1. Why do we need your personal data?
SmartGift uses information from our interactions with you and other customers as well as the operator of the store that you are purchasing from to help achieve its goal of offering our products and services to you and others.
SmartGift respects the privacy rights of our online visitors and recognises the importance of protecting the information collected about them. To this end, we have established procedures that ensure your personal data is processed in a responsible manner.
The definition of personal data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
When we use the term ‘processing,’ we mean any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Who controls the data?
The store that you are purchasing from determines the purposes and means of the processing of your personal data. Carrying with it legal responsibilities, a data controller is legally responsible for the storing and use of personal information on computer or in manual files. If you use our products and services to make a purchase from a store that offers our products and services, then we operate as a data processor.
Contact Details for SmartGift, the data processor:
SmartGift, Inc. 175 Pearl Street Brooklyn, NY 11201 United States Tel.: +1 855 856 4438 D-U-N-S #: 049993668 Email: email@example.com
SmartGift does not employ an individual whose sole responsibility is that of a Data Protection Officer. However, one of our employees is the Privacy Responsible and is responsible for data protection. If you have any questions or concerns regarding privacy or if you have any enquires regarding the personal data you have given us, kindly contact SmartGift at any time. For details on how to contact us, please see “Contact Details” or send an email directly to our Privacy Responsible: firstname.lastname@example.org
3. What personal data is collected?:
All our activities are based on stringent ethical principles and legal requirements, and we are committed to protecting the privacy of all visitors to our websites and users of our applications. For this reason, the way in which we collect and store information, including personal data, is dependent on how our website and related services are used. We do not collect any sensitive data about you.
3.1 Data collected through your interaction with us
Various technologies may be used on our websites and our applications in order to improve them, make them more user-friendly, efficient and secure. Such technologies may lead to personal data being collected automatically by us or by third parties on our behalf. Examples of such technologies include cookies, flash cookies and web analytics.
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies for which we do not accept any liability. Please check these policies before you submit any personal data to their websites.
3.1.1 Click-stream data
When you visit our website, data is sent from your browser to a server licensed by us. This data makes it possible for us to optimise our services and improve your experience on our websites and applications. The data is automatically collected and stored by us or by third parties on our behalf.
We may collect information about your computer for system administration purposes as well as to report aggregate information for internal marketing analysis reasons. This is data about our users' browsing actions and patterns and may include the following:
- Visitor’s IP address
- Date and time of the visit
- Referral URL (the site from which the visitor has been referred)
- Pages visited and user journey on our website
- Information about the browser used (type, version, operating system, etc.)
3.1.3 Re-targeting Technologies
Our website and (mobile) applications use re-targeting technologies. This enables us to advertise directly and personally to visitors who have already shown an interest in our products and/or shop via our partner websites.
We also work with companies who use tracking technologies to serve ads on our behalf across the Internet. These companies may collect information about your visits to our websites or (mobile) applications, as well as your interaction(s) with our communications, including advertising.
3.2 Data provided by you
In addition to the data collected by automated means (see 3.1), we also process data which you have provided to us. This includes but is not limited to:
- Personal data that identifies you as an individual—namely, your contact information, including your first and last name(s), shipping address(es), zip code, telephone number, and email address. If you provide the personal data of another person, please make sure that you have the right to share this information with us.
- Information provided when you select a size or color preference or make a product selection.
- If you contact us, we may keep a record of your correspondence.,
- If you contact us to report a problem with our site or for technical and/or customer support, we may keep a record of your correspondence or conversation.
- If we choose to participate in any Alternative Dispute Resolution (ADR) procedure accessible through the ODR Platform , we may disclose personal data to the European Commission in their capacity as operator of the ODR platform, and to any ADR provider appointed to deal with the dispute.
4. How is the collected data processed?
When you use our products and services, we may process your personal data in the following ways:
- Ensure that content from our site is presented on your computer in the most efficient manner.
- For purposes relating to sending or accepting a gift; e.g. update senders and receivers of gifts about the status of such transactions; facilitate the shipment of preferred items to gift recipients; relay thank-you notes by gift recipients to gift senders; store which items gift senders share with gift recipients and store gift recipients’ item selections; update gift recipients with order confirmation numbers relating to the chosen items so that gift recipients can track the shipping status of their gift on the store’s site from which you purchases; and provide customer support to senders and recipients of gifts.
- Respond to any query you may raise with us; to process your request and provide you with the best service possible.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in the interactive features of our service(s) when you choose to do so.
