Privacy Notice
Purpose
The purpose of this Privacy Notice is to provide visitors to Jifiti.com inc. and all of its ‘subsidiaries (hereafter: ‘Jifiti’) information regarding the categories of personal data processed, the legal justification for processing this personal data, and the data provided to third parties.
Jifiti’s Privacy Notice is based on Jifiti’s Data & Privacy Policy.
Data & Privacy Policy
This Data & Privacy Policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website, applications and website/application owners, Jifiti furthermore, the way our business processes, stores and protects user data and information will also be detailed within this policy.
Jifiti takes a proactive approach to user privacy and ensures that necessary steps are taken to protect the privacy of its users throughout their use of its services. In addition to US laws, including the California Consumer Privacy Act, the website and applications comply with all EU and UK national laws, including GDPR/UK-GDPR, and requirements for user privacy
Purpose of Data Processing
Jifiti will act as a Data Controller for the purposes of supporting the creation, management, and issuance of electronic gift cards and digital gift registries. Jifiti will process only such personal data as is necessary for carrying out purchases made by users of our sites and delivering digital gifts.
Jifiti acts as a data processor within the Consumer Financing processes. Within these processes, Jifiti only processes Personal Data upon instruction of the Data Controller.
Jifiti will also use data collected through our website to track usage of the site, communicate with visitors, and improve the layout and functionality of our site and services.
What data do we collect
While using our website, software applications or services, you may be required to provide personal information (name, address, email, phone number, account details, etc.). Jifiti will use this information to administer our website, applications, client databases, and to fulfill contracts you enter into with us, such as purchases of gifts. We may also collect additional tracking information as outlined below in the section regarding Cookies.
Additionally, Jifiti uses the services of trusted service provider(s) in order to help us prevent online fraud, detect and prevent Money Laundering, Financing of Terrorism and the Circumvention of Sanctions.
Our service providers may use and process your personal information in accordance with applicable privacy and data protection laws. With every Services Provider, Jifiti has a Data Processing Agreement (‘DPA’) in place.
How do we collect data
Jifiti collects information in three possible ways:
- From Data Controllers that you contract with in order to provide a service. Jifiti will receive such data from the Data Controller in order to fulfill the terms of the contract you have entered into with them.
- When you directly give it to us (“Directly Provided Data”). When you sign up for our site or applications (or cobranded sites or applications that we host and administer for third parties), purchase our products or communicate with us, you may choose to voluntarily give us certain information – for example, by filling in text boxes or completing registration forms. All this information requires a direct action by you at that time in order for us to receive it.
- When you give us permission to obtain from other accounts (“User Authorized Data”). Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, this can be via social media or by choosing to send us your location data when accessing our website from your smartphone. It can also be via registering online or placing an order for any of our products or services, voluntarily completing a customer survey or providing feedback on any of our message boards or via email, or by using or viewing our website via your browser’s cookies.
How will we use your data?
Jifiti collects your data so that we can process your orders, manage your accounts, and email/text you with information relevant to the service you have contracted for, based on the requirement of purpose limitation.
When Jifiti processes your order, it may send your (personal) data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.
Additionally, Jifiti will use your data to contact you via Email/SMS/Phone for the sole purpose of carrying out the terms of your contract. Such contact may be performed through third-party vendors.
What information may we share with third parties?
Jifiti may use and disclose your personal information that is collected through our Products to run our everyday business and in accordance with applicable law.
We do not share, sell, rent or trade your personal information with any third-party other than as described below. Jifiti may share your information with:
- Future Jifiti.com Inc. subsidiaries or affiliates in the event of a corporate sale, merger, reorganization, dissolution or similar event;
- Agents and service providers who help us with parts of our business operations, such as fraud prevention, servicing activities, bill collection, marketing and technology services;
- Consumer reporting agencies to which we report that status of your account with us;
- Business partners that offer financial products and services that we believe may be of interest to you;
- Law enforcement, government officials, or other third parties as required by law and when we believe that such disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, regulatory request or other legal process; and
- Other third parties but only if you consent or direct us to do so.
Jifiti accepts responsibility for onward transfers, based on the Accountability for onward Transfer Principle.
Jifiti offers Data Subjects the opportunity to choose (opt out) whether personal information is disclosed to a third party or used for a purpose that is different from the purpose(s) for which it was originally collected (Choice Principle).
Disclosure to Public Authorities
Jifiti has the obligation to protect Personal Data of Data Subjects in the best manner possible. Jifiti may be required to disclose Personal data, as processed by Jifiti, to local or national Public authorities.
Jifiti will only disclose the relevant (personal) data after a written request, which has been assessed against the proper laws and legislation. The disclosure of (Personal) data to a Public authority will not be communicated to the respective Data Subject or to anybody else without a need to know.
How does Jifiti store your data?
Jifiti will ensure that all personal information supplied by you or the Data Controller is held securely in accordance with the General Data Protection Regulation (EU) 2016/679, as adopted into law of the EU and the United Kingdom in the Data Protection Act 2018, the GLB Act (15 U.S.C. §§6801-6827) and the Fair Credit Reporting Act (15 U.S.C. §1681), and the California Consumer Privacy Act (AB-375). All data is encrypted in storage as well as in transit, and pseudonymized when applicable. Furthermore, by providing telephone, fax and email details, you consent to Jifiti contacting you using that method.
