Privacy Policy

Purpose and Scope of Privacy Policy

GiftGalor gift card provider, referred to as “we,” “us,” “Giftgalor,” or the “Company,” values and respects your privacy. This Privacy Policy (“Policy”) is designed to explain the types of personal data we collect and how we use and protect that data about the provision of our products and/or services (“Services”). This Policy also covers collecting personal data when you visit our website or engage with us through other means.

We are committed to ensuring that all personal data collected by us is processed following the EU General Data Protection Regulation No. 2016/679 (“GDPR”), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal acts.

If you have any questions, concerns, or requests regarding this Policy or the processing of your personal data, please do not hesitate to contact us at [email protected]. Our team is dedicated to addressing any queries and assisting you with your privacy-related matters.

Your privacy is important to us, and we strive to maintain the confidentiality and security of your personal data. We encourage you to read this Policy carefully to understand how we handle your personal data and make informed decisions about sharing your information.

By accessing our Services, visiting our website, or engaging in any form of communication with us, you acknowledge that you have read and understood this Policy and agree to collect, use, and process your personal data as described herein.

Please note that this Policy may be updated occasionally to reflect changes in our practices or legal requirements. We recommend you review this Policy periodically to stay informed about how we protect your privacy and handle your personal data.

At Giftgalor, we are committed to being transparent and accountable in our privacy practices, ensuring that your personal data is handled responsibly and in compliance with applicable privacy laws and regulations.

What Information About You Do We Collect, for What Purposes, and on What Legal Bases

At Giftgalor, we collect certain information about you to provide our services effectively and improve your overall experience. This section of our Privacy Policy explains the types of information we collect, the purposes for which we collect them, and the legal bases on which we process your data.

Personal Information:

  • What we collect: We may collect personal information such as your name, email address, phone number, and postal address when you interact with our website or contact us.
  • Purposes of collection: We collect this information to facilitate communication, process your requests, and deliver the gift cards or services you have ordered. We may also use your contact information to send you updates, promotions, or newsletters if you have consented or have a legitimate interest.
  • Legal bases: The collection of your personal information is based on your consent, the necessity for fulfilling a contract with you, or our legitimate interests in providing efficient customer service and marketing our products and services.

Payment Information:

  • What we collect: When you make a purchase, we collect payment information such as payment method and other necessary details.
  • Purposes of collection: We use this information to process your payment, complete your order, and ensure a secure transaction.
  • Legal bases: Collecting payment information is necessary for the performance of a contract and compliance with legal obligations regarding financial transactions.

Website Usage Information:

  • What we collect: We may collect certain information automatically when you visit our website, including your IP address, browser type, operating system, device information, and browsing behaviour.
  • Purposes of collection: We gather this information to analyse website performance, enhance user experience, and improve our services. It also helps us detect and prevent fraudulent activities and ensure the security of our website.
  • Legal bases: The collection of website usage information is based on our legitimate interests in understanding user behaviour, optimising our website, and ensuring its security.

Cookies and Similar Technologies:

  • What we collect: We may use cookies, web beacons, and similar technologies to collect information about your browsing activities, preferences, and interactions with our website.
  • Purposes of collection: These technologies help us personalise your experience, remember your preferences, analyse website traffic, and provide relevant advertisements.
  • Legal bases: Using cookies and similar technologies is based on your consent, which you can manage through your browser settings.

We strive to collect only the necessary information and ensure the security and confidentiality of your data. We do not sell, rent, or disclose your personal information to third parties without your consent, except as required by law or when necessary to provide our services.

For more details on how we handle and protect your information, please refer to our full Privacy Policy.

If you have any questions, requests, or concerns regarding collecting and processing your information, please contact us using the information provided in the “Contact Us” section of this Privacy Policy. We are committed to addressing your inquiries promptly and transparently.

How We Collect Your Personal Data

We value your privacy and strive to ensure transparency in our data collection practices. This section of our Privacy Policy explains how we collect your personal data.

Direct Interaction

We collect information directly from you when you interact with us in the following ways:

  • Filling out forms on our website, platform, or mobile application.
  • Communicating with our customer support team.
  • Contacting us through our website or other communication channels, such as social network accounts.
  • Using our Services.
  • Information from Third Parties: We may receive personal data from third parties, which may include:
  • Business partners, subcontractors, or service providers connected to you or dealing with us.
  • Personal data is obtained from banks or other financial institutions during payment transactions.
  • Other entities that we collaborate with.

Direct Marketing

If you are an existing client and have already availed of our Services, we may use your email address for direct marketing purposes related to similar or relevant products and services unless you object to such use. You have the right to easily object or withdraw consent from receiving marketing communications.

