Privacy Policy for Gift Cards

Compliance

Have more questions? Feel free to contact our Compliance Officer regarding any other general questions about CoinGate and its features.

Contact Us

Privacy Policy of UAB Rewards Distributed

The last update was published on: May 6, 2024

The last update will come into force on: May 6, 2024

  1. Purpose and Scope

    1. UAB Rewards Distributed (also referred to as “we”, “us” or “Company”), company registration number 306096569, having its registered office at Laisvės pr. 60-1107, Vilnius, Republic of Lithuania, is committed to protecting and respecting your privacy.

    2. Therefore, in this privacy policy (the “Policy”) we explain what kind of personal data we collect and for what purposes, when providing you with our products and/or services (the“Services”), when you visit our website, and/or when you otherwise make contact with us.

    3. In any case, all personal data collected by us are processed in accordance with the EU General Data Protection Regulation No. 2016/679 (the “GDPR”), Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal acts.

    4. For any questions regarding this Policy or any requests regarding the processing of your personal data, please contact us at giftcards.dpo@coingate.com.UAB Rewards distributed (also referred to as “we”, “us” or “Company”), company registration number 306096569, having its registered office at Laisvės pr. 60-1107, Vilnius, Republic of Lithuania, is committed to protecting and respecting your privacy. Therefore, in this privacy policy (the “Policy”) we explain what kind of personal data we collect and for what purposes, when providing you with our products and/or services (the “Services”), when you visit our website, and/or when you otherwise make contact with us. In any case, all personal data collected by us are processed in accordance with the EU General Data Protection Regulation No. 2016/679 (the “GDPR”), Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal acts. For any questions regarding this Policy or any requests regarding the processing of your personal data, please contact us at giftcards.dpo@coingate.com.

  2. What Information about you do we collect, for what Purposes and on what Legal Bases

    1. We have set out below, in a table format, a description of how and why we use your personal data – i.e. we listed the personal data or categories of personal data used for specific purposes and indicated which legal basis we rely on to do so.

