This Data Usage Policy (“Policy”) sets out the principles, purposes, and manner in which Giftport Digital Private Limited, a company incorporated under the Companies Act, 2013 and having its registered office in India (“Company”, “Giftport”, “we”, “us” or “our”), uses, processes, manages, and governs data collected from users (“User”, “you” or “your”) through its website www.giftport.in, APIs, platforms, dashboards, and services (collectively, the “Platform”).
This Policy is to be read in conjunction with the Company’s Privacy Policy, Terms & Conditions, and other applicable policies, and is framed in accordance with applicable Indian laws, including data protection, information security, and regulatory requirements.
1. OBJECTIVE AND PURPOSE
The objective of this Policy is to ensure that all data collected by Giftport is used in a lawful, fair, transparent, and secure manner, strictly limited to legitimate business purposes. This Policy defines how data is utilized internally and externally, the safeguards applied to such usage, and the controls established to prevent misuse, unauthorized access, or unlawful processing.
Giftport recognizes the importance of data protection and adopts a principle of purpose limitation, ensuring that data is used only for the purposes for which it is collected or as otherwise permitted under applicable law.
2. APPLICABILITY AND SCOPE
This Policy applies to all forms of data processed by Giftport, including Personal Data, Sensitive Personal Data or Information, business data, transactional data, technical data, and aggregated or anonymized data. It applies to all Users of the Platform, including individuals, corporate entities, partners, API clients, and authorized representatives.
This Policy also applies to employees, contractors, service providers, and third parties who process data on behalf of the Company pursuant to contractual arrangements.
3. LEGAL BASIS FOR DATA USAGE
Giftport uses data based on one or more of the following lawful grounds: consent provided by the User, necessity for performance of a contract, compliance with legal or regulatory obligations, protection against fraud or security threats, or legitimate business interests that are not overridden by the rights of the User.
Where required by law, explicit consent is obtained prior to the usage of Sensitive Personal Data. All data usage is aligned with the principles laid down under the Digital Personal Data Protection Act, 2023.
4. CATEGORIES OF DATA USAGE
Data collected by Giftport is used for the purpose of enabling and managing user accounts, processing orders and transactions, issuing and redeeming digital gift cards and vouchers, operating reward and incentive programs, managing API integrations, maintaining accurate records, and providing customer support services.
Data is also used to comply with statutory obligations, including taxation, accounting, audit, anti-fraud measures, dispute resolution, and regulatory reporting, as may be required under applicable laws or by competent authorities.
Additionally, technical and usage data may be utilized to monitor platform performance, ensure system integrity, enhance security controls, improve service efficiency, and conduct internal analytics in an aggregated or anonymized manner.
5. RESTRICTIONS ON DATA USAGE
Giftport strictly restricts the use of data for any purpose that is unlawful, excessive, misleading, or inconsistent with the purpose for which the data was collected. Data is not used for unsolicited commercial communication, profiling, or targeted advertising unless expressly permitted by law and with appropriate user consent.
Personal Data is not used in a manner that would cause harm, discrimination, or unfair treatment to any User.
6. DATA SHARING AND THIRD-PARTY USAGE
Where data is required to be shared with third parties for operational or regulatory purposes, such sharing is limited to the minimum data necessary and carried out strictly on a need-to-know basis. Third parties may include payment gateways, banking partners, cloud service providers, communication service providers, analytics vendors, and regulatory authorities.
All third parties are required to process data only in accordance with the Company’s instructions, applicable laws, and contractual obligations, including confidentiality, security, and data protection clauses.
Giftport does not permit third parties to use User data for their own independent purposes.
7. DATA ACCESS AND INTERNAL CONTROLS
Access to data within Giftport is governed by strict role-based access controls. Only authorized personnel with a legitimate business requirement are permitted to access data. Such access is monitored, logged, and periodically reviewed to prevent unauthorized usage.
Employees and contractors are bound by confidentiality obligations and are trained on data protection and information security practices.
8. DATA SECURITY AND INTEGRITY
Giftport employs reasonable security practices and procedures, including administrative, technical, and organizational measures, to ensure that data is used in a secure environment and protected against unauthorized access, alteration, disclosure, or destruction.
Data usage is supported by security frameworks aligned with ISO/IEC 27001 standards, encryption protocols, secure authentication mechanisms, and continuous monitoring systems.
9. DATA RETENTION AND DESTRUCTION
Data is used and retained only for as long as necessary to fulfill the purposes outlined in this Policy or to comply with legal, regulatory, or contractual obligations. Upon completion of the applicable retention period, data is securely deleted, anonymized, or archived in accordance with internal data retention policies and applicable laws.
10. USER RIGHTS AND CONTROL OVER DATA USAGE
Users have the right to seek information regarding the usage of their Personal Data, request correction or deletion of data, withdraw consent where applicable, and raise objections or grievances relating to data usage. Such requests shall be addressed in accordance with applicable law and within prescribed timelines.
Requests may be submitted to the Company using the contact details provided in this Policy.
11. CROSS-BORDER DATA USAGE
Where data usage involves transfer or access from locations outside India, such usage shall be undertaken only in compliance with applicable Indian laws and subject to appropriate safeguards to ensure adequate data protection.
12. LIMITATION OF LIABILITY
While the Company endeavors to ensure lawful and secure data usage, it shall not be liable for any loss, damage, or misuse arising from circumstances beyond its reasonable control, including force majeure events, cyber incidents despite reasonable safeguards, or unauthorized acts of third parties.
13. AMENDMENTS TO THIS POLICY
Giftport reserves the right to amend, modify, or update this Policy at any time to reflect changes in legal requirements, regulatory expectations, or business practices. Any such changes shall be effective upon publication on the Platform.
14. GOVERNING LAW AND JURISDICTION
This Policy shall be governed by and construed in accordance with the laws of India. Courts having competent jurisdiction in India shall have exclusive jurisdiction over matters arising from or relating to this Policy.
15. CONTACT AND GRIEVANCE REDRESSAL
For any questions, concerns, or grievances relating to data usage, Users may contact:
