Gifted
Privacy Notice
Recently Updated: June 25, 2023
This Privacy Policy ("Privacy Policy") is an integral part of our General Terms and Conditions together with any supplement agreement thereto (“Terms”) and governs the processing of information by Giftedd Solutions Inc. and its affiliates (“Gifted”, “Company”, “we” ,“us”, or “our”) while you (“you” or “user”) access, use or interact with our website, available at: https://gifted.co/ (“Website”), and the products and services provided therein (collectively, the “Services”).
Any capitalized terms not defined herein shall have the meaning ascribed to them in the Terms.
Gifted may update or revise this Privacy Policy from time to time. Modifications to this Policy will be posted on the Website or addressed directly to where Gifted, upon its sole discretion, finds it required.
This Privacy Policy explains how the data is collected, used, or shared with others, how it is safeguarded, and transfer in respect with our Services, all in accordance with the relevant data protection and privacy laws and regulations, including, if relevant to the user's jurisdiction, the EU General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) and any other applicable privacy laws and regulations.
If you are a California or Colorado resident, we recommend you review our CCPA Privacy Notice.
This Privacy Policy does not cover your interaction with third-party content available in through the Service, this Privacy Policy may be different from third parties' privacy practices, and we shall not be liable or responsible for the acts of those third parties.
Please note that you are not required by law to provide us with Personal Information (as defined below). Providing Personal Information to us is entirely voluntary, provided however, that we will not be able to provide you with certain services or information without obtaining your Personal Information (for example, we will not be able to contact you in response to your inquiry if we will not have your contact details).
Gifted shall be entitled to (however not obligated), to retain and store Personal Data in its databases, as detailed under this Privacy Policy, and subject to applicable law.
1) CONTACT DETAILS
Giftedd Solutions Inc., incorporatedunder the laws of the US, is the Controller (as such term is defined under the GDPR or equivalent privacylegislation) of the Personal Information we collect from you.
Under the GDPR, we are the Data Controller of our User’s Personal Information. In some cases,where the user acting as a Recipient under a Buyer, we are Joint Controllers with such Buyer or merely Data Processors processing your Personal Information on such Buyer’s behalf. In the later case, the processing of your Personal Information may be also subject to the Buyer’s independent privacy practices and policies and the Data Processing Agreement signed between us and the Buyer.
For any question,inquiry or concern related to this Privacy Policy or the processing of yourPersonal Information, youmay contact as follows:
DPO Contact Information: support@gifted.co.
By Mail: 550 California Ave #1 Palo Alto, CA 94306.
2) WHICH DATA DO WE COLLECT AND FOR WHAT PURPOSE?
“Non-PersonalData” or “Non-Personal Information”: means non-identifiable,aggregated data, that is mainly technical data which is transmitted to us by your device when you access and interact with our Website, such as the type of browser, type of operating system, type of device used, the time and date you access the Website, navigation, language preference, etc. Non-Personal data is used mainly for click stream analysis to provide, maintain, develop and enhanceour Website and the Services provided therein (if applicable) and is not used to identify individuals.Under this Privacy Policy, we can use any aggregated, statistical and de-identified data with no limitation. Such data may be included in our proprietary information and is not deemed personal data under the law.
“PersonalData” or “Personal Information”: means individually identifiable information which identifies or may identify, with reasonable effort, an individual, including online identifiers, such as your name, address, phone number, and online identifiers (such as IP address).
Please see below the table which specifies the Personal Data we collect and how we use it.
VISITORS
DATA SET
Online Identifiers
We use third-party cookies on the Website. As further detailed below, these cookies provide uswith analytics and marketing services. The Personal Information may collect includes: online identifiers, cookie ID, Google ID, IP address, etc.
PURPOSE AND OPERATIONS
We will use such information through our or third parties’ cookies and tracking technologies for analytic, marketing and advertising purposes.
In addition, we process such data for operation, security and fraud prevention purposes.
LAWFUL BASIS UNDER THE GDPR
Strictly necessary cookies, such as technical and security purposes, which are required for the proper and basic operation of the Website will be processed in our legitimate interest.
Other cookies data, including any targeting, advertising and marketing cookies, will be processed subject to your consent, provided through the cookie notice and Consent Management Platform ("CMP").
You may withdraw consent at any time by using the cookie preference settings as detailed in the "Cookie Usage" section below.
DATA SET
Contact Us
If you voluntarily contact us in order to ask for information regarding our Services or any other inquiry, you may be required to provide us with certain information such as your name, email address and any additional information you decide to share with us.
