Privacy
Giftcloud Limited Privacy Notice
This privacy notice describes how Giftcloud Limited (‘Giftcloud’, 'we', 'us') collects and processes personal information about you, how we use and protect this information, and your rights in relation to this information.
This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified. Giftcloud Limited is part of Segno Pte Ltd., based in Singapore.
Giftcloud is the data controller regarding data processed via the website Giftcloud.com. Via the Giftcloud platform or landing page, Giftcloud is processing data on behalf of its clients (‘Clients’). She, therefore, is a data processor according to data collected via the Giftcloud platform and/or landing pages (eg, the ‘Services’).
Personal information
The categories of information processed via Giftcloud.com or directly with Giftcloud:
Contact Details
Personal Information: Name and e-mail address, telephone number (B2B)
Purpose: (Pre-) contractual phase
Contact Details (2):
Personal Information: E-mail address (B2B)
Purpose: Newsletter/Whitepaper
Social Media Account:
Personal Information: Link to LinkedIn profile
Purpose: Sales activities
Cookies and/or other techniques:
Personal Information:
- Analytics data (e.g. information about app downloads, app and web page histories), which may include data collected from cookies and other types of device identifiers;
- Profile inputs (e.g. page and deal views on the website, click information and information about the website you clicked to our website from). This may include data about your location. With respect to geolocation information collected from your mobile device, we will only collect this where you have provided consent.
- Device details (e.g. MAC address, IP address, Bluetooth data and advertising identifiers). Purpose: Consent via the cookie consent bar on our website. For some functional cookies, no consent is needed. For more information: rewards.giftcloud.com/uk/cookies
Applicant data:
Personal Information: Contact details, resume
Purpose: When you apply for a job with us
The categories of information processed via the Services:
Contact information:
Personal Information: Name, e-mail address
Purpose: Providing services for our Clients:
- Sending you the gift card
- Customer support
Cookies and/or other techniques:
Personal Information: Device ID, region, IP address
Purpose: Website functioning via functional cookies and tracking functionalities of the website
How we use your personal information:
Data processed via Giftcloud.com or directly with Giftcloud:
Purpose: (Pre-) contractual phase
Legal base: Performance of contract
Purpose: Newsletter Whitepaper
Legal base: Consent
Purpose: Sales activities
Legal base: Consent or legitimate interest
Purpose: Cookies and other techniques
Legal base: Consent or legitimate interest
Purpose: Applicant process
Legal base: Consent or performance of a (pre-) contract
The categories of information processed via the Services:
Purpose: Providing services for our Clients:
- Sending you the gift card
- Customer support Legal base: Performance of contract
Purpose: Website functioning via functional cookies and tracking functionalities of the website
Legal base: Legitimate interest and consent if needed
gift card
Data processors:
Sub-processors used for providing Services for our Clients:
MongoDB: Database
Personal Data Processed: Consumer Email Address
Jurisdiction of Processing: London, UK
Transfer Mechanism: N/A
Contact details for Data Protection Officer: MongoDB’s DPO at privacy@mongodb.com
Twilio: Sendgrid to send emails to users.
Personal Data Processed: Consumer Email Address
Jurisdiction of Processing: Sendgrid has a global infrastructure, with email and event data processed in US-based data centres.
Transfer Mechanism: IDTA
Contact details for Data Protection Officer: Twilio Privacy - privacy@twilio.com
Vonage: Nexmo to send SMS to users
Personal Data Processed: In case of sending a reward via SMS: telephone number,
Jurisdiction of Processing: Data held by Nexmo, including PII, is stored on and processed in the UK, the EEA, the United States of America, and in other jurisdictions.
Transfer Mechanism: Data privacy framework
Contact details for Data Protection Officer: Vonage Privacy Team, privacy@vonage.com
Amazon Web Services: Hosting
Personal Data Processed: Consumer Email Address
Jurisdiction of Processing: UK
Transfer Mechanism: N/A
Contact details for Data Protection Officer: privacy@amazon.com
Information sharing
We may share your personal information with third parties under the following circumstances:
• Our Clients who provide you with the offers through the Giftcloud services.
• Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Information security and storage
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the ongoing integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
A few examples:
Role-based access
Secure remote access
Data protection agreements with sub-processors
Training employees on the handling of personal data
Data retention
Data processed regarding the use of the Services:
Data processed for our Clients is deleted within three years after the gift card was sent, or at the request of the client.
