CardHero.com Just Launched!
Be one of the first to try our new service.
Free standard shipping on all orders

Your cart

Your cart is empty

Continue shopping

Privacy Policy

Last updated: 26 February 2026

Welcome to CardHero (“we”, “us” or “our”).

This Privacy Policy explains how HCH Enterprises Ltd collects, uses, discloses, and safeguards your personal data when you visit or use www.cardhero.com (the “Website”), place an order, create an account, sign up for communications, or otherwise interact with us.

We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are (Data Controller)

The Website is operated by HCH Enterprises Ltd (trading as CardHero), a company registered in England and Wales under company number 13701091.
Our registered office is at 128 City Road, London, United Kingdom, EC1V 2NX.

We are the data controller responsible for your personal data.

2. Personal data we collect

We may collect the following categories of personal data:

  • Identity & Contact Data — name, billing address, delivery address, email address, telephone number.
  • Order & Transaction Data — details of the greeting cards and products you order, payment card details (processed securely by our payment providers), order history.
  • Technical & Usage Data — IP address, browser type/version, device type, operating system, pages visited, products viewed, and how you interact with the Website (via cookies and similar technologies).
  • Marketing & Communications Data — your preferences for receiving marketing from us and how you would like to be contacted.

We do not collect any special category (sensitive) personal data, nor do we knowingly collect data about children under 18.

3. How we collect your data

  • Directly from you — when you place an order, register an account, sign up for our newsletter, contact customer service, or leave a review.
  • Automatically — as you browse the Website (cookies, server logs, analytics tools).
  • From third parties — such as Shopify (our platform), payment processors, delivery couriers, or advertising networks.

4. How and why we use your personal data

We only use your personal data where the law allows us. The main legal bases we rely on are:

  • Performance of a contract — to process your order, send you order confirmations, dispatch updates, and deliver your greeting cards.
  • Legitimate interests — to improve our Website and customer experience, prevent fraud, provide customer service, and (for existing customers) send marketing about similar products.
  • Legal obligation — to comply with tax, accounting, and consumer protection laws.
  • Consent — for certain marketing emails or non-essential cookies (you can withdraw consent at any time).

Specific purposes include: fulfilling and tracking orders, managing accounts, responding to enquiries, improving the site, security and fraud prevention, and sending relevant marketing (where permitted).

5. Sharing your personal data

We may share your data with trusted third parties who help us operate the business. These include:

  • Shopify — our ecommerce platform, hosting, and payment services.
  • Payment processors (e.g. Shopify Payments, Stripe, PayPal, etc.).
  • Delivery/courier companies (e.g. Royal Mail, DPD, Evri).
  • Analytics and advertising partners (e.g. Google Analytics, Meta Pixel if used).
  • Professional advisers (accountants, lawyers, insurers).
  • Regulatory bodies or law enforcement — where legally required.

We never sell your personal data. All third parties are required to keep your data secure and process it only for the purposes we instruct.

6. International data transfers

Some of our service providers (including Shopify, which is based in Canada and the USA) are located outside the UK. Whenever we transfer your personal data outside the UK, we ensure appropriate safeguards are in place (such as UK International Data Transfer Agreements or Standard Contractual Clauses) so your data receives the same level of protection as it would in the UK.

7. Data security

We have appropriate technical and organisational security measures in place to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. In the event of a personal data breach, we will notify you and the Information Commissioner’s Office (ICO) where we are legally required to do so.

8. How long we keep your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for legal, accounting, or reporting requirements.

  • Order and transaction data is typically kept for 6–7 years (for tax and consumer law purposes).
  • Marketing preferences are kept until you unsubscribe.
  • Account data is kept while your account is active.

Once no longer needed, we securely delete or anonymise your data.

9. Your legal rights

Under UK data protection law you have the following rights (subject to certain conditions):

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object (including to direct marketing and processing based on legitimate interests)
  • Rights relating to automated decision-making and profiling

To exercise any of these rights, please contact us (details below). We will respond within one month. You also have the right to complain to the Information Commissioner’s Office (ICO) at any time: www.ico.org.uk.

10. Marketing communications

We may send you emails about new greeting cards, offers, and promotions if you have consented or if you are an existing customer and we are relying on our legitimate interest (soft opt-in).

You can unsubscribe at any time by clicking the “unsubscribe” link in any email or by contacting us.

11. Cookies and tracking

Our Website uses cookies and similar technologies to enhance your experience, analyse traffic, and deliver personalised content/ads (where applicable).

For full details of the cookies we use and how to manage or disable them, please see our separate Cookie Policy [link to your cookie policy page].

12. Third-party links

The Website may contain links to third-party sites. We are not responsible for the privacy practices or content of those sites.

13. Changes to this Privacy Policy

We may update this policy from time to time. The “Last updated” date at the top will be changed. Please check back periodically.

14. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: [email protected]
Postal address: HCH Enterprises Ltd, 128 City Road, London, EC1V 2NX