On 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on thefree movement of such data and the repeal of Directive 95/46 / EC became applicable ( referred to as „RODO”;, „ORODO”, „GDPR”; or „General Regulation on Data Protection”). Our company intensely adjusts internal procedures of personal data processing and protection to new legal requirements and to your needs. In order to continue to be able to process your personal data legally, we need your consent. At NetCard Ltd (owner of the giffti.com website), we understand that we have a duty to protect and respect your privacy and to care for your personal data. This privacy notice, including our General Terms of Service, explains what personal information we collect, how we use your personal information, the reasons why we may need to disclose your personal information to others, and how we securely store your information. personal. For the sake of clarity, Giffti can be both a data controller and data processor for personal data in certain circumstances. We must inform you that these policies may change, so please visit our website regularly for further changes. This privacy statement sets out the user’s rights under the new regulations.

Who we are?

NetCard Ltd is a supplier of gift cards based in Maidstone, F04 1st Floor, Knightrider House, Knightrider Street, ME15 6LU and company number 09455841.

How does the law protect you?

Data protection regulations mean that we are only able to process personal data if we have a good reason to do so. The basis for the processing of personal data is, among others: your consent, performance of the contract, making it possible to settle and send and contact for customer service.

How do we collect personal information from you?

We receive information from you about you when you use our website, fill out forms on our website, contact us by phone, email, live chat or in any other way with regard to our products and services or when you buy such a product. Additionally, we can also collect information from you after logging in. Enter your competition, promotion or probe, or if you want to inform us about other problems. Your personal data may be collected automatically when using our services, including but not limited to IP address, device-specific information, server logs, device event information, location information and unique application numbers.

What data do we collect from you?

The personal information we collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We can also store detailed information about your visits to our site, including but not limited to traffic data, location data, blogs and other communication data. We also keep a record of your inquiries and correspondence in case you contact us. We simply process such data on your behalf in accordance with our Terms of Service and you are responsible for all applicable legal requirements.

How do we use your data?

We use information about you in the following way:

  • To process orders that you have sent to us;
  • To provide you with the right products and services;
  • To meet our contractual obligations that we have with you;
  • To help us identify you;
  • To enable us to view, develop and improve our website and services;
  • To provide customer service, including responding to your requests, if you contact us by inquiry;
  • To administer accounts, track billing and payments;
  • To detect a fraud and to make sure that what you have given us is correct;
  • Conducting marketing and statistical analyzes;
  • To view job applications;
  • To notify you about changes to our website and services;
  • Providing information about products or services that you ask from us, or which we think you may be interested in, if you have agreed to contact for such purposes;
  • To inform you about the change of services and prices.

Storage periods

We will store your personal information throughout the period in which you are a Giffti customer. We store your data only for as long as necessary in accordance with applicable regulations. Personal data will not be stored for a longer period than required by law. Information about the candidate will be available in our database for a maximum of 5 years from the date of their entry into the database or from the date of the last contact, depending on which date is later. After closing your account, we may store your data for a period of 5 years after you cancel your services. We may not be able to delete your data before that time due to our legal and / or accounting obligations. We can also store it for research or statistical purposes. Please be assured that your personal information will only be used for the purposes set out in this document.

Who has access to your personal information?

In accordance with applicable law, we may send your data to the entities processing it at our request, e.g. Marketing agencies, subcontractors of our services and entities authorized to collect data in accordance with applicable law, e.g. courts or law enforcement agencies - of course only if they request a request on the basis of a legal legal basis. We would also like to mention that on most websites, user traffic data is collected by our trusted partners.

International transfers

Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, seeEuropean Commission: Model contracts for the transfer of personal data to third countries. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Third-Party Service Providers: CRM Provider
Purpose: Our CRM Service, is used to manage the leads we receive through our website. Safeguards in place to protect your personal data: Active: EU-US Privacy Shield HR Software
Purpose: Our HR Software used as the company’s recruitment software Safeguards in place to protect your personal data: Active: EU-US Privacy Shield Web Hosting Platform
Purpose: Our Cloud-hosting provider, is used to host our website. Safeguards in place to protect your personal data: Active: EU-US Privacy Shield Email Sending Service
Purpose: Our Email Sending Service is on occasion used to send out emails to users. Safeguards in place to protect your personal data: Active: EU-US Privacy Shield.

Third party

For the avoidance of doubt, we do not sell personal data to third parties or sell them for marketing or advertising purposes. We work closely with many third parties (including companies, service providers and fraud protection services) and we can receive information from you about them.These third-party companies can collect information about you, including but not limited to IP address, device information, server logs, device event information, location information, and unique application numbers. We use their functions on our website, but in some cases they may act as data controllers and will have their own privacy policies that we recommend reading. We may transfer your personal information to third parties to provide services on our behalf (for example, payment processing). However, we will only provide information about you that is necessary to provide theservice and we have specific agreements that ensure that your personal information is secure and will not be used for any marketing purposes.We may share your data if we are seized by a third party and your data will be considered company assets. In these circumstances, we may disclose your personal information to a potential buyer of our business, provided that both parties undertake appropriate confidentiality obligations. Similarly, we may share your personal information if we have an obligation to disclose data in order to comply with all legal obligations or to protect the rights, property or safety of Giffti, our clients or others. This includes but is not limited to the exchange of information with other companies and organizations to protect against fraud, reduce credit risk and dispute policy. However, we will take steps to ensure that your privacy rights remain protected.

