Gifted
Privacy Notice
Recently Updated: September 2021

This Privacy Policy is an integral part of Gifted Solutions Inc.(“Gifted”, “we” or “our”) Terms and Conditions (“Terms”), and governs the processing and transfer of Personal Data (as such term is defined below) collected or processed by Gifted in the course of providing our Services to Users and Recipients (as defined in the Terms) through their use of the Platform (as defined in the Terms), and our Websites (as defined in our Terms) visitors (“Visitors” collectively shall refer to as “you”), as available here. 

Any capitalized terms not defined herein shall have the meaning ascribed to them in the Terms.

This Privacy Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data under the EU General Protection Regulation (“GDPR”) which shall apply to you in the event you are present inside the European Economic Area (“EEA”). In the event you are a resident of the state of California, the terms and conditions of our CCPA Privacy Notice available here shall be applicable to you. 

If you choose to use the Services, register and interact with the Services (as defined in the Terms), initiate gifting activities or otherwise provide data to us, you explicitly agree to the terms of this Privacy Policy, and represent and warrant that you will comply with the provisions herein. You may not use the Services, the Websites or the Platform or submit any data through them if you do not agree to any of the terms hereunder; Hence, we encourage you to read this Privacy Policy carefully before acting as such. 

Highlights:
Please note that you are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary. You can always avoid providing us certain Personal Data and object to the processing of certain aspects of your Personal Data. However, you acknowledge that it may prevent you from engaging in certain Services.
You may not share Personal Data about other people with us which you are not authorized to share or use.
Our Services are intended for Users and Recipients over the age of 16 (or equivalent minimum age). Users under such age are not permitted to use the Services. If you are under such age you should cease to use the Services immediately. You may not use the Services to send Gift Cards to Recipients under the age of 16. 
You may be entitled under applicable law to request to review, amend, erase or restrict the processing of your Personal Data. Please note that in case you request to erase or restrict the processing of your Personal Data, your use of the Services may be restricted or disabled.
We do not sell, trade, or rent Users' or Recipients' Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein. 
If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Notice, please send us an email to: [email protected].

1. The Data We Collect

“Non-Personal Data”, means the non-personal and anonymized data which may be gathered or made available through your access or use our Platform and Websites, including but not limited to, your aggregated usage and technical information transmitted or automatically collected, such as, among other things, your access time and date to the Services. For the avoidance of doubt, we are not aware of the identity of the individual from who we collect such usage data from. We collect non-personal data concerning your use of the Platform, the Websites and the Services, such as the scope, frequency, latency, pages accessed, what and when you view on the Websites and how you interact with content and materials displayed through our Services, certain device identifiers, and other technical information regarding the device used to access the Services, such as model and operating system.

“Personal Data”, means information which identifies or may, with reasonable effort, identify an individual , including, but not limited to, first and last name, phone number, email address, billing information, etc. Personal Data may also include certain technical information such as your browser, operating system, device type, Internet Protocol ("IP") address (the addresses of computers on the Internet), and other similar technical information typically received from a browser or device when visiting or accessing our Website and Platform. For the avoidance of doubt, Personal Data does not mean information about a User which is a company or organization, but does include information about such corporate entity's employees and consumers. 

Personal Data we collect from our Visitors

Type of Personal Data - Contact Details
In the event a Visitor contacts us for support or other inquiries, either through sending us a direct email, or by any other means of communication which may be made available by us, the Visitor may be requested to provide us with the following contact details: his/hers email address, phone number and full name.

Purpose of Processing
We will use this information for contacting you and responding to your inquiries, and providing you with the support or information that you requested.
Additionally, we may process the contents of our correspondence with you, for our legitimate interest of improving our customer services, as well as to resolve any disputes with you (if applicable).

For EU persons – Legal Basis under the GDPR
1. Necessity of processing for the purposes of the legitimate interests of Gifted.
2. To perform a contract we may have with you.
3. To fulfill our legal obligation.

Type of Personal Data - Online Identifiers & Technical Information
When a Visitor accesses our Websites, we may, either directly or indirectly (through our third party service providers), collect Visitor’s aforesaid technical information, such as IP address and the frequency and the extent of Visitor’s use of the Services

Purpose of Processing
We process this data under our legitimate interests of (i) operating, providing, maintaining, protecting, managing, customizing, and improving our Website and Platform, and how we offer it; (ii) enhancing your experience with the Website and Platform; (iii) auditing and tracking usage statistics and traffic flow. 

For EU persons – Legal Basis under the GDPR
1. Necessity of processing for the purposes of our legitimate interests, and your consent, where required under applicable law. 
2. In the event required under the GDPR, we will obtain your consent to gather such information, for example through the use of cookies.

Type of Personal Data - Commercial materials and newsletter
In the event a Visitor signs up to receive our newsletter or other marketing materials, you will be requested to provide your email address. 

Purpose of Processing
We may process Visitor’s email address under our legitimate interest, to provide him/her with content regarding our current or future Services. As further described below, Visitor can unsubscribe from receiving such correspondence from us, at any time, by clicking on the designated link in the applicable message that we will send him/her or by contacting us at: [email protected] 

For EU persons – Legal Basis under the GDPR
1. Necessity of processing for the purposes of our legitimate interests, and;
2. Your consent, where required under applicable law.

