GIFTABAY (PRIVATE) LIMITED. ("GIFTABAY" or "we") commits to using your personal information responsibly and only to the limited extent needed to serve you better.
Accountability for Your Privacy
GIFTABAY (PRIVATE) LIMITED.
No. 136 1/1 Hospital Road,
Kalubowila, Dehiwela, Sri Lanka.
Email us: [email protected]
Attention: Privacy Information Officer
The identity of our Privacy Information Officer is available upon written request as required by Principle 4.1.2 (PIPEDA, Schedule 1). Our Privacy Information Officer serves as our data protection officer for the purposes of the GDPR.
Responsibilities of Privacy Information Officer
The Privacy Information Officer is responsible for,
GIFTABAY designs and manufactures customization and impact protection accessories for electronic devices. We collect, use, and disclose personal information for the following purpose:
Responding to inquiries about GIFTABAY products and other services;
Processing product orders, processing credit cards, processing other payment information for customers, and generally administering our ecommerce platform;
Delivering products ordered from our website;
Verifying any information provided to us about our customers;
Maintaining online "accounts" for our clients, linked to our website, that facilitate a more effective ecommerce experience;
Maintaining our email newsletter;
Advising you of new products and services, along with sale and other promotions; and
Sharing with Staff, contractors, consultants, affiliates and other parties who require such information to assist us with any of the above.
The abovementioned eight points and preceding paragraph shall constitute the term ("Purpose").
Personal Information We Collect and Use
To fulfill our Purpose, we collect the following kinds of personal information:
Names, addresses (shipping and billing), phone number, and email address that is provided when an order is placed for our products;
Payment information, only to process orders. GIFTABAY sends all payment information to a payment processor via an encrypted protocol and it does not retain that information in its records;
Information in any correspondence (whether by email or otherwise) with GIFTABAY;
Registration information when you open an online account with GIFTABAY;
Information about any devices that you own which you provide when you place an order or set up an account;
Survey information in any surveys conducted by GIFTABAY for research purposes; and
Photos, comments, messages and other files posted to GIFTABAY’s Twitter, Instagram, Facebook, YouTube, or other social media accounts, subject to the privacy terms established by the social media provider.
As permitted by section 10(8) of CASL, when you visit our website, we may place one or more "cookies" on the local drive of your computer to track your visit. A cookie is a small data file that is transferred to your local drive through your web browser and can only be read by the website that placed the cookie on your local drive. The cookie acts as an identification card and allows our website to identify you and to record your passwords and preferences.
The cookie allows us to track your visit to the website so that we can better understand your use of our website so that we can customize and tailor the website to better meet your needs. Most browsers are set to accept cookies but you can usually change this if you so desire. It should be noted that if cookies are not accepted, you may be unable to access a number of web pages found on the website
From time to time, we may use a third party to process personal information as contemplated in Principle 4.1.3 of PIPEDA. Before transferring that information, we will ensure that a contract is in place between GIFTABAY and that party that includes terms requiring the third party to only process information for the Purpose outlined in this policy. We will also ensure that the contract includes any terms required of "processors" under the GDPR.
No Implied Consent
We do not rely on implied consent at GIFTABAY for collection, use or disclosure of any personal information. We will only use, disclose and process personal information with your express informed consent. The only exceptions are where we are permitted to proceed without express consent under PIPEDA or the GDPR.
Express Informed Consent
When collecting personal information by other means, our Staff will contact you (either by telephone or email) to request your express consent. You need to consent in writing before we proceed. That can be done by email or by a form we provide you with.
No Consent from Children
We do not collect personal information from children (anyone under 18) over the telephone or in person without a parent’s express oral consent.
Also, we do not knowingly collect information from children online. However, in the absence of any indication to the contrary, we will assume anyone supplying us with information online is over 18 years of age. Parents are strongly encouraged to discuss responsible internet use and personal information disclosure with their children.
You can withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by sending an e-mail to our Privacy Information Officer at the contact information above. In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide products or services to you. We will inform you of any implications connected to withdrawing your consent.
If you have asked us to put you on an email list to provide you with certain information on a regular basis, and such emails constitute "commercial electronic messages" or "CEMs" under CASL, you may ask us to remove you from the list at any time (using the unsubscribe instructions provided with each email and on the site where you signed up).
