a list of people who have asked not to be contacted which is used to ensure that you receive no further marketing information from us. Without this list your personal data could enter our system again from another source and we would have no record of the fact that you asked us not to contact you.
    6. Right to restrict processing – this is the alternative to erasure and gives you the right to tell us to stop processing your data but allowing us to keep enough information about you to ensure that you’re wishes are respected in the future.
    7. Right to data portability – this gives you the right to ask the holder of your information to transfer that information to another business. This right would be most commonly used if you were switching banks, insurance companies, utility companies or mobile phone companies.
    8. Right to object – you have the right to object to the processing of your data for marketing purposes and profiling for marketing purposes. Your rights and freedoms override our interests.
    9. Rights related to automated decision-making including profiling – we do not use automated decision-making processes which would have a potentially damaging effect on the information we hold about you. But if we did you have the right to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.
    10. Rights to withdraw consent at any time where relevant – you have the right to withdraw your consent to the processing of your information at any time and we must provide you with the information to need to do so at the time we collect your data and each time we contact you.
    1. What personal data do you collect?

    2. Personal data means any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).
    3. Special categories of personal data mean any information about you which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any special categories of personal data about you.
    4. We collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows. The terms below are mainly used to explain why we use the personal data in the way we do:
      1. Communication this could include the channel and method by which we communicate with you.
      2. Contact this could include billing address.
      3. Identity this could include your name, title and any uploaded content.
      4. Marketing this could include your preferences in receiving marketing from us.
      5. Transaction this could include details about payments from you
      6. Technical this could include internet protocol (IP) address, browser type and version, app type and version, time zone setting, operating system and platform.
      7. Usage this could include information about how you use our website, apps and services.
    1. How do you collect personal data?

      We use different methods to collect personal data from and about you including through the following interactions set out below:

    2. Direct interactions. You give us your Identity, Communication, Contact, Transaction and Financial data by filling in forms or by corresponding with us by post, phone, email or online. This could include personal data you provide when you:
      1. request information about our services;
      2. enter into a contract for the provision of services with us;
      3. request marketing to be sent to you;
      4. give us your business card and contact details.
    3. Automated technologies or interactions. As you interact with our website, we may automatically collect Technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
    4. Third parties. We receive personal data about you from the third parties below:
      1. Technical data from analytics providers such as Google;
      2. Contact, Identity, Financial and Transaction data from providers of technical, payment and delivery services.
    1. What happens if I provide you with personal data about another individual?

      In order for us to provide our services to you, we may need to process personal data about other individuals, for example your customers or another individual. In this situation we will not have direct contact with those individuals and it will not be appropriate for us to provide them with a copy of this privacy notice.

      You are required to ensure that you have satisfied all legal requirements before passing this personal data to us, including providing them with a copy of this privacy notice and you must ensure that we can use any personal data that you pass to us in accordance with this privacy notice and data protection law.

      You must also comply with any data protection provisions set out in the terms of business or contract we have entered into with you.

    1. How do you use personal data?

      We will only use personal data when the law allows us to. We may process personal data without your knowledge or consent where this is required or permitted by law. Most commonly, we will use personal data in the following circumstances and for the following purposes:

    2. Legal or regulatory obligation – to comply with a legal or regulatory obligation to which we are subject.
    3. Legitimate interest – where it is in our legitimate interests or that of another third party. We will always make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process personal data for our legitimate interests. We do not use personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at
    4. Performance of contract – where it is necessary for us to process personal data for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; and
    5. Consent – we may rely on consent as a legal basis for processing personal data. If we do, you can withdraw your consent at any time by following the opt-out links on any marketing communications sent to you or by contacting us at
    1. What do you use personal data for and why?

