1. Types of Information We Collect
Personal Information that we collect about you. We collect Personal Information about our users. “Personal Information” is information relating to an individual that can be used to contact or identify you or individuals about whom you enter information as part of your use of the Services (e.g., when you are giving a gift and enter your and your recipient’s personal information into the Services), such as first name, last name, e-mail address, phone number, street address, company name and address, title, gifting preferences, gift messages, gender, age, username and/or e-mail address in combination with a password or security questions and answers, account numbers or credit/debit card numbers, and any security codes, access codes, or passwords, IP addresses, browser information, or other unique device identifier, as well as information that is linked to the forgoing information.
Aggregated Information. After stripping out any information that directly identifies you, or directly relates to you, from the Personal Information that we collect about you, we may combine that information with information we collect about other users (“Aggregate Information”).
Cookies which collect information about users of our Root Domains. We may also use tools such as cookies to gather information. “Cookies” are small pieces of information that a website sends to your device while you are viewing the Root Domains. We use session Cookies (which expire once you close your web browser), persistent Cookies (which stay on your device for a finite period of time) and third-party Cookies (which are placed by a website from a domain other than ours) to provide you with a more personal and interactive experience. Persistent Cookies can be removed by following web browser help file directions.
Unique Device Identifiers. Like most website providers, we passively collect certain information from your devices, such as your IP address, browser information, unique device identifier (“UDID”) and/or your mobile operating system.
User-Provided Information. We collect information that you provide directly to us when you engage in the following:
When you engage with or participate in the Services, including when you:
issue a gift to a recipient using the Services, whether through our website or that of a third-party SmartGift partner (e.g., 1-800 Flowers and their family of brands, Aveda, etc.)
provide the Personal Information of another person (i.e., your gift recipient)
- please make sure you have their permission to share the Personal Information of your gift recipient.
open your gift, shop for gift substitutions, update shipping or delivery information and/or accept a gift using our Services
send your SmartGift gift link to a recipient by text, email, or third-party messaging service (e.g., LinkedIn, Facebook Messenger, etc.)
When you send or receive a digital greeting card
When you request a product demonstration
When you register for one or more of our newsletters as a direct user of our Services
When you communicate or engage with us on our social media accounts (e.g., Facebook, Instagram, LinkedIn, Twitter, Pinterest)
When you communicate with us via e-mail, telephone, video conference, text message, or other methods
When you manage your account as one of our Partners
When you inquire about, apply for, or initiate employment with SmartGift
When you are working for SmartGift
Geolocation. If you access the Root Domains through a desktop or mobile device, we will collect, monitor and/or remotely store geo-location data.
Third-Parties. We may also obtain information from other sources and combine that with information we collect directly. For example, we may collect information about you from third parties, including but not limited to identity verification services, fraud detection service providers, credit bureaus, mailing list providers and publicly available sources. If you create or log into your account through a social media site, we will have access to certain information from that site, such as your name, account information and friends lists, in accordance with the authorization procedures determined by such social media site.
We use third-party services, such as Google Analytics, Google AdWords, and Adroll to track and analyze online behavior of our Users. These services may help inform, optimize, target and serve ads based your visits to our Root Domains. We do this to better understand how you use the Root Domains and Service, with a view to offering improvements for all Users, and to tailor our business and marketing activities accordingly.
When you interact with SmartGift through social media networks, such as when you follow us, share content or contact us through Facebook, Twitter, Instagram, YouTube, Snapchat or other sites, we may receive information about you, including your profile information, picture, user ID associated with the social media account, friends list, and any other information you permit the social media network to share with third parties. The data we receive is dependent upon your privacy settings with the social network in question.
2. How We Use Your Information
Personal Information. We may use your Personal Information for the following representative purposes:
- Process your gift if you are the gift giver, or process your acceptance of a gift if you are the gift recipient
- Send communications to you, including information and notifications regarding gift creation confirmation, gift notifications, gift acceptance confirmation notifications, payment reminders, gift purchased notifications, notifications where a gift is not available, and notifications that the gift is on its way.