Personal Data we collect from our Users

If you are User (i.e., either a private User or an employee of a User) in addition to the above Personal Data, we also collect the following Personal Data:

1. Registration Details
For registration to our Platform and opening an Account you will need to provide us with your email address (work email address in the event you are an employee of a User) and to designate an exclusive password to access your Account.

Log in Through Social Network
When you log in to our Services through your Facebook or Google account, we will process certain information such as your email address and your Facebook or Google avatar.
In addition, some of the data we receive depends on your privacy settings with the social network (i.e., Facebook and Google) and you should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Websites.

Purpose of Processing

This information will be processed to perform our contract with you - to set up your User Account and enable you to use our Platform and Services, to send you needed information by email related to the Services, your account, and our business engagement, for example, "Welcome" emails, invoices, reminders regarding the renewal of your subscription, etc.
In addition, we may also process your email address under our legitimate interests, to provide you with content regarding our current and/or future Services. As further described below, you can unsubscribe from receiving such correspondence from us, at any time, by clicking on the designated link in the applicable message that we will send you or by contacting us at: [email protected]  
Please note that if you choose to unsubscribe from direct marketing, we may still retain your contact details in order to send you relevant Service-related information.

For EU persons – Legal Basis under the GDPR

Performance of a contract to which the data subject is party (or representing the contracting party) or in order to take steps at the request of the data subject prior to entering into a contract.

2. Payment Details
In order to use the Services and send a gift to a Recipient, you will be required to provide with certain payment information (e.g., bank account, credit card information). Please note, we do not process and retain your payment information, we are using a third party clearing service who will process your payment details in order to set up a transaction with respect to our Services. For more information about the third party’s privacy policy please refer to:
https://www.payoneer.com/legal/privacy-policy/.

Purpose of Processing
We use third party payment processors which may include Payoneer. Consequently, all transactions are governed by such third party’s privacy policies and terms which we recommend that you review. 

3. Personal Data regarding Users' Employees
We collect certain Personal Data regarding Users' employees which interact with the Platform and initiate and perform gifting activities on behalf of our clients, including using the Dashboard (as defined in the Terms). Such Personal Data includes: name, work email address, and access authorizations to the Platform (user name and password).

Purpose of Processing
To provide the Services to the Users. 
To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.

For EU persons – Legal Basis under the GDPR
1. The employee's active consent, as demonstrated by the employee's actions upon registration to the Services and provision of Personal Data to Gifted.
2. Necessity of processing for the purposes of the legitimate interests of the User and Gifted.

Personal Data regarding Recipients:

1. Gift Card Related Information
While using the Dashboard and in order to initiate gifting activities, choose the value of the Gift Cards and other specifications for each activity, Users will be required to provide us with certain details regarding their Recipients, including the Recipients’ names, email address, phone number, and any additional information depending on the gifting activity initiated such as birth dates, work anniversary dates, wedding date and certain general information which can be inferred from the gifting activity chosen by the User, for example, gifting activities to celebrate an employees’ birthday.  
If a User has elected to add a personalized message, including upload of an image, to the Recipient, we will also process this information. 
In addition we also collect information regarding the Gift Card selected by the Recipient and date of redemption of the Gift Card by the Recipient.

Purpose of Processing
This information will be processed to perform our contract with the User (i.e., an employer or a private person) in order to send Gift Cards to the User’s Recipients.

For EU persons – Legal Basis under the GDPR
1. Performance of a contract to which the data subject is party (or representing the contracting party) or in order to take steps at the request of the data subject prior to entering into a contract.
2. We will also process such information under our legitimate interest of enhancing our Services to you and obtaining our legitimate business purposes. 

2. Employer’s Merchandise Gifting
In the event an employer (i.e. a User of our Services) decides to gift an employee with its merchandise gifts, such as a logo T-shirt, notebooks, etc., we will process the employees’ details, such as name, address and phone number, in order to send him/her the relevant gifts.

----------------

Without derogating from our Users’ data protection rights as described hereunder, please note that before further process your Personal Data for a purpose other than what we specifically mentioned above, in case we intend to do so, we will provide you with reasonable information regarding the revised purpose of processing.
 In addition, we may use certain Personal Data as described above in order to comply with legal requirements and under our legitimate interest of preventing potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Platform or the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. 

2. How Gifted Processes Data

Depending on the nature of your interaction with us (i.e., if you are a Visitor, a User or a Recipient), we may collect information as follows:
Automatically – we may use cookies (as elaborated below) or similar tracking technologies to gather some information automatically when using our Websites.
Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as your communications with us, as part of the registration, etc. all as detailed in this Privacy Policy. In the event you are a Recipient we will collect information if and how the applicable User chooses to provide us your information as detailed above. 

