Interpretations

The following definitions and abbreviations, used in this Privacy Policy, have the same meanings as defined in the Terms and Conditions and shall have the meaning and interpretation as set out in the Terms and Conditions.
Giftdotmu;
Content;
Services;
Site;
and Terms and Conditions.
The terms “we”, “us” and “our” refer to Gift.mu
The terms “you” “yourself” and “your”, refer to you, being that person who reads and accepts this Privacy Policy.

“Agreements” means our various policies and agreements, including but not limited to, Terms and Conditions, Privacy Policy, Refund and Return Policy and Services Agreement;

“Card Associations” means individually or collectively, MasterCard, VISA and such other card associations, payment card scheme and/or organisation which runs a payment programme;

“Card Association Rules” means the rules, regulations and policies of the Card Associations as they currently apply or as same may be amended, modified or replaced from time to time;

“Corporate Client” means an entity who does business with us by having recourse to our services under the Corporate Gift Services program;

“Corporate Gift Service” shall have the same definition as in the Services Terms and Conditions;

“CVV2” means a number found on the back of a credit card, which means card verification value 2 and may sometimes be referred to as CVC2 which stands for card validation code 2 or CID which means card identification number. For American Express, the code is a four-digit number on the front of the card above the account number.

“DPA” means the Data Protection Act 2017 as enacted by the parliament of Mauritius, and as may be amended from time to time;

“Data Controller” shall have the same meaning as under the DPA.

“Data Processor” shall have the same meaning as under the DPA.

“Data Subject” shall have the same meaning as under the DPA.

“Financial Information” means financial information relating to your personal finances which may include information concerning credit cards, bank accounts and related information;

“Gift.mu” means Loopbox Limited, trading as Giftdotmu;

“Personal Data” means information relating to the Data Subject which includes personally-identifiable information;

“Process/ Processing” means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“Services Terms and Conditions” means the agreement entered into between you and Gift.mu, either written or oral and however so recorded, that confirms the understanding between Gift.mu and you pertaining to the provision of Services including inter alia the general terms of service and the terms of payment for said Services.

Introduction

Gift.mu takes your right to privacy seriously and wants you to feel comfortable using our Site.

By using our Site, you are agreeing to the terms and conditions of this Privacy Policy.

We, by Processing Personal Data, as part of the Services provided under the Terms and Conditions act as the Data Processor of Personal Data, under the direction and responsibility of us in our role as Data Controller of Personal Data.

When you make contact with us either via email, email form or chat (within the Site) or by telephone, we may, as part of the buying and selling process, collect certain personal information such as your name, date of birth, address, and email address. We may also request information concerning your finances (debits and credits), financial service providers, personal budgets, financial plans, retirement and education goals.

Consent

We may only Process your Personal Data with your prior express and verifiable consent and/or in accordance with the DPA for a specific purpose. Such purposes may include, amongst others (i) completing an application for Services (pre-contractual) (ii) completing the Service Agreement (iii) automated processing including Profiling (iv) completing a transaction (v) verifying your credit card details for payment or arranging for a refund (vi) communications with our operators and consultants and/or any relevant third parties which may be necessary in carrying out our services.

In assessing your eligibility for the Services, we may perform certain automated processing of your Personal Data which may involve Profiling.

Withdrawal of Consent

If after you opt-in you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your Personal Data, at any time, by contacting us at email address [email protected] or by following our opt-out instructions or by sending mail to:

Gift.mu,
Avenue des Flamboyants,
Morcellement Carlos,
Tamarin,
Mauritius

You may not be able to opt-out of all information sharing, such as information sharing with credit card processors, in connection with payment for Services already provided by Gift.mu or certain information sharing with third parties that we are legally required to provide imposed on us by law. (For more information, see Disclosure below).

Processing of Personal Data

Subject to your prior express and verifiable consent and/or in accordance with the DPA, we will process your Personal Data for the purposes of conducting operations (see CONSENT, above) either, via the Site, email, chat technology, voice over IP (VOIP), telephone or on paper taken by our call operators and/ consultants.