Your rights

In preventing the use or processing of your personal data, this may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we will not be able to provide our services or process cancellations of your service. You have the right to object to your use of your personal information or ask us to remove, remove or stop using it if there is no need to stop it. This is known as your right to be forgotten. There are legal and accounting reasons why we will need to keep your information, but please let us know if you believe we are keeping or using your personal information in the wrong way. Our information on privacy protection will be explained to the user when collecting personal data. You have the right to ask us not to process your personal data for marketing purposes. If you decide not to receive marketing information about our products and services from us, you will have the choice not to choose them by checking the appropriate fields on the registration or control panel pages.

Access and updating data

You have the right to access the information we have about you. Send your requests to [email protected] so that we can get this information for you.

How can you withdraw consent to data processing?

Please remember that you can withdraw your consent to the processing of your personal data at any time. For this purpose, please contact us and submit a request for deletion, giving your name and other data (eg phone number, email address) allowing us to identify and delete your data.

What additional rights do you have?

You also have the right to access your data, the right to rectify it, delete it, the right to transfer data, express objection, the right to limit processing. You also have the right to lodge a complaint with the supervisory body, from May 25, 2018, PUODO (President of the Office for Personal Data Protection). Applications should be submitted in electronic form to the following address: [email protected] We will treat each received notification with particular attention. By completing your application, we will need to verify your identity to ensure that we do not share your information with anyone other than you.

Using cookies

Our cookie policy is available here: https://giffti.com/cookies-policy. Giffti may provide links to third party websites. Because we do not control these websites, we encourage you to read the privacy policy of these third-party websites. All information provided on these websites will not be under our control and we can not be responsible for the privacy policy and their practices.

Where we store your personal information

We comply with accepted standards to store and protect the personal information we collect, including encryption if necessary. All information you provide to us is stored on our secure servers in the EEA. From time to time your information may be transferred and stored in a country outside of the EEA in connection with the provision of services. Regulations in these countries may not provide the same protection as in the EEA; however, each third party referred to above outside the EEA has agreed to respect European levels of data protection as regards the transfer, processing and storage of any personal data. By submitting your data to us, you agree to this transfer and storage. However, we will ensure that you take reasonable steps to protect your information in accordance with this privacy notice. Because the transmission of information via the Internet is not completely secure, we can not guarantee the security of data sent to our site, and each transmission takes place at your own risk. After we receive your information, we will use strict procedures and safeguards to prevent unauthorized access. All sensitive data (e.g. Payment details) are encrypted and protected. In the event that we have given you (or when you have chosen) a password that allows you access to certain parts of our site, you are responsible for keeping the password secret. Please do not let anyone share your password.


We agree to take reasonable steps to protect your data in accordance with applicable law and in accordance with our General Terms of Service: https://www.giffti.com/privacy-policy.

Data violation

In the event of a data breach, we ensure that our obligations under applicable data protection laws are respected when necessary. Contact us. Please send us any questions or comments regarding privacy to the address [email protected]

What are your rights to your data?

You have, among other things, the right to request access to data, rectification, deletion or limitation of their processing. You can also withdraw consent to the processing of personal data, raise objections and use other rights listed in detail here.

What are the legal grounds for processing your data?

Every processing of your data must be based on a proper legal basis, in accordance with applicable law. The legal basis for the processing of your data in order to provide services, including matching your interests, analyzing and improving them and ensuring their security is indispensable to perform contracts for their provision (these contracts are usually regulations or similar documents available in the services you use ). This legal basis for statistical measurements and marketing of its own administrators is the so-called reasonable interest of the administrator. The processing of your data for marketing purposes of third parties will be based on your voluntary consent.

Consent to data collection:

I agree to the processing of my personal data collected as part of my use of services, including websites, websites and other functionalities, including those saved in cookie files for marketing purposes (including analyzing and profiling for marketing purposes). Consent is voluntary and you can withdraw it at any time using the tool available here, except that the withdrawal of consent will not affect the lawfulness of processing under consent before it is withdrawn.

Privacy policy

Giffti respects the users' right to privacy. She carries out the protection of her personal data with care and applies appropriate technological solutions to prevent interference with the privacy of third parties. We would like every internet user using our services and visitors to our websites to feel completely safe, and therefore on certain websites, registration and login systems. Registration is not mandatory. Remember that your consent to the processing of Giffti personal data for marketing purposes is completely voluntary. Each user has the right to view and correct the data provided by him. We process user data with their consent, including for the purpose of sending promotional and informational materials, product offers, market research and public opinion. This data helps us to determine user preferences and thus improve the offer addressed to them. We also use this information to organize promotions and competitions more effectively. Knowing who to address is easier to define their final formula and shape. NetCard informs that it is the administrator of personal data processed within the Giffti portal, unless the data is processed as part of websites operated for other entities, in this case NetCard only provides services to administrators in the field of data processing.