You have the right at any time to request a copy of the personal information Jifiti holds on you. Should you wish to receive a copy of this, or would like to be removed from our database, please contact us at: privacy@jifiti.com.
Data Transfers to Non-EEA Countries
When carrying out our Data Processing activities it may be necessary for Jifiti to transfer your personally identifiable information outside of the EEA. These transfers will be strictly in line with GDPR principles and will be encrypted and pseudonymized during transfer. Any third-party vendors that Jifiti contracts with adhere to the same strict operational and technical standards as Jifiti, in line with GDPR principles.
No personal data will be transferred to third countries without a specific adequacy decision of the European Commission.
Data transfers from and to the United States of America
Jifiti complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Jifiti has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit: https://www.dataprivacyframework.gov/
The link to the Data Privacy Framework List is: https://www.dataprivacyframework.gov/s/participant-search
HR and non-HR related Topics
For non-HR related topics, Jifiti complies to the EU-U.S. DPF and the UK-extension to the EU-U.S. DPF. For HR-related topics, Jifiti will comply with the EU-U.S. DPF and not with the UK-extension, as Jifiti does not process any HR related data from the UK.
Liability for onward transfers
Jifiti is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent or outsourced party on its behalf. Jifiti complies with the DPF Principles for all onward transfers of personal data from the EU and the UK, including the onward transfer liability provisions.
Data Subjects rights under the DPF
Data Subjects rights under the DPF
Not only under the Local EU and UK privacy legislation (see below) data subjects have rights. Under the DPF, a data subject has right regarding their Personal Data.
For a more detailed overview of your rights under the DPF: https://www.dataprivacyframework.gov/s/article/My-Rights-under-the-Data-Privacy-Framework-DPF-Program-dpf
Complaints
Participation under the DPF entails that you, as a data subject, can submit a complaint when you think that Jifiti is non-compliant with the DPF-requirements. This is a no-cost and independent process.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Jifiti commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact Jifiti at: compliance@jifiti.com
Jifiti will promptly respond to all inquiries and requests by the ITA for information relating to the EU-U.S Data Privacy Framework (EU-U.S. DPF) and, as applicable the UK Extension to the EU-U.S. DPF.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Jifiti commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
A data subject can submit a complaint on the following website: https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf
Jifiti will respond to the complainant within 45 days.
Binding Arbitration
All data subjects have the right to invoke, under certain conditions, for the individual to invoke binding arbitration. This arbitration option is available to a Data Subject to determine, for residual claims, whether a participating organization has violated its obligations under the Principles of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, as to that individual, and whether any such violation remains fully or partially unremedied. Further information can be found on the official DPF website.
Overview and Enforcement
The Federal Trade Commission (‘FTC’) has jurisdiction over Jifiti’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF. In certain situations, Jifiti may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Jifiti can therefore be a subject to the investigatory and enforcement powers of the FTC, the Department of Trade (‘DOT’) or any other U.S. authorized statutory body with regards to the compliance to EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
How long do we keep your data for?
Jifiti will not retain your personal information longer than necessary and will hold onto the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide the Services to you.
In the event that Jifiti acts as a Data Processor, we will retain the information for the duration required by the terms of your contract with the Data Controller.
What are your rights?
Jifiti understands that you trust us with your personal information and we are committed to ensuring you can manage the privacy and security of your personal information yourself.
With respect to the information relating to you that ends up in our possession, and recognizing that it is your choice to provide us with your personally identifiable information, we commit to giving you the ability to do all of the following:
- You can verify the details you have submitted to Jifiti by contacting our Compliance & Privacy team at privacy@jifiti.com. Our security procedures mean that we may request proof of identity before we reveal information, including your email address and possibly your mailing address.
- The right to rectification – You can also contact us by the same method to change, correct, or delete your personal information controlled by Jifiti.com regarding your profile at any time. Please note though that if you have shared any information with others through social media channels, that information may remain visible, even if your account is deleted.
- The right to erasure – You are also free to close your account. If you do so, your account will be deactivated. However, we may retain archived copies of your information as required by law or for legitimate business purposes (including to help address fraud and spam). Where Jifiti acts as a Data Processor, your request will require approval from the Data Controller.
- The right to access – You can request a readable copy of the personal data we hold on you at any time. To do this, please contact us at privacy@jifiti.com.
- The right to restrict processing – You have the right to request that Jifiti.com restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to Jifiti’s processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that Jifiti.com transfer the data that we have collected to another organization, or directly to you, under certain conditions. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: privacy@jifiti.com
- You can always feel free to update us on your details at any point by contacting privacy@jifiti.com
- You can unsubscribe from receiving optional emails from us by contacting us at privacy@jifiti.com. Once you do this, you will no longer receive any emails from us.
Questions/remarks
For questions and/or remarks regarding the processing of your Personal Data, please contact Jifiti’s Data Protection Officer (‘DPO’), mr. W.M.D. Moolenaar at: privacy@jifiti.com