Such Personal Data will typically include, but not limited to, (i) your valid e-mail address (ii) your username (that has not been chosen already) (iii) your full name, (iv) your street address, city, postal code (v) your date of birth and (vi) gender. (See Terms and Conditions for more information on the provisions that apply to you concerning your registration obligations, user conduct and content submissions in addition to provisions that apply to you within this Privacy Policy).

Processing of Financial Information and Personal Data

In no circumstances, shall we record your credit card data (credit card number, CVV2 number, valid and expiry dates) unless for payment purposes (see below, PAYMENT) and even in such instance, we shall never maintain a record of your CVV2 number.

Use of Personal Data

We only collect Personal Data that is relevant to the purpose and business of our Site. This information allows us to provide you with a customized and efficient experience. We do not process this information in a way that is incompatible with this objective.

Your Rights

You have the following rights pertaining to your Personal Data;

To be informed – we must be completely transparent with you in how we are using your Personal Data.
To access – you have the right to know precisely what information is held about you and how it is Processed.
To rectify – you are entitled to have Personal Data rectified if it is inaccurate or incomplete.
To erase – you have the right to having your Personal Data deleted or removed without the need for a specific reason as to why you wish to discontinue.
To restrict – your right to block or suppress Processing of Personal Data.
To use – your right to retain and reuse your Personal Data for your own purpose.
To object – in certain circumstances, you may be entitled to object in writing to your Personal Data being used.
To object to or restrict Profiling – your right to protect yourself against the risk that a potentially damaging decision is made without human intervention via automated Processing of your Personal Data.
To complain – your right to lodge a complaint with a supervisory authority.

Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure Personal Data is not disclosed to any person who has no right to receive it.

Our Rights

The general use of our Site does not require registration and as such, subject to the restrictions and provisions of this Privacy Policy, you can visit our website without providing your Personal Data. However, in providing certain Services we may require registration which may involve the Processing of Personal Data.

In such circumstances, if you choose not to provide consent or withhold certain Personal Data from us, then in such instance, it may not be possible for you to gain access to certain parts of the Site nor for us to be able to provide the Services or certain aspects of the Services.

Our Obligations

Notwithstanding the obligations provided for in the Terms and Conditions and this Privacy Policy, we are also obligated by the provisions of the DPA ensuring that processing of your Personal Data is lawful, fair, transparent, adequate, relevant, accurate, kept for as long as required and proportionate to the purposes for which it is being used.

Subject to a written request by you, we may provide you with access to your Personal Data and as such provide you with a copy of our records pertaining to your Personal Data. If you require such access then please go to Questions and Requests and Contact information, below.

Where we have good reason, and if the DPA permits, we can refuse your request for a copy of your Personal Data, or certain elements of the request. If we refuse to take action on your request or any element of it, we will provide you with our reasons in writing for doing so, within the legally allocated time frame.

If you cease to be a subscriber or member or customer of Gift.mu then, subject to not contravening the requirements of the law, we will be obliged to destroy your Personal Data.

If there is a security breach involving your Personal Data and if this breach is likely to pose a significant risk to your rights and freedoms, then, in such instance, we are obligated to promptly inform you without unnecessary delay of such breach.

Security of Personal Information

Further to our obligations concerning the processing of your Personal Data under the Data Protection Act (see under OUR OBLIGATIONS and YOUR RIGHTS) we shall ensure that your Personal Data is securely processed.

Whilst we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We have put in place appropriate safeguards and follow industry best practices, to assist us and make sure that personal Data is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

You understand that certain other information (not including Personal data and credit card information), may be transferred unencrypted and involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.

As on many websites, the Site Administrator may also automatically receive general information that is contained in server log files, such as your IP address, and cookie information.

Payments

If you pay us by credit or debit card we will use a direct payment gateway to complete your purchase, then we will store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. Upon completion of the transaction, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of the Card Associations.

PCI-DSS requirements help ensure the secure handling of credit card information by our Site and its service providers.

Third-party Services

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform certain services they provide to us.

Certain third-party services, such as payment gateways and other transaction or payment processors are required to abide by security standards imposed on them, such as the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of security standards designed to ensure that all payment processors that accept, process, store or transmit credit card information maintain a secure environment. All direct payment gateways we utilise adhere to PCI-DSS, which is a joint effort of brands like Visa, MasterCard, American Express and Discover, to safeguard card data handling.

