PLEASE REVIEW OUR PRIVACY POLICY CAREFULLY

OVERVIEW OF OUR PRIVACY POLICY

Color Card Administrator, Inc. (CCA, we, us, or our) operates CCAReports.com (CCAR), a business card printing and management platform used by corporate and organizational customers.

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information, and the rights available to individuals, in accordance with applicable privacy and data protection laws, including:


  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act (CCPA) as amended by the CPRA
  • Other applicable U.S. state privacy laws

This policy is intended to provide transparency. Applicability of specific laws depends on jurisdiction, relationship, and processing context.

COMPANY INFORMATION (DATA CONTROLLER)

Legal Entity: Color Card Administrator, Inc.
Address: 7898 Ostrow Street, Suite E, San Diego, CA 92111, United States
Contact Us: Click Here.
Website: https://ccareports.com

Where required by law, additional controller, representative, or processor information will be provided through customer agreements.

SCOPE OF THIS POLICY

This Privacy Policy applies to personal information processed in connection with:


  • CCAR websites and applications
  • Account registration and administration
  • Business card ordering, printing, and shipping
  • Customer support and communications
  • Security, fraud prevention, and compliance
  • Optional analytics and remarketing features (where enabled)

Enterprise customers may be subject to separate contractual terms, including a Data Processing Addendum (DPA).

ROLES UNDER DATA PROTECTION LAWS

WHEN WE ACT AS A DATA CONTROLLER

CCAR acts as a data controller for:


  • Website visitor data
  • Account and billing information
  • Orders, invoices, and shipping data
  • Marketing and communications we control

WHEN WE ACT AS A DATA PROCESSOR

CCAR acts as a data processor when processing personal data on behalf of enterprise customers, such as employee or end user data managed through CCAR.

In these cases, processing is governed by customer instructions and a Data Processing Addendum.

DEFINITIONS


  • Personal Information / Personal Data: Information that identifies or can reasonably be linked to an individual.
  • Sensitive Personal Information: Data requiring enhanced protection under applicable laws.
  • Controller / Processor: As defined under GDPR and equivalent laws.
  • Subprocessor: A third party engaged by CCAR to process data on behalf of customers.
  • GPC (Global Privacy Control): A browser based opt out preference signal.

DATA MINIMIZATION AND PURPOSE LIMITATION

We collect only personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this Privacy Policy. Personal data is not processed in a manner incompatible with those purposes.

PERSONAL INFORMATION WE COLLECT

INFORMATION YOU PROVIDE


  • Name
  • Email address
  • Phone number
  • Shipping and billing address
  • Job title and organization
  • Account login credentials


PAYMENT INFORMATION

Payments are processed by third party payment providers.

CCAR does not store full payment card numbers. We may retain:


  • Billing and shipping details
  • Payment confirmation details
  • Last four digits of a card (where applicable)


AUTOMATICALLY COLLECTED INFORMATION

  • IP address
  • Device and browser information
  • System logs and timestamps
  • Usage and interaction data


COMMUNICATIONS

When you contact us (email, chat, or phone), we collect communication content and metadata. Calls may be recorded where permitted by law and with notice.

INFORMATION FROM THIRD PARTIES

We may receive limited information from:


  • Public business sources
  • Enterprise customers
  • Service providers supporting CCAR operations

PURPOSES OF PROCESSING & LEGAL BASES

Where GDPR or UK GDPR applies, we process personal data under the following lawful bases:

Purpose Examples Legal Basis
Service delivery Account access, orders Contract necessity
Account management Credentials, settings Contract necessity
Customer support Communications Legitimate interests
Security & fraud Logs, IP data Legitimate interests / legal obligation
Legal & compliance Invoices, audits Legal obligation
Analytics Usage data Consent or legitimate interests
Marketing (if enabled) Cookies, contact data Consent (where required)

Where legitimate interests are relied upon, we balance our interests against individual rights.

DATA SHARING & DISCLOSURES

We disclose personal information only as necessary to:


  • Service providers (hosting, payments, analytics, support)
  • Professional advisors (legal, accounting)
  • Regulatory or law enforcement authorities when legally required
  • Enterprise customers administering CCAR accounts

NO SALE OF PERSONAL INFORMATION

CCAR does not sell personal information for monetary consideration.

Certain disclosures (e.g., advertising technologies) may be considered sharing under CPRA or similar laws. Opt out rights are described below.