3. Sharing Data With Third Parties
3.1. Non-Personal Data. Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to develop content and services for our Users and Visitors.
3.2. Personal Data. We may share Personal Data only under the following limited circumstances:
3.2.1. With trusted partners and third parties who assist us in operating and providing the Services and conducting our business, such as fraud prevention, cloud hosting services, marketing, account maintenance and technology services.
3.2.2. With Third Party Vendors (as defined in the Terms), who are delivering certain goods or services to the User or the Recipients pursuant to a Gift Card.
3.2.3. With our affiliates and connected companies, such as subsidiaries, sister-companies and parent companies and in the event of a merger or acquisition our affiliated companies or acquiring companies will assume the rights and obligations as described in this Privacy Policy.
3.2.4. To satisfy any applicable law, regulation, legal process, subpoena, or governmental request, solely to the extent required;
3.2.5. To enforce this Privacy Policy, the Terms and Conditions and any other agreement signed by the parties, including the investigation of potential violations thereof, solely to the extent required; 
3.2.6. Under your explicit consent if you specifically request us to provide a third party with your Personal Data or if you provide us with your explicit approval to share your information before the disclosure.

4. Cookies

We or our third party service providers may use cookies and other similar tracking technologies or methods of web and mobile analysis to gather, store, and track certain information related to your access of, activity, and interaction with our Services, Platform and Website, as applicable.   The way in which we, and third parties placing cookies in connection with the Services, use cookies and collect data, is explained in our Cookie Policy. 

5. Data Retention
We retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you will express your preference to opt-out (and in such event we will make all our best efforts to communicate any rectification or erasure of your Personal Data carried out by us, to each third party whom the Personal Data has been disclosed, and where applicable, follow your request, we will inform you about those third parties), where applicable. We may at our sole discretion, rectify or erase information from our systems, without prior notice to you, once we deem it is no longer necessary for such purposes.

6. User Rights

The data protection applicable regulation provides you with the ability to exercise some rights regarding your Personal Data that we hold. Please review our User Rights Policy for more information regarding the rights you may have under the relevant data protection and privacy laws in your jurisdiction.
If you wish to exercise any or all of your rights, please fill out the Data Subject Request form (“DSR”), and send it to us at: [email protected] 
Subject to the applicable regulation, where we are not able to provide you with the information for which you have required, or to the extent you have required, whatever that reason might be, we will endeavor to explain the reasoning for this and inform you of your rights. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information under the regulation. Please note that in the event you have asked us to exercise your data rights, we will respond to your request without undue delay and at the latest within one (1) month (following the receipt of the validation proof we require), in accordance with applicable law. 

7. Security of Personal Data

We have implemented physical, technical, and administrative security measures for the Services and Platform that comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost. You need to remember, however, that unfortunately, the transmission of information via the internet cannot be 100% secure. As such, although we will do our best to protect your Personal Data, we cannot guarantee the full security of data transmitted via our Website or our Services, and any transmission of your data shall be done at your own risk. 

8. Will Giftedd transfer Personal Data internationally?

Our databases are currently located in the AWS U.S. (north California). If you are residing in a country other than the U.S. while accessing or engaging with the Services, the international transfer of Personal Data is likely to occur. 
If you are an EU resident, please see the section – Additional Information for EU Residents, which explains the manner in which Giftedd transfers data internationally in connection with the GDPR.    

9. Additional Information for EU Residents

International Transfer of Personal Data under the GDPR 
In connection with transfer of data related to EU residents, we take all necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data and you may exercise your rights, where applicable, to receive information regarding the transfer mechanism that was used during such transfer. Personal Data will be transferred in all cases pursuant to the standard contractual clauses approved by the European Commission or to a country that was recognized by the EU as providing an adequate level of protection to Personal Data, pursuant to Art. 45 of the GDPR. 

10. EU Users and Article 28 of the GDPR

In the event that the User is an EU entity, in addition to this Privacy Policy, the applicable Data Processing Agreement shall apply to the engagement between the User and Giftedd.  

11. Children

Our Platform is a general audience Platform, which is not directed to Users, Recipient or Visitors under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their affirmative consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from such individual users under 16 years old. If we become aware that such individual users under 16 years old have provided us with Personal Data, we will delete such data from our databases.
If you are a User, please be aware that you may not upload to the Platform any data concerning Individuals under the age of 16, and you may not conduct gifting activities to Recipients who are under 16 years old. Doing any of the above constitutes an infringement of our Terms and may result in the suspension or termination of an Account.  

12. Amendments

We may update this Privacy Policy from time to time which will go into effect immediately upon the implementation of the revised Privacy Policy on our Websites. The last revision date will be reflected in the “Recently Updated” heading located at the top of the Privacy Policy. Your continued use of our Services and the Platform following any such amendments constitutes your acknowledgment and approval of such amendments to the amended Privacy Policy. We will make a reasonable effort to notify you by email if we implement any changes that substantially change our privacy practices. Hence, we encourage you to periodically review this Privacy Policy to stay informed about our practices related to the collection and processing of Personal Data.

13. Questions or Concerns Regarding Privacy

If you have any questions or concerns regarding privacy issues, please send us a detailed message to: [email protected] and we will make every effort to resolve your concerns without delay