PRIVACY AND COOKIE POLICY

This Privacy Policy with respect to the processing of personal data, hereinafter referred to as the Policy, is developed and applied by You to Gift with respect to processing and ensuring the protection of personal data of individuals (personal data subjects) under the Estonian Personal Data Protection Law, as well as the EU General Data Protection Regulation 2016/679 (the GDPR) and other applicable European data protection legislation, collectively referred to as the Legislation.

This Policy will tell you how your personal data is collected and processed when you visit and use the https://youtogift.com/ website ("Platform").

The Policy is an integral part of the User Agreement (https://youtogift.com/terms). By using the Platform, you as a user of the Platform (hereinafter "You") acknowledge that you agree to this Policy and the terms of processing your personal data. If you do not agree with this Policy, you must immediately leave the Platform and stop using its functionality.

Content:

Terms and Definitions

Operator Contact Information 

Reasons for Personal Data Collection 

Processing of Personal Data

Cookies 

Sharing Personal Information on the Platform 

Transfer of Personal Data to Third Parties

Your rights 

The Period of Storage of Personal Data

Discontinuation of the Data Processing 

Personal Data of Children 

Changes to This Policy 

Terms and Definitions

Personal data — Information or a collection of information about an individual (User), which is identified or can be specifically identified.

The User's personal data includes in particular: last name, first name, patronymic, identification number, location data, e-mail address, mobile/landline phone number, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the physical entity.

Operator, You to Gift, Website Administration (hereinafter “the Operator”) — You to Gift Limited Liability Company, country of registration: Estonia, registration number 14856696, independently or together with other persons organizing and/or implementing the processing of personal data, as well as determining the purpose of personal data processing, the composition of personal data to be processed, and actions performed with personal data;

Processing of personal data — any action or set of actions concerning personal data performed with or without the use of automation, including collection, recording, systematization, accumulation, storage, refinement (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

Automated processing of personal data — personal data processing by means of computers;

Dissemination of personal data — actions aimed at the disclosure of personal data to an undefined group of persons;

Provision of personal data — actions aimed at disclosure of personal data to a certain person or a certain group of persons;

Blocking of personal data — temporary termination of personal data processing (except when processing is necessary to clarify personal data);

Use of personal data — actions with personal data performed by the Administration in order to make decisions or perform other actions that have legal consequences with respect to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons.

Destruction of personal data — actions resulting in the impossibility to restore personal data in the personal data information system and/or in the destruction of the material carriers of personal data;

Depersonalization of personal data — actions resulting in the impossibility, without the use of additional information, to determine the affiliation of personal data to a specific personal data subject;

Biometric personal data — data that defines the physiological and biological characteristics of an individual and allows to identify them, and which is used by the Operator to identify the subject of personal data;

Personal data information system — the totality of personal data contained in personal data databases, as well as  information technology and technical means ensuring data processing;

User — the subject of personal data, any legally capable individual who has acceded to this Policy on their own behalf or on behalf of a legal entity, for the purpose of receiving services;

Website, Platform — the website https://youtogift.com/ owned by the Operator on the Internet.

Policy — this Privacy Policy located at https://youtogift.com/.

OPERATOR CONTACT INFORMATION

You to Gift Company

E-mail address (e-mail): [email protected]

 

REASONS FOR PERSONAL DATA COLLECTION

Your personal data processing is carried out in accordance with the requirements of the legislation. The processing of personal data of persons within the EU or those who are EU citizens is governed in particular by the EU General Data Protection Regulation 2016/679 (hereinafter "GDPR"). Also, the legislation of other countries may impose additional requirements.

We only process your personal data if one of the conditions specified in Article 6 of the GDPR is met, including but not limited to: 

  • You have consented to the processing of personal data; 

  • You visit or use the Platform;

  • Such processing is necessary for the purpose of entering into or executing a contract with you;

  • Such processing is required by the laws of the countries you are currently located in;

  • You contact the Operator via email or contact Customer Support.

PROCESSING OF PERSONAL DATA

(1) Visiting or using the Platform

When you visit or use the Platform, your personal data is collected:

  • Automatically;

  • When using the Platform to determine a giveaway winner.

Automatic collection of personal data occurs through the use of cookies as well as other automatic data collection technology. Such personal data includes IP address, session duration, browser version, time, and currency used on the Platform. You can find more information about cookies in the Cookies section of this Policy.

When you use the Platform to determine a giveaway winner, you provide your social media account name (username) and you may also provide us with your payment information, such as card number, account number, and/or IBAN. During the winner determination, including by means of participant database collection, the system reveals the names of the Participant/Organizer accounts (usernames) on the social media where the giveaway is hosted, as well as the actions performed by giveaway participants: likes, comments, and subscriptions.  Giveaway rules may also provide other personal information. The purpose of such personal data processing is to ensure the selection of a giveaway winner. The legal basis for such data processing is the execution of a contract (User Agreement/Offer). 

