The Gifted Company AB, corp. ID no. 559121-2120, (‘we’ or ‘us’) is the Controller of the personal data processed in accordance with this Personal Data Policy and is responsible for ensuring that the processing is carried out in accordance with applicable legislation. You can find our current contact details at www.getgifted.com. We treat the processing of personal data with the utmost seriousness and are keen to ensure that your personal privacy is not jeopardised. This Personal Data Policy explains, among other things, what personal data we process, how and for what purpose we collect and use data about our users, and how we protect the privacy of our users. The Gifted Company AB has its seat in Stockholm, Sweden and all personal data is processed in accordance with the Swedish [sic EU] General Data Protection Regulation 2016/679 (‘GDPR’).
This Personal Data Policy is applicable to all personal data that in some form is processed according to applicable legislation in relation to you as user, which includes personal data collected, kept, stored, transferred or used in some other way by us.
We only collect and process personal data about you in the manner described in this Personal Data Policy and as set out in ‘Description of Personal Data Processing’ in Section 8.
We will not store or process your personal data for longer than necessary to fulfil the purposes of the processing described in this Personal Data Policy or for the period required according to mandatory, applicable legislation, which is described in more detail in ‘Description of Personal Data Processing’ in Section 8. When the purpose has been achieved for a particular category of personal data, we will therefore erase or anonymise the relevant personal data as soon as possible. Please note that we may store your personal data for the purpose of sending you newsletters or other marketing emails for a period after you are an active customer (e.g. after the term of validity for the Gift Card) to the extent permitted according to applicable legislation. You may choose to deregister from such newsletters or other marketing at any time.
Your personal data will be transferred to and processed by third party suppliers that perform services for us (‘Processors’) to enable these companies to perform the services requested by us. These companies are located both within and outside the EU; see Section 6 below. Services that will be requested are, for example, infrastructure, marketing and IT services. Only such personal data necessary to fulfil the purposes specified in ‘Description of Personal Data Processing’ in Section 8 below will be provided to companies engaged by us. All third-party suppliers must comply with our instructions and the processor agreements in force between us and them. They must also have appropriate technical and organisational measures in place to protect the personal data.
We may also disclose personal data to relevant public authorities in accordance with mandatory legislation.
Your personal data may be transferred to companies in other countries both within the EU/EEA and outside (‘third countries’) in order to be able to provide you with services. When we transfer to a third country, we have ensured that the country meets an ‘adequate level of protection’ in accordance with the European Commission or that appropriate safeguards have been taken. For example, Binding Corporate Rules (BCR) or Standard Contractual Clauses (SCC).
You are entitled to be informed about what personal data we process concerning you, from where this data has been collected, the purposes for which the data has been processed and the parties to which the data has been disclosed. We may impose a reasonable administrative charge for repeated requests. If a request is manifestly unfounded or unreasonable, we may refuse to grant such a request. You are also entitled to ask for incorrect or incomplete personal data to be corrected at any time.
You may in some circumstances request that your personal data be erased, for example if the personal data is no longer necessary for the particular purpose for which it was collected, unless there is a legal basis for continuing the processing, or if the personal data must be erased to comply with a legal obligation in the EU or Sweden to which we are subject. Please contact us for further information about erasure of your personal data.
You are entitled to object to the processing of personal data that we carry out in accordance with our legitimate interest and related to your specific situation. If you make an objection and the processing is carried out in accordance with a legitimate interest, we will not continue the processing of your personal data unless we can clearly demonstrate compelling and legitimate reasons for this processing that outweigh your right to privacy. Please note that even if you object to a particular processing, we may still continue the processing if this is carried out in accordance with another legal basis, e.g. to provide a service or product you have ordered from us or to discharge legal obligations.
You are entitled to ask for the processing of your personal data to be restricted if the personal data may be incorrect, if you consider that processing is unlawful, if we are carrying out the processing in accordance with an unjustified interest or if you consider that we no longer need the personal data for the purposes specified in ‘Description of Personal Data Processing’ in Section 8.
