Privacy & Data

This policy explains how MetalCardCompany uses any information you provide to us during your use of our website. Please read with care. is operated by Cyberpac as part of ESD Control Centre Ltd (United Kingdom Company Number 2526954) which is the Data Controller for the purposes of the Data Protection 1998. You may contact us at the following address:

Integrity House, 
Easlea Road, 
Bury St Edmunds, 
IP32 7BY

The information you provide to us during your use of our site will be used by us in order to supply you with goods and services under the Terms and Conditions of our website. We may also collect information about your buying behaviour in order to contact you from time to time by emails with details of carefully selected products or special offers which may be of interest to you.

If you do not wish to receive information from us you may unsubscribe at any time by logging into your account and or by sending an email to from the relevant e mail address. We will not transfer any information that we hold on you to anyone outside the European Economic Areas. You may at any time request a copy of the information we hold on you, by submitting a Subject Access Request, in writing to us at the above address.

E.S.D. Control Centre Limited is registered with the Information Commissioner’s Office under registration reference: ZA291340.  Registration Start date: 1 November 2017.

Data protection principles

In accordance with ICO guidance and EU law, our site follows Schedule 1 to the Data Protection Act, which lists the data protection principles in the following terms:

  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –(a) at least one of the conditions in Schedule 2 is met, and(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Thank you for your interest, we hope you enjoy browsing

Metal Card Company – Cookie Policy

Last updated:  21/11/2017

Metal Card Company, which is a trading name of ESD Control Centre Ltd, uses cookies on its website By using the site, you consent to the use of these cookies. Our Cookies Policy explains what cookies are, how we use them, how third-parties we may partner with may use cookies on the site and your choices regarding cookies and further information about cookies.

A cookie is a small file, typically of letters and numbers, downloaded on to a  device when the user accesses certain websites. Cookies are then sent back to the originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device. The Regulations apply to cookies

and also to similar technologies for storing information. Cookies we use can be both “persistent” or “session” cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.

When you use and access the service, we may place a number of cookies files in your web browser. We use cookies for the following purposes: to enable certain functions of the service, to provide analytics, to store your preferences, to enable advertisements delivery, including behavioural advertising and trace payment information to ensure it’s encrypted and that we can fulfil on delivery.

In addition to our own cookies, we may also use various third-parties cookies to report usage statistics of the service, deliver advertisements on and through the Service. These are listed below.

Live Chat – To allow live chat between user and site owner.

Google Analytics – Used to determine new sessions and visits, we also store these cookies for Google’s ReMarketing, Adwords and Double Click AdExchange Buyer services.

Hubspot – A CRM that allows us to coordinate and manage customer data. Helps to improve the website and your shopping experience, and to make our marketing campaigns relevant. HubSpot offers B2B inbound marketing software. Their technology provides search engine optimization, business blogging, competitor analysis, our Hubspot forms also record cookie use.

WooCommerce – To keep track of cart data, WooCommerce makes use of 3 cookies:  woocommerce_cart_hash  |  woocommerce_items_in_cart  |  wp_woocommerce_session_

The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.

WordPress – When you log into WordPress from, WordPress stores the following two cookies:  Your user name | A double-hashed copy of your password. The cookies are set to expire two weeks from the time they are set. Several plugins to aid user experience and analytics also record cookie sessions through Yoast, an SEO plugin and Contact Form 7.

Social Media – Some pages load content from 3rd party social media platforms like Facebook, Google+, LinkedIn, Twitter and YouTube. In some cases we use software called AddThis to manage page sharing.

Sagepay – Our Payment Service Provider is Sage Pay. They provide a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way. Sage Pay uses a range secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards. In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL. So when buying through our site, you can be sure that you are completely protected.

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

You can learn more about cookies and download the ICO guidance and cookie law, here

Please see our general terms & conditions pages for our policy on data protection.