Gifty is a corporate gifting solution enabling businesses of all sizes to send exchangeable gift credit ("Gifty Credit") to recipients ("Gifty Recipients") who can spend it to purchase gift codes that can be used instantly in-store or online to pay for goods or services ("Digital Gift Codes") from a range of retail merchants ("Participating Retailers"). Typical recipients include employees, team members and customers. Gifty is operated by Scream Limited t/a WIN|WIN – Ireland’s leading Rewards & Loyalty Agency.
Digital Gift Code (DGC)
A Digital Gift Code is generated when the Gifty Recipient selects the Participating Retailer for which it decides to convert Gifty Credit. The DGC unlocks its correspondivvalue with the participating Retail er directly at the point of purchase.
Gifty Code Expiry
The Gift Code Expiry is the date that the actual Gift Code will expire, after which it will no longer be accepted by Particiapting Retailers.
Gifty Credit (GC)
Gifty Credit is a Monetary Currency within the Gifty.ie platform that is assigned to Recipients by the sending party - the Gifty Client
Gifty Rec ipients
Gifty Rec ipients Gifty Rec ipients are the end users of Gif ty Credit who have teen sent GC by the Gifty Client
The Selection Window is the time period set by the Gifty Client for Recipients to activate the Gifty link sent to them and th en select their preffered Retailer from which to generate their Gift Codels1.
Gifty provides the opportunity for businesses to send recipients "Gifty Credit". Gifty Credit sits within the Gifty programme, a Loyalty Programme that facilitates a closed loop gifting service that lists a number of Participating Retailers that accept Gifty Credit in exchange for their Digital Gift Codes.
Gifty Credit can be spent by the recipient to buy Digital Gift Codes under distinct monetary denominations. The denominations available per Retail Partner will be clearly set out when reviewing participating Gifty Retailers. This is to provide choice for those Gifty Recipients who may wish to use their Gifty Credit across multiple Gifty Retailers.
Please note that when making a purchase online the Retailer Partner may provide that only one Digital Gift Code may be used per transaction which will prevent you from using all your Digital Gift Codes on a single purchase. Therefore, Gifty Recipients are advised to check this condition both when selecting their Digital Gift Codes and indeed when attempting to use within a transaction.
Protecting your Gifty
Gifty Recipients are sent a live URL web site link ("Gifty Link") via email to allow them to Register a Gifty Membership Account and access their Gifty Credit. Recipients are advised to carefully store their Gifty Link. This will be in e-mail format so will be available for re-use provided the recipient does not delete it. It is recommended that you do not forward your link to any 3rd party or indeed unintended recipients as once your Gifty link leaves your control it may be used by those who receive your e-mail. You are responsible for managing the security of your e-mail.
Gifty credit will not be reissued if you have shared, whether intentionally or unintentionally, your Gifty link with a 3rd party or indeed unintended recipients.
When first activating your Gifty, you are asked to Register using a Username & Password. This is a security function to ensure only the intended Gifty Recipient has access to and ultimately benefits from the Gifty Credit issued by the sender. Once a Registration is successfully completed, the user is automatically a member of the Gifty loyalty programme and can use the same Registration credentials to access future Gifty notifications.
The Username can be anonymous and does not have to in any way identify the actual personal details of the Gifty Recipient. At no point does Gifty require specific personal details or contact information in order for the Gifty Recipient to benefit from the programme.
There will be no future marketing of Gifty to the Gifty Recipient given that no contact information is requested or stored as part of the Registration process. Should you wish to be notified of Gifty news you can access the "Notify Me" section of the portal and declare voluntarily your contact details specifically for this purpose.
Registered Gifty Members will also be able to access their profile via the Gifty.ie website under the "Member Login" facility by entering their Username & Password.
Using your Gifty
Having converted your Gifty Credit into a Digital Gift Code you will then be able to use this code as either full or part payment for products or services rendered with that Retailer. Please be aware that Gifty Retailers may permit Digital Code Usage either a) In Store Only b) Online Only or c) Both Instore & Online. These conditions are clearly set out in the direct Gift Code Terms & Conditions and should be referenced before making your selection.
