This Privacy Policy provides information on how Innovation Technology Incubator GMBH (hereinafter “Giftmio” or “we/us/our”) treats your personal and non-personal data if you visit our website or cashback service.

The data controller, per the definition under GDPR, is Innovation Technology Incubator GmbH.

If you have any questions about our data protection measures, the processing of your data, or the protection of your rights as a data subject, you can contact our Data Protection Officer and us at data-support@giftmio.com

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Technical data” means any information that cannot be related to your identity, e.g., information on browser types, operating systems, domain names, access dates and times, referring website addresses, online transactions, and browsing and search activity.

“Processing” means any operation or set of operations performed on data such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of said data.

The scope of how we collect and process your personal and non-personal data or other information depends on the way you interact with us or our technologies and services:

• As a visitor of Giftmio websites
• As a user of Giftmio cashback services
• As a Giftmio publisher or an advertiser

With this Privacy Policy, we want to inform you of which information we receive and use at every stage.

We use personal data only to administer and provide our technologies and services. We store personal and any other kind of data strictly in compliance with applicable data protection and privacy legislation and our contractual duties and will prevent unauthorized access to data to the best of our abilities.

If you visit our website, we log the following data to facilitate the use of our website and to ensure its security and the stability of our web servers:

• The IP address of the requesting device
• The date and time of your visit
• The data specifications of your browser and operating system
• The website you were referred from to our website (a so-called Referrer URL).

This information is stored in a log file until it is automatically deleted.

We use cookies to improve and optimize the usability of our website. Cookies do not cause damage to your device or contain viruses, trojans, or other malicious software. The cookie stores data linked to the respective device used. This does not mean, however, that we store personal data about you or are aware of your identity.

Our website can be visited and surfed without cookies. Most browsers automatically accept cookies. You can alter the security settings of your web browser in order to stop your device from receiving and storing cookies, to allow cookies to be received and stored from only selected websites, or to be notified before receiving cookies. Please note, however, that these settings may have negative effects on website usability, user guidance features, and other online services. You can delete cookies stored in your browser at any time. Data stored in such cookies will be removed from your device.

We participate in markets via social media networks and have implemented certain social media plugins and links to social networks on our websites.

These social networks are operated exclusively by third parties. If you follow the links, data may be transferred to these providers. All social media plugins are used so that you can interact with us using social network features. When you enter a page on our website that contains a social network plugin, your browser or app will establish a direct connection to the social network's servers.

This processing of (personal) data is necessary for our legitimate interests (i.e., marketing by increasing the range of our website/services), Art. 6(1)(f) of GDPR.

We use Google Analytics and Microsoft Clarity as tools on our website for the purposes of the adequate design and continuous optimization of our website, as well as reporting on website usage.

For the purpose of receiving feedback or any questions you may have, we may collect data about you that may include:

• Email address
• Name
• Include any additional data that you might have in an email or comment. You provide this data to us by using the "Contact us" form or by the email you send.

In short, we process your information to provide, improve, and administer our site, communicate with you for security and fraud prevention, and comply with the law. We may also process your information for other purposes with your consent.

To obtain access to cashback services, you must register on our website.
After that, in addition to the data described in the policy for visitors, we collect and process:

Personal data you provide in the registration form:

• Full name, email address, user ID, country, language, mobile phone number

Personal data you provide in the registration form:

• The website where purchases were made, amount, user IP address, user agent, user referrer, country code, and user ID.

We may share this data with our partner in order to confirm the purchase and calculate the cashback that is due to you.

Financial information for receiving payments:

• Bank data or e-wallet data (card number, name, or account ID required for payment)

We may transfer this data to payment services to charge you a reward. The processing of personal data is necessary for the performance of a contract, Art. 6(1)(b) of GDPR.

We do not collect or use any personal data other than the data that you voluntarily provide.

Process

In short, we process your information to provide, improve, and administer our service, provide useful features to simplify your experience when you use or service, deliver relevant content and advertising based on your preferences in our mobile application, provide you with rewards, communicate with you, for security and fraud prevention, and comply with the law.

If you're a publisher or advertiser, registering and participating in Giftmio, to obtain access to our technologies and services, you must register in our network. After that, in addition to the data described in the policy for visitors, we collect and process:

• Personal data you provide in the registration form: your name, country, email address, username, etc. The username will be available to other Internet users when working with certain programs.
• Data you provide during your participation with us, e.g., your phone number, postal address, and/or tax number.

The processing of personal data is necessary for the performance of a contract, Art. 6(1)(b) of GDPR.

We do not collect or use any personal data other than the data that you voluntarily provide.

Cookies

In addition to the cookies specified in the section for visitors, we use strictly necessary cookies on publishers' and advertisers' account pages for the website to function properly.

Analytics tools

We use Google Analytics on our website for the purposes of the adequate design and continuous optimization of our website, as well as reporting on website usage.

Information on first-party and third-party cookies

As a publisher or advertiser, you must inform users of your website about first-party and third-party cookies, including those placed by us, i.e., the names and purposes of the cookies, as well as how users may prevent cookies from being placed on their device. Users must consent to the use of both first-party and third-party cookies on your website before a cookie is placed.

Integration with Google Ads

This is a tool for Publishers who buy traffic from the Google Ads contextual advertising service and drive it to our advertisers' websites directly or through the landing page. For information on the volume of data processed and the reasons for which it is processed, as well as on your rights and setup options, please see Google's Privacy Policy at https://policies.google.com/privacy?hl=en. When you use integration with Google Ads, your personal data is processed as described in this section. This integration type allows us to access data from your Google Ads advertising campaigns. Below, you can find information about the legal bases and purposes for the processing of your personal data and, if applicable, the legitimate interests involved and the necessity of doing so.

When you use the integration with Google Ads, we collect your personal data, including your Google account ID and Click ID (GCLID). This allows you to configure the sending of actions from Giftmio to the corresponding advertising campaigns in the Google Ads advertising account. If you choose not to provide personal data, the "Integration with Google Ads" tool will not be able to function. There will be no other consequences for you.

Payment processing software

We use payment processing software for billing purposes.

Payment processing software may store your bank account and/or credit card details (referred to as "Payment Information"). We connect with those third parties to bill you for payments associated with using the Service. We do not store or process payment information, such as your credit or debit card number or your bank account number.

With the following information, we will inform you of the contents of our newsletter, the procedure for the registration and dissemination of newsletters, and the evaluation of statistics thereof, as well as your right to object to the procedure. By subscribing to our newsletter, you agree to the receipt of the newsletter and the procedures described.
We send out newsletters, emails, and other electronic notifications with promotional information (hereinafter "Newsletter") subject to the recipient's consent or legal permission.

Registering for our newsletter is handled through a so-called double opt-in procedure, which means you'll receive an email asking you to confirm your registration once again. Registrations for the newsletter are recorded to prove adherence to the precise registration process according to legal requirements. This includes storing the time of logon and confirmation. Furthermore, changes to the data stored by Mindbox, a third-party service, are also recorded.

Newsletters can be sent by Giftmio or Mindbox.

Mindbox is a newsletter platform of the Dutch company Mindbox.Cloud B.V. (a Dutