Privacy and Cookie Processing Policy
1. Terms and definitions
1.1. Policy — this Policy on the processing of personal data.
1.2. You, Your, Yours, etc., as well as Personal data subject — our counterparty under the Public Offer, who may be a natural person using the Website to obtain services for topping up the Service.
1.3. GDPR or Regulation — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, supplemented and periodically applied and incorporated into the national laws of the Member States.
1.4. Personal Data — any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.5. Processing of Personal Data — any operation or set of operations performed with or without the use of automation tools on personal data, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data. Personal data are processed using a mixed (including automated) method.
1.6. Automated processing of personal data — processing of personal data using computing equipment.
1.7. Confidentiality of personal data — a requirement binding on us or on any other person who has access to Personal Data not to allow their dissemination without the consent of the personal data subject or another lawful basis.
1.8. Anonymisation of personal data — actions as a result of which, without the use of additional information, it becomes impossible to determine whether personal data relate to a specific personal data subject.
1.9. Transfer — a payment transaction performed by the User on the Website.
1.10. Website — our website at https://giftovik.com.
1.11. Cookies — a small text file placed by the Website on your computer or device when you, for example, visit certain sections of the Website and/or when you use certain features of the Website.
2. Subject matter and legal bases for processing personal data
2.1. Subject of the Policy. The provisions of this Policy apply to the relationship between us and you concerning the processing of personal data in connection with the relationship arising between us from your use of the Website and the Company's provision of services that result from your acceptance of the terms of the Public Offer.
2.2. Legal bases for processing. The legal basis for processing your personal data is always your consent. Without consent to the terms of this Policy, we will not be able to fully perform our obligations under the agreements we conclude with you — therefore we have made it impossible to conclude them without the mandatory condition of consent to this Policy.
3. Term of the Policy and processing of personal data
3.1. Term of the Policy. After you accept the terms of the Policy, it remains in effect indefinitely. This does not affect the term for processing your personal data, which is set by this Policy.
3.2. Term of processing of personal data. As a general rule, we process your Personal Data for the entire lifetime of your account and for 5 (five) years after its deletion (or from the date we receive a properly executed written withdrawal of your consent to the processing of personal data), unless a storage period for personal data is established by applicable law, the Public Offer, or another agreement related in any way to your use of the Website to which you are a party. In other cases, we will cease processing your Personal Data if you object to such processing or if you withdraw your previously given consent to processing, in accordance with this Policy. However, we may then be unable to perform our obligations under agreements with you.
3.3. Changes. We may change the Policy at any time, including due to changes in our business processes, the influence of external factors, and other reasons. After changes are made, we will promptly publish the updated Policy on the Website so that you can review the new version. We will notify you of changes to the Policy by sending a notice to your account and/or by publishing it on the Website. If you continue to use the Website after changes to the Policy are made, we will treat that as your unconditional acceptance of the terms of the Policy as revised.
4. Legal bases for development, purposes and principles of the Policy
4.1. Legal bases for development. The Policy has been developed to comply with the requirements of: (a) GDPR; (b) CalOPPA; (c) CCPA; (d) PECR; (e) Federal Law No. 152-FZ of the Russian Federation; (f) GDPR; (g) as well as other laws and subordinate acts governing the cases and specifics of processing personal data of the personal data subject.
4.2. Purposes. The Policy pursues the following purposes: (1) ensuring compliance with the requirements for protecting human and civil rights and freedoms in the processing of personal data, including the protection of the right to private life, privacy, and family life; (2) preventing unauthorised actions (unlawful or accidental access) by any third parties to your Personal Data, as well as the destruction, alteration, blocking, copying, and dissemination of personal data; (3) ensuring a lawful and regulatory regime for confidentiality and control of your Personal Data; (4) protecting constitutional rights to privacy, the confidentiality of information constituting Personal Data, and preventing possible threats to your security.
Accordingly, the main purpose of the Policy is to provide you with full and transparent understanding of: the legal basis for collecting and processing your Personal Data; the categories of Personal Data we may collect about you; what happens to the Personal Data we collect; where we process your Personal Data; how long we retain your Personal Data; to whom we may disclose your Personal Data; and to explain your rights as a Personal Data subject.
4.3. Principles. We adhere to the following principles of processing personal data: (1) Personal Data must be processed lawfully and fairly; (2) processing must be limited to achieving specific, predefined, and lawful purposes; processing incompatible with the purposes of collection is not permitted; (3) the content and volume of processed personal data must correspond to the stated purposes of processing; processed Personal Data must not be excessive in relation to the stated purposes of processing; (4) when processing personal data, accuracy, sufficiency, and relevance of Personal Data in relation to the purposes of processing must be ensured; (5) Personal Data must be stored no longer than is necessary for the purposes of processing, unless another retention period (or method of determining it) is provided for by the Policy.
5. Categories of Personal Data collected
5.1. Registration on the Website. In accordance with the Public Offer, when you register on the Website we collect the following Personal Data: (1) name (if you provide your personal name); (2) email address.
5.2. Service-related data. After registration, you may obtain services for topping up the Service. You will need to enter the identifier of the user account on such Service, which may contain personal data. In that case, you are deemed to have given us consent to process such data.
5.3. Payment data. When you make a payment, the following data will be required: (1) bank card number; (2) bank card expiry date (month/year); (3) bank card security code (CVC2/CVV2). Please note that such data you enter are stored by our payment partners — we do not collect or store payment data in the relationship between us under the Public Offer.