If you have consented at any time to us processing your personal data, you are always entitled to withdraw your consent in respect of future use of the data based on your consent.
You are entitled to receive the personal data concerning you, and that you have provided to us, where our processing is based on consent or performance of our contract with you, in a structured, commonly used and machine-readable format. You may also ask us to transfer such information directly to another controller, when this is technically feasible.
You can exercise your rights by contacting us; see our current contact details at www.getgifted.com.
We provide below a description of our personal data processing in respect of what categories of personal data we collect and the purpose for which each category is used.
It is necessary to have support under the Data Protection Regulation to be allowed to process personal data, i.e. a legal basis. We think that it may be appropriate to explain the different legal bases upon which we support our personal data processing to help you understand our processing.
Consent We may ask you to consent to the processing of personal data, for example when you visit our website where we use cookies to find out how our website is being used and to offer our visitors the best possible experience.
Performance of contracts We need to process your personal data to be able to perform our contract with you, for example to enable you to purchase or use our products or receive help from our customer services.
Legitimate interest It is also possible that we process your personal data following a ‘balance of interests’ if we consider that we have a legitimate interest that outweighs your interests and if the processing is necessary for the purpose in question. A requirement for this is that you are always entitled to object to such processing. This applies when you have visited our website without having purchased a gift card and we follow up your visit by providing you with information about our services. You can contact us at any time to receive more information about how we have reached this conclusion.
Legal obligation In some cases we are obliged to process personal data according to law such as, for example, to fulfil the requirement to maintain accounting records contained in the Bookkeeping Act.
We process the following categories of personal data.
A) Identity and contact details: For example, but not limited to, first name, surname, telephone, address, email. Source: Directly from the user at the time of order/loading/activation/redemption of our products or when our customer services have been contacted.
B) Payment details: For example, but not limited to, credit/payment card information, transaction information. Source: Directly from the user at the time of order/loading/activation of our products or when our customer services have been contacted.
C) Information about communications with customer services: For example, but not limited to, copies of communications via email, letter, chat. Source: Communications with customer services are saved.
D) Other information in conjunction with purchase: For example, but not limited to, personal text/pictures/video greeting linked to the Gift Card. Source: Directly from the user at the time of order/loading/activation/redemption of our products or when our customer services have been contacted.
E) Digital information: For example, but not limited to, geo-location/IP-address, navigational information, search words, information about Internet providers. Source: Collected based on your use of our services.
Beskrivning | Rättslig grund | Kategorier | Lagringstid |
För att tillhandahålla, supportera och administrera presentkort, tilläggstjänster och/eller avtalet med dig. | Fullgörande av avtal | A + B + D + E | Under presentkortets giltighetstid och 12 månader därefter. |
För uppföljning av besök på vår webbplats, t ex för att offerera kundservice och erbjudanden. | Berättigat intresse | A + E | 12 månader efter senaste kontakt med oss. |
För utskick av erbjudanden, marknadsföring eller annan information. | Berättigat intresse | A + E | Så länge det är tillåtet enligt tillämpliga regler om marknadsföring men inte längre än 12 månader efter presentkortets giltighetstid. |
För att göra det möjligt för oss att fullgöra rättsliga förpliktelser som åvilar oss och att svara på förfrågningar från myndigheter. | Efterlevnad av rättsliga förpliktelser | A + B + C + D | Så länge som den rättsliga förpliktelsen kvarstår, vanligtvis sju år. |
För att göra det möjligt för oss att förbättra de produkter och tjänster som tillhandahålls användare. | Berättigat intresse | A + B + C + D + E | Under presentkortets giltighetstid och 12 månader därefter eller efter senaste kontakt oss. |
För att motverka bedrägerier. | Berättigat intresse | A + B + C + E | Under presentkortets giltighetstid och 12 månader därefter. |
Ref. Purpose_Data_Processing_SWE20201021
We have implemented security measures and taken technical and organisational measures, such as certification technology for web browsers, to keep the personal data we process secure. We also have adequate firewalls and antivirus programs to protect and prevent unauthorised access to our network. Access to those areas where personal data is stored is restricted and it is required that staff are identified for access. We also use, for example, Secure Socket Layer (SSL), which is a protocol for the secure transfer of data via the Internet (or other networks). Customers need to check that SSL is not turned off in their web browser settings. PCI-DSS certified suppliers are also used with a view to preventing unauthorised access when handling your payment or credit card number.