Consent-Based Marketing

For all other cases, we will only use your personal data for direct marketing if you have given us your consent. You have the right to refuse or withdraw consent at any time.

Sharing Your Personal Data

We may disclose your data to the following recipients:

  • Public authorities, institutions, organisations, courts, and other third parties as required or provided for by applicable laws to secure and defend our legitimate interests.
  • Third-party service providers who assist us in various capacities, such as legal, financial, auditing, marketing, data management, and other services. We ensure that these providers only receive the necessary data to fulfil their services and that they process your personal data following our instructions.
  • Third parties for the performance of contracts entered into with you.
  • Affiliate companies within our corporate group.
  • Third parties in the context of business sale transactions or legal and financial due diligence.

Rest assured that we take appropriate measures to protect your personal data and ensure its confidentiality and security under applicable laws and regulations.

If you have any questions or concerns regarding collecting your personal data, please refer to the “Contact Us” section of this Privacy Policy to contact our team. We are committed to addressing your inquiries promptly and providing transparent information about our data collection practices.

International Data Transfers

At Giftgalor, we may transfer your personal data to countries outside the European Economic Area (EEA) to provide our services effectively. When such transfers occur, we take necessary steps to ensure that your data is treated securely and following this Policy. We also ensure that the transfer complies with the legal requirements applicable to personal data.

We ensure the protection and transfer of your data in several ways.

Adequacy Decision

If the third country, a specific territory, a sector within that country, or the international organisation receiving the personal data has been approved by the European Commission as having an adequate level of protection, we may transfer your data to that destination.

Standard Contractual Clauses (SCC)

We may use the standard contractual clauses adopted by the European Commission in our agreements with the recipient of the personal data. These clauses provide safeguards for the protection of your data during the transfer. You can find more information about standard contractual clauses on the European Commission’s website: [link to be inserted].

Supervisory Authority Approval

In some instances, we may obtain special permission from a supervisory authority to transfer personal data to a third country without adequate protection. This ensures that appropriate safeguards are in place for the transfer.

Additionally, we may employ other measures that ensure appropriate safeguards and comply with the provisions of the GDPR or rely on derogations as specified in the law.

We are committed to protecting your personal data and maintaining its security throughout international transfers. If you have any questions or concerns regarding the international transfer of your personal data, please contact us using the contact details provided in this Privacy Policy’s “Contact Us” section. We will happily provide you with any necessary information and address your queries.

Data Retention: How Long We Keep Your Personal Data

At Giftgalor, we retain your personal data for the duration necessary to fulfil the purposes for which it was collected and processed. However, we do not keep your data longer than required by applicable laws and regulations, including legal, regulatory, tax, accounting, or reporting obligations.

The specific retention period may vary depending on the nature of the data and the purposes for which it was collected. In cases where the legislation of the Republic of Lithuania does not provide a specific data retention period, we determine the retention period based on the legitimate purpose of data retention, the legal basis, and the principles of lawful processing of personal data.

For personal data essential for the contractual relationship between you and Giftgalor, we generally retain it for the duration of the contractual relationship and a maximum period of 10 years after the relationship concludes.

If you do not enter into a contract with us, we typically retain your personal data for 24 months. However, there are circumstances where we may retain your personal data for a longer period, such as:

  • When it is necessary for us to defend against existing or threatened claims, exercise our rights, or ensure the proper resolution of disputes, complaints, or claims.
  • In cases where there is a suspicion of illegal activity.
  • When retention is required by applicable laws.

Upon expiration of the retention period, we undertake to delete promptly and/or reliably and irreversibly anonymize your data, ensuring that it cannot be linked back to you.

We are committed to handling your personal data responsibly and complying with data protection laws. If you have any questions or require further information about our data retention practices, please contact us using the details provided in this Privacy Policy’s “Contact Us” section.

Your Rights

At Giftgalor, we respect your rights regarding your personal data. We are committed to ensuring you can exercise these rights efficiently and effectively. This section of our Privacy Policy outlines your rights and provides information on how to exercise them.

The Right to be Informed

You have the right to receive clear, transparent, and easily understandable information about how we process your personal data. This Privacy Policy aims to provide you with comprehensive details on our data processing practices.

The Right to Access

You have the right to request a copy of the personal data we hold about you. Considering the administrative costs, we may charge a reasonable fee or refuse to act on the request if it is repetitive or excessive.

The Right to Rectification

You have the right to request the correction or updating of your personal data if it is incomplete or inaccurate. We strive to ensure the accuracy and completeness of the data we hold.