      When is this relevant for me?What information do you collect about me?What is your legal basis to collect my information?Where do you collect the information from?Am I obliged to provide this information? How long do you store information about me?
      When you buy gift cards from various vendors and platforms.email address, IP address, type and amount of gift card, email of the person to whom you send the gift cards, and transaction information.Contract (Art. 6 (1) (b) of GDPR)From yourselfIt is a contractual requirement. If you do not provide this information, we will not be able to provide our services to you.10 years after purchase of a gift card
      When you use our websiteInternet protocol address (IP), user agent, referrer URL, date and time of website visitingLegitimate interest (security and improvement of our website) (Art. 6 (1) (f) of GDPR)From yourselfNo10 years after your last visit to our website
      When you submit an inquiry to our customer supportE-mail address, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, your name and (or) surname provided in your inquiry, reply to your inquiry, information provided by youConsent (Art. 6 (1) (a) of GDPR)From yourselfNo10 years after the receipt of the last inquiry
      When we want to inform you or ask your opinion about our servicesName and e-mailConsent (Art. 6 (1) (a) of GDPR) (Art. 69 (1) of Lithuanian Law on Electronic Communications) Customer relationship (Art. 69 (2) of Lithuanian Law on Electronic Communications) Legitimate interest (to send direct marketing communications) (Art. 6 (1) (f) of GDPR)From yourself Social media service providers Marketing service providersNo10 years after the last use of our services or after you give your consent unless you withdraw your consent earlier
      If you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post)Name and surname indicated in your profile, e-mail address, gender, country, picture, message, time, and date the message was received, the content of the message, message attachments, response to the message, time of response to the message, information about our rating, comments on a post, post shares, information about post reactionsConsent (Art. 6 (1) (a) of GDPR)From yourself and social media platformsYou are not statutorily or contractually obliged to provide this personal data, but we will collect this data if you interact with our social media profiles10 years from the moment you interact with our social media profiles
      When you interact with our social media profiles (e.g., send a message, follow our profiles, share a post, react to a post)Name and surname indicated in your profile, e-mail address, gender, country, picture, message, time, and date the message was received, the content of the message, message attachments, response to the message, time of response to the message, information about our rating, comments on a post, post shares, information about post reactionsConsent (Art. 6 (1) (a) of GDPR)From yourself and social media platformsYou are not statutorily or contractually obliged to provide this personal data, but we will collect this data if you interact with our social media profiles10 years from the moment you interact with our social media profiles
      When we receive your application for a job position, when you give us your consent for storing your CV, or we contact you based on the information you publicly disclose on professional social media platformsFull name, e-mail, phone number, CV, work experience, and other information you provide us withConsent (Art. 6 (1) (f) of GDPR) Contract (Art. 6 (1) (b) of GFPR) Legitimate interest (to contact you when you publicly disclose your information on professional social media platforms) (Art. 6 (1) (f) of GDPR)From yourself Professional social media service providers HR agenciesIt is a requirement necessary to enter into a contract only where we intend to enter into an employment contract with you. If you do not provide this information, we will not be able to enter into an employment contract with you.3 years after the end of the relevant recruitment process 5 years after you give us your consent or publicly disclose your information on professional social media platforms
      When you use our servicesFull name, e-mail address, telephone number, bank account number, address, signature, invoices, reports, accounting documents, payments, paid amounts, and other information we are statutorily required to collectLegal obligation (Art. 6 (1) (c) of GDPR) aw on Accounting of the Republic of LithuaniaFrom yourselfIt is a statutory requirement. If you do not provide this information, you will not be able to buy goods or services from us10 years following a transaction
      When you receive our newsletterEmail address, country, IP address, and other data are required to inform you about our newest products and improve our product.Consent (Art. 6 (1) (a) of GDPR)From yourselfYou are not statutorily or contractually obliged to provide this personal data, but we will collect this data if you give us consent10 years or until the moment you unsubscribe from our newsletter
  3. How we collect your Personal Data

    1. We collect the information you provide directly to us when you:

      1. fill out any forms on our website, platform, and/or mobile application;
      2. communicate with our customer support team;
      3. contact us via our website or by using other means of communication (e.g., via our social network accounts);
      4. use our Services.
    2. We may also receive your data from third parties. In particular:

      1. we may receive personal data from a third party that is connected to you or is dealing with us, for example, business partners, sub-contractors service providers, merchants, etc.;
      2. we may collect personal data from banks or other financial institutions in case the personal data is received while executing payment operations;
      3. we may receive personal data from other entities that we collaborate with.
  4. Direct Marketing

    1. In case you are our existing client (i.e. you already use our Services), we may use your email address for direct marketing purposes, but only with regard to products and/or services that are similar or related to the Services, and only if you do not object to such use of your e-mail address. You are also granted a clear, free of charge and, easily realisable possibility to object or withdraw from such use of your contact details.
    2. In other cases, we may use your personal data for direct marketing, only if you give us your prior consent regarding such use of the data.
    3. We provide a clear, free of charge, and easily realisable possibility not to give your consent or, at any time, to withdraw your consent to receive our marketing communications. We shall state in each communication sent by e-mail that you are entitled to object to such processing of your personal data, and to refuse to receive communications from us. You shall be able to refuse to receive our marketing communications by clicking on the respective link in each marketing e-mail received from us.
  5. How we share your Personal Data