SENSITIVE PERSONAL INFORMATION

CCAR does not intentionally collect sensitive personal information.

If such data is incidentally received:


  • Processing is limited
  • Enhanced safeguards are applied
  • Deletion or restriction requests are honored where legally required

VENDOR GOVERNANCE & SUBPROCESSORS

VENDOR GOVERNANCE

CCAR maintains vendor management practices appropriate to its size and risk profile, including:


  • Privacy and security due diligence
  • Contractual data protection obligations
  • Access limitation and confidentiality


SUBPROCESSORS

When acting as a processor:


  • Subprocessors are engaged under written agreements
  • Equivalent data protection obligations are imposed
  • A public Subprocessor Registry is maintained

COOKIES, TRACKING & GLOBAL PRIVACY CONTROL (GPC)

COOKIES WE USE


  • Strictly Necessary: Security, authentication
  • Functional: Preferences
  • Analytics: Product improvement
  • Advertising/Remarketing: If enabled


CONSENT

Where required, consent is obtained before placing non essential cookies. Users may manage preferences at any time.

GLOBAL PRIVACY CONTROL (GPC)

If a browser or device sends a Global Privacy Control (GPC) signal:


  • We treat it as a valid opt out of sale/sharing and targeted advertising where required
  • Advertising and remarketing cookies are disabled where applicable

DO NOT TRACK

We do not respond to legacy Do Not Track signals due to lack of an industry standard.

INDIVIDUAL RIGHTS

GDPR/UK GDPR RIGHTS

Individuals may have the right to:


  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Objection
  • Withdraw consent
  • Lodge a complaint with a supervisory authority


CALIFORNIA (CCPA/CPRA) RIGHTS

California residents may request:


  • Access / Right to Know
  • Deletion
  • Correction
  • Opt out of sale or sharing
  • Limit use of sensitive personal information
  • Non discrimination

OTHER U.S. STATE RIGHTS

Additional rights may apply depending on state law.

EXERCISING RIGHTS

Click Here to contact us.
Identity verification may be required.

DATA RETENTION

CCAR retains personal information only as long as necessary for stated purposes and legal obligations.

Category Typical Retention
Account data Account life + limited post closure period
Orders & shipping As required for fulfillment and disputes
Billing & tax As required by law
Support records Limited period after resolution
Security logs Limited period for monitoring

Processor data is retained per customer instructions and contractual obligations.

INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the EEA, UK, or Switzerland:

Standard Contractual Clauses (SCCs) will be used
Additional safeguards will be applied where necessary

Copies of safeguards may be requested Here.

DATA SECURITY

CCAR maintains administrative, technical, and physical safeguards appropriate to the nature of the data and risk involved.

No system can be guaranteed 100% secure.

PERSONAL DATA BREACH NOTIFICATION

Controller context: Individuals and regulators are notified as required by law
Processor context: Enterprise customers are notified without undue delay

CHILDRENS PRIVACY

CCAR do not knowingly collect personal data from children under 13 (or a higher age where required by applicable law). If such data is identified, it will be deleted promptly.

AUTOMATED DECISION MAKING

CCAR do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

THIRD PARTY LINKS

CCAR is not responsible for the privacy practices of third party websites.

BUSINESS TRANSFERS

In the event of a merger, acquisition, or asset sale, personal information may be transferred subject to applicable laws and safeguards.

CHANGES TO THIS POLICY

This Privacy Policy may be updated periodically. Material changes will be communicated via the website or other appropriate means.

RIGHT TO APPEAL

If we decline to take action on a privacy request, you may appeal our decision by contacting us here. We will respond within the timeframes required by applicable law.

AUTHORIZED AGENT

California residents may designate an authorized agent to submit requests on their behalf. We may require proof of authorization and identity verification.

DELETION OF SHIPPING ADDRESS / PERSONAL DATA

You may request deletion of:


  • Shipping address
  • Account data
  • Personal data


How to Request:


Process:

  • Identity verification
  • Request validation
  • Deletion within:

    >> 30 days (GDPR)
    >> 45 days (CCPA)

CONTACT INFORMATION

Color Card Administrator, Inc.
7898 Ostrow Street, Suite E
San Diego, CA 92111, United States
Click Here to contact us.

 
Copyright © 2000 - 2026 Color Card Administrator, Inc. All Rights Reserved
 - Another GreatCCAWebsite
Privacy Policy