Data processed via Giftcloud.com or directly with Giftcloud:
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
• Maintain business records for analysis and/or audit purposes
• Comply with record retention requirements under the law
• Defend or bring any existing or potential legal claims
• Deal with any complaints regarding the services
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
International data transfers
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union or United Kingdom law. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
Your rights over your personal information
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
• access your personal information
• rectify the information we hold about you
• erase your personal information
• restrict our use of your personal information
• object to our use of your personal information
• receive your personal information in a usable electronic format and transmit it to a third party (right to data portability)
• lodge a complaint with your local data protection authority.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honour your requests. If you would like to discuss or exercise such rights, please contact us at the details below.
Links to other websites
Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This privacy policy only applies to the personal information that we collect or which we receive from third-party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites, third-party terms and conditions, or policies.
Children
You must be aged 18 or over to make use of the Services. Our website and services are not directed at children, and we do not knowingly collect any personal information from children. If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, or from any other source, then we will delete that information as soon as possible. Please contact us at hello@giftcloud.com if you are aware that we may have inadvertently collected personal information from a child.
Contact us
Giftcloud Limited is the controller responsible for the personal information we collect and process. In accordance with Art. 27 GDPR, you may contact our (UK) GDPR representative at hello@giftcloud.com. If you have questions or concerns regarding the way in which your personal information has been used, please contact hello@giftcloud.com or our Data Protection Officer at hello@giftcloud.com. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the United Kingdom data protection authority, the Information Commissioner's Office at www.ico.org.uk, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the (UK) General Data Protection Regulation has taken place using.
Changes to the policy
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.
Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing). y.
Visitors to our website
(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) your data of birth;
(vi) your gender;
(vii) your tokenised payment card details, expiry dates and CVV numbers;
(viii) information provided when you correspond with us;
(ix) any updates to information provided to us;
(x) personal information we collect about you or that we obtain from our third party sources; and
(xi) the following information created and recorded automatically when you visit our website:
2.1. Technical information.
This includes: the Internet Protocol (IP) address used to connect your computer to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform. We use this personal information to administer our website, to measure the efficiency of our systems, to undertake an analysis on the locations from which people access our webpages and to monitor, identify and prevent fraud; and
(B) Information about your visit and your behaviour on our website (for example, the pages that you click on). This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.
(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to allow you to access, use and place orders via our website;
(ii) to receive enquiries from you through the website about our business and offers;
(iii) for improvement and maintenance of our website and to provide technical support for our website;
(iv) to ensure the security of our website;
(v) to recognise you when you return to our website, to store information about your preferences, and to allow us to customise the website according to your individual interests; and
(vi) to evaluate your visit to the website and prepare reports or compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive. Such details will be anonymised as far as reasonably possible and you will not be identifiable from the information collected.
Please see sections 2.6 and 2.7 for more details about how we use your personal information.
(c) A word about cookies
(i) Some pages on our website use cookies, which are small files placed on your internet browser when you visit our website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.
(ii) Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website.
(iii) For detailed information on the cookies we use and the purposes for which we use them, please refer to our cookies policy here: https://www.giftcloud.com/uk/cookies
2.2. Customers, and employees of customers
(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your name;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) your age;
(vi) your gender
(vii) your date of birth;
(viii) your tokenised payment card details, expiry dates and CVV numbers;
(ix) information provided when you correspond with us;
(x) if you use the service to send gifts to your friends and/or family, the email address or contact details of your friends and/or family members;
(xi) any updates to information provided to us;
(xii) if you are a Giftcloud app user, the information listed below at section 2.3;
(xiii) information about the Giftcloud service and associated services we provide to you:
(A) information needed to provide the services to you (including information on joining forms, order details, order history and payment details);
(B) customer services information; and
(C) customer relationship management and marketing information;
(xiv) information about your health and wellbeing; and
(xv) information you provide to help us provide you with improved service, for example if we ask you to fill in a survey or questionnaire.
(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to provide you with our services and our Giftcloud app;
(ii) to facilitate deliveries of products and services to you;
(iii) to deal with any enquiries or issues you have about our services that you request from us, our Giftcloud app, and about our products and services;
(iv) to send you certain communications (including by email or post) about our products and services such as administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges);
(v) to carry out statistical analysis and market research on people who may be interested in our products and services; and
(vi) if it is in our legitimate interests for business development and marketing purposes, to contact you (including by telephone or post) with information about our products and services or the products and services of our suppliers and clients which either you request, or which we feel will be of interest to you;
(vii) if you are a consumer and if you have consented, to contact you by email with information about our products and services or the products and services of our suppliers and clients which either you request, or which we feel will be of interest to you; and
(viii) to identify, monitor and prevent fraud.
Please see sections 2.6 and 2.7 for more details about how we use your personal information.
(c) Source of personal information.