    1. We may disclose your data to the recipients of the following categories:
      1. public authorities, institutions, organisations, courts, and other third parties, but only upon request and only when are by applicable laws, or in cases and under procedures provided for by applicable laws, e. g. for the purposes to secure and/or defend Company’s legitimate interests;
      2. third parties providing services to the Company including providers of legal, financial, auditing, tax, business management, personnel administration, accounting, advertising (including online advertising), direct marketing, communications, data centres, hosting, cloud, and/or other services. In each case, we provide such third parties with only as much data as necessary to provide their services. Service providers engaged by us may process your personal data only in accordance with our instructions and may not use them for other purposes;
      3. third parties for the purpose of performance of the contract concluded with you;
      4. our affiliate companies – i.e., other companies belonging to the same group;
      5. third parties when the Company intends to enter into a business sale transaction and/or to perform legal and/or financial due diligence of the Company prior to such transaction;
      6. other persons with your consent, that is our subprocessors that are mentioned below:
      7. 1.Customer support and crypto processing servicesUAB “Decentralized”Lithuania (EU)Data processing agreement
        2.Banking, payment processing, crypto exchange, and other financial service providersUAB “IBS”Lithuania (EU)N/A
        Other service providersWorldwideEU Standard Contractual Clauses (link)
        3.Software service providersMicrosoft CorporationUSMicrosoft Standard Contractual Clauses (link)
        Other software service providersWorldwideEU Standard Contractual Clauses (link)
        4.Communication tools service providersSlack Technologies, LLCUSSlack Technologies Standard Contractual Clauses (link)
        Other service providersWorldwideEU Standard Contractual Clauses (link)
        5.Social media service providersFacebook Ireland Ltd.Ireland (EU)N/A
        Reddit Ireland Ltd.Ireland (EU)EU Standard Contractual Clauses (link)
        Twitter Inc.USEU Standard Contractual Clauses (link)
        Telegram UK Holdings LtdUKDecision on the adequate protection of personal data by the United Kingdom (link)
        Other service providersWorldwideEU Standard Contractual Clauses (link)
        6.Cloud hosting service providersAmazon Web Services, Inc.USAmazon Standard Contractual Clauses (link)
        Google LLC.USGoogle Standard Contractual Clauses (link)
        Other service providersWorldwideEU Standard Contractual Clauses (link)
        7.Marketing service providersMicrosoft CorporationUSMicrosoft Standard Contractual Clauses (link)
        Hotjar Ltd.Malta (EU)EU Standard Contractual Clauses (link)
        Google LLC. (Google ads)USGoogle Standard Contractual Clauses (link)
        Adform A/S Denmark (EU)EU Standard Contractual Clauses (link)
        UAB “Eskimi” Lithuania (EU)EU Standard Contractual Clauses (link)
        Impact Tech, Inc. USImpact Tech Privacy Policy standard clauses
        Twitter Inc.USEU Standard Contractual Clauses (link)
        Reddit Ireland Ltd.Ireland (EU)EU Standard Contractual Clauses (link)
        Quora, Inc.USContractual Clauses of Quara Privacy policy
        8.NewslettersMailerLite LimitedIrelandEU Standard Contractual Clauses which are incorporated by reference to Data Processing Addendum (link)
        Mailgun Technologies, Inc.,USContractual Clauses of Mailgun Privacy policy (link)
        UAB OmnisendLithuania (EU)EU Standard Contractual Clauses (link)
        Other service providersWorldwideEU Standard Contractual Clauses (link)
        9.Compliance and legal service providersOther service providersEU countries and UKDecision on the adequate protection of personal data by the United Kingdom (link)
  6. International Data Transfers

    1.  In case your personal data is transferred outside the European Economic Area (EEA), we will take necessary steps to ensure that your data is treated securely and in accordance with this Policy and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the personal data. This can be done in a number of different ways, for example:
    2. the third country to which we send the personal data, a territory or one or more specified sectors within that third country, or the international organisation is approved by the European Commission as having an adequate level of protection;
      1. the recipient has signed or contains in its terms of service (service agreement) the standard contractual clauses (SCC) adopted by the European Commission (for more information please see here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en);
      2. special permission has been obtained from a supervisory authority.
    3. We may transfer personal data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR or on the basis of derogations.
  7. How long we keep your Personal Data