    2. We have set out in the table below, a description of all the ways we use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process personal data for more than one legal basis depending on the specific purpose for which we are using the personal data.
    3. We will only use personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose.
    4. If we need to use personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
      Individual Purpose for processing Data used Legal basis relied on
      Wishing You Customers To deliver services to you including managing payments, fees and charges and collecting and recovering any money owed to us
      • Identity
      • Contact
      • Transaction
      • Communication
      • Performance of a contract
      • Legitimate interests – to recover debts due to us
      Wishing You Customers To manage our relationship with you including notifying you about changes to our terms
      • Identity
      • Contact
      • Communication
      • Performance of a contract
      • Legal and regulatory obligation
      Wishing You Customers To invite you to events and/or workshops and to manage your attendance at those events and/or workshops
      • Identity
      • Contact
      • Communication
      • Legitimate interests – to grow and expand our business
      Prospective Wishing You Customers To contact you to provide you with information about us and our services which you have requested when you are not our client
      • Identity
      • Contact
      • Communication
      • Legitimate interests – to respond to requests for information from you
      All website visitors To administer and protect our business and our website including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data which may include the use of cookies
      • Identity
      • Contact
      • Technical
      • Usage
      • Legal and regulatory obligation
      • Legitimate interests – to run our business, provide administration and IT services, network security and to prevent fraud
      All website visitors To deliver relevant website content to you and measure or understand the effectiveness of our website
      • Usage
      • Technical
      • Legitimate interests – to study how clients and prospective clients use our services, to develop them, to grow our business and to inform our marketing strategy
      All website visitors To use data analytics to improve our website, services, marketing, customer relationships and experiences
      • Usage
      • Technical
      • Legitimate interests – to identify individuals for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
    1. How do you use personal data for marketing and how can I opt out?

    2. We use the information provided to us to contact you regarding our products, services and latest offers (we define this as marketing). You will receive marketing communications from us if you have provided your consent.
    3. You can ask us to stop sending you marketing communications at any time by following the opt-out links on any marketing communications sent to you or by contacting us at
    1. To whom do you disclose personal data?

    2. We may have to share personal data with the parties set out below for the purposes set out in the table above:
      1. Service providers based in the EEA who provide IT and system administration services and access to platforms we use for operational purposes to run our business;
      2. Professional advisers including lawyers, barristers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
      3. Third parties who require access to the personal data we process for the purposes of the prevention or detection of crime or for the purposes of legal proceedings;
      4. HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances, for example to ensure we are complying with legal and regulatory obligations;
      5. External auditors who provide auditing and similar compliance services to us to ensure we are complying with our legal and regulatory obligations when we provide services to you, process personal data or where we are certified under any relevant schemes or certifications;
      6. Financial providers who provide us with financial services and facilities.
    3. We require all third parties to respect the security of personal data and to treat it in accordance with the law and the terms of the contract we have in place with them where they are our third-party service providers. We do not allow our third-party service providers to use personal data for their own purposes and only permit them to process personal data for specified purposes and in accordance with our instructions.
    1. To where do you transfer personal data?

    2. CFH Docmail Limited do not transfer the personal data to any third countries outside the EEA.
    1. How do you safeguard personal data?

    2. We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
    3. We also have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
    1. How long will you use personal data for?

    2. We will only retain personal data for as long as necessary to fulfil the purposes for which we collected it. Postcards will be retained for 14 days after despatch.
    1. Third-party links on this website

    2. Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy notice of every website you visit.
    1. What are cookies and how are these used?

    2. Cookies are small files of letters and numbers stored on your browser or device that enable the cookie owner to recognise the device when it visits websites or uses online services. The website you visit may set cookies directly, known as first-party cookies, or may trigger cookies set by other domain names, known as third-party cookies. While we may automatically use some cookies that are strictly necessary to provide the services you request or enable communications, we request your consent for all of our other cookie uses. For more information about cookies please visit
    3. You can control and delete cookies through your browser settings for more information on how to do this please visit
    4. Most web browsers allow you to directly block all cookies, or just third-party cookies, through your browser settings. Using your browser settings to block all cookies, including strictly necessary ones, may interfere with proper site operation.