Privacy
Giftcloud Limited Privacy Notice
This privacy notice describes how Giftcloud Limited (‘Giftcloud’, 'we', 'us') collects and processes personal information about you, how we use and protect this information, and your rights in relation to this information.
This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified. Giftcloud Limited is part of Segno Pte Ltd., based in Singapore.
Giftcloud is the data controller regarding data processed via the website Giftcloud.com. Via the Giftcloud platform or landing page, Giftcloud is processing data on behalf of its clients (‘Clients’). She, therefore, is a data processor according to data collected via the Giftcloud platform and/or landing pages (eg, the ‘Services’).
Personal information
The categories of information processed via Giftcloud.com or directly with Giftcloud:
Contact Details:
Personal information: Name and e-mail address, telephone number (B2B)
Purpose: (Pre-) contractual phase
Contact Details (2):
Personal Information: E-mail address (B2B)
Purpose: Newsletter/Whitepaper
Social Media Account:
Personal Information: Link to LinkedIn profile
Purpose: Sales activities
Cookies and/or other techniques:
Personal Information:
- Analytics data (e.g. information about app downloads, app and web page histories), which may include data collected from cookies and other types of device identifiers;
- Profile inputs (e.g. page and deal views on the website, click information and information about the website you clicked to our website from). This may include data about your location. With respect to geolocation information collected from your mobile device, we will only collect this where you have provided consent.
- Device details (e.g. MAC address, IP address, Bluetooth data and advertising identifiers).
Purpose: Consent via the cookie consent bar on our website. For some functional cookies, no consent is needed. For more information: rewards.giftcloud.com/uk/cookies
Applicant data:
Personal Information: Contact details, resume
Purpose: When you apply for a job with us
The categories of information processed via the Services:
Contact information
Personal Information: Name, e-mail address
Purpose: Providing services for our Clients:
- Sending you the gift card
- Customer support
Cookies and/or other techniques
Personal Information: Device ID, region, IP address
Purpose: Website functioning via functional cookies and tracking functionalities of the website
How we use your personal information:
Data processed via Giftcloud.com or directly with Giftcloud:
Purpose: (Pre-) contractual phase
Legal base: Performance of contract
Purpose: Newsletter Whitepaper
Legal base: Consent
Purpose: Sales activities
Legal base: Consent or legitimate interest
Purpose: Cookies and other techniques
Legal base: Consent or legitimate interest
Purpose: Applicant process
Legal base: Consent or performance of a (pre-) contract
The categories of information processed via the Services:
Purpose: Providing services for our Clients:
- Sending you the gift card
- Customer support
Legal base: Performance of contract
Purpose: Website functioning via functional cookies and tracking functionalities of the website
Legal base: Legitimate interest and consent if needed
gift card
Data processors:
Web Services
Sub-processors used for providing Services for our Clients:
MongoDB: Database
Personal Data Processed: Consumer Email Address
Jurisdiction of Processing: London, UK
Transfer Mechanism: N/A
Contact details for Data Protection Officer: MongoDB’s DPO at privacy@mongodb.com
Twilio: Sendgrid to send emails to users.
Personal Data Processed: Consumer Email Address
Jurisdiction of Processing: Sendgrid has a global infrastructure, with email and event data processed in US-based data centres.
Transfer Mechanism: IDTA
Contact details for Data Protection Officer: Twilio Privacy - privacy@twilio.com
Vonage: Nexmo to send SMS to users
Personal Data Processed: In case of sending a reward via SMS: telephone number,
Jurisdiction of Processing: Data held by Nexmo, including PII, is stored on and processed in the UK, the EEA, the United States of America, and in other jurisdictions.
Transfer Mechanism: Data privacy framework
Contact details for Data Protection Officer: Vonage Privacy Team, privacy@vonage.com
Amazon Web Services: Hosting
Personal Data Processed: Consumer Email Address
Jurisdiction of Processing: UK
Transfer Mechanism: N/A
Contact details for Data Protection Officer: privacy@amazon.com
Information sharing
We may share your personal information with third parties under the following circumstances:
• Our Clients who provide you with the offers through the Giftcloud services.
• Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Information security and storage
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the ongoing integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
A few examples:
- Role-based access
- Secure remote access
- Data protection agreements with sub-processors
- Training employees on the handling of personal data
Data retention
Data processed regarding the use of the Services:
Data processed for our Clients is deleted within three years after the gift card was sent, or at the request of the client.
Data processed via Giftcloud.com or directly with Giftcloud:
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
• Maintain business records for analysis and/or audit purposes
• Comply with record retention requirements under the law
• Defend or bring any existing or potential legal claims
• Deal with any complaints regarding the services
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
International data transfers
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union or United Kingdom law. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
Your rights over your personal information
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
• access your personal information
• rectify the information we hold about you
• erase your personal information
• restrict our use of your personal information
• object to our use of your personal information
• receive your personal information in a usable electronic format and transmit it to a third party (right to data portability)
• lodge a complaint with your local data protection authority.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honour your requests. If you would like to discuss or exercise such rights, please contact us at the details below.
Links to other websites
Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This privacy policy only applies to the personal information that we collect or which we receive from third-party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites, third-party terms and conditions, or policies.
Children
You must be aged 18 or over to make use of the Services. Our website and services are not directed at children, and we do not knowingly collect any personal information from children. If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, or from any other source, then we will delete that information as soon as possible. Please contact us at hello@giftcloud.com if you are aware that we may have inadvertently collected personal information from a child.
Contact us
Giftcloud Limited is the controller responsible for the personal information we collect and process. In accordance with Art. 27 GDPR, you may contact our (UK) GDPR representative at hello@giftcloud.com. If you have questions or concerns regarding the way in which your personal information has been used, please contact hello@giftcloud.com or our Data Protection Officer at hello@giftcloud.com. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the United Kingdom data protection authority, the Information Commissioner's Office at www.ico.org.uk, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the (UK) General Data Protection Regulation has taken place using.
Changes to the policy
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.
Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).