We may receive some of your personal information from third parties, such as from clients who will send us your email address so that we can send you a link to your gift.
(d) Special categories of data.
We do not collect special categories of data.
(e) Information we need to provide services to you.
We need certain types of personal information so that we can provide services to you and perform contractual and other legal obligations that we have to you. If you do not provide us with such personal information, or if you ask us to delete it, you may no longer be able to access our services.
2.3 Users of our Giftcloud app
(a) What personal information we collect about you
The Giftcloud app may collect any of the following information about you (and we may use any of the following information in the ways explained below):
(i) your name;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) your age;
(vi) your gender;
(vii) when you use the app for the first time, your unique mobile device identifier information;
(viii) if you sign in using Facebook; your Facebook site login details;
(ix) if you sign in using Facebook, the birthdays of your contacts;
(x) financial information, such as your payment details;
(xi) information about the utilities you use;
(xii) user name and password for access to the Giftcloud app;
(xiii) information about the services we provide to you;
(xiv) details of your leisure activities and interests;
(xv) information about your preferences; and
(xvi) your IP address.
(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to provide the Giftcloud app to you;
(ii) to help you manage the services that we offer to you; and
(iii) to identify, monitor and prevent fraud.
Please see sections 2.6 and 2.7 for more details about how we use your personal information.
(c) Source of personal information.
We may receive some of your personal information from third parties, for example where you purchase a product or service from a client who then provides us with your personal information in order for us to provide the gift.
2.4 People who contact us with enquiries
(a) We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) information provided when you correspond with us;
(vi) any updates to information provided to us; and
(vii) your ID documentation (such as a bank statement or a drivers licence) to monitor, identify and prevent fraud.
(b) How we use your personal information
We will collect, use and store the personal information listed above to deal with any enquiries or issues you have about our products and services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes.
Please see sections 2.6 and 2.7 for more details about how we use your personal information.
2.5. Our suppliers and clients, and employees of our suppliers and clients
(a) We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your name including your title;
(ii) work contact information (phone number, postal address, mailing address, email address);
(iii) your job title;
(iv) your gender;
(v) information provided when you correspond with us;
(vi) any updates to information provided to us;
(vii) personal information we collect about you from third party sources such as LinkedIn:
(viii) CVs, pitch and tender information;
(ix) details of compensation, expense claims and bank details; and
(x) information required to access company systems and applications (such as system ID).
(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to enable us to purchase and receive products and services from you (including supplier/client due diligence, payment and expense reporting and financial audits);
(ii) to deal with enquiries from you;
(iii) to confirm information on CVs and performance reference checks, to assess you or your employer's suitability to work for us;
(iv) for equal opportunities monitoring;
(v) for health and safety records and management; and
(vi) for security vetting and criminal records checks (where applicable and allowed by law).
Please see sections 2.6 and 2.7 for more details about how we use your personal information.
(c) _Source of personal information.
We may receive some of your personal information from third party sources, such as your employer or your employer's company website. We may also collect this personal information from publicly-available sources, such as LinkedIn.
(d) Special categories of data.
Some of the personal information that we collect about you or which you provide to us about you or your employees may be special categories of data. Special categories of data include information about your physical and mental health, sexual orientation, racial or ethnic origin, political opinions, philosophical belief, trade union membership and biometric data.
(e) Information we need to provide services to you.
Please note that we need certain types of personal information so that you or your employer can provide services to us. If you do not provide us with such personal information, or if you or your employer ask us to delete it, you may no longer be able to provide services to us.
2.6 Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional reasons:
(a) to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes;
(b) for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies. We may process your personal information for these purposes where it is in our legitimate interests to do so;
(c) to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so; and
(d) to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.
2.7 Further processing
We will not use your personal information in any way that is incompatible with the purposes set out in this section 2. Please contact us using the details in section 12 if you want further information on the analysis we will undertake to establish if a new use of your personal information is compatible with these purposes.
3. Legal basis for use of your personal information
3.1 We consider that the legal bases for using your personal information as set out in this privacy policy are as follows:
(a) our use of your personal information is necessary to perform our obligations under any contract with you (for example, to fulfil an order which you place with us, to fulfil an order which you have placed with one of our clients, to comply with the terms of use of our website which you accept by browsing our website); or
(b) our use of your personal information is necessary for complying with our legal obligations (for example, for health and safety purposes); or
(c) where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:
(i) run, grow and develop our business (as well as the businesses of our group company Vouchercloud;
(ii) operate our website and the Giftcloud app;
(iii) select appropriately skilled and qualified suppliers;
(iv) carry out marketing, market research and business development;
(v) place, track and ensure fulfilment of orders with our suppliers; and
(vi) for internal group administrative purposes.