If you are contacting us on behalf of another person, we value your assistance and care for others, please note that it is your responsibility to make sure that any person whose Personal Data you provide is aware of the principles of this statement and agrees that you will provide Personal Information to us on this basis.
PURPOSE AND OPERATIONS
We process such data and retain anyinquiry history subject to our legitimate interests.
DATA SET
Recruitment Data
In the event you apply for a job, we will collect your CVs as uploaded by you, including your name, email address,phone number, information regarding your education and skills, employment history and your photo (to the extent provided by you). Also, where allowed or required by law, we may process diversity and inclusion data regarding your candidacy, such as ethnicity, gender data or any disability. In addition we may collect further information from public and online sources, referees and former employers and combine such data with your other data.
PURPOSE AND OPERATIONS
We will use such data as part of our recruitment and screening efforts to decide whether you can suit a position in the Company.
Also, sometimes we will process your data to enable us to comply with corporate governance and legal and regulatory requirements.
After the completion of process, we will retain the data as part of our internal recordkeeping, including for legal defense from any future claim.
If you are hired by us, your Recruitment Data may be used in connection with your employment and our corporate management.
We will keep your data,analyze it, store it in our systems, use the data or contacting you or for further recruitment steps (e.g., interview) and keep records of our interaction with you.
LAWFUL BASIS UNDER THE GDPR
We process such data subject to our legitimate interest.
In some cases, for example where we will ask you to provide health related data or diversity and inclusion data, we will process your data based upon your consent. You may always withdraw consent at any time by contacting us.
We will retain your data for record keeping and future defense from legal claims under our legitimate interest.
*** In case you will be hired and become part of our workforce, your recruitment data may be kept as part of your employee record.
USER
DATA SET
User Account Information
If you are or wish to become a User and use our Services (as such terms is defined under Gifted Platform General Terms and Conditions) you will need to create an account. The information provided during the registration process or log-in may include your Name, address, company, phone number, email address, username and password, Google, Apple or LinkedIn ID and any other information requested or provided through the registration process.
You represent and warrant that you will not provide us with inaccurate, misleading or false information.
PURPOSE AND OPERATIONS
We will use this information in order to create you an account, provide you with account management, support and to provide the Services as well as to send you needed information related to provide you with our Services and which related to our business engagement (e.g., send you a welcome message, notify you regarding any updates to our Services, send applicable invoices, etc.) and additional occasional communications and updates related to the Services. Such messages may be delivered to you through email or SMS in accordance with applicable law.
Further, we may send promotional and marketing emails and messages to you, to the extent we allowed to do so under applicable law (“Direct Marketing” as detailed hereunder).
We may also use the information in order to verify your identity.
LAWFUL BASIS UNDER THE GDPR
We process such data for the purpose of performing our contract with you, meaning,to provide the Services and to designate your account.
In some case, using your data for promotional purposes will be subject to your consent. You may always withdraw consent at any time by contacting us, or unsubscribe from any marketing list through the designated feature included in such message.
DATA SET
Payment Data
When you make a payment for our Services (e.g., as a Buyer), or when providing payment information to receive payments from other Users (e.g., as a Merchant), you will be asked to submit payment information data such as your credit card number,bank account data, debit card, etc.
The payment is processed by our third party payment processor Payoneer and will be governed by their privacy policies.
PURPOSE AND OPERATIONS
We will use the information to provide you with the Services. We will use third party payment processors, any transactions that are processed by these third party payment processors will be governed by their privacy policies and terms which we recommend that you review.
LAWFUL BASIS UNDER THE GDPR
We process such data for the purpose of performing our contract with you and will enable you to use our Services.
Certain payment data is being retained by us as part of our legal obligations (e.g., bookkeeping).
DATA SET
Platform Data
Regarding any User, in accordance with its role as a Buyer, Merchant or Recipient, we will processdata regarding the use of the Platform, including, status and balance of entitlements, Gifts redeemed, purchases and transactions made between Users through the platform, dispute and services data, and any other data related to the use of the Platform in accordance with the General Terms and each relevant supplement agreement.
PURPOSE AND OPERATIONS
We will use the information to provide you with the Services, and record the activities of the User in the Platform. We will also use that data to shift balance and entitlements between Users, oversee Users activity, assist in resolving disputes, etc.
LAWFUL BASIS UNDER THE GDPR
We process such data for the purpose of performing our contract with you and will enable you to use our Services.