(2) Registration on the Platform

Registration is not required in order to use the Platform for the purposes of determining a winner or to visit the Platform for the purpose of familiarization, which is why personal data is collected as set forth in p.1 of this Section (See: Visiting or Using the Platform). 

(3) Contacting the Operator or customer support

When you contact the Operator via email or contact Customer Support, you provide your e-mail address or other contact information, as well as other data which you have chosen to provide to the Operator or Customer Support yourself, or which is necessary to solve your problem or to answer your question. The purpose of processing such information is to respond to your request or to resolve your problem. The legal basis for such data processing is the execution of the contract or legitimate interest of the Operator or third parties (in resolving your question or problem).

In addition, the grounds for  personal data processing are:

  1. The consent of the subject of personal data to the processing of their personal data by the Operator;

  2. The conclusion and execution of the contract, if one of its parties is the subject of personal data or which is concluded for the benefit of the subject of personal data, or to carry out the activities preceding the conclusion of the contract at the request of the subject of personal data;

  3. The requirement for the Operator to comply with the existing legislation.

The purpose of personal data processing is:

  • The performance of the functions assigned to the Operator in accordance with the Legislation and the GDPR;

  • Collecting, storing and processing personal data obtained on the online service under the Law and the GDPR;

  • Providing the User with information about the services, current promotions and special offers regarding the services provided by the Operator;

  • Identification of the subject of personal data when using the website (online service);

  • Communication with the subject of personal data when necessary, including sending offers, information materials, messages, information and inquiries, advertising, as well as processing requests of the subject of personal data;

  • Improving the quality of the online service, the convenience of its use, development of new features and improving the quality of services;

  • Providing services to the User;

  • Conducting statistical and other research based on anonymized data;

  • Performance by the Operator of contractual and other obligations to the User under the transactions concluded between the Operator and the User or third parties on the behalf of the User.

Processing of personal data shall be carried out in compliance with the conditions defined by the Legislation and the GDPR.

In order to achieve the goals of this Policy, only those employees of the Operator who are entrusted with such duty in accordance with their official (employment) duties, are allowed to process personal data. Access of other employees to personal data may be granted only in cases provided for by law. The Operator requires its employees to observe confidentiality and security of personal data during the processing of such data.

When processing personal data in information systems, the Operator shall ensure:

  • Carrying out measures aimed at preventing unauthorized access to personal data and/or its transfer to persons not entitled to access such information;

  • Timely detection of unauthorized access to personal data;

  • Prevention of impact on technical means of automated processing of personal data which may result in the disruption of their operation;

  • Immediate recovery of personal data, modified and destroyed as a result of unauthorized access to it;

  • Continuous control of personal data security level.

 

The operator implements the following requirements of the Law regarding personal data:

  • Requirements of confidentiality of personal data;

  • Requirements to ensure the implementation of the personal data subject’s rights;

  • Requirements to ensure the accuracy of personal data, and if necessary, its relevance in relation to the purposes of personal data processing (taking (providing) measures to remove or update incomplete or inaccurate data);

  • Requirements for the protection of personal data from unauthorized or accidental access, destruction, distortion, blocking, copying, supply, distribution, as well as other unlawful acts in relation to personal data;

  • Other requirements of the legislation.

COOKIES

The Operator collects and stores data about the User's actions and preferences, using cookies.

Cookies are small text files that, by performing certain functions, collect information about your activity on the Platform and are stored on your device that is used to log in to the Platform. Through the use of cookies, over a period of time, it is possible to identify your device and offer you more relevant information, such as currency or local time.

By using cookies, the online server memorizes the User's preferences and settings on the User's device (computer, mobile device or other device), which are automatically restored in the future the next time you visit the Site. In other words, the use of cookies is intended to provide the convenience of using the Site. For example, they allow you to remember your login information and to sign into your account automatically without re-entering it each time you revisit the Site. There are different types of Cookies that are used by the Operator:

Persistent Cookies and Session Cookies. The fundamental difference between these two types of Cookies is the period of data storage on the User's device. Persistent Cookies are stored on the User's computer until they expire, after which they are automatically deleted by your browser or by yourself. Session cookies are automatically deleted when you close your browser window.

Mandatory and Functional Cookies. In addition to persistent and session cookies, there are also mandatory and functional cookies. The difference between the two types is that mandatory cookies are used to help the use of the Site. They can record information after the user performs certain actions such as logging into their account or others. Functional cookies serve the convenience of the User. They collect information anonymously and do not and cannot collect information about the User's visits to other sites and services. Their purpose is to memorize the choice of language or geolocation when necessary so it can be utilized in the future.