Whilst we shall not store your credit card information, such payment gateways and other transaction or payment processors, under PCI-DSS, may store your purchase transaction data for only as long as is necessary to complete the transaction and thereafter for only as long as it is required by law.

Such third-party payment gateways and other transaction or payment processors and other third parties, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

Once you leave our Site or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or the Agreements.

Links

When you click on links on our Site, they may direct you away from our Site. We are not responsible for the privacy practices of other sites and encourage you to read the privacy statements of each website you visit before providing any Personal Data to them.

Cookies

Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser to enable our systems to recognize your browser and tell us how and when pages in our Site are visited and by how many people. Our Site may use session cookies which track your browser session. These do not store any information on your computer but merely allow our Site to recognise your order and its contents and whether you are logged in to your account.

Gift.mu cookies do not combine information collected through cookies with other personal information to tell us who you are or what your screen name or e-mail address is.

By using this Site and/or using any Services provided via it, you agree to the above use of cookies.

Disclosure

We may disclose your Personal Data if we are required by law to do so or should this become necessary in case you violate our Agreements. We reserve the right to release and disclose any Personal Data provided by you to law enforcement or other governmental officials as may be required by law or in our sole and absolute discretion (as may be permitted by law), or in instances where it is deemed necessary to comply with any applicable law or at the request of any governmental entity or agency.

Corporate Gift Service

As part of our business, we offer the Corporate Gift Service which is essentially a service available to one who wishes to have recourse to our services for the benefit of others, normally their employees.

By agreeing to the present privacy policy, you are hereby:

1. providing your express consent to:
   1. us to process your personal data for the abovementioned purpose, and those arising out of or in connection with same, which you hereby acknowledge to be in your legitimate interests and warranted in the circumstance;
   2. us to transfer the personal data that we collected about you either directly or otherwise, including your contact details, to the Corporate Client which chooses to use the Corporate Gift Service for your benefit; and
      the abovementioned Corporate Client to lawfully collect the said data from us for inter alia updating the personal data that it holds on you, whilst agreeing that we may, from time to time, provide the Corporate Client with your updated information for your benefit; and
2. acknowledging that the collection of your personal data from the relevant Corporate Client was/is, in the circumstances, necessary, warranted and in your legitimate interest for the abovementioned purpose.

If at any time you consider the above arrangement to which you have herein consented to be undesirable or no longer warranted, please do not hesitate to reach out to us using the contact details provided below, and we will immediately implement your instructions.

Group Data

As part of the Gift.mu platform offering, we offer you the group gifting option. In these instances, and upon accepting the invitation to join any group, you thereby provide your express and verifiable consent (see Consent above) for other participants in the Group to view limited personal information, namely your email address and full name credentials.

If you choose not to accept the invitation and provide consent then in such instance, it may not be possible for you to gain access to the Group functionality.

Minors

You must be 18 years and older to register to use the Site. As a result, Gift.mu does not specifically collect and process Personal Data of minors under the age of 18. If we learn that Gift.mu has collected Personal Data from a minor under the age of 18, we will delete that information as soon as reasonably possible.

If you have reasonable grounds to believe that Personal Data of a minor under the age of 18 have been retained, please contact us immediately using the contact details provided below.

Changes to this Privacy Policy

Changes may be made to this Privacy Policy from time to time. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Site. At no point in time may you plead ignorance of such changes and ignorance of such changes shall be no valid defence under whatever circumstances.

If Gift.mu is acquired by or merged with another company, your information may be transferred to the new owners so that we may continue to sell products or services to you. If this happens, you will be sent notice of such event.

Legislation Concerning Privacy Policy

This Privacy Policy has been drafted to comply with the Mauritian Data Protection Act 2017, and certain provisions of the EU’s General Data Protection Regulations (GDPR), as relevant.

Questions and Requests and Contact Information

If you would like to: access, correct, amend or delete any Personal Data we record on you, register a complaint, or simply want questions answered or more information then please contact us by addressing an email to [email protected] or by calling us on (+230) 650 80 80.