Gifty Credit will not be reissued if you have selected a Retail Partner and then wish to change your choice based on realising post selection any of the above limitations.
In using your Gifty, you will have access to navigate the Gifty platform within which you can browse Participating Retailer options and make Gift Code selections within your Gifty Credit allowance. Gifty Recipients will also be able to store their Gift Codes in the Wallet section of the platform as well as print, create a PDF or simply view their Gift Code (it is also popular for Gifty Recipients to "screen shot" their Gift Code for ease of future use on mobile devices).
Gifty Recipients can access the platform several times by using the link originally sent to them by the Gifty Client or for registered Gifty Members via Gifty.ie. Such access however will only be possible within the timeframe of the Gifty Window. If you have only part used your Gifty Credit in an earlier session, your next visit will clearly set out your remaining Gifty Credit as well as retain full access to the above features.
Please note that once Gifty Credit has been exchanged for Digital Gift Codes with Participating Retailers, you must retain a copy of the Digital Gift Code(s) as it is not possible to re-issue Digital Gift Codes post the closing of the Selection Window.
It is important to note that as Gifty is a Loyalty Programme within which sits a Promotional Gifting solution that creates promotional cost efficiencies based on commercial discounts and a bespoke, transparent rebate mechanism for Gifty business clients based on any potential non-engagement by recipients. It does not therefore fall within the parameters of The Consumer Protection (Gift Vouchers) Act (2019). This Act was designed to address Consumers who directly purchase Monetary Vouchers from Retailers at full Retail Value.
The Gifty model provides Gifty Corporate Customers with the ability to tailor the duration of a Gifty promotion ("the Selection Window"). As standard, the Selection Window is set at 3 months however Gifty Business Clients reserve the right to adjust this. In every case, the Gifty Client will clearly communicate to the Gifty Recipient what the Selection Window is in place for their promotion. As standard, once a Gifty Recipient generates a Digital Gift Code they will then have 12 months to use their Digital Gift Voucher with their selected Retailer from the date of their selection.
We reserve the right to introduce new terms and/or to vary or amend an existing term by giving you at least two weeks’ notice thereof on the Website or by whatever means we, in accordance with applicable legislation, deem appropriate at that time.
Gifty at all times strives to provide Gifty Recipients with the very best selection of quality Retail Partners across multiple categories from which to use their Gifty Credit. Gifty reserves the right to add/remove Retail Partners within the Gifty platform as required. Participation in the Gifty platform is entirely at the discretion of the Participating Retailer who may for their own reasons decide to suspend or cease their listing on the Gifty platform. In such an instance, any codes already generated for such a Retailer will be fully honoured as per their Terms & Conditions up to and including the relevant Digital Gift Code expiry. A list of current participating retailers will always be available on the Gifty.ie website.
Liability after Digital Gift Card redemption
- Gifty will not be liable for the refusal of any Participating Retailer to accept or honour their Digital Gift Code for any reason. In such an unlikely instance, we ask that you report the details of the event to our Customer Support team (email@example.com) and we will investigate the matter on your behalf. If the outcome of the investigation finds favour with the Gifty Recipient, we will issue a corresponding Gifty Credit to the Recipient on the same terms as the original Gifty sent to the Recipient.
- If a Participating Retailer becomes liable to make a refund to you, we will not credit the amount of any refund to the Digital Gift Code. All refunds are a matter between you and the relevant Participating Retailer.
- In purchasing from a Participating Retailer, you are entering into a contract with that Retailer directly and as such will have left the confines of the specific Gifty environment. The Retailer’s direct Terms & Conditions will then apply. In the unlikely event that you encounter a poor experience with that Retailer and if that experience has resulted in injury, harm or loss – you must address the matter directly with that Retailer. Gifty assumes no liability for such instances. We do however encourage the reporting (at your discretion) of any such instances to Gifty from a Customer Care perspective to enable us to investigate such instances in the spirit of ensuring a high level of quality service from our Participating Retailers.
Please contact us for any assistance under the following channels Monday to Friday 9:00 to 17:00.
