Privacy Policy

1. Introduction

At GiftsCertificates.com (“we”, “us”, or “our”), we are committed to safeguarding the privacy and protecting the personal data of our users. This Privacy Policy outlines how we collect, use, store, and disclose personal information when you access or interact with our services, including our website at giftscertificates.com. We uphold the principles of data minimization, limited retention, transparency, and user autonomy, in accordance with applicable privacy laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all personal data collected through giftscertificates.com, including when you access our website, create an account, place an order, or communicate with us. For the purposes of applicable data protection legislation, the data controller of your personal data is GiftsCertificates.com, reachable at [email protected]. This means we determine the purposes and means of collecting, using, and disclosing personal data.

3. Categories of Data Processed

We may process the following categories of personal data:

a. Usage Data
Information about how you use our website, including browser type, Internet Protocol (IP) address, referring URLs, pages viewed, session duration, and system diagnostic data.

b. Account Data
Information you provide when registering for an account or placing an order, such as your full name, postal address, email address, and telephone number.

c. Profile Data
Data related to your preferences, past purchases, product interests, site behavior, and user experience choices.

d. Communication Data
Records of your interactions with us, including customer support tickets, inquiries, complaints, and correspondence via email or other messaging platforms.

e. Technical Data
Details on the devices and systems you use to interact with giftscertificates.com, such as operating system, device identifiers, screen resolution, and browser settings.

f. Transaction Data
Data regarding gift certificate purchases, payment methods, billing details, order history, and delivery instructions.

g. Preference Data
Data regarding your consent to receive marketing communications, preferred communication channels, product interests, and opt-in or opt-out choices.

4. Legal Bases for Processing

Under the GDPR, we rely on the following legal grounds for processing your data:

– Contractual Necessity: To fulfill your orders or provide services requested by you.
– Legitimate Interests: To enhance, secure, and manage our website and business operations, provided that such interests are not overridden by your data protection rights.
– Consent: For sending marketing materials and using cookies requiring consent.
– Legal Obligation: To comply with applicable laws, tax obligations, and regulatory requirements.

5. Your Rights

Depending on your location, you may have the following rights concerning your personal data:

– Right to Access – You have the right to request access to the personal data we hold about you.
– Right to Rectification – You may request the correction of inaccurate or incomplete data.
– Right to Erasure – You may request deletion of your personal data in certain circumstances.
– Right to Restriction – You may request that we limit the processing of your personal data.
– Right to Data Portability – You have a right to receive personal data in a structured, commonly used format and transfer it to another controller.
– Right to Object – Where processing is based on legitimate interests or direct marketing, you can object to such processing.
– Right to Non-Discrimination – Under the CCPA, you have the right not to be discriminated against for exercising your privacy rights.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data. These include:

– Data encryption in transit and at rest
– Role-based access control to sensitive data
– Security awareness training for our staff
– Regular software updates and firewall protection
– Secure data backups and disaster recovery protocols

7. International Transfers

Your personal data may be processed in countries outside your home jurisdiction, including countries that may not offer the same level of data protection. In such cases, we utilize Standard Contractual Clauses or rely on Privacy Shield–equivalent frameworks where applicable, and implement supplementary safeguards to comply with the GDPR and other regional requirements.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the legitimate purposes outlined in this policy, including legal, regulatory, tax, and accounting obligations. Specific retention periods include:

– Account Data: Retained for active account lifecycle and up to 7 years after account closure.
– Transaction Data: Retained for 7 years to comply with financial record-keeping obligations.
– Communication Data: Retained for up to 3 years for customer service, legal or business continuity purposes.
– Marketing Preference Data: Retained until you withdraw consent or request erasure.

9. Cookie Policy

We use cookies and similar technologies on giftscertificates.com to enhance user experience, analyze site traffic, and support advertising efforts. Cookies fall into the following categories:

– Essential Cookies: Required for website functionality, such as user authentication and payment facilitation.
– Functional Cookies: Enable enhanced features like remembering user preferences across sessions.
– Analytics Cookies: Collect metrics on site usage to improve performance and usability.
– Performance Cookies: Monitor site responsiveness and provide diagnostic data.

10. Cookie Management and Compliance

Upon your first visit to giftscertificates.com, you are presented with a cookie banner to manage your preferences. You have the option to accept or decline non-essential cookies and can update your preferences any time via our Cookie Settings feature. We honor Do Not Track signals and respect CCPA opt-out requests. Consent for cookies under the GDPR is obtained prior to activation, and data is processed only in accordance with your choices.

11. Special Protections for Children

Our services are not directed to individuals under the age of 13. We do not knowingly collect or process personal data from children under 13 years of age without verifiable parental consent. If we learn that we have inadvertently collected such data, we will delete it promptly. Parents or guardians may contact us at [email protected] to request removal.

12. Policy Updates and User Notifications

We reserve the right to amend this Privacy Policy from time to time to reflect changes in our operations, technological advancements, or legal requirements. All updates will be posted at giftscertificates.com, and where material changes are made, we will notify users via prominent notice on our website or by direct communication.

13. Contact Us

If you have any questions, concerns, or requests concerning this Privacy Policy or your personal data, please reach out via email to:

[email protected]

We are committed to protecting your privacy and complying with GDPR, CCPA, and other applicable laws. If you believe your data has been handled incorrectly, you also have the right to lodge a complaint with your local data protection authority.