If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details at section 12.
3.2 We may use your special categories of data (such as health and wellbeing information) where you have provided your consent (which you may withdraw at any time after giving it, as described below).
3.3 We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).
3.4 If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at hello@giftcloud.com and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide our offers and associated services to you (for example, if those services require use of your special categories of data such as health information).
4. How and why we share your personal information with others
4.1 We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).
4.2 We will share your personal information with the following third parties or categories of third parties:
(a) our suppliers and clients who provide you with the offers through the Giftcloud services. These suppliers and clients will also share your personal information with us;
(b) we may share anonymised and aggregated statistical information with our suppliers and clients to demonstrate what interest there has been in any marketing campaigns we have assisted our suppliers and clients in carrying out;
(c) our other service providers and sub-contractors, including payment processors, utility providers, suppliers of technical and support services, insurers, logistic providers, and cloud service providers;
(d) companies that assist in our marketing, advertising and promotional activities;
(e) analytics and search engine providers that assist us in the improvement and optimisation of our website;
(f) Amazon Web Services in order for them to provide us with web hosting services;
(g) Sendgrid in order for them to provide us with email delivery services;
(h) Nexmo in order for them to provide us with SMS text services;
(i) Elavon and Datacash in order for them to provide us with card processing services; and
(j) Sift Science in order for them to provide us with fraud monitoring and detection services.
4.3 Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.
4.4 We will also disclose your personal information to third parties:
(a) where it is in our legitimate interests to do so to run, grow and develop our business:
(i) if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
(ii) if substantially all of our or any of our affiliates' assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
(b) if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
(c) in order to enforce or apply our terms of use, our terms and conditions for customers or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
(d) to protect the rights, property, or safety of Giftcloud, our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.
4.5 We may also disclose and use anonymised, aggregated reporting and statistics about users of our website or our goods and services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.
4.6 Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.
5. How long we store your personal information
We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
6. Your rights
6.1 You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at hello@giftcloud.com at any time. You have the following rights:
(a) Right of access
You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the European Economic Area ("EEA").
(b) Right to update your information
You have a right to request an update to any of your personal information which is out of date or incorrect.
(c) Right delete your information
You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances, unless required to be kept by law. You can ask us for further information on these specific circumstances by contacting us using the details in section 12.
We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, using the contact details in section 12.
(d) Right to restrict use of your information
You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 12.
We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 12.
(e) Right to stop marketing
You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
(f) Right to data portability
You have a right to ask us to provide your personal information to a third party provider of services.
This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.
(g) Right to object
You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person's legitimate interest.
6.2 We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.
6.3 If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
7. Children
7.1 You must be aged 18 or over to purchase products or services from us. Our website and services are not directed at children and we do not knowingly collect any personal information from children.
7.2 If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, or from any other source, then we will delete that information as soon as possible.
7.3 Please contact us at hello@giftcloud.com if you are aware that we may have inadvertently collected personal information from a child.
8. Marketing
8.1 We may collect and use your personal information for undertaking marketing by email telephone and post.
8.2 We may send you certain marketing communications (including electronic marketing communications) if it is in our legitimate interests to do so for marketing and business development purposes or, if you are a consumer if you have consented to receive such electronic marketing information.
8.3 However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.
8.4 If you wish to stop receiving marketing communications, you can contact us by email at hello@giftcloud.com.
9. Where we may transfer your personal information
9.1 Your personal information may be used, stored and/or accessed by staff operating outside the EEA working for us, other members of our group, suppliers or clients. Further details on to whom your personal information may be disclosed are set out in section 4.
9.2 If we provide any personal information about you to any such non-EEA members of our group, suppliers or clients, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this privacy policy. These measures may include the following permitted in Articles 45 and 46 of the General Data Protection Regulation:
(a) in the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome); or
(b) in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
9.3 Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting us by email at hello@giftcloud.com at any time.
10. Risks and how we keep your personal information secure
10.1 The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public, information that you would prefer to keep private.
10.2 For this reason, Giftcloud is committed to protecting your personal information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures.
10.3 In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.
10.4 Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
11. Links to other websites
Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This privacy policy only applies to the personal information that we collect or which we receive from third party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.
12. Changes to our privacy policy
We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our privacy policy.
13. Further questions and how to make a complaint
13.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact hello@giftcloud.com. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
13.2 In accordance with Article 77 of the General Data Protection Regulation, you may also make a complaint to the Information Commissioner's Office, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
The practices described in this privacy policy statement are current as of 25 May 2018.