Skip to main content
Log in
Create account

Giftbit Privacy

Giftbit was created to serve the rewards and incentive needs of modern businesses. Giftbit Inc. and Giftbit Corp., doing business as Giftbit (“Giftbit” or “We”), respects your privacy and is committed to protecting it through our adherence to this Privacy Policy.

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the website www.giftbit.com (our "Site"), use our web app, API, and/or use the Platform and Service and information collected through automatic collection methods like cookies, beacons, geolocation and other mechanisms. This Privacy Policy also describes our practices for using, maintaining, protecting, and disclosing that information. Collectively the Site, App, API, Platform and Service are referred to in this Privacy Policy as “the Services”.

IF YOU ARE A TEAM USER, WE SHARE YOUR PERSONAL INFORMATION COLLECTED THROUGH THE APP WITH THE ADMINISTRATOR OF THE TEAM ACCOUNT THAT YOU CONNECT TO. IF YOU ARE A RECIPIENT, WE MAY SHARE YOUR PERSONAL INFORMATION WITH INDIVIDUAL MERCHANT ENTITIES WHERE YOU OPT TO RECEIVE REWARDS FROM SUCH MERCHANT ENTITY.

Except as set forth in this Privacy Policy, your Personal Information will not be used by us for any other purpose without your consent. We do not sell customer lists. You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using the Services.

Limitations

This Privacy Policy does not apply to:

  • If you are an individual user (“User”), information that we may provide to any administrator of a team account (“Team Account”) where the Giftbit platform is deployed (“Administrator”) and that you have authorized us to connect your account to. Administrator’s use of User’s information should be subject to a separate agreement between Administrator and User;
  • information collected by us through a separate website, app or service (such information is governed by the applicable privacy policy for that site and service);
  • information collected by us which is non-personally identifiable information, such as demographic statistics of our users (e.g. geolocation of our users), number of visitors, what pages users access or visit, and average time spent on the Website, business contact information or any personal information which has been anonymized; or
  • information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Site or App.

 

Minors

The Services are not intended for persons under 18 years of age and members of the Services must be 18 or older. We do not knowingly collect personal information from persons under 18. If you are under 18, do not use or provide any information on this Site or on or through any of its features/register on the Site or App, make any purchases through the Services, use any of the interactive or public comment features of the Services or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.

 

Information we collect about you and how we collect it

We collect several types of information from and about users of our Services, including information:

  • by which you may be personally identified, such as name, workplace, postal address, email address, telephone number and any other identifier by which you may be contacted online or offline ("personal information");
  • that is about you but on its own does not identify you; and/or
  • About your Internet connection, wifi service, the equipment you use to access our Site or App (i.e. device data) and service usage details.

We collect this information:

  • Directly from you when you provide it to us;
  • Automatically through the settings that you have enabled on the App; information collected automatically through the App may include usage details, IP addresses, and information collected through cookies and other tracking technologies;
  • Automatically as you navigate through the site; information collected automatically through the site may include usage details, IP addresses, and information collected through cookies and other tracking technologies;

 

Information you provide to us

The information we collect on or through the Services may include:

  • Information that you provide by filling in forms on our Site, API, or App. This includes information provided at the time of registering to use our Site or App, subscribing to our service, posting material or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us and when you report a problem with our Site or App.
  • Records and copies of your correspondence (including email addresses), if you contact us or if you contact others through the Services (such as through our check-in or messaging functions).
  • Details of transactions you carry out through our Site or App (including without limitation bookings, communications, orders and payments) and of the fulfillment of your orders. You may be required to provide financial information such as credit card details before placing an order through our Site or App (for example, through third party payment providers such as Stripe).
  • Your search queries on the Site or App.
  • Information you provide to us about other individuals
  • If you are a Recipient, we may be required to collect the following information from you for the purpose of satisfying “know your customer” requirements”:
    • Name
    • Email
    • Phone
    • Address
    • Date of Birth
    • Country of residence
    • Device information
    • IP address and location

 

Information we collect through automatic data collection technologies

As you navigate through and interact with our Site or App, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, geolocation and workplace usage patterns, including:

  • Details of your visits to our Site or App and other communication data and the resources that you access and use on the Site or App.
  • Information about your computer and Internet connection, including your IP address, operating system and browser type.
  • We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioural tracking).
  • When you access and use the App, we may automatically collect certain details of your access to and use of the App, including traffic data, geolocation data, and other communication data and the resources that you access and use on or through the App.
  • We may collect information about your mobile device and Internet connection, including the device's unique device identifier, IP address, operating system, browser type, mobile network information and the device's telephone number.
  • Our App collects real-time information about the geolocation of your device.