Our apps and websites may include links to other apps and websites. This Personal Data Policy only applies to our apps and websites. When you follow a link to another app or website, you should read the personal data policy applicable for them. Please note that we do not take responsibility for the processing of your personal data by other apps or websites.
If you have any complaints regarding our processing of your personal data, you are entitled to submit these to the Swedish Authority for Privacy Protection (www.imy.se), which is the Swedish supervisory authority responsible for following up and supervising us and other companies that process personal data.
We will regularly update this Personal Data Policy to reflect any changes in how we process personal data and will inform you of this in an appropriate way, e.g. through publication in our apps, on our websites and by emailing you.
Our websites use cookies. According to applicable law, everyone who visits a website containing cookies should be informed that the website contains cookies, what these cookies are used for and how cookies can be avoided.
A cookie is a small text file that the website you visit saves on your computer. Cookies are used on many websites to afford a visitor access to different functions and make it easier for a visitor to use the website. The information contained in the cookie can be used to track a visitor’s Internet surfing. Cookies are used on our websites to keep track of what information a visitor has already received and what settings a visitor has applied; see further details below. Without cookies, this information would be shown and the settings would need to be reapplied for each visit to the site. We use the following cookies on our websites: Cookies for basic functionality, reports and analyses.
Cookiens namn | När sparas cookien? | Vad är cookiens funktion? | Huvuddomän |
_orig_referrer | När användaren lägger produkt i kundvagnen. | Används i samband med kundvagnen. | getgifted.com |
_secure_session_id | När användaren besöker webbplatsen. | Används i samband med navigering genom en webbutik. | getgifted.com |
Cart | När användaren lägger produkt i kundvagnen. | Används i samband med kundvagnen. | getgifted.com |
cart_sig | När användaren går till kassan. | Används i samband med kassan. | getgifted.com |
cart_ts | När användaren går till kassan. | Används i samband med kassan. | getgifted.com |
checkout_token | När användaren går till kassan. | Används i samband med kassan. | getgifted.com |
Secret | När användaren går till kassan. | Används i samband med kassan. | getgifted.com |
Secure_customer_sig | När användaren påbörjar inloggning. | Används i samband med kundinloggning. | getgifted.com |
storefront_digest | När användaren påbörjar inloggning. | Används i samband med kundinloggning. | getgifted.com |
_landing_page | När användaren besöker webbplatsen. | Spåra målsidor. | getgifted.com |
_orig_referrer | När användaren besöker webbplatsen. | Spåra målsidor. | getgifted.com |
Ref. Cookies_SWE20201021
The amount of time that a cookie remains on your computer or mobile device depends on whether it is a permanent or temporary cookie. Temporary cookies last until you stop surfing and permanent cookies continue until they cease or are deleted. Most of the cookies we use are permanent and will expire between 30 days and two years from the date they are downloaded to your device. See the following section on how to avoid cookies for more information about how to remove them before they cease to apply.
You can close down the website if you do not accept our use of cookies. You can also suspend the use of cookies in your web browser, although many websites will then be inaccessible or at least limited in their function.
When we collect data from temporary cookies, such data may contain personal data about you. Section 8 of the Personal Data Policy above provides more detailed information about how we collect data or process it in some other way through cookies. This Cookie Policy is part of the Personal Data Policy. We recommend that you read our Personal Data Policy in its entirety for more information about how we process personal data.
Contact us If you have any questions about our use of cookies or this Cookie Policy, our contact details are shown in Section 1. Please visit the website of the Swedish Post and Telecom Authority – www.pts.se – if you would like to find out more about cookies. Our General Terms and Conditions, which regulate use of our gift cards and related products, are provided below. Applicable from 23 April 2021 and until further notice.