    1. We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, but not longer than it is required by the applicable laws and regulations, including for the purposes to comply with any legal, regulatory, tax, accounting or reporting obligations. If the legislation of the Republic of Lithuania does not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of personal data. Personal data that is important for the contractual relationship between you and Company is normally stored for as long as the contractual relationship lasts and thereafter for a maximum period of 10 years after the relationship.
    2. If you do not enter into a contract with us, the personal data are normally stored for a maximum of 24 months. We may retain your personal data for a longer period when:
      1. it is necessary for the Company to be able to defend itself against existing or threatened claims or to exercise its rights, or for the proper resolution of dispute, complaint or claim;
      2. there is a suspicion of illegal activity;
      3. it is required by applicable laws.
      4. Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalise your data as soon as possible, within a reasonable time required to perform such action.
  8. Your Rights

    1. The right to be informed. You have the right to be provided with a clear, transparent and easily understandable information about how we process your personal data.
    2. The right to access. You have the right to request from us the copy of your personal data. Where your requests are excessive, in particular if they are a repetitive, we may refuse to act on the request, or charge a reasonable fee taking into account the administrative costs for providing the information
    3. The right to rectification. You have the right to request us to correct or update your personal data at any time, in particular if your personal data is incomplete or incorrect.
    4. The right to data portability. When a legal basis for data processing is consent or contract, you have the right to request that we transfer your data that we have collected to another organisation, or directly to you, under certain conditions.
    5. The right to be forgotten. When there is no good reason for us to process your personal data anymore, you can ask us to delete your data. We will take reasonable steps to respond to your request.
    6. The right to restrict processing. You have the right to restrict the processing of your personal data in certain situations (e.g., when you want us to investigate whether that data is accurate; we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim).
    7. The right to object to processing. Under certain circumstances you have the right to object to certain types of processing (e.g., to receive our marketing communications).
    8. The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with a competent supervisory authority, if you believe that your personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. Our data processing is supervised by the State Data Protection Inspectorate of the Republic of Lithuania (address: L. Sapiegos St. 17, LT-10312 Vilnius, phone No.: +370 5 271 2804 / 279 1445, e-mail address: ada@ada.lt, for more information, visit https://vdai.lrv.lt/en/).
    9. Right to withdraw your consent. If personal data is processed on the basis of your consent, you can withdraw it at any time. Withdrawal will not affect the lawfulness of processing of your data before the withdrawal.
      1. If you would like to exercise any of these rights, please contact us via email: giftcards.dpo@coingate.com.
      2. Your request shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request that complies with our internal rules and the GDPR. The afore-mentioned term may be extended by 60 (sixty) calendar days taking into account the complexity and number of the requests. The Company will inform you of any such extension within 30 (thirty) calendar days of receipt of the request, together with the reasons for the delay.
      3. We may refuse to satisfy your request if the exceptions and/or limitations to the exercise of data subject's rights set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reasons for such refusal in writing.
  9. How we Protect your Personal Data

    1. Please note that, although no system of technology is completely secure, we have implemented security measures to minimise the risk of unauthorised access to or improper use of your personal information.
    2. We and our third-party service providers that may be engaged in the processing of personal data on our behalf (for the purposes indicated above) are contractually obligated to respect the confidentiality of the personal data.
  10. Changes to this Policy

    1. We regularly review this Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes will take effect immediately upon their publication on our website https://coingate.com/gift-cards/privacy-policy.
    2. Please review this Policy from time to time to stay updated regarding any changes.
  11. Contact Us

    1. You may contact us by using the contact form provided on the Website under the menu item “Contact Us” or write us an email at: giftcards.dpo@coingate.com.
  12. Our Data Protection Officer (DPO)

    1. You may contact our DPO regarding all issues relating to the Company’s processing of your personal data and the exercise of your data protection rights by sending an e-mail giftcards.dpo@coingate.com.