We and our third party service providers may collect information about you in a variety of ways. We and/or our third party partners may employ various tracking technologies, such as cookies, web beacons and analytics software, that help us better manage content on our Service by informing us what content is effective.

Cookies

When you visit our website or otherwise interact with the Service we (or third party data or ad networks we work with) may send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites. Some features on this site will not function if you do not allow cookies. We may link the information we store in cookies to any Personal Information you submit while on our site.

We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interest of our users to enhance the experience on our site. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If you reject cookies, you may still use our site, but some features on the site will not function properly.

Functional cookies, persistent and session type, store information to enable core site functionality.

Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.

Flash and HTML5 Storage

We use Local Shared Objects, such as Flash cookies, AND/OR Local Storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our website or to display advertising based upon your web browsing activity also use Flash cookies or HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5.

Analytics Software

We and our third party tracking-utility partners use log files on our Service to gather certain information automatically and store it for analytical purposes. This information includes internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use Google Analytics, which uses cookies and other, similar technologies to collect and analyze information about use of the Service and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s  practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

We use this information to track and aggregate Other Information to analyze trends, administer the site, track users’ movements around the Service and to gather demographic information about our user base as a in the aggregate.

 

How we use your information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal or regulatory obligation.

See below to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us using the contact details set out below.

We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us at legal@giftbit.com if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.

In this table:

  • Identity data means data that identifies you directly, such as name, date of birth, country of residence, etc
  • Contact data means data that allows us to contact you, such as email address, phone number, address, etc.
  • Financial data means financial data that concern you and your activities
  • Transaction data means data relating to transactions that you undertake through the Giftbit Service
  • Profile data means any additional information that you may enter in respect of your profile, such as company position, administration rights, etc.
  • Marketing and Communications data your communication preference data
  • Usage data means data relating to your usage of the Giftbit Services
  • Technical data means technical data such as device information and IP address and location
Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact		 Performance of a contract with you

To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us

 (a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications		 (a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or Privacy Policy

(b) Asking you to leave a review or take a survey

 (a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)

To enable Recipients to receive the benefit of the Giftbit Services and facilitate on-going eprovision of Rewards to Recipients

(a) Identity
(b) Contact
(c) Technical

 (a) Performance of Services to Recipient
(b) Compliance with Know-Your-Customer (KYC) and Anti-Money- Laundering (AML) laws
To enable you to partake in a prize draw, competition or complete a survey (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications		 (a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our services, to develop them and grow our business)
To administer and protect our business, Website, API and App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical		 (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and notifications to you and measure or understand the effectiveness of the notifications that we serve to you (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical		 Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, services, marketing, customer relationships and experiences (a) Technical
(b) Usage		 Necessary for our legitimate interests (to define types of customers for our services, to keep our Website and App updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about new features and services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile		 Necessary for our legitimate interests (to develop our services and grow our business

 

We may also use your information to contact you about our own features, goods and services that may be of interest to you. If you do not want us to use your information in this way, please unsubscribe from these notifications in your account profile or using the unsubscribe links in the emails we send.

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at legal@giftbit.com.

Performance of Contract means processing your information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal information where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

 

Disclosure of your information

We may disclose aggregated information about our users without restriction.

We may disclose personal information that we collect or you provide as described in this Privacy Policy:

  • If you are a User, to Administrators of the Team Account or Workplaces where you are registered;
  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our business solely for the purpose of them providing services to us.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Giftbit Inc. and/or Giftbit, Corp.’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the company about our Site or App users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your express consent to other uses not indicated in this Privacy Policy.

We may also disclose your personal information:

  • To comply with any court order, law or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our terms of service (https://www.giftbit.com/terms-and-privacy/) and other agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Giftbit Inc. and/or Giftbit, Corp., our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

 

Transfers of data

We use cloud-hosting service providers to provide hosting to us which means that your personal information may be available to foreign government or its agencies under a lawful order, irrespective of the safeguards we have put in place for the protection of your personal information. As privacy laws vary from jurisdiction to jurisdiction, the privacy laws applicable to the places where your information is transferred to or stored, used or processed in, may be different from the privacy laws applicable to the place where you are resident. However, we will ensure that a similar degree of protection is afforded to your personal information as is provided for under European Union law if you are located in the EU.

CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

  • Tracking Technologies and Advertising.
    You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on     Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
  • Promotional Offers.
    If you do not wish to have your contact information used by us to promote our own or third parties' products or services, you can opt-out by sending us an email stating your request to legal@giftbit.com or by following the opt-out instructions in any promotional communication we send to you. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions.