Limiting Collection, Use, Disclosure and Retention
We use our best efforts to limit the personal information we collect and use and disclose solely those details we need to fulfill our Purpose. We have designed our standard forms only to collect the information that we foresee we will need. We do not collect, use or disclose personal information using deceptive, fraudulent or unlawful means.
When using and disclosing information to third parties, we only disclose on a need-to-know basis. Also, it is our practice to disclose personal information only after ensuring that appropriate contractual safeguards are in place as contemplated in Principle 4.1.3 of Schedule 1 of PIPEDA.
We keep records of the work performed and services provided by us in accordance with applicable regulatory requirements and professional standards. These records may include personal information. We may continue to retain such records even after you no longer use our website or services or your account on our website is terminated for any reason.
Destruction of Personal Information
We destroy electronic information by deleting it and, when hardware is discarded, we ensure that the hard drive is physically destroyed. We shred paper containing personal information and ensure that it is disposed of properly to prevent accidental disclosure.
In order to fulfill our Purpose to a high-quality standard, we ask you to update your personal information and maintain appropriate contact preferences from time to time. You also have the right to contact us in order to verify that the information we have on file is accurate.
We do not, as a practice, contact you in order to ensure that the personal information we have is accurate. We may take reasonable steps to do so when using that information in the course of providing you with an ongoing product or service, provided our Staff is in regular contact with you. Otherwise, we strongly encourage you to contact us and ensure that the information we have in your file is up-to-date.
Our Safeguards to Protect You
We respect the privacy of our customers, employees and other stakeholders. We will protect that privacy as vigorously as possible. The methods we use include:
Password-protected desktops, laptops, mobile devices and servers and the use of technology safeguards, such as firewalls, encryption, two-factor authentication, and intrusion detection, to prevent hacking or unauthorized computer access; and
Storing personal information in physical files on physical premises that are secure and to which access is restricted;
Unfortunately, no online data transmission can be guaranteed to be 100% secure. As a result, while the website strives to protect your personal information, we cannot warrant the security of any information you transmit to us, and you do so at your own risk.
Mobile Devices and Remote Access
When using laptops, smartphones and mobile devices outside the office, Staff are required to take reasonable steps to ensure that these devices are not lost or stolen. These devices may not be stored in vehicles or left unattended for any reason while out of the office.
Staff may also remotely access our corporate cloud-enabled drives from a personal computer. Such access is only permitted if the computer has technology safeguards equal to, or better than, those on the computers belonging to our organization. Under no circumstances may Staff store data from our corporate cloud-enabled drives on a personal computer.
Regular Review of Safeguards
We recognize that technology and security measures evolve at a remarkable pace. So, at GIFTABAY, we periodically review our personal information safeguards with our Information Technology consultants and in-house experts. We want to ensure that our safeguards exceed industry best-practice.
Despite our safeguards and our best efforts, infiltration and unauthorized access into our system, one which holds personal information of our customers, is still possible. In the event of such a data breach, GIFTABAY will:
Notify all individuals whose data was breached within 72 hours of learning about the event;
Notify any relevant government privacy authorities within 72 hours where required to do so by CASL, PIPEDA or the GDPR; and
Investigate the nature and cause of the breach and take whatever steps deemed necessary to improve our safeguards and minimize the likelihood of a breach occurring again.
Open Privacy Practices
Your Ability to Access Your Information
You can make a written request to our Privacy Information Officer at the address above in order to:
Review any personal information we have on you in our files;
Rectify any inaccurate information that we may have; and
Request that we erase any personal data on you that we, or any of our third-party processors, possess;
Please include sufficient details in your request about the type of information that you would like to see about yourself. Please sign your request and send it by regular mail or via email and we will contact you within 10 days of receipt. Please note that we only respond if you are making a request relating to your own personal information. We will not grant access to personal information about someone else.
We will be pleased to provide you with access to your personal information as long as it does not fall within an express exception. Examples of such exceptions include, but are not limited to, information protected by solicitor-client privilege; information generated in the course of a formal dispute resolution process; information about another individual where disclosure would reveal confidential commercial information; or information disclosed to the police or other lawful authorities where we are required to withhold disclosure.
Please note that summary information is available on request, subject to the terms above, but more detailed requests requiring GIFTABAY to incur archive or other retrieval costs may be subject to administrative fees or reimbursement requirements.
Questions or Concerns