- Provide you specific products and/or services you select
- Satisfy our contractual obligations to you
- Send you promotional/marketing information, newsletters, offers or other information if you have signed up for the same
- Perform internal operations, processing services, maintain user accounts, resolve disputes, establish, exercise, and defend legal claims, prevent and identify fraud, verify your identity and authenticate users
- Personalize and tailor the features, performance and support of the Services
- Analyze, benchmark and conduct research on user data and interactions with the Services and products and services made available through the Services
- Provide the materials, goods and/or services we offer and/or that you request
- Identify your preferences, so we can notify you of new or additional products, services, and/or promotions that might be of interest to you
- Improve our services, products, customer service, and overall Services experience by aggregating and analyzing user data
- Analyze the use of our Services and information about visitors to the Root Domains to enhance our own and our Partners’ marketing efforts
- Communicate with you by e-mail, video conferencing, telephone, text message, app notifications, or other means about our company, our products, our Partners’ products and services, and/or other information that we believe may be of interest to you
- Send you notices and communications of a transactional, administrative, and/or relationship nature, or as required by law
Aggregated Information. We may use Aggregated Information for the following representative purposes:
- Perform internal operations of the Services
- Improve the Services and customize the user experience
- Identify broad trends related to our customers’ use of our service
- Aggregate the information collected via Cookies to use in statistical analysis to help us track trends and analyze patterns
Targeting. We may use Personal Information and Aggregated Information that we collect to target and measure the performance of advertisements to users through the Services and as may be otherwise implemented or served to users outside of the Services on our own and through different ad networks and exchanges, using the following data, whether separately or combined: (i) data from advertising technologies such as Cookies, web beacons, ad tags and device identifiers; (ii) User-provided information; (iii) data from your use of the Root Domains; (iv) information from others (e.g., advertising partners, publishers and data aggregators); and (v) social media platforms.
3. Lawful Processing; Legitimate Interests
Performing a contract with you, or to take steps at your request prior to contracting with you
Protecting your vital interests or the interests of another person
Complying with our legal obligations
Pursuing our legitimate interests, including without limitation:
- Providing, improving and customizing our services, products and offerings;
- Administration of our operations;
- Understanding how our Services are being used;
- Exploring ways to develop and grow;
- Ensuring the safety and security of our employees and others;
- Enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks; and
- Meeting our obligations and enforcing our legal rights
4. How We Share and Disclose Personal Information
We may disclose your Personal Information to third parties that help us bring you the services and products we offer and to create, operate, and maintain our Services. For example, we may work with third parties to: (a) manage a database of customer information; (b) assist us in distributing e-mails and user surveys; (c) assist us with search engine optimization, marketing, advertising, and data collection; (d) provide data storage and analysis; (e) provide fraud prevention; (f) provide customer service; and (g) provide other services designed to assist us in developing and running our Root Domains and maximizing our business potential. We require that these outside companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us.
We may disclose Personal Information to our Partners in order to provide the Services. We may also share Aggregated Information with our Partners to help them better understand and improve their use of the Services.
5. Use of Aggregated Information
We use Aggregated Information to maintain and administer the Root Domains, analyze trends, gather demographic information and comply with applicable law. We may share Aggregated Information with third-parties, including your employer (if they are part of the Corporate Giving program) and our merchant partners. We may share this information without express notice to you or consent from you, and we may, subject to applicable laws, exploit, use and disclose Aggregated Information without limitation of any kind. We authorize certain service providers, corporate customers, and merchant partners to utilize Aggregated Information for their business purposes and in accordance with their privacy policies, such as to report on usage or industry trends to their customer base.
Cookies and/or other analytical tools that we may use on the Root Domains may collect information about your visit, including the pages you view, the features you use, the links you click, and other actions you take in connection with the Root Domains. This information may include your computer's Internet protocol (IP) address, your browser type, your operating system, date and time information, and other technical information about your computer. We may also track certain information about the identity of the Root Domains you visited immediately before coming to the Root Domains. Cookies and/or other analytical tools in our e-mails may also be used to track your interactions with those messages, such as when you receive, open, or click a link in an e-mail message from us. We may also work with businesses that use tracking technologies to deliver advertisements on our behalf across the Internet. These companies may collect information about your visits to the Root Domains and your interaction with our advertising and other communications, but no Personal Information is shared with them.
We may combine the information collected through Cookies and other analytical tools with other information we may have collected from you. This information may be used to improve the Root Domains, to personalize your online experience, to help us deliver information to you, to determine the effectiveness of advertising, and for other internal business purposes. We may use and share aggregated and anonymous information to conduct market research and analysis for ourselves and/or for our business partners. For example, we may freely share such information with third parties who may use such data for their own marketing, advertising, research, or other business purposes. We may also freely share such information with our service providers in order for them to perform services to or for us.
The Root Domains contains links to and/or enables certain third-party functionalities to enhance your experience on the Root Domains, including social plug-ins, tools and APIs. Prior to using any third party functionalities (e.g., Facebook “Like” button) on the Root Domains, you should consult the privacy notices of the third party providers of such functionalities (e.g., Facebook). The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices in respect of their own processing of your Personal Information. Your communications and interactions with such third parties in respect of their own processing of your Personal Information are solely between you and them and are at your own risk.