Customer Support – firstname.lastname@example.org
Scream Ltd t/a WIN|WIN (Incorporating Gifty), 3 Argyle Square, Morehampton Road, Donnybrook, Dublin 4. D04 DC64
TERMS & CONDITIONS - GENERAL
It is important to clearly emphasis that the Gifty model, by design, does not require, use or retain any customer data in order to fulfil its service. Recipients are contacted by Gifty clients who will use customer data in their possession in order to send Gifty Credit to their intended recipients.
The only scenario where a Gifty employee may access any personal data is in the processing of Customer Support enquiries that may transpire. In this instance, you will be asked to consent to us taking your personal details in order to support and resolve your request. Gifty uses an advanced Ticketing system to track and progress all Customer Support Enquiries. All data from our Ticketing system is destroyed automatically 3 months after the closing of every support ticket.
Data Protection is the means by which the privacy rights of individuals are safeguarded in relation to the processing of their personal data. Gifty (Scream Ltd t/a WIN|WIN) needs to collect and use personal data about its partners, clients and individuals, who use and access their services, software, websites. Those individuals ("data subjects") have privacy rights in relation to the processing of their personal data. Gifty must therefore comply with the EU General Data Protection Regulation ("GDPR") and the Irish Data Protection Acts, 1988 to 2018 (the "DPA"). The Data Protection Acts confer rights on individuals as well as responsibilities on those who process personal data.
1. Policy Statement
This policy sets out the practices to be adopted in relation to collection and processing of Personal Data to ensure that WIN|WIN (incorporating Gifty) complies with its commitment to protect the rights and privacy of Data Subjects.
Personal Data is, broadly speaking, information relating to an identified or identifiable natural person (such as a name or an identification number). The definitions of Personal Data, Data Subject, Controller and Processor are as set out in the Definitions section below.
Personal Data does not include contact details for corporate entities that happen to relate to an employee or other representative of that corporate entity (e.g. names, email addresses and telephone numbers of contacts in corporate bodies) as long as those details are used only for business purpose.
This policy is a statement of WIN|WIN’s (incorporating Gifty) commitment to protect the rights and privacy of individuals in accordance with Data Protection Law. The data protection obligations outlined relate to any Personal Data relating to any Data Subjects which is processed by WIN|WIN (incorporating Gifty).
WIN|WIN (incorporating Gifty) must comply with the data protection principles which are set out in Data Protection Law. WIN|WIN (incorporating Gifty) will administer its responsibilities under the legislation in accordance with these stated principles as follows:
Obtain and process Personal Data lawfully, fairly and in a transparent manner
WIN|WIN (incorporating Gifty) will obtain and process Personal Data lawfully and fairly in accordance with Data Protection Law. WIN|WIN (incorporating Gifty) will ensure that Data Subjects are provided with details relating to the processing of their Personal Data, and are informed of their rights under Data Protection Law by means of an appropriately worded data protection notice
Process Personal Data for only specified, explicit and legitimate purposes
WIN|WIN (incorporating Gifty) will collect Personal Data only for purposes that are specific, lawful and clearly stated. Personal Data will be processed only in a manner compatible with these purposes. WIN|WIN (incorporating Gifty) will create and maintain an inventory of Personal Data held within the organisation
Ensure that Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
WIN|WIN (incorporating Gifty) will collect the minimum amount of Personal Data necessary to carry out the required processing. Personal Data held by WIN|WIN (incorporating Gifty) will be adequate, relevant and limited to what is necessary for the purpose(s) for which it is collected and kept. The types of information about individuals which WIN|WIN (incorporating Gifty) collects and keeps are reviewed periodically to ensure compliance with this requirement. Information that is no longer needed is deleted
Keep Personal Data accurate, complete and up to date
WIN|WIN (incorporating Gifty) will operate procedures that ensure high levels of data accuracy, completeness and consistency. WIN|WIN (incorporating Gifty) will provide mechanisms for Data Subjects to access and rectify their Personal Data if applicable.
Retain Personal Data for no longer than necessary for the purpose(s) for which it is acquired.
