Version of the 19.02.2023
The platform of Giftit has been set up in order to : (i) make gifting more fun, interactive and spontaneous, and (ii) reducing the amount of waste caused by unwanted or non-fitting gifts. Furthermore, the Giftit platform aims to facilitate the search for gifts by allowing gifters and potential recipients to see and interact with each other’s wish lists and consult each other’s profiles.
As a basic principle, the Swiss Federal Data Protection Act applies to the processing of your personal data. If you access our services from the State of California, USA, the California Consumer Privacy Act of 2018 (CCPA) may also apply.
2. DATA CONTROLLER
- The Platform is managed by the Giftit Partnership.
- The Giftit Partnership is considered the Data Controller in relation to the processing of Personal Data on the Platform and your first point of contact. You can contact us by e-mail to firstname.lastname@example.org or by post at Clausiusstrasse 16, 8006 Zürich.
- Giftit has the role of making the Platform available to users who wish to register requests for account creation on the Platform and to accompany users in their search for gifts and to consult other user’s profiles.
3. GENERAL PRINCIPLES
- We use the Personal Data collected through our Platform, as described below, to provide the following information and services :
- registration on the Platform and creating a user account ;
- profiles and wish lists consultation;
- informational updates in relation to Giftit and its services ;
- links to the main website of Giftit.
- in-app purchasing and delivery of gifts
- gift recommendation
- birthday and event reminders
- displaying friend activity
4. PERSONAL DATA WE COLLECT, AND OUR USE OF SUCH PERSONAL DATA
A. Sources of collection
- The Personal Data that we collect through our Platform consists of the Personal Data that you provide us with (infra C.)
B. What Personal Data do you provide to us?
- We collect the Personal Data you provide to us on a voluntary basis when, through our Platform, you :
1. Register on the Platform and create an account ;
2. Log into your account using your personal login (e-mail or phone number and password).
- If you register on the Platform as a user, the Personal Data we may collect includes your full name, nationality, date of birth, e-mail address, mobile phone number, account password, language preferences, shoe size, dress size, profile image, postal address, country code, friends network, gifts brands and category preferences, preferences regarding recipients or gifters and log data.
- Our website may allow you to authenticate using third-party services, such as Google Firebase. If you choose to use a third-party authentication service, your password will be stored with the third party provider and some of these services can track your actions when you interact with them. We do not have access to your password, and we encourage you to review the privacy policies of any third-party authentication services that you use to understand their data handling practices.
C. For what purpose do we collect this information?
- We collect the Personal Data you provide to us on a voluntary basis in order to provide the services you have requested, namely :
1. to validate your registration to the Platform ;
2. to create your account and to send you your unique login by e-mail ;
3. to contact you to understand your needs ; and
4. to publish your profile and wish lists on the Platform.
5. LINKS TO GIFTIT’S MAIN WEBSITE
- Our Platform contains links that direct you to Giftit’s main website enabling you to access the content available therein.
6. DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
- We may give certain independent contractors, partners and affiliates access to the Personal Data you made available to us through our Platform. To this day, these contractors and partners are the following :
1. Payment service provider : Violet.io inc., based in the United States of America and Stripe Inc. based in the United States of America ;
2. Platform host : Google (Cloud), based in the United States of America ; and
3. Authentication service provider : Google (firebase), based in the United States of America.
4. Brand partners : the full list of the brand partners is published on the website of Giftit and is regularly updated by Giftit.
- Giftit records certain requests and transactions in log files This log data is used for troubleshooting, statistics, analytics, quality assurance, and to monitor system security and can be analyzed to that end. also uses Google Analytics and Google Firebase Analytics (for iOS and Android apps) to compile usage statistics. These services are provided by Space Pencil, Inc. and by Google Inc. respectively.
- The purpose of sharing your Personal Data with the above-mentioned third parties is to provide you with the Platform and our services of registering on our Platform, creating accounts and consulting profiles, as well as to maintain and seek to improve our Platform on an ongoing basis.
7. DISCLOSURE OF YOUR PERSONAL DATA TO AUTHORITIES
- We may use your Personal Data (including your communications) if we think it is necessary for security purposes, to investigate possible fraud and/or attempts to harm other users of our Platform. Hence, we may use your Personal Data to investigate, respond to and resolve complaints or disputes relating to our Platform.