6. Data Retention
Where we are processing Personal Information based on our legitimate interests, we generally will retain the data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
Where we are processing Personal Information as set out in this policy, we generally will retain the information for the period of time necessary to carry out the processing activities to which you consented, subject to your right, under certain circumstances, to have certain of your Personal Information erased (see Section 8, Deleting, Changing & Updating Your Personal Information).
Where we are processing Personal Information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
Unsubscribe. You may opt out of: (a) receiving e-mail communications such as e-mail newsletters and promotional e-mails by following the instructions provided at the bottom of each e-mail, clicking the “unsubscribe” button at the bottom of e-mails we sent you; and/or (b) receiving promotional e-mail communications and newsletters by e-mailing us at firstname.lastname@example.org and including the word “UNSUBSCRIBE” in the subject text. If you do not receive a response from us to any e-mails you send to us within ten (10) business days, please send us another e-mail as your original e-mail may not have been received.
Google Analytics, Facebook, and Apple. Our products and services may use Google Analytics Advertising Features and its associated tracking technologies to help display and retarget our ads you see on other sites, and to help us manage and optimize our online advertising efforts. To opt out of Google Analytics Advertising Features, visit Google’s Ad Settings page, currently located at https://adssettings.google.com/authenticated. Root Domains users can also access the Google Analytics Opt Out Browser Add-on, currently located at https://tools.google.com/dlpage/gaoptout. We may also work with Facebook and Apple to provide analytics and advertising retargeting in connection with our Root Domains, including our mobile applications.
Ad Industry Opt-Outs. You can opt out of Internet-based and mobile advertising on your mobile device by visiting TRUSTe’s Ad Preference Manager, currently available at https://preferences-mgr.truste.com/.
You may can opt out of receiving online behavioral or internet based advertising by using the tools located at the Digital Advertising Alliance’s consumer choice page, currently available at http://www.aboutads.info/choices/ or the Network Advertising Initiative (NAI) opt out tool currently available at http://www.networkadvertising.org/choices/.
When using the ad industry opt out tools, note that: (a) if you opt-out we may still collect some data about your online activity for operational purposes (such as fraud prevention), but it will not be used by us for the purpose of targeting ads to you; (b) if you use multiple browsers or devices you may need to execute this opt out on each browser or device; and (c) other ad companies’ opt-outs may function differently than our opt-out, and we have no control over the practices of any third parties. We do not make any representations or warranties about such opt-out services. Such services are independent from us, and we have no control over, or responsibility for their performance.
Text Messages. If after signing up to receive more information about products or services made available by us or through the Services, you would like to change or update your contact preferences, you may do so by contacting us by phone at the toll-free phone number (855) 856-4438 or by e-mail at email@example.com. With regard to automated text communications, if you prefer not to receive text or wireless promotional communications on your mobile device, you can opt out by replying STOP to any text you receive from us.
8. Deleting, Changing & Updating Your Personal Information (for Users outside of the EEA or UK)
You may correct, update or revise your Personal Information that is inaccurate or request that we delete your Personal Information from our system. In certain cases, you may also have a right to: (i) to restrict or limit the ways in which we use your Personal Information; (ii) to object to the processing of your Personal Information; and (iii) to obtain a copy of your Personal Information in an easily accessible format.
To submit a request, please send an e-mail message to firstname.lastname@example.org. We do not want to take any action regarding your Personal Information at the direction of someone other than you and may therefore ask you for information verifying your identity.
9. BASIS FOR CONTINUED USE OF YOUR PERSONAL INFORMATION
10. European Economic Area (“EEA”) and UK Users
Data Transfers. For Users visiting the Root Domains and using our services from within the EEA or the UK, we may need to transfer your Personal Information to countries outside the EEA or the UK, including to the USA because we are headquartered there. In cases where we do transfer your Personal Information to countries outside the EEA or the UK, we will take reasonable steps in accordance with applicable privacy and data protection requirements.
- Right of access. You have the right to ask us to provide you with copies of Personal Information that we hold about you and further details of how we use it and look after it as well as confirmation as to whether your Personal Information is being used by us.
- Right to update. You have the right to ask us to update and correct any out-of-date or incorrect Personal Information that we hold about you free of charge.
- Right to delete. In certain cases, you have the right to request that we delete or destroy any Personal Information we hold about you.
- Right to restrict use: You have a right to ask us to restrict the way that we process your Personal Information in certain specific circumstances.
- Right to object. You have a right to ask us to consider any valid objections which you have to our use of your Personal Information where we process your Personal Information on the basis of our or another person's legitimate interests.
We will consider all such requests to exercise your rights, and provide our response, within a reasonable timeframe (and, in any event, any timeframe required by law). Please note that these rights do not always apply in all cases. If we cannot meet your request, we will explain why.