When we use such data in a statistical and aggregated manner for improving our services, we do so to our legitimate interests.
DATA SET
Usage Data
When you use our Services, information and data gets automatically generated. Also,our systems keep record of your activity and interaction with the services,your support inquiries, requests and services actually provided and any other data related to the actual use of the services following the registration.
Such data is usually part of your Account Data and uses us to manage our engagement with you and keep record regarding your activity with us.
In other instances, such data can help us to understand how you are using our Services, and how to better provide the Services to you such information may include the dates and times of usage and usage record (log data), clickstream within the Website, page viewed, the use of the Services (i.e., accessed or used by User) and the time spent on those pages or features, crash data and analytics, etc.
To the extent Usage Data contains Personal Information,it will be treated as Personal Information and is covered under this Privacy Policy.
PURPOSE AND OPERATIONS
We use such Usage Data for providing you with services, as well as improving our Services and adjusting them to your need sand preferences.
LAWFUL BASIS UNDER THE GDPR
When we process your Usage Data as part of, and for the purpose of, providing you with the services (e.g., addressing support inquiries) we do so to fulfill the contract between us and provide you with the Services.
When we process such information for improving our services or as part of our general management and record keeping, we do so subject to our legitimate interest.
DATA SET
Direct Marketing
As a User, we will send you materials and marketing content through the email information you provided during your registration.
PURPOSE AND OPERATIONS
We will use this information to keep you updated with offers and content such as updates, new capabilities and features,and to send you invoices and supporting documentation.
We will always do so in accordance with and to the extent permitted by applicable law.
LAWFUL BASIS UNDER THE GDPR
We process such data subject to our legitimate interest.
You can opt-out at any time through the "unsubscribe" link within the email or by contacting us directly.
However certain operational content, such as invoices, will still be sent.
Recipients of the Gifts:
As part of the Services, we also collect Recipients’ information provided by a Buyer such as Recipients’ names, email address, phone number, and any additional information depending on the gifting activity initiated such as birth dates, work anniversary dates, wedding date and certain general information which can be inferred from the gifting activity chosen by the Recipient, etc. (“Recipient Information”). Please know that sometimes we are not the controller of any or part of such Recipient Information, the Buyer is. We process such Recipient Information on behalf of the Buyer for the purpose of providing the Services as set forth in the separate agreements between us and any such Buyer. The Buyer is solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, consents, agreements or other obligations relating to such data before transferring it to the Platform.
If you are a Recipient which is an employee of the Buyer and you own a user account for receiving our Services, please know we may collect certain account and usage data such as email address, name, click stream within the Website or Platform, page viewed, the use of the Services (i.e., accessed or used by the Recipient) and the time spent on those pages or features, crash data and analytics, etc. (“Employee Usage Data”).
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use,disclosure by transmission, erasure, or destruction. Transfer of personal data to third-party countries, as further detailed in the "Data Transfer"section, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts,and any other misuse of the Website and to enforce the Terms, as well as to protect the security or integrity of our databases, Website and to take precautions against legal liability. Such processing is based on our legitimate interest.
3) COOKIES USAGE
We usecookies to improve your experience while you interact with our Website and use theServices provided therein. We may use various types of cookies:
· Essential Cookies – which are necessary for the Website to work properly;
· Functional Cookies –designated to save your settings on the Website - your language preference orother view preferences;
· Session Cookies – used to support the Website's functionality – such cookies are stored only temporarily during a browsing session and are deleted from your device when you close the browser;
· Targeting Cookies - these cookies are used to collect information from you to help us improve our Services and provide you with targeted advertisements that we believe will be relevant to you (e.g., Google's Cookies).
· Analytics Cookies - give us aggregated and statistical information to improve the Services and further developing it (e.g., Google analytics, etc.).
Please note that the data collected by the use of cookies may be linked to and combined with any other data, including Personal Data.
In addition, cookie's data is usually collected through the use of third-party services, like Google, Facebook, LinkedIn, etc. In those cases, your Personal Data might be transferred to those third parties, which might link it and useit together with other information they have on you from other sources. Such data is "owned" and processed separately by those third-parties under their terms and conditions and the direct accounts or subscriptions you have with those third parties.
The specific cookies we currently use and your choices with regard to such use are detailed HERE.
4) HOW WE COLLECT INFORMATION
According to the nature of your interaction with the Website, we may collect information as follows:
· Automatically – we may use cookies and similar tracking technologies (as elaborated in the Cookies Section below) to gather some information automatically when you interact with ourWebsite.
