Privacy Policy

We take your privacy seriously and this privacy statement explains how www.giftod.com (collectively, “we,” “us,” or “our”) collect, use, share and process your information.

Personal data is information that can be used to directly or indirectly identify you. Personal data also includes anonymous data that is linked to information that can be used to directly or indirectly identify you. Personal data does not include data that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds under GDPR Article 6: • Contractual Necessity (Art. 6(1)(b)): Processing necessary to fulfill your order (name, shipping address, payment information). • Legitimate Interests (Art. 6(1)(f)): Fraud prevention, website security, service improvement, and internal analytics. • Consent (Art. 6(1)(a)): Marketing communications, advertising cookies, and personalized recommendations. You may withdraw consent at any time. • Legal Obligation (Art. 6(1)(c)): Tax records, regulatory compliance, and law enforcement requests.

We abide by the principles of legality, legitimacy, and transparency, use, and process the least data within a limited scope of purpose, and take technical and administrative measures to protect the security of the data. We use personal data to help verify accounts and user activity, as well as to promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies. Such processing is based on our legitimate interest in helping ensure the safety of our products and services.

i. Data you provide: We collect the personal data you provide when you use our products and services or otherwise interact with us, such as when you create an account, contact us, participate in an online survey, use our online help or online chat tool. If you make a purchase, we collect personal data in connection with the purchase. This data includes your payment data, such as your credit or debit card number and other card information, and other account and authentication information, as well as billing, shipping, and contact details. ii. Data about use of our services and products: When you visit our websites, we may collect data about the type of device you use, your device’s unique identifier, the IP address of your device, your operating system, the type of Internet browser that you use, usage information, diagnostic information, and location information from or about the computers, phones, or other devices on which you install or access our products or services. iii. Data from cookies and tracking technologies: We use cookies, pixels, and similar technologies to collect data about your browsing behavior. For full details, please see our Cookie Policy.

Generally speaking, we use personal data to provide, improve, and develop our products and services, to communicate with you, to offer you targeted advertisements and services, and to protect us and our customers. i. Providing, improving, and developing our products and services: We use personal data to help us provide, improve, and develop our products, services, and advertising. This includes using personal data for purposes such as data analysis, research, and audits. ii. Communicating with you: Subject to your prior express consent, we may use personal data to send you marketing communications in relation to our own products and services, communicate with you about your account or transactions, and inform you about our policies and terms. If you no longer wish to receive email communications for marketing purposes, please contact us to opt-out. iii. Advertising and measurement: With your consent, we share data with advertising platforms (Google, Meta, Pinterest, TikTok) to measure campaign performance and deliver relevant ads. All personal data shared with these platforms is cryptographically hashed (SHA-256) before transmission.

We use cookies and similar technologies for essential site functionality, analytics, marketing, and personalization. We implement Google Consent Mode v2 and provide a cookie consent banner for visitors from the EU/EEA/UK. For comprehensive information about the cookies we use, their purposes, and how to manage your preferences, please see our dedicated Cookie Policy.

We make certain personal data available to strategic partners that work with us to provide our products and services or help us market to customers. Personal data will only be shared by us with these companies in order to provide or improve our products, services, and advertising; it will not be shared with third parties for their own marketing purposes without your prior express consent. Our key data processors include: • Payment processors (for secure transaction processing) • Shipping carriers (for order fulfillment) • Analytics providers: Google Analytics 4 • Advertising platforms: Meta, Google Ads, Pinterest, TikTok • Cloud infrastructure: for hosting and data storage

Your personal data may be transferred to and processed in countries outside the EEA, including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs) approved by the European Commission • Data Processing Agreements with all third-party processors • Adequacy decisions where applicable You may request a copy of the safeguards in place by contacting us.

We use reasonable technical, administrative, and physical security measures designed to safeguard and help prevent unauthorized access to your data, and to correctly use the data we collect. Data retention periods: • Account data: retained while your account is active, deleted within 30 days of account closure • Order data: retained for 7 years (tax/legal requirements) • Marketing data: retained until consent is withdrawn • Analytics data: anonymized after 26 months • Cookie data: see our Cookie Policy for specific retention periods

If you are in the EEA, UK, or Switzerland, you have the following rights under GDPR: • Right of Access (Art. 15): Obtain confirmation and a copy of your personal data • Right to Rectification (Art. 16): Correct inaccurate or incomplete data • Right to Erasure (Art. 17): Request deletion of your data (“right to be forgotten”) • Right to Restriction (Art. 18): Restrict processing in certain circumstances • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format • Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing • Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting lawfulness of prior processing • Right to Lodge a Complaint: File a complaint with your local data protection authority To exercise any of these rights, contact us at service@giftod.com. We will respond within 30 days.

Regardless of your location, you have the right to access, correct, or delete the personal data that we collect. You are also entitled to restrict or object to the further processing of your personal data. You may also opt out of marketing communications at any time. To protect the privacy and the security of your personal data, we may request data from you to enable us to confirm your identity and right to access such data.

Our products and services are intended for adults. Accordingly, we do not knowingly collect, use, or disclose data from children under 16. If we learn that we have collected the personal data of a child under 16, or the equivalent minimum age depending on the jurisdiction, we will take steps to delete the data as soon as possible. Please immediately contact us if you become aware that a child under 16 has provided us with personal data.

When a customer operates a link to a third-party website that has a relationship with us, we do not assume any obligation or responsibility for such policy because of the third party’s privacy policy. Our websites, products, and services may contain links to or the ability for you to access third-party websites, products, and services. We are not responsible for the privacy practices employed by those third parties, nor are we responsible for the information or content their products and services contain. By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser).

We may periodically change this Privacy Statement to keep pace with new technologies, industry practices, and regulatory requirements, among other reasons. Your continued use of our products and services after the effective date of the Privacy Statement means that you accept the revised Privacy Statement. If you do not agree to the revised Privacy Statement, please refrain from using our products or services and contact us to close any account you may have created. This Privacy Statement was last updated on April 26, 2025.

If you have any questions regarding this Privacy Statement or its implementation, here is how you can reach us: Email: service@giftod.com For EU/EEA residents: You have the right to lodge a complaint with your local supervisory authority if you believe your personal data has been processed in violation of the GDPR.