5.4. Technical data. While you use the Website, we automatically collect certain Personal Data about you. Such data include, for example, technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visits to websites, and other similar data.
5.5. Other data. In exceptional cases, we may ask you to provide additional Personal Data. We will notify you in advance and request additional consent to the processing of such additional Personal Data.
5.6. Personal data of third parties. Please note that if you provide us with Personal Data of third parties, you warrant that you have obtained from such persons all necessary consents (including consent to the transfer of personal data) and other documents required to implement this Policy in full, executed by them in the form and in accordance with their personally applicable law (third-party consents), and if you act as a controller of personal data of such persons, you also warrant that you ensure the transfer and protection of their personal data to an extent no less than provided for by this Policy. Third-party consents must be executed by them in writing, and the original must be provided by you no later than 7 (seven) calendar days from the date the Operator sends the relevant request. Providing Personal Data of third parties without complying with this warranty is not permitted, and you assume full liability for any breach of this warranty.
6. Rights of the personal data subject
6.1. Right to information. You have the right to obtain information about us, our location, whether we hold your Personal Data, and to access such Personal Data.
6.2. Rectification. You have the right to require us to rectify your Personal Data, or to block or erase them if the Personal Data are incomplete, outdated, inaccurate, unlawfully obtained, or are not necessary for the stated purpose of processing, and to take other measures provided by law to protect your rights.
6.3. Form of provision. Information on whether we hold Personal Data will be provided to you in an accessible form and will not contain Personal Data relating to other personal data subjects.
6.4. Access procedure. You (or your legal representative) may access your Personal Data by applying in person or by sending a written request. The request must include the number of the main identity document for you or your legal representative, information on the date of issue of that document and the issuing authority, and a handwritten signature. The request may be submitted electronically. We must respond to your request within 30 (thirty) days from the date of receipt, which may be extended to 60 (sixty) days taking into account the complexity and number of requests.
6.5. Content of the response. In a request for access to Personal Data, you may require us to provide information concerning the processing of your Personal Data, including: (1) confirmation that Personal Data are being processed and the purposes of such processing; (2) the methods of processing Personal Data; (3) the name and address of the Operator, information about persons who have access to Personal Data or to whom such access may be granted; (4) a list of Personal Data being processed and the source of their receipt; (5) the periods of processing of Personal Data, including storage periods; (6) information on what legal consequences for the personal data subject may arise from the processing of their Personal Data.
6.6. Withdrawal of consent. You have the right to withdraw consent to the processing of Personal Data, to restrict the methods and forms of processing Personal Data, and to prohibit the dissemination of Personal Data without your consent.
6.7. Right to lodge a complaint. You have the right to challenge our actions or inaction before a competent supervisory authority for the protection of personal data subjects or in court.
6.8. Right to remedies. You have the right to protect your rights and lawful interests, including to seek damages and compensation for non-pecuniary harm in court.
7. Disclosure of Personal Data
7.1. Disclosure of Personal Data. To achieve the purposes of processing personal data, we may need to disclose your Personal Data to: (1) a payment partner, to credit institutions involved in carrying out Transfers in order to maintain an appropriate level of security for online payments made using electronic payment instruments via an authorisation page, the list of which is established by the security protocols of payment systems, acquiring banks, and issuers of electronic payment instruments (in accordance with the Public Offer); (3) anti-fraud institutions (including fraud related to conduct, financial fraud, and financial fraud bureaus); (4) public authorities, in particular executive authorities.
7.2. Mandatory and optional disclosure. Disclosure may be mandatory, for example regarding user equipment data: IP address, OS, geographic data, equipment ID/type, channel used: browser/application, payment authorisation, identification/verification, or optional, for example regarding address-matching indicators, account information, and the like.
8. Storage of Personal Data
8.1. Location of Personal Data. If you are a citizen of a state within the European Economic Area or the United Kingdom, your Personal Data are collected and processed within the European Economic Area. If you are a citizen of the Russian Federation, we store your data on servers located in the Russian Federation.
9. Cookies
9.1. Use of cookies. The Website uses cookies. When you visit the Website, your web browser sends certain information to our server: (1) date and time of the visit; (2) browser type; (3) language settings; (4) operating system. This information is stored in connection logs for a limited period (from the session up to one year) to ensure security and proper operation of the Website, as well as to collect statistical information.
9.2. Functions of cookies. Various groups of cookies are used on the Website. The first group is functional and technical cookies. The main function of such files is to allow the Website server to obtain information about your session, language, browser, and similar parameters, and to ensure full operation of the Website. These files are needed to recognise you when you return to the Website. This allows us to personalise the Website content to your needs and remember your preferences. The second group is analytics cookies; they allow us to estimate and count visitors and to understand how they navigate the Website when using it. This helps us improve the Website, for example by optimising navigation to the sections you need, making it simple and effective. You may refuse analytics cookies by adjusting the settings in your web browser.
9.3. Retention of cookies. By duration of storage on users' devices, cookies are divided into persistent and session cookies: "session cookies" are files stored on your device until you close your browser. "Persistent cookies" are stored on your device until they expire or until you delete them.
9.4. Disabling cookies. You may accept or reject all cookies on all websites you visit by changing the settings in your web browser.
10. Final provisions
10.1. Severability. If one or more provisions of the Policy are held invalid, unenforceable, or the like, such provisions are deemed replaced by valid provisions that are as close as possible in meaning. The Policy cannot be held invalid in its entirety under any circumstances.