WIN|WIN’s (incorporating Gifty) practices and processes for retention of Personal Data are in line with Data Protection Law
Keep Personal Data safe and secure
WIN|WIN (incorporating Gifty) will take appropriate security measures against unauthorised access to, alteration, disclosure, destruction or otherwise unlawful processing of Personal Data, and against their accidental loss or destruction
Comply with requests from Data Subjects to exercise their data protection rights
Under Data Protection Law, Data Subjects (including WIN|WIN Employees and customers) have the following rights in relation to the processing of their Personal Data (subject to limited exceptions):
- The right to access Personal Data
- The right to information
- The right to rectification
- The right to object to and restrict processing
- The rights in relation to automated decision making
- The right to be forgotten
- The right to data portability
Automated Means: processing using a computer or other electronic device
Controller or Data Controller: any person who, either alone or with others, controls the purpose and means of the processing of Personal Data. Controllers can be either legal entities such as companies, government departments or voluntary organisations, or they can be individuals
Data: information in a form which can be processed. It includes both data processed by Automated Means and Manual Data
Data Processing: any operation or set of operations on Personal Data including: collecting, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Data Subject: a natural person (an individual who is currently living) whose Personal Data is processed by or on behalf of WIN|WIN (incorporating Gifty)
Manual Data: information that should form part of any structured set of Personal Data (which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographic basis)
Personal Data: any data relating to a living individual who is or can be identified either directly or indirectly, including by reference to an identifier (such as a name or identification number, e.g. WPRN, GPRN or Asset Identification Number). It also includes data specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person
Processor or Data Processor: a person who processes Personal Data on behalf of a Controller, but does not include an employee of a Controller who processes such data in the course of his/her employment
Special Categories of Personal Data: Personal Data relating to an individual’s: racial or ethnic origin; political opinions or religious or philosophical beliefs; trade union membership; genetic or biometric data processed for the purpose of uniquely identifying a natural person; physical or mental health, including in relation to the provision of healthcare services; sex life or sexual orientation. Individuals have additional rights in relation to the processing of any such data
4. Third Parties
Sould a necessary third party have permitted access to Personal Data, WIN|WIN (incorporating Gifty) will:
- Undertake due diligence to ensure that it is appropriate to engage the Processor
- Ensure that it puts in place an agreement in writing with the Processor that complies with Data Protection Law
WIN|WIN (incorporating Gifty) is required to maintain an inventory of the Personal Data that it holds (both as a Controller and a Processor). The inventory must include the following details about WIN|WIN’s (incorporating Gifty) processing of Personal Data:
- Details of the Controller(s)
- The purposes of the processing
- A description of the categories of Data Subjects and the categories of Personal Data
- The categories of recipients to whom Personal Data has been or will be disclosed, including recipients in third countries or international organisations
- Details of transfers of Personal Data to a third country, including the identification of that third country
- Where possible, time limits for retention
- Where possible, a description of the technical and organisational security measures that are undertaken to protect the data
The WIN|WIN (incorporating Gifty) Data Inventory will be maintained by the DPO on an on-going basis. If WIN|WIN (incorporating Gifty) are planning any new activity or implementing any new initiative that will change the way that the Company processes Personal Data, they should contact the DPO so that such information can be added to the Data Inventory.
Privacy by Design and Default
Implementation of data protection by design and default are key principles under Data Protection Law.
- Data Protection by Design – Data protection by design is the notion that the means and purposes of the processing of Personal Data are designed with data protection in mind from the beginning.
- Data Protection by Default – WIN|WIN (incorporating Gifty) will implement appropriate technical and organisational measures to ensure that, by default, only Personal Data necessary for the relevant purpose is processed
Data Protection Assessment Impacts
WIN|WIN (incorporating Gifty) is obliged to ensure that a Data Protection Privacy Impact Assessment ("DPIA") is undertaken before commencing any processing that is likely to result in a ‘high risk’ to Data Subjects’ rights and freedoms.
The GDPR includes the ‘large scale’ processing of sensitive Personal Data or profiling activities as examples of high-risk processing.