- To notify you about changes to our services, terms, conditions and policies, and/or other administrative information.
- To administer and maintain our records.
- To save your ring and bracelet sizes and to allow you to share them with others.
- To allow you to send emails to others through our "share this gift" functionality.
- Customise your content on our websites to provide you with personalised offers.
- Prevent and/or detect any misuse or fraud.
In paragraph 7 you will find information on your rights, e.g. how to withdraw your consent or amend your personal details.
4.1 When you visit one of our websites through the store that your purchase from or receive the gift from, your personal data may be processed in the following ways:
- Content, A/B testing and product browsing analytics
- Traffic source analytics
- Internal search analytics
- Purchase analytics
- Device analytics
5. Legal basis
When you interact with our products or services through the store that you purchase or receive an item from, we will process your conventional personal data for that particular purpose. We may also process your conventional personal data if you e.g. have a query or similar that precedes your decision to enter into an agreement with us.
The legal basis for which we may process your personal data is stated in Article 6 1, b) of the EU Personal Data Regulation (EU) 2016/679 (GDPR), as the processing of your information is necessary for us to fulfilll our agreement with you or for us to handle your inquiries and such like, ahead of concluding an agreement.
We may also process your ordinary personal data on the basis of the rules in the GDPR Article 6 1, f) unless our interests are outweighed by your privacy rights and statutory freedom. We have a legitimate interest in processing your personal data (name and email address) for business and analytical purposes. Our legitimate interest is based on your preferences so that we can better customise our offerings to you—and ultimately offer products and services that better meet your needs and wishes. Additionally, we have a legitimate interest in processing your personal data for analytical purposes.
6. Disclosure of personal data
Treating your data with the utmost care and confidentiality is one of our core values. If required by law, your data may be disclosed to third parties. We do not employ service providers and data processors to process data on our behalf. If we employed service providers and data processors for services including authentication, hosting and maintenance services, analysis services, e-mail messaging services, delivery services, handling of payment transactions, solvency, address and e-mail checks, then these parties would become our data processors and may only process personal data to the extent necessary in order to deliver their services. Our data processors would be contractually obliged to treat such information in the strictest confidence. They would be prohibited from using the data in any other way than required. Necessary steps would be taken to ensure that our data processors, including service providers and other processors working on behalf of SmartGift, uphold and protect the confidentiality of your data.
If these data processors were situated outside the EU/EAA, then we would only provide this information on the basis of the recipient fulfilling the applicable requirements, including:
- The country in question is considered a safe third country.
- The supplier in question shall accede to the European Commission’s Model Contracts for the transfer of personal data to third countries.
- The supplier in question is certified according to Art. 40 of GDPR; or
- The supplier in question has a set of approved Binding Corporate Rules.
There may be occasions on which we disclose to our partners non-personal data in an anonymous form. Such non-personal data may include information about the number of visitors to a website or (mobile) application during a certain period of time.
Any information you post or disclose through your interaction with SmartGift (e.g. personal data contained in photos, stories, comments and videos that you submit) is private information and will not be available to visitors to the site or to the general public.
If we choose to participate in any Alternative Dispute Resolution (ADR) procedure accessible through the ODR Platform , we may disclose your personal information to the European Commission, as operator of the ODR platform, and to any ADR provider appointed to deal with the dispute.
7. Your rights
If you provide us with personal data on our websites or other channels, this is done on an entirely voluntary basis. If you choose not to provide the requested information, various customer benefits may not be available to you. In certain cases, only those who have submitted to us the required personal data are able to order products, use certain services and in other ways avail themselves of the activities and offers available on our website and applications. We provide numerous options, depending on the exact circumstances, in order to help you retain control over your data. These options may include unsubscribing from services or deleting user accounts or receiving information about the data held.
You can access and amend your personal data at any time by emailing us at email@example.com.
In general, you have the following rights:
7.1 The right to request access to your personal data
You are entitled to gain access to some of the personal data you provide to SmartGift. By emailing us at firstname.lastname@example.org you may request details of the information about you that we hold and process, including the purposes for which it is used.
7.2 The right to amend and/or delete your personal data
You have the right to request correction, appendage, deletion or blockage of your stored personal data. To do so, send your request to email@example.com. Without undue delay of receipt of your request, we will comply to the required extent. If, for any reason, we cannot comply with your request, we will contact you.