- It is possible that we will need to disclose your Personal Data when required by law or if we have good faith belief that disclosure is necessary to:
1. investigate, prevent, or take actions regarding suspected or actual illegal activities or to assist government enforcement agencies ;
2. enforce our agreements with you ;
3. investigate and defend ourselves against any third-party claims or allegations ;
4. protect the security or integrity of our Platform ; or
5. exercise or protect the rights and safety of our users, employees, or others.
- We attempt to notify users about legal demands for their Personal Data when appropriate in our judgement and technically feasible, unless prohibited by law or by an authority decision or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
- The purpose of sharing your Personal Data with the aforementioned authorities, is to comply with our duty to comply with a legal obligation to which we are subject.
8. NO DISCLOSURE OF YOUR PERSONAL DATA FOR COMMERCIAL PURPOSES
9. CROSS-BORDER COMMUNICATION OF PERSONAL DATA
- If the level of data protection in a particular country is lower than that applicable in Switzerland, we will ensure under contract the level of protection for your Personal Data is equivalent to that applicable in Switzerland. We shall ensure this through one or more of the following measures :
a) by concluding EU Model Clauses with the appointed services providers, or
b) through the appointed service providers having in place Binding Corporate Rules (BCR) that are recognised by a European data protection authority.
10. PROTECTION OF YOUR PERSONAL DATA AND NOTIFICATION OF A PERSONAL DATA BREACH
- We are committed to using commercially reasonable means to prevent exposure or disclosure of your Personal Data. In Particular, we implement and maintain measures (including administrative, physical, and technical measures) to manage unauthorised disclosures or exposures of your Personal Data.
- In the event of a data breach, or in the event that we suspect a data breach, we will (i) use our best efforts to promptly notify you, where technically feasible, and (ii) cooperate with you to investigate and resolve the data breach, including without limitation by providing reasonable assistance to you in notifying injured third-parties. We will give you prompt access to such records related to a data breach as you may reasonably request; provided such records shall be our confidential information, and we shall not be required to provide you with records belonging to, or compromising the security of, other users.
- In the event of a data breach, or in the event that we suspect a data breach, we will in addition notify the competent authorities in accordance with applicable law.
11. MANAGEMENT OF YOUR PERSONAL DATA (YOUR RIGHTS)
- Right to access and update your Personal Data: Wherever we process your Personal Data, we take reasonable steps to ensure that your Personal Data is kept accurate and up-to date for the purposes for which it was collected.
- Right to delete your Personal Data: You may request the deletion of your Personal Data at any time, subject to any retention obligations imposed on us. We may retain de-personalized (anonymous) information after the deletion of your Personal Data.
- Right of rectification: You have the right to obtain the rectification of your Personal Data if it is inaccurate or incomplete.
- Right to object to processing: Within the limits of the law, you have the right to object our processing of your Personal Data.
- Right to restriction: You have the right to request that we restrict the processing of your Personal Data.
- Right to data portability: You have the right to be provided with a copy of the personal Data we have on you in a structured, machine-readable and commonly used format.
- Right to withdraw consent: You have the right to withdraw your consent at any time where we relied on your consent to process your Personal Data. However, it should be noted that such withdrawal: (i) does not affect the lawfulness of any processing carried out prior to such withdrawal and based on your consent; and (ii) may result in you no longer being able to use certain features of the Platform.
- Right to complain to a supervisory authority: You have the right to complain to a data protection supervisory authority with regards to our collection and use of your Personal Data.
- We may ask you to prove your identity before responding to a request based on the abovementioned rights or otherwise related to your Personal Data. In order to exercise the abovementioned rights, you may make your request in writing by sending us an e-mail to the following address: email@example.com, or by post to the following address: Clausiusstrasse 16, 8006 Zürich.
12. RETENTION OF YOUR PERSONAL DATA
- We retain the Personal Data you provide us with to the extent necessary to provide you access to and use of our Platform and our services, as well as to the extent required to comply with our legal obligations (for example, if we are required to retain your Personal Data under applicable law), to resolve a dispute or to enforce agreements we have entered into and our internal regulations.
- We automatically delete any Personal Data from accounts that have been inactive during two (2) years.
- We reserve the right to store the data in a depersonalized (i.e. anonymous) form after deletion of your Personal Data.
13. PERSONAL DATA RELATED TO MINORS
- Each user agrees to use the Platform at their own risk. We implement commercially reasonable technical, administrative and organizational measures to protect Personal data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform, or third party websites.
- You can also reach us by post at Clausiusstrasse 16, 8006 Zürich.