Analytical and Operational Cookies. These types of Cookies are intended to determine how exactly the User uses the Site, how many visits the User makes, and how many pages the User views. The Company may store for its own purposes information about which pages of the Site are of most interest to the User in order to improve the quality of its service. In this way, it is possible to improve the Site and optimize it directly for a particular User by giving out the most interesting and frequently requested pages.

Targeting and Advertising Cookies. These types are somewhat similar to analytical and operational Cookies. However, the targeting and advertising cookies are not used to optimize the Web site for the User and help the Company to collect information about what links you navigate and what pages you look at. Thus, only relevant advertising is selected, which is tailored to each User. Targeting and advertising cookies also serve to limit the number of ad impressions and assess the effectiveness of advertising campaigns. The Company may share the information collected by these types of cookies with third parties, such as advertising companies.

Some cookies are strictly necessary for the normal operation of the Platform, so we do not ask for your consent for their use. In the case of cookies that are not strictly necessary, we will always ask for your consent.

We use cookies to maximize the effectiveness of the Platform, identify you as a user, improve your productivity and usability, customize the advertising and measure its effectiveness.

The Company may allow third parties, which include advertising and/or analytics service providers, to collect information using this technology directly on the Site or the You to Gift mobile app. The data collected by these parties are subject to the privacy policies of these third parties.

Each User has the right to refuse to store cookies on their device. In order to do so, it is necessary to change the settings of your browser if you wish to delete cookies and refuse to accept them. As a rule, these options are presented in browsers in the sections Options, Settings, Tools, etc. Depending on which browser the User uses, different methods can be used to disable the acceptance of cookies:

- Microsoft Internet Explorer

- Google Chrome

- Safari

- Firefox

- Opera

If the User refuses to use and store cookies, they can use the Site, but in this case, some features of the Platform will not be available or may not work correctly.

All relevant information about what cookies are, how they work, how to manage them, or how to delete them can be found at ALL ABOUT COOKIES at www.allaboutcookies.org.

SHARING PERSONAL INFORMATION ON THE PLATFORM

When you participate in a giveaway, you may share personal information that may become available to other participants of Instagram giveaways and to users of the Platform. Please note that other users may view the profile you use to participate in a giveaway. Be careful when sharing your personal information and check your Instagram profile privacy settings. In any case, we are not responsible for the actions of users of the Platform Instagram with respect to personal information that you have voluntarily made public.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

We may share your personal information with third parties, such as mailing list service providers, hosting providers, customer and technical support, cloud storage providers, software developers, marketing and analytics service providers. Your personal data will be shared only as necessary, in accordance with applicable personal data protection laws and to achieve the purposes for which it was collected.

The Operator requires recipients of personal data to observe confidentiality during personal data processing, to process it exclusively in accordance with our instructions and with the provision of necessary organizational and technical measures for the protection of personal data from unlawful or accidental access to it, destruction, change, blocking, copying, unauthorized distribution, as well as from other unlawful actions in relation to personal data.

If information is to be transferred outside the European Union to countries that do not have an adequate level of personal data protection, in particular Ukraine and the Russian Federation, the Operator will use suitable safeguards that will ensure the integrity and protection of the personal data that is transferred. Such protective measures may be Standard Contractual Clauses - special agreements developed and approved by the European Commission to ensure the secure transfer of data to such countries, which are available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. 

A copy of such a treaty or other suitable protective measure that is used to transfer your data outside of the European Union can be requested at: [email protected].

YOUR RIGHTS

As a personal data subject, you have a number of rights in relation to your personal data, namely:

1) To know the source of collection, the location of your personal data, the purposes of processing your personal data, the location or residence of the owner or manager of the personal data or to give a corresponding instruction to obtain this information to persons authorized by him/her, except in the cases provided for by law;

2) To obtain information on conditions of access to personal data, including information about third parties to which his personal data is transferred;

3) To have access to your personal data;

4) To receive a response to your questions about your personal data processing, as well as the content of such personal data no later than thirty calendar days from the date of request, except in cases prescribed by law;

5) To submit a motivated request to the personal data controller objecting to the processing of your personal data;

6) To submit a reasoned request for amendment or destruction of your personal data by any personal data owner and/or administrator if the data is processed illegally or is unreliable;

7) To protect your personal data against unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as against the provision of data that is inaccurate or discrediting the honor, dignity and business reputation of an individual;

8) To bring complaints regarding the processing of your personal data before the Administration or the court;

9) To take legal remedial measures  in case of violation of legislation on personal data protection;

10) To make reservations about the restriction of the right to process your personal data after receiving the express consent;

11) To withdraw the consent to the processing of personal data;

12) To know the mechanism of automatic processing of personal data;

13) To be protected against an automated decision which has legal consequences for you.

