1. Home
  2. GDPR PRIVACY NOTICE

GDPR Privacy Notice

This Privacy Notice for people located in the European Economic Area (“EEA”) supplements the information contained in the Privacy Policy of CorporateGift.com, Inc. ("CorporateGift"). Our processing of the personal data of people who are in the EEA is governed by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) (the “GDPR”), which applies from May 25, 2018. The GDPR requires us to provide certain information to you about your personal data, which we refer to in this notice as your personal information. Any terms defined in the GDPR have the same meaning when used in this notice.


  1. DATA CONTROLLER

The Data Controller for this website is CorporateGift.com, Inc. ("CorporateGift" or “Data Controller”) with its registered office in CorporateGift.com, 4 Washington St, Tenafly, NJ 07670 For any clarification, question or requirement related to your privacy and the processing of your personal data please do not hesitate to contact us at:

Phone: 646-751-7075

Website: www.corporategift.com

Email: Info@CorporateGift.com

Postal Address: CorporateGift.com, 4 Washington St, Tenafly, NJ 07670



  1. DATA PROTECTION OFFICER 

Pursuant to article 37 of GDPR, acting as a Data Controller we are not under legal obligation to appoint a Data Protection Officer. However, we continually monitor the current situation, and should this change, we will appoint a Data Protection Officer and will inform you accordingly. 


  1. PURPOSE OF PROCESSING

Generally, CorporateGift makes available Marketplace and Gifting Platform software and renders services in the form of Marketplace and Gifting Platform software acting as a Data Processor. We do not process your personal data as a user of Marketplace and Gifting Platform software for our own purposes, but we act as a Data Processor on behalf of our Client, who acts as a Data Controller and under a signed contract. The transfer of personal data is necessary to conclude and implement this contract.

Under limited circumstances, CorporateGift acts as a Data Controller. Personal data gathered through cookies is used for the purposes described in our Cookies Policy.  Other than information described in our Cookies Policy, the only information collected through our website is personal data provided voluntarily by visitors for the purpose of receiving additional information from CorporateGift. The circumstances under which we are acting as a Data Controller are the following:

  1. Processing of our Clients representatives personal data due to the conclusion of the agreement regarding the use Marketplace and Gifting Platform software;

  2. Processing of gifts givers’, gifts recipients’ and Client representatives’ personal data due to the defence against claims; 

  3. Processing of personal data in connection with CorporateGift’s accounts on: Facebook, Instagram, Twitter, LinkedIn; 

  4. Processing of personal data due to the “Become a merchant” functionality;

  5. Processing of personal data due to the “Request a demo” functionality;

  6. Processing of personal data due to “Submit a RFP” functionality;

  7. Processing of personal data in other situations than described in items a)-f); especially by receiving personal data through other sources of communication;


If we wish to use your personal data for a new purpose not covered by this GDPR Privacy Notice, we will provide a new notice explaining this new use and its relevant purpose and processing conditions prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and when required, we will seek your prior consent to conducting this processing.

  1. SOURCE OF YOUR PERSONAL DATA 

The personal data we process is collected directly from you when you contact us by email, live chat, contact form or other contact method available on our website, Gifting Platform or social channels.. Under limited circumstances, your personal data may be collected indirectly from you, for example, through your ISP (Internet Service Provider) or through your Internet browser settings.. 

  1. PERSONAL DATA CATEGORIES, LAWFUL BASIS FOR PROCESSING, CATEGORIES OF RECIPIENTS, RETENTION PERIOD.

By processing your personal data as a Data Controller, we are obligated by GDPR to inform you of certain important information:


Categories of Personal Data 

Lawful Basis for Processing 

Categories of Recipients 

Retention Period 

Full name, email address, telephone, job title, Internet identifiers

 

Art. 6 section 1 item. a) of GDPR - the data subject has given consent to the processing of his or her personal data for one or more specific purposes

Vendors that we engage in connection with the services; 

Vendors who provide support on operations, assessment, and improvements to the performance of our website

