Last updated: 10th March 2025
GIFTD GmbH (the “Company,” “we,” or “us”) wants you to be familiar with how we collect, use and disclose Personal Information.
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. This Privacy Notice describes our processing practices of Personal Information that we collect and use in connection with:
We collect the following categories of Personal Information:
A. Personal Information we receive from you:
Name & Contact Details
Such as first and last name, title, prefix, email address, phone number, postal address, gender, country of residence..
Account Information
Such as your chosen username and password, profile photo, bio and other information that you voluntarily share in your account.
Billing Information
Such as debit or credit card details, bank account details, billing address.
User Content
Such as reviews and testimonials about our Services, and other content you may create or share on our Services, including messages in our online forums and posts on our Social Media Pages, blogs, and comment sections.
Preferences
Such as language, interests, and other customer feedback/preferences that you might express during your use of our Services.
Marketing Data
Such as your choices regarding our newsletters, surveys, and other marketing/advertising displayed or provided to you, and preferred methods of such promotional communication.
Relationship History
Such as details of your communications with us, and details of your claims, complaints and queries in general.
Transaction Information
Such as details of products you have reserved, received via mail or collected at pick-up events, or given away via our Services.
Visitor and Event Information
Such as dietary restrictions, travel and accommodation details, issued identification pass to access the premises, and other details specific to a particular event that you share with us.
User Photographs and Videos
Such as photos and videos submitted by you while using our Services.
B. Personal Information we collect through your use of our Services or from other sources:
Social Media Information
Such as profile pictures, social media account ID, and other social media profile information, including lists of friends/followers on social media.
Event Photographs and Videos
Such as photos and videos taken at one of our events.
Device Information
Such as information about your browser and devices, your IP address and information about your use of and activity on our Services. This includes data obtained through cookies and similar technologies, as described in our Cookie Policy
Location Information
Such as location-based information from your mobile device that we collect via GPS and other technologies based on your IP address.
We collect the above-listed Personal Information in a variety of ways, including through our Services and from other sources, as set out in the grid below.
We need to collect certain Personal Information in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. We will note which Personal Information is required to provide the Services at the time of its collection.
We use your Personal Information for legitimate business purposes as described in the overview below.
Purpose
Examples of Processing Activities
Legal Basis
Third Party Sources
Providing the functionality of the Services
Provide the functionality of the Services to you, such as creating and arranging access to your GIFTD user account; facilitating the reservation of products of our brand partners and other users; organizing the pick-up or shipment of reserved products; facilitating the gifting process for products uploaded in the Apps by you; verifying your information; processing your payments related to shipments; facilitating interactions between users and allowing you to invite your contacts
Name & Contact Details; Account Information; Billing Information; Preferences; Relationship History; Transaction Information; Device Information; User Photographs and Videos; and Social Media Information.
Performance of the contract, including our Terms of Use that we enter into with you to provide the Services.
Publicly available databases; Google and Apple, if you use their single sign on feature when creating your GIFTD account.
Customer service
Administering customer-care services to facilitate and address inquiries, requests, comments and complaints about any of our Services (such as in person, through phone lines, email, or on social media), for example, to send you documents or information you request or assist you in using the Services.
Name & Contact Details; Account Information; Billing Information; Relationship History; Transaction Information; Device Information; and Preferences.
Performance of the contract, including our Terms of Use that we enter into with you to provide the Services.
Legitimate interests, such as responding to inquiries or complaints.
Legal obligations*, such as when you submit a request to access your Personal Information.
N/A
Communicating important changes / service messages
Send you important information regarding our relationship with you, our Services, any changes to our Terms of Use, policies and procedures, and/or other administrative information.
Name & Contact Details; Account Information; Preferences; Relationship History; Transaction Information; Device Information; and Social Media Information.
Legitimate interests, such as to ensure our Services are used in accordance with our terms, policies and procedures.
Performance of the contract, where provided in our Terms of Use.
Legal obligations*, such as to inform you of material changes to our Terms of Use to comply with applicable consumer and/or data protection laws.