 

Transfers of data

You can review and change your personal information by logging into the Site or App and visiting your account profile page.

You may also send us an email at legal@giftbit.com to request access to, correct or delete any personal information that you have provided to us. We may not be able to delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

 

Retention

We will keep your personal information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained personal information will remain subject to the terms of this privacy policy. If you request that your name be removed from our databases, it may not be possible to completely delete all your personal information due to technological and legal constraints (see further above under Access and Correcting Your Information).

 

Safety and security

As a PCI-compliant service and GDPR-compliant processor of your data, we use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using 2048 bits SSL Encryption.

The safety and security of your information also depends on you. You have chosen a password for access to certain parts of our Site or App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. In addition to passwords, we support two-factor authentication. We strongly advise you, and your team administrator, to enable two-factor authentication on your account.

Unfortunately, the transmission of information via the Internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Site or App. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or App.

 

Changes to our privacy policy

It is our policy to post any changes we make to our Privacy Policy on this page https://www.giftbit.com/terms-and-privacy/. If we make material changes to how we treat our users' personal information, we will notify you by email to the email address specified in your account. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site or App and this Privacy Policy to check for any changes.

Contact Information: To ask questions or comment about this Privacy Policy and our privacy practices, contact us at: legal@giftbit.com.

 

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal information. You may have the right to:

    • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
    • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
    • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information's accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
    • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
    • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

 

Your California privacy rights

 

Requests

The CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.
  • Provide access to and/or a copy of certain personal information we hold about you.
  • Delete certain personal information we have about you.
  • Provide you with information about the financial incentives that we offer to you, if any.

The CCPA further provides you with the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information to provide the Services to you. We also will take reasonable steps to verify your identity before responding to a request. If we are unable to verify you, we shall have the right, but not the obligation, to request additional information from you.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer’s behalf, please contact us using the contact information provided below.

 

Shine the light disclosure

The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

 

Do not sell rights

Please note that the CCPA sets forth certain obligations for businesses that “sell” personal information to third parties. We do not engage in such activity as defined in the CCPA and have not engaged in such activity in the past twelve months from the Effective Date of this Policy.

 

Contact information and requests

If you wish to exercise any of the rights set out above or otherwise in respect of your privacy rights, please contact us at legal@giftbit.com or gdpr@giftbit.com.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


Last Updated: March 20, 2024

Giftbit logo.

© Giftbit 2024

 

Terms of service

Privacy policy

SOC 2 compiant

 

Amazon.com Gift Cards ("GCs") Restrictions apply, see amazon.com/gc-legal

The Starbucks wordmark and the Starbucks logo are registered trademarks of Starbucks Corporation. Starbucks is also the owner of the copyrights in the Starbucks logo and the Starbucks Card designs. All rights reserved. Starbucks is not a participating partner or sponsor in this offer.

The Prepaid Visa Incentive card is issued by Sutton Bank, Member FDIC, pursuant to a license from Visa U.S.A. Inc. Your use of the prepaid card is governed by the Cardholder Agreement, and some fees may apply. This is not a gift card. Please note that prepaid cards are subject to expiration, so pay close attention to the expiration date of the card. No cash access. The card is powered by Marqeta.

Utilisez votre carte virtuelle en ligne partout où Mastercard est acceptée dans le monde entier. La carte est émise par la Compagnie de Fiducie Peoples conformément à la licence par Mastercard International Incorporated. Mastercard est une marque déposée et le concept de cercles est une marque de commerce de Mastercard International Incorporated. Votre utilisation de la carte prépayée est régie par l’Entente des titulaires de carte et certains frais peuvent s’appliquer. Il ne s’agit pas d’une carte-cadeau. Veuillez noter que les cartes prépayées sont sujettes à expiration : faites donc bien attention à la date d’expiration de la carte.

Use your virtual card online everywhere Mastercard is accepted worldwide. Card is issued by Peoples Trust Company pursuant to license by Mastercard International Incorporated. Mastercard is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated. Your use of the prepaid card is governed by the Cardholder Agreement, and some fees may apply. This is not a gift card. Please note that prepaid cards are subject to expiration, so pay close attention to the expiration date of the card.

Use your virtual prepaid card online everywhere Mastercard is accepted. Issued by The Bancorp Bank, N.A., Member FDIC, pursuant to license by Mastercard International Incorporated. Mastercard is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated. Your use of the prepaid card is governed by the Cardholder Agreement, and some fees may apply. This is not a gift card. Please note that prepaid cards are subject to expiration, so pay close attention to the expiration date of the card.

Please visit each company's website for additional terms and conditions.