Until you withdraw your consent to the processing of this data

Network location and IP address, data on visits and behaviour on the website; unique identifiers, browser type, mobile network information, and Internet Protocol (IP) address; data from cookies

 

Art. 6 section 1 item. a) of GDPR - the data subject has given consent to the processing of his or her personal data for one or more specific purposes

Vendors who provide support on operations, assessment, and improvements to the performance of our website

Until you withdraw your consent to the processing of this data

Full name, email address, telephone, job title, Internet identifiers, employer

Article 6 section 1, item f) of the GDPR - as processing is necessary to pursue the Data Controller’s legitimate interest which is the possibility of establishing, asserting or defending against claims and defending our rights

Entities authorised under applicable laws

 

Providers of legal and advisory services

 

The data will be deleted after the expiry of the limitation period for any claims that may arise due to your communication with the Data Controller in accordance with the provisions of the applicable law

Name, email, telephone, job title 

Article 6 section 1, item b) of the GDPR – as processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Vendors that we engage in connection with our services; 

 

Entities authorised under applicable laws

 

Providers of legal and advisory services

 

The data will be deleted after the expiry of the limitation period for any claims that may arise due to your communication with the Data Controller in accordance with the provisions of the applicable law


  1. INFORMATION ON YOUR RIGHTS

As a Data Controller of your personal data, we provide you with the right to:

  1. access data (for information about the data processed by the Data Controller and for copies of data);

  2. rectify (correct) data;

  3. request erasure of data processed without justification;

  4. restrict data processing (suspend data operations or request not to delete data);

  5. transfer data to another data controller;

  6. object to the processing of your personal data.

In order to exercise your right, you should contact us by means of any communication channel you select from among those indicated in section 1 of this Privacy Notice. The scope of each of the above mentioned rights and the situations in which they can be exercised result from the provisions of law, and the possibility of exercising the right shall depend on e.g. the legal basis for using the data and the purpose of its processing.

Your right as described above may be exercised by clicking here.


  1. INFORMATION ON THE OBLIGATION OR VOLUNTARINESS OF PROVIDING PERSONAL DATA AND THE CONSEQUENCES OF FAILING TO DO SO 

By contacting us through our website or other CorporateGift accounts, you are under no statutory or contractual requirement or other obligation to provide personal data to us via our website. However, failing to do so may prevent us from contacting you in an efficient manner.


  1. INFORMATION ON THE RIGHT TO WITHDRAW THE CONSENT FOR PERSONAL DATA PROCESSING

If the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. The withdrawal of consent shall not affect the lawfulness of processing performed on the basis of your consent prior to its withdrawal. In order to exercise your right, you should send the relevant information to us by means of any communication channel you select from among those indicated in section 1 of this Privacy Notice.

  1. INFORMATION ON THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

Please be advised that if you determine that the processing of your personal data is in violation of applicable law, you have the right to lodge a complaint with your national supervisory authority (or in some countries, regional) responsible for the protection of personal data. The EU Commission has a list here:  http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm


  1. INFORMATION ABOUT AUTOMATED DECISION-MAKING, INCLUDING PROFILING


In the course of processing your personal data, no automated decision-making shall take place which would create legal consequences in relation to you or significantly affect you in a similar manner.

  1. INFORMATION REGARDING THE TRANSFERS OF PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)

CorporateGift’s main administrative offices are based in the USA and information collected through our website and Marketplace and Gifting Platform software is processed in this location. The USA does not have an adequacy decision under article 45 of GDPR from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. CorporateGift relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, CorporateGift collects and transfers to the USA personal data, with your explicit consent, and/or only to perform a contract with you.  Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice.  We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website and Marketplace and Gifting Platform software.  We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Notice.

We are not transferring your personal data to any other countries outside of the European Economic Area. 

  1. SECURITY MEASURES 

We protect your personal data with specific technical and organisational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently.


  1. CHANGES TO THIS INFORMATION

If this notice changes, an updated version of the privacy statement will be posted on this page, indicating when it was last updated. If material changes are made to this Privacy Notice affecting our Gifting Platform corporate accounts, we will make every attempt to notify directly by email or within your Account prior to the change becoming effective.