N/A
Operations and general business
Administering online Services (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and the hosting of data); and facilitating mergers, acquisitions and other reorganizations and restructurings of our business (including prospective transactions).
Personal Information as relevant for the specific business operation.
Legitimate interests, such as responding to customer complaints and concerns.
Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records.
Third party organizations, when they share personal information with us to, for example, facilitate mergers, acquisitions and other reorganization and restructurings of our business.
Purpose
Examples of Processing Activities
Legal Basis
Third Party Sources
Marketing cooperations with our brand partners
Collect and share personal information with brand partners when you sign up for their newsletters or marketing campaigns in our Apps.
E-mail address.
Consent. Where we share your e-mail address with one of our business partners we will ask for and rely on your prior opt-in consent.
N/A.
Purpose
Examples of Processing Activities
Legal Basis
Third Party Sources
Marketing
Send you promotional information about our Services, products, newsletters, promotions, offers and other news about GIFTD.
Name & Contact Details; Account Information; Relationship History; Transaction Information; Preferences; Marketing Data; User Content; Device Information; Geolocation Information; and Social Media Information.
Legitimate interests, such as to promote our Services.
Consent, for example, where we would like to send you our GIFTD newsletter or push notifications, we will ask for and rely on your prior opt-in consent.
N/A.
Promotions and contests
Conduct prize promotions, contests and other promotional offers. If you participate, we will use your information to administer such promotions and offers. Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information, which we will communicate to you separately.
Name & Contact Details; Account Information; Relationship History; Transaction Information; Preferences; Marketing Data; Device Information; User Content; User Photographs and Videos; Event Photographs and Videos; Geolocation Information; and Social Media Information.
Legitimate interests, such as to promote our Services.
Performance of contract, such as fulfilling obligations associated with a contest.
N/A.
Relationship building and engagement
Facilitate and respond to any product reviews, social sharing and posts on our Services.
Name & Contact Details; Account Information; Marketing Data; Social Media Information; and User Content.
Legitimate interests, such as engaging with individuals who post on our Social Media Pages.
N/A.
Purpose
Examples of Processing Activities
Legal Basis
Third Party Sources
Events and Visits
Facilitate and participate in conferences or events such as pick-up events and other happenings, as well as welcoming guests and visitors to our premises.
Name & Contact Details; Account Information; Billing Information; Relationship History; Transaction Information; Preferences; Visitor and Event Information; Marketing Data; and Event Photographs and Videos.
Performance of a contract with you, such as collecting information regarding a planned pick-up event in which you participate.
Legitimate interests, such as responding to customer complaints or concerns relating to an event.
N/A.
Purpose
Examples of Processing Activities
Legal Basis
Third Party Sources
Personalizing our Services
Personalize our interactions with you and provide you with information and/or offers of gifts tailored to your interests, such as targeted advertising tailored to your interests, on our online Services as well as our marketing partners’ platforms; deliver content via our Services that we believe will be relevant and interesting to you.
To carry out these purposes, we may use automated means, including profiling.
Name & Contact Details; Account Information; Marketing Data; Social Media Information; Relationship History; Transaction Information; Device Information; Geolocation Information; and Preferences.
Consent, for example, where we would like to send you offers tailored to your specific interests, shopping history and/or behavior, and such tailoring of offers would result in extensive profiling.
Legitimate interests, such as providing tailored Services based on past usage and/or preferences, and such tailoring would be based on basic and privacy-non-intrusive segmentation.
N/A.
Improving and developing new products and Services
Conduct data analysis, for example, monitoring and analyzing usage of Services and using data analytics to improve the efficiency of our Services; develop new products and Services; consider ways for enhancing, improving, repairing, maintaining or modifying our current products and Services; identify usage trends, for example, understanding which parts of our Services are of most interest to users; determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and operate and expand our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.
To carry out these purposes, we may use automated means, including profiling.
Name & Contact Details; Account Information; Relationship History; Transaction Information; Preferences; User Content; Device Information; Geolocation Information; and Social Media Information.