· Provided by you voluntarily – we will collect information if and when you choose to provide us with information,such as when you contact us in case of an inquiry or planning a trip with us aspart of the Services.
· Provided by third parties – in case you are a Recipient, we may receive certain information from the User and we will process such information subject to the applicable User’s choices as he is the controller, to the extent permitted by the applicable laws.
5) DATA SHARING– CATEGORIES OF RECIPIENTS WESHARE PERSONAL DATA WITH
We share your data with third parties, including trusted partners or service providers that help us provide our Services and improve the Website:
· Legal Requirement: We will share your information in this situation only if we are required to do soto comply with any applicable law, regulation, legal process, or governmental request (e.g., to comply with a court injunction, comply with tax authorities, etc.);
· Policy Enforcement: We will share your information, solely to the extent required to (i) enforce and agreements; or (ii) to investigate any potential violations thereof, including without limitations, detect, prevent, or take action regarding illegal activities or other wrongdoings, suspected fraud or security issues;
· Company's Rights: We will share your information to establish or exercise our rights, to prevent harm to our rights, property, or safety, and to defend ourselves against legal claims,when necessary, subject to applicable law;
· Third Party Rights: We will share your information, solely to the extent required to prevent harm to the rights of our Users, yourself, or any third party's rights, property, or safety;
· Service Providers: we share your information with third parties that perform services on our behalf (e.g., tracking cookies, servers, marketing, and support, etc.) these third parties may be located in different jurisdictions.
· Collaborations and APIs to Third Party Platforms: as detailed in the General Terms, we may, upon our sole discretion, collaborate or engage third party platforms for the joint offering of Gifts, products and services, while sharing User Content and any other content related to the User, including Personal Data;
· Corporate Transaction: we may share your information in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring Company will assume the rights and obligations as described in this Privacy Policy;
· Authorized Disclosures: we may disclose your information to third parties when you consent to a particular disclosure. Please note that once we share your information with another company,that information becomes subject to the other Company's privacy practices.
Where we share information with service providers and partners, we ensure they only have access to such information that is strictly necessary in order for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations.
6) DATA TRANSFER
Any information you provide us may be transferred to and processed in countries other than the country from which you accessed the Website. If you are a resident of the European Economic Area ("EEA") we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer outside of the EEA, in accordance with the fifth chapter of the GDPR (e.g., signing Standard Contractual Clauses). If you are a resident of a jurisdiction where the transferring of your Personal Data requires your consent, then your consent to this Privacy Policy includes your express consent for such data transfer.
7) USER RIGHTS
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We provide you with the ability to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with Gifted, data protection and privacy laws provide you with some of the following principal rights regarding your Personal Data, including (and depending on your jurisdiction):The right to access your Personal Data that we process; The right to ensure your Personal Data is accurate, complete and up to date; The right to have your Personal Data amended (by correcting, deleting or adding information); The right to object to the processing of your Personal Data, to the extent applicable; The right to send or "port" your Personal Data; The right to file a complaint with a supervisory authority in your jurisdiction; The right to withdraw consent, subject to legal or contractual restrictions and reasonable notice; etc.
You may exercise any or all of your above rights in relation to your Personal Data by contacting us at: support@gifted.co.
Where we are not able to provide you with the information for which you have asked, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the supervisor authority (in the event you are an EEA resident). We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information in accordance with applicable law.
8) RETENTION
We retain Personal Information we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.
Other circumstances in which we will retain your Personal Information for longer periods of time include: (i) where we are required to do so in accordance with legal,regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information fromour systems, without notice to you, once we deem it is no longer necessary for such purposes.
9) SECURITY
We implement extensive security measures to reduce the risks of damage, loss of information, and unauthorized access or misuse of Personal Information. We implement appropriate data collection, storage, and processing practices and security tools to protect Personal Information against unauthorized access, alteration, disclosure, or destruction. You should be aware that no security measures are completely fail-proof, and it is impossible to prevent any and all threats to the security of data and systems. Therefore,you should be aware that any processing of digital Personal Information holds certain inherent risks, and we cannot guarantee that our services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions oraccess, malware attacks or other kinds of abuse and misuse.
10) CHILDREN
Our Services are not intended for use by children and we do not knowingly collect or maintain information about anyone under the age of 16. Please contact us at: support@gifted.co if you have reason to believe that a child has shared any information with us.