Complaints. If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority (i.e., supervisory authority), but we hope that you will contact us first at email@example.com to provide us with an opportunity to address your concern, or write to us at SmartGift, Inc., Attn: Privacy Office, 175 Pearl Street, Brooklyn, New York 11201.
11. Notice to Californian Users Regarding Your Privacy Rights
Shine the Light. Pursuant to California Civil Code Section 1798.83, also known as the "Shine The Light" law, California residents have the right to request in writing from businesses with whom they have an established business relationship: (i) a list of the categories of Personal Information, such as name, address, e-mail address, and the type of services provided to that individual, that a business has disclosed to third-parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third-parties. SmartGift does not share Personal Information with third-parties for those parties’ direct marketing. To request the above information, California residents can e-mail us at contact us via e-mail at firstname.lastname@example.org or write to us at SmartGift, Inc., Attn: Privacy Office, 175 Pearl Street, Brooklyn, New York 11201. Please note that, under California law, a business is only required to respond to such a request twice in any calendar year.
California Consumer Privacy Act. The California Consumer Privacy Act, Cal. Civ. Code §1798.100 et. seq. (“CCPA”), grants residents of California certain rights with respect to their Personal Information and requires us to provide such individuals with certain information, described in this Section.
Your Rights. California residents may exercise the following rights by contacting us by phone at the toll-free phone number (855) 856-4438 or by e-mail at email@example.com, or as described at the end of this document:
- Know the ways in which we acquire, use, share, disclose and otherwise process your Personal Information;
- Know the specific pieces of your Personal Information that we hold;
- Request the deletion of your Personal Information, subject to several exceptions; and
- Not to be denied goods or services for exercising these rights
Requesting Access to or Deletion of Personal Information. If you are a California resident, you have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months.
In order to verify your request, you will need to provide us with sufficient information to identify you individually so that we can comply with you request, including the name you provided to us when you created your account(s) (i.e. your legal first, last name or variants thereof, e.g. nicknames, aliases, titles (“Mr.”, “Mrs.”, “Dr.”, “Jr.”, etc.), the e-mail address(es) you use to correspond with us and any other e-mail addresses you have used with us in the past, your mailing address, including the state and city you reside in currently.
To make an information access and/or deletion request you may contact us by phone at the toll-free phone number (855) 856-4438 or by e-mail at firstname.lastname@example.org.
Notice Disclosures. Depending on the circumstances and which Service you use, we have disclosed the following categories of your Personal Information for a “business purpose” (as defined in the CCPA) in the preceding twelve (12) months:
- First name, last name, your image and/or likeness, e-mail address, phone number, street address, comments, company name and address, title, work experience and skills, username and/or e-mail address in combination with a password or security questions and answers, account numbers or credit/debit card numbers, even without a security code, access code, or password if the account could be accessed without such information
- Geolocation data,
- Non-Personally Identifiable Information
- Internet or other electronic network activity information
- Audio, electronic, visual, or similar information
- Inferences drawn from any of the above information.
Non-Discrimination. We will not discriminate against you for exercising any of your rights under California law, including:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Do Not Track. Some web browsers may let you enable a "do not track" feature that sends signals to the websites you visit, indicating that you do not want your online activities tracked. This is different than blocking or deleting cookies, as browsers with a "do not track" feature enabled may still accept cookies. There is currently no industry standard for how companies should respond to "do not track" signals, although one may develop in the future. We do not respond to "do not track" requests or signals at this time.
This Root Domains is not directed to or intended for children under 13 years of age. We do not knowingly solicit, collect or maintain information from those we actually know are under 13, and no part of our Root Domains is targeted to attract anyone under 13. We also do not send e-mail correspondence to anyone who advises that they are under the age of 13. If we later obtain actual knowledge that a User is under 13 years of age we will take steps to remove that User’s Personal Information from our systems. If you are the parent or guardian of a child whom you believe has disclosed Personal Information to us, please contact us at contact us via e-mail at email@example.com or write to us at SmartGift, Inc., Attn: Privacy Office, 175 Pearl Street, Brooklyn, New York 11201 so that we may delete and remove such information from our system.
We strive to keep your Personal Information private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of Personal Information collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Unfortunately, despite our best efforts, the transmission of data over the Internet cannot be guaranteed to be 100% secure. While we will use reasonable means to ensure the security of information you transmit through the Root Domains, any transmission of Personal Information by you is at your own risk. We cannot guarantee that such information will not be intercepted by third-parties and we shall not be liable for any breach of the security of your Personal Information resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism, and we are not responsible for circumvention of any privacy settings or security measures contained on the Root Domains.
14. Third-Party Root Domains
16. Contact Us
Last Modified: April 16, 2021