This Privacy Policy (“Policy”) is issued by Giftport Digital Private Limited, a company incorporated under the Companies Act, 2013 and having its registered office in India (“Company”, “Giftport”, “we”, “us” or “our”). This Policy governs the collection, storage, use, processing, disclosure, transfer, and protection of Personal Data of users (“User”, “you” or “your”) who access or use the website www.giftport.in, application interfaces, APIs, dashboards, or any services provided by Giftport (collectively, the “Platform”).
This Policy is framed and published in compliance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023, and other applicable laws, regulations, guidelines, and directions issued by statutory and regulatory authorities in India, including those applicable to payment intermediaries and digital platforms.
By accessing, browsing, registering, or using the Platform in any manner, the User acknowledges that they have read, understood, and agreed to be bound by this Policy.
1. NATURE OF BUSINESS AND ROLE OF THE COMPANY
Giftport operates as a technology-enabled digital rewards and gift card solutions provider, facilitating the issuance, distribution, and redemption of digital gift cards, vouchers, and reward instruments for business and individual users. The Company does not operate as a bank, non-banking financial company, prepaid payment instrument issuer, or payment system provider under the Reserve Bank of India Act, 1934 or the Payment and Settlement Systems Act, 2007.
All payment-related transactions are processed through third-party payment gateways and banking partners that are authorized by the Reserve Bank of India and compliant with applicable security and regulatory standards. Giftport does not store, process, or retain complete payment card details or banking credentials of Users.
2. APPLICABILITY AND SCOPE
This Policy applies to all Users of the Platform, including but not limited to individual customers, corporate clients, channel partners, dealers, employees participating in reward programs, API integrators, and authorized representatives acting on behalf of business entities. The Policy applies only to information collected by Giftport through the Platform and does not extend to third-party websites, applications, or services linked from the Platform.
3. COLLECTION OF PERSONAL DATA
Giftport may collect Personal Data that is necessary for the lawful operation of its business and the provision of its Services. Such data may include identification details such as name, email address, mobile number, business or organization details, billing and invoicing information, communication records, and such other information as may be required to onboard Users, fulfill transactions, provide customer support, or comply with legal obligations.
In certain cases, the Company may collect information that qualifies as Sensitive Personal Data or Information under applicable law, strictly to the extent required and only for lawful purposes. Financial information collected by the Company is limited to transaction references, payment confirmations, and reconciliation details. The Company does not store card numbers, CVV, PINs, net banking credentials, or UPI authentication data.
The Company may also collect technical and usage-related information, including IP addresses, device identifiers, browser information, log data, and cookie-related data, for the purpose of maintaining platform security, preventing fraud, and improving service performance.
4. PURPOSE AND LAWFUL BASIS OF PROCESSING
The Personal Data collected by Giftport is processed solely for legitimate and lawful purposes. Such purposes include enabling user registration and account management, processing orders for gift cards or vouchers, executing reward and incentive programs, managing API integrations, providing customer support, detecting and preventing fraudulent or unauthorized activities, complying with legal, regulatory, taxation, and audit requirements, and maintaining internal records.
Processing of Personal Data is undertaken based on the User’s consent, performance of contractual obligations, compliance with legal requirements, or for legitimate business interests of the Company, as permitted under applicable law.
5. CONSENT AND USER ACKNOWLEDGEMENT
By voluntarily providing Personal Data and by accessing or using the Platform, the User provides their free, informed, specific, and unambiguous consent to the collection and processing of such data in accordance with this Policy. Where required by law, explicit consent shall be obtained for the processing of Sensitive Personal Data.
The User acknowledges that withdrawal of consent may affect the Company’s ability to provide Services and may be subject to statutory or contractual obligations requiring retention of data.
6. DISCLOSURE AND SHARING OF INFORMATION
Giftport does not sell, lease, or commercially exploit Personal Data of Users. Personal Data may be disclosed strictly on a need-to-know basis to third parties who are engaged by the Company for the purpose of providing services such as payment processing, cloud hosting, data storage, communication services, analytics, or customer support.
Such disclosures are made pursuant to binding contractual obligations requiring such third parties to maintain confidentiality, implement reasonable security practices, and use the data solely for the purpose for which it is shared.
Personal Data may also be disclosed to government authorities, regulators, law enforcement agencies, or courts where such disclosure is required under applicable law or pursuant to a lawful order.
7. DATA STORAGE, SECURITY, AND RETENTION
Giftport implements reasonable security practices and procedures, including administrative, technical, and physical safeguards, to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. The Company follows information security controls aligned with ISO/IEC 27001 standards and industry-recognized best practices.
Personal Data is retained only for such period as is necessary to fulfill the purposes for which it was collected or as required under applicable laws, regulations, or contractual obligations. Upon expiry of the applicable retention period, the data is securely deleted or anonymized.
8. USER RIGHTS UNDER APPLICABLE LAW
Subject to applicable law, Users have the right to access their Personal Data, request correction or updating of inaccurate information, request erasure of data, withdraw consent, and raise grievances regarding data processing practices. Such requests may be submitted in writing to the contact details provided in this Policy and shall be addressed within the timelines prescribed under law.
9. COOKIES AND TRACKING TECHNOLOGIES
The Platform uses cookies and similar technologies to ensure proper functioning, enhance user experience, analyze traffic, and improve service delivery. Users may control or disable cookies through their browser settings, subject to potential limitations in platform functionality.
10. CROSS-BORDER DATA TRANSFER
Where it becomes necessary to transfer Personal Data outside India, such transfer shall be carried out in compliance with applicable data protection laws and subject to appropriate safeguards to ensure an adequate level of protection.
11. LIMITATION OF LIABILITY
While the Company endeavors to protect Personal Data using reasonable security measures, it shall not be held liable for any loss or damage arising from causes beyond its reasonable control, including but not limited to force majeure events, cyber incidents despite reasonable safeguards, or acts or omissions of third-party service providers.
12. AMENDMENTS TO THE POLICY
The Company reserves the right to amend or update this Policy at any time to reflect changes in legal, regulatory, or business requirements. Any such changes shall be effective upon publication on the Platform.
13. GOVERNING LAW AND JURISDICTION
This Policy shall be governed by and construed in accordance with the laws of India. Courts having competent jurisdiction in India shall have exclusive jurisdiction over any disputes arising under or in connection with this Policy.
14. GRIEVANCE REDRESSAL
In accordance with applicable law, the Company has appointed a Grievance Officer for addressing User complaints relating to Personal Data.