Legitimate interests, such as developing new Services.
Consent, such as when we use cookies and similar technologies and the data collected by means of such technologies qualify as Personal Information.
Consent to track location-based information from your mobile device to provide certain location-based services.
N/A.
Aggregating and/or anonymizing Personal Information
Aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information.To carry out these purposes, we may use automated means, including profiling.
Personal Information as relevant for the specific business purpose.
Legitimate interests, such as to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
N/A.
Purpose
Examples of Processing Activities
Legal Basis
Third Party Sources
Fraud prevention and security
Conduct audits, verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements; monitor for and prevent fraud; and security purposes, including system security.
Name & Contact Details; Account Information; Billing Information; Device Information; Relationship History; and Transaction Information.
Legal obligations*, such as to detect and prevent cyberattacks.
Legitimate interests, such as identifying and/or preventing fraudulent transactions.
N/A.
Legal and compliance
Fulfil our legal and compliance-related obligations including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; meeting national security or law enforcement requirements.
Enforcing our Terms of Use; protecting our operations; protecting the rights, privacy, or property of the Company; and allowing us to pursue available legal remedies, defend claims and limit the damages that the Company may sustain.To carry out these purposes, we may use automated means, including profiling.
Personal Information as relevant for the specific legal action, regulatory investigation, and/or legal processes in question, which may include:Name & Contact Details; Account Information; Billing Information; User Content; Preferences; Marketing Data; Relationship History; Transaction Information; Visitor and Event Information; User Photographs and Videos; Social Media Information; Event Photographs and Videos; and Device Information.
Legal obligations*, such as complying with legal processes.
Legitimate interests, such as enforcing our Terms of Use to protect trademarks and bringing or defending legal claims.
Public and/or government and/or regulatory authorities, including courts, regulators and government authorities.Third persons (legal or natural), as relevant for the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms etc.).
*For more information on our legal obligations, please see section ‘Other Disclosures’ below.
** For more information on disclosure of Personal Information in connection with a sale or business transaction, please see ‘Other Disclosures’ below.
Recipients
Purpose
Brand partners
- Brand partner cooperations
- Marketing and user engagement (sharing user email address for newsletter campaigns of brand partners)
Payment processing service providers:
- Stripe
- RevenueCat
- Apple App Store
- Google Play Store
- Fraud prevention and security
- Providing the functionality of the Services
- Events and visits
Website hosting service providers
- Improving and developing new products and Services
- Operations and general business
- Providing the functionality of the Services
Information technology and related infrastructure service providers
- Fraud prevention and security
- Improving and developing new products and Services
- Operations and general business
- Providing the functionality of the Services
Email delivery service providers
- Communicating important changes
- Customer service
- Improving and developing new products and Services
- Marketing and user engagement
- Personalizing our Services
- Promotions and contests
- Providing the functionality of the Services
- Events and visits
Analytics providers for our Services including providers of performance monitoring and testing:
- Google Analytics for Firebase
- Mixpanel
- Firebase Crash Reporting
- TestFlight
- Aggregating and/or anonymizing Personal Information
- Customer service
- Fraud prevention and security
- Improving and developing new products and Services
- Marketing and user engagement
- Operations and general business
- Personalizing our Services
- Promotions and contests
Law enforcement, public, regulatory and government authorities, courts
- Emergency and incident response
- Fraud prevention and security
- Legal and compliance
Auditing service providers
- Fraud prevention and security
- Legal and compliance
Other services, including, without limitation, our Social Media Pages
- Individual user/customer public interactions and communications, such as message boards, chat, profile pages, blogs and other services to which you choose to post information and content
- Social sharing activities
We also disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.
Purpose
Further Detail
To comply with applicable law and regulations
This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your Personal Information, including:
- Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
- Criminal matters: to comply with requests and orders from EU and EU Member State law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.
- Consumer matters: to comply with requests from competent authorities under EU or EU Member State consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States.