A DPIA must contain at least the following details:
- a description of the envisaged processing operations and the purposes of the processing
- an assessment of the necessity and proportionality of the processing
- an assessment of the risks to the rights and freedoms of Data Subjects
- the measures envisaged to address the risks that have been identified and to demonstrate compliance with the GDPR
WIN|WIN (incorporating Gifty) also considers whether a Privacy Impact Assessment ("PIA") is necessary when it engages in changes to its processing of Personal Data that do not require a DPIA. Where necessary, DPIAs and PIAs are carried out before the processing activity in question is commenced.
Each DPIA and PIA that is carried out by WIN|WIN (incorporating Gifty) is submitted to the DPO for review once it is completed and at regular intervals thereafter. The default period for such reviews is every 3 years.
WIN|WIN (incorporating Gifty) ensures that Personal Data is accurate and kept up to date. WIN|WIN (incorporating Gifty) will take every reasonable step to ensure that any Personal Data that is inaccurate or out of date, having regard to the purposes for which it is processed, is erased or rectified without delay in accordance with the Data Management Policy.
WIN|WIN (incorporating Gifty) will ensure that WIN|WIN (incorporating Gifty) Employees who process Personal Data are made aware of and, when necessary, receive training in respect of data protection law and principles. Records of data protection training completed by WIN|WIN (incorporating Gifty) Employees will be maintained as part of their personnel files.
DPO (Data Protection Officer)
Certain Controllers and Processors are required under Data Protection Law to appoint a Data Protection Officer. As WIN|WIN is required and has appointed a DPO.
Each country in the EEA has a ‘Supervisory Authority’ that oversees compliance with Data Protection Law. The lead supervisory authority for WIN|WIN (incorporating Gifty) is the Irish Data Protection Commission (the "DPC").
Enforcement, Sanctions and Penalties
It is important that all WIN|WIN (incorporating Gifty) Employees comply with this policy and related policies and procedures, as a breach of Data Protection Law could result in serious consequences for WIN|WIN (incorporating Gifty). Such consequences could include:
- Investigations, Audits and Criminal Penalties - Supervisory Authorities have a wide range of investigation and enforcement powers, including the powers to investigate complaints, to carry out an audit of an organisation’s compliance with Data Protection Law and the power to issue enforcement notices setting out steps which must be taken to rectify breaches of Data Protection Law.
Failure to comply with enforcement actions by Supervisory Authorities may result in a criminal offence
- Fines - In addition to their investigation and enforcement powers, Supervisory Authorities have the ability to levy fines of up to the greater of 4% of annual worldwide turnover of the relevant undertaking or €20 million for certain breaches of the GDPR.
Any communication from a Supervisory Authority must be forwarded immediately to the DPO.
WIN|WIN (incorporating Gifty) engages in direct marketing to individuals from time to time. WIN|WIN (incorporating Gifty) must also ensure that any electronic direct marketing that it undertakes complies with the provisions of e-Privacy Law, which is currently set out in Directive 2002/58/EC (the "e-Privacy Directive") as implemented into local law and which will, in the near future, be set out in a new EU Regulation (the "e-Privacy Regulation").
7. Data Security
WIN|WIN (incorporating Gifty) will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks to Personal Data that may arise in connection with the processing activities WIN|WIN undertakes, e.g. from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
8. Roles and Responsibilities
Each Business Owner is responsible for the enforcement of this Data Protection Policy and adherence to the Data Protection Procedures within their business area. The Business Owner is responsible for ensuring the key Data Protection artefacts, including the Data Flow Diagrams, Data Protection Impact Assessments, and Record of Processing, are complete, accurate and up to date for their business area.
Where the Business Owner manages the relationship with a third party, the Business Owner is responsible for ensuring the third party is compliant with Data Protection Law.
Data Protection Officer
The WIN|WIN (incorporating Gifty) Data Protection Officer is responsible for managing the Data Protection Policy and associated procedures. The Data Protection Officer must provide guidance and direction to WIN|WIN (incorporating Gifty) in matters concerning data protection and must fulfil all other responsibilities outlined in Data Protection Law.
This policy will be reviewed annually or more often as relevant law, regulations or practice dictates.