The Administration may entrust the processing of personal data to a third party with the consent of the subject of personal data, unless otherwise provided by the laws of Ukraine, on the basis of an agreement concluded with the third party, the condition of which is confidentiality and non-disclosure of personal data.

Representatives of public authorities (including controlling, supervising, law enforcement and other authorities), receive access to personal data processed by the Administration, in the scope and manner prescribed by the legislation of Ukraine.

In addition to the above rights, subjects of personal data have the rights under the GDPR.

The User has the right to find out what personal data we process. To do this, the User can submit a request for this information via e-mail: [email protected] at any time, including by contacting the Administration. The list of data that the Administration is obliged to provide is specified in Articles 13 and 14 of the GDPR. At the same time, in their request, the User must state their specific requirements so that the Administration can legally consider this request and give an answer.

If the Administration is unable to verify the User's identity during the exchange of e-mails or during contact by phone, or in case of reasonable doubts about the User's identity, the Administration may ask the User, or the requesting person, to provide proof of identity, including by personal appearance at the location of the Administration. This is the only way to avoid disclosure of your personal data to an individual who may impersonate you.

The Administration will process requests as quickly as possible, but at the same time, it may take up to 30 calendar days to provide a complete and lawful response regarding personal data.

In the event that the personal data being processed is incorrect or outdated, the User has the right to make a correction by contacting the Operator.  

Personal data cannot be changed if it has already been used in the execution of a contract and/or is contained in a tax document that has been executed in accordance with the Tax Laws.

The subject of personal data has the right to request the Administration to delete, without undue delay, personal data relating to him/her, and the Administration is obliged to immediately delete personal data if any of the following grounds apply:

(a) the personal data is no longer required for the purposes for which it was collected or otherwise processed;

(b) the personal data subject withdraws his or her consent on the basis of which the personal data processing is carried out and if there is no other legal basis for such personal data processing;

(c) the personal data subject objects to the processing of personal data and there is no overriding legitimate basis for such personal data processing;

(d) the personal data has been processed unlawfully;

(e) the personal data must be destroyed pursuant to a legal obligation under the Act or the law of the European Union or the Member State to which the Administration is subject;

(f) personal data has been collected to provide information services.

In this case, for security reasons, the Operator may ask the User to provide proof of identity, including directly at the location of the Administration.

You can exercise your rights in relation to the Operator by contacting [email protected]. We will provide you with a response to your request within one month of its receipt.

Please note that when you submit a request to exercise your rights, the Operator may require verification of your identity via email or other means and may ask you certain clarifying questions to determine the nature and scope of your request.

THE PERIOD OF STORAGE OF PERSONAL DATA

Your personal data will be stored for the period necessary to achieve the purposes of its processing, or for the period specified by law. After the storage period has expired, your data will be deleted or anonymized.

The period of processing of personal data shall be determined based on the purposes of such processing but no longer than specified by law.

Personal data, the period of processing (storage) of which has expired, must be destroyed or depersonalized unless otherwise provided by law. Storage of personal data shall be in a form enabling identification of the personal data subject no longer than required by the purposes of personal data processing unless the law stipulates a storage period of such personal data. Processed personal data shall be destroyed or depersonalized upon attainment of the purposes of processing or if it is no longer necessary to attain those purposes unless otherwise provided by the legislation. We must also consider the periods for which we may need to retain your personal data in order to meet our legal obligations to you or regulatory authorities (in accordance with EU Regulation 261/2004).

We may, over time, minimize your personal data that we use or may even make your personal data anonymous so that it can no longer be linked to you personally. We will then be able to use this information without informing you further.

DISCONTINUATION OF THE DATA PROCESSING

The processing of personal data will cease:

1. If the purposes of the processing of personal data are achieved and/or if such purposes cease to exist;

2. In case of expiration of the storage period of personal data;

3. At your request, if the request to delete personal data is granted;

4. In case of withdrawal of consent to data processing, if there are no other legal grounds for processing personal data provided by law;

5. In case of liquidation of the Operator.

PERSONAL DATA OF CHILDREN

The Platform is not intended for use by children under the age of 16 or older if your country of residence sets a higher restriction. We do not knowingly process the personal data of children and, if we do, we will delete such data within a reasonable period of time.  

CHANGES TO THIS POLICY

This Policy may be changed or terminated unilaterally by the Operator without prior notice to Users, including if required by applicable law. The new edition of the Policy comes into effect from the moment of its posting on the website, unless otherwise stipulated by the new edition of the Policy.

It is your responsibility to make sure that the Policy is up to date, so You to Gift recommends that you check the Policy each time you visit the Platform.

 

Revised July 27, 2022.