The Right to Data Portability

If the legal basis for processing your data is consent or contract, you have the right to request that we transfer the personal data we have collected from you to another organisation, or directly to you, under certain conditions.

The Right to Be Forgotten

You have the right to request the deletion of your personal data when there is no longer a legitimate reason for us to process it. We will take reasonable steps to respond to your request and ensure the appropriate deletion of your data.

The Right to Restrict Processing

In certain situations, such as when you want us to verify the accuracy of your data or when we no longer need your data but want us to retain it for legal claims, you have the right to restrict the processing of your personal data.

The Right to Object to Processing

Under certain circumstances, you have the right to object to certain types of processing, such as receiving our marketing communications.

The Right to Lodge a Complaint with a Supervisory Authority

If you believe that your rights and legitimate interests under applicable legislation are being violated, you can lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania or any other competent supervisory authority.

The Right to Withdraw Consent

If we process your personal data based on your consent, you can withdraw that consent at any time. The withdrawal will not affect the lawfulness of processing your data before the withdrawal.

To exercise any of these rights, or if you have any questions regarding your rights, please contact us via email at [email protected].

We aim to fulfil your requests or provide reasons for the refusal within 30 calendar days from your complaint request, per our internal rules and the GDPR. In complex cases or when there are multiple requests, the response time may be extended by an additional 60 calendar days. We will inform you of any such extension and the reasons for the delay within 30 calendar days of receiving your request.

Please note that there may be exceptions and limitations to data subject rights as outlined in the GDPR. If we refuse your request, we will write the reasons for such refusal.

We are committed to upholding your rights and protecting your personal data in line with applicable laws and regulations.

How We Protect Your Personal Data

At Giftgalor, we understand the importance of protecting your personal data. While no system can guarantee absolute security, we have implemented robust measures to minimise the risk of unauthorised access and improper use of your personal information.

Security Measures

We employ various technical and organisational measures to safeguard your personal data. These measures include encryption, secure data transmission protocols, access controls, firewalls, and regular system updates to mitigate potential vulnerabilities.

Confidentiality Obligations

We have strict confidentiality agreements with our third-party service providers, who may process personal data on our behalf. These agreements ensure that these service providers are contractually obligated to respect the confidentiality of their personal data and implement appropriate security measures.

Employee Access Controls

Access to your personal data is restricted to authorised employees who require it to fulfil their job responsibilities. We provide regular training to our employees on data protection and security practices to ensure the confidentiality and integrity of your personal data.

Data Transfer Security

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect the data during transit. These safeguards may include the use of standard contractual clauses or other legally recognized mechanisms to ensure an adequate level of data protection.

Data Retention Limitations

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as outlined in our Privacy Policy. Once the retention period expires, we securely delete or anonymize your personal data to ensure it cannot be linked back to you.

While we take these precautions to protect your personal data, it is essential to note that no system or technology can guarantee complete security. However, we continuously monitor and update our security measures to adapt to new threats and technological advancements.

If you have any concerns about the security of your personal data or would like more information about our data protection practices, please contact us using the details provided in the “Contact Us” section of this Privacy Policy. We are committed to addressing your concerns and ensuring the protection of your personal information.

Changes to this Policy

At Giftgalor, we regularly review our Privacy Policy to ensure its alignment with applicable laws and regulations. We reserve the right to modify this Policy at any time to reflect updates in our data practices and address any legal requirements changes.

When we change this Policy, we will post the updated version on our website at The changes will take effect immediately upon publication.

We encourage you to review this Policy periodically to stay informed about how we handle your personal data and any updates that may affect your rights and obligations.

Your continued use of our services after posting any modifications to this Policy signifies your acceptance of those changes. If you disagree with any of the revised terms, you should discontinue using our services.

If there are any significant changes to this Policy that materially affect your rights or our data processing practices, we may also provide you with additional notice or seek your consent, where required by applicable laws.

If you have any questions or concerns about changes to this Policy, please contact us using the details provided in the “Contact Us” section of this Privacy Policy. We are dedicated to addressing your inquiries and providing you with any necessary information regarding our privacy practices.

Contact Us

We value your feedback, questions, and concerns. To get in touch with us, you have two options:

Contact Form

Visit our website and navigate to the “Contact Us” section. Fill out the contact form provided, and we will respond to your inquiry as soon as possible.


You can also reach out to us directly via email at [email protected]. Please provide a detailed description of your query or issue so we can assist you effectively.

We strive to provide timely and helpful responses to all customer inquiries. If you have any questions or need assistance, please don’t hesitate to contact us using either of the above contact methods.