Privacy Policy

Last updated: 21 May 2025

This Privacy Policy explains how Nimbloom Ltd (“EzyCarto”, “we”, “us”, “our”) collects, uses, shares and protects personal data when you use our website, mobile apps and related services (the “Service”).

Contents

1. Who We Are & How to Contact Us
2. Our Role (Controller/Processor)
3. What We Collect
4. How We Use Your Data & Legal Bases
5. Cookies & Analytics
6. Sharing & International Transfers
7. Retention
8. Security
9. Your Rights
10. Children
11. Changes
12. Contact & Complaints

1. Who We Are & How to Contact Us

Nimbloom Ltd (Company No. 12345678), 10 Innovation Way, London, UK, is the controller for personal data processed via the Service unless stated otherwise. Email: contact@ezycarto.com.

2. Our Role (Controller/Processor)

We act as a controller for account, billing, product usage and marketing data about users of the Service. When our business customers use EzyCarto to process their end-customers’ data (e.g. shoppers), we typically act as a processor on their instructions. Where we act as a processor, our processing is governed by our Data Processing terms with that customer.

3. What We Collect

• Account data (name, email, company, role), authentication logs and preferences.
• Transactional data (orders, receipts, loyalty and inventory events). Card data is handled by payment processors; we do not store full card numbers.
• Usage & device data (IP address, device IDs, telemetry, crash reports) for security and analytics.
• Cookies & similar – see our Cookie Policy.

4. How We Use Your Data & Legal Bases

• Provide and secure the Service (contract; legitimate interests in operating, preventing fraud/abuse).
• Payments & subscriptions (contract; legal obligations for tax/audit).
• Improve features & performance (legitimate interests in analytics and quality).
• Communications & marketing (consent where required; you can unsubscribe at any time).

5. Cookies & Analytics

We use necessary cookies for core functionality and, with consent where required, analytics/measurement tools (e.g. Google Analytics / Tag Manager). Manage preferences via your browser or our cookie banner. See our Cookie Policy.

6. Sharing & International Transfers

We share personal data with providers that help us run the Service (hosting, email, analytics, payments such as Stripe). Where data is transferred outside the UK/EEA, we rely on safeguards such as the UK IDTA or EU Standard Contractual Clauses, with additional measures as needed.

7. Retention

We keep personal data only as long as necessary for the purposes set out here, including legal, accounting and reporting obligations. Billing records may be retained for up to seven years. Limited security logs may be retained to prevent fraud and abuse.

8. Security

We implement technical and organisational measures designed to protect personal data (encryption in transit, access controls, backups). No system is 100% secure; please safeguard your credentials and devices.

9. Your Rights

Under UK/EU law you may have rights to access, rectify, erase or port your data; to object or restrict processing; and to withdraw consent at any time. Email contact@ezycarto.com to exercise your rights. You can also request deletion yourself using our Delete account page (you’ll receive a one-time email link to confirm).

10. Children

The Service is not directed to children under 16. If you believe a child has provided personal data to us, contact us and we will act.

11. Changes

We may update this Policy from time to time. We’ll post changes with an updated “Last updated” date and, where appropriate, notify you via the Service.

12. Contact & Complaints

Questions or requests: contact@ezycarto.com. You may also contact the ICO or your local supervisory authority.

Where we act as processor for business customers, we process data on their instructions and our data processing terms apply.