- Corporate and taxation matters: to comply with our obligations under applicable EU Member State corporate and tax legislation, such as where a national tax law of an EU Member State requires collection of specific transactional personal information for tax purposes.
- Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our Company. These can include authorities outside of your country of residence.
- Compliance and internal investigations: to comply with whistleblowing requirements under Directive (EU) 2019/1937 and its implementing laws in EU Member States, e.g. the German Whistleblowing Law (Hinweisgeberschutzgesetz).
For other legal reasons
- For dispute resolution purposes;
- To protect our rights, privacy, safety or property, and/or you or others.
In connection with a sale or business transaction
We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your Personal Information in accordance with applicable law and the ‘Updates To This Privacy Notice’ section.
We may collect personal information through the use of cookies and similar technologies. Please see our Cookie Policy for more information.
Your choices regarding our use and disclosure of your Personal Information
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt out from:
(1) Receiving marketing-related emails from us. If you no longer want to receive marketing related emails from us on a going-forward basis, you may opt out by clicking on the “unsubscribe” link provided at the bottom of our marketing emails or by contacting us at hello@giftd.app.
(2) Our sharing of your email address with our business partners for their direct marketing purposes. When you reserve a giveaway on the GIFTD brand page of one of our business partners, we may ask you to subscribe to the business partner’s newsletter. With your consent only we will share the email address associated with your GIFTD user account with the respective business partner once you have subscribed to their newsletter. If you would prefer that we discontinue sharing your email address with our business partners for their direct marketing purposes, you may contact us at hello@giftd.app.
(3) Receiving marketing-related emails from our business partners. If you no longer want to receive marketing-related emails from one of our business partners on a going-forward basis, you may opt-out by clicking on the “unsubscribe” link provided at the bottom of each marketing email that you receive from the respective business partner, or by contacting the business partner directly. You may also contact us at hello@giftd.app . We will inform the respective business partner immediately of your consent to receiving marketing emails from them as well as your withdrawal of such consent.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.
How you can exercise your rights
If you would like to request to access, correct, update, suppress, restrict, or delete Personal Information, object to or opt out of the processing of Personal Information, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your Personal Information, e.g. for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us at hello@giftd.app.
In your request, please make clear what Personal Information you would like to have changed or whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion).
You may lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at https://ec.europa.eu/newsroom/article29/items/612080.
RETENTION PERIOD
We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Information, even after your account has been deleted and/or we no longer provide the Services to you; for example:
In some circumstances we will anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
THIRD PARTY SERVICES
This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
PERSONALIZED OFFERS
We may send or display giveaways and products that may be of interest to you when you access and use the Services. You may receive offers for gifts based on information relating to your access to and use of the Services. For this purpose, we place or recognize a unique cookie on your browser (including through the use of pixel tags). If you would like more information about this practice, and to learn how to opt out of it, you may contact us at hello@giftd.app.
USE OF SERVICES BY MINORS
The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under 16.
JURISDICTION AND CROSS-BORDER TRANSFER
Your Personal Information may be stored and processed in Belgium where our servers are located or other countries outside the EEA in which we engage service providers. By using the Services you understand that your Personal Information may also be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.
Where this will involve transferring your Personal Information outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Adequacy Decisions and Data Privacy Shield: Some non-EEA countries are recognized [under the UK GDPR and] by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here [hyperlink to EU Commission’s adequacy list online: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
Standard Contractual Clauses For transfers of Personal Information from the EEA to third countries which are not considered adequate by the European Commission, we have put in place standard contractual clauses adopted by the European Commission to protect your Personal Information. You may obtain a copy of these measures by contacting us at hello@giftd.app.
SENSITIVE INFORMATION
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.
UPDATES TO THIS PRIVACY NOTICE
The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services.
CONTACTING US
GIFTD GmbH, located at Muskauer Str. 11a, 10997 Berlin, Germany, is the company responsible for collection, use, and disclosure of your Personal Information under this Privacy Notice.
If you have any questions about this Privacy Notice, please contact us at hello@giftd.app.
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.