7.3 The right to restrict the processing of your personal data
In special circumstances, you have the right to restrict the processing of your personal data. To request restriction, kindly contact us by email at firstname.lastname@example.org.
7.4 The right to data portability
You have the right to receive your personal data (concerning you only) in a structured, commonly used and machine-readable format (“data portability”), and have the right to transit this data to another data controller. To request data portability, kindly contact us by email at email@example.com.
7.5 The right to object to the processing of your personal data and to unsubscribe
Text messages or emails sent to you by SmartGift containing transactional content include the option to unsubscribe by following the instructions set out in the message.
7.6 The right to withdraw your consent at any time
You are at any time entitled to withdraw your consent to our processing of your personal data. The withdrawal of consent shall, however, not affect the lawfulness of processing based on consent before its withdrawal. Contact us by email at firstname.lastname@example.org to withdraw your consent.
If you wish to withdraw your consent to receiving information, including by email, text message, or any other electronic means, you may do so at any time by emailing us at email@example.com. Should we have misgivings regarding your identity, we may ask you to provide identification.
7.7 Conditions and/or limitations on your rights
There may be conditions to or limitations on your aforementioned rights. We are therefore unable to guarantee your right to data portability, as it is dependent on the specific circumstances of the processing activity.
8. Retention of your personal datas
SmartGift will not retain your personal data for longer than necessary for the purposes for which it is processed within the following processing activities:
- Sending or receiving a gift: Someone who has sent or accepted a gift.
- How do we define an inactive customer? An inactive customer is someone who has not engaged with us by: someone who has not sent or received a gift for a time period of up to 5 years from the last engagement.
- What Personal data will be Erased if a customer is inactive? All Personal data, such as: name, email address, address, zip code, phone number, purchase. This means full Erasure.
- When will Personal data be Erased? Personal data will be Erased, if the customer has been inactive for up to five years.
- What Personal data will be kept after the 5 year inactive period? No Personal data will be kept unless required by local mandatory law.
- How do we Erase Personal data? IT will on a quarterly basis manually Erase Personal data. Personal Data will be Erased in all IT systems.
- Web visitors – IP address: Someone who has visited our website.
- How do we define an inactive visitors? An inactive visitor is someone who has not visited our website for 24 months.
- What Personal data will be Erased if a customer is inactive? All data that we have collected in regard to the visit on our website. Such as: content, A/B testing & product browsing analytics; traffic source analytics; Internal search analytics; purchase analytics; device analytics.
- When will Personal data be Erased? Personal data will be Erased 25 month after collected.
- What Personal data will be kept after the 25 month inactive period? No Personal data will be kept unless required by local mandatory law.
- How do we Erase Personal data? The data will automatically be Erased after 25 months.
9. The security of information and data integrity
We take the appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised use, disclosure or access, in particular where processing involves the transmission of data over a network, and against all other unlawful forms of processing and misuse.
SmartGift does not use third party data processors to collect and process your personal data. Any data processors commissioned by SmartGift would only process your personal data in accordance with SmartGift’s instructions, and would be legally obliged to adhere to strict security procedures when handling personal data.
9.1 Keeping information secure
Unfortunately, transmission of information via the Internet is not wholly secure. Although we do our utmost to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is done so at your own risk. Once we have received your information, we employ strict procedures and rigid security measures to try to prevent unauthorised access.
9.2 Social Networks
Our website and applications provide you with social plug-ins from various social networks. If you choose to interact with a social network, your activity on our website or applications will also be made available to social networks such as Facebook.
If you have logged in to one of these social network sites during your visit to one of our websites or (mobile) applications, the social network site may add this information to your profile. If you are interacting with one of the social plug-ins, this information will be transferred to the social network site. If you do not want this data transfer, please log out of your social network site before entering one of our websites or (mobile) applications. We cannot prevent this data collection and social plug-in information transfer. Please read carefully the privacy policies of your social networks for detailed information about their collection and transfer of personal data, your rights, and how you can achieve satisfactory privacy settings.
9.3 Geolocation Services
Location-enabled services are not employed within our applications.
10. Consequences of non-disclosure of personal data
It is not possible to send or accept a gift using our services if you are unable to provide us with the required information.
11. Contact Information
Contact Details for SmartGift, the data processor:
175 Pearl Street
Brooklyn, NY 11201
Tel.: +1 855 856 4438
Complaints should be submitted directly to your local data protection supervisory authority.
13. Changes to this policy
To submit a data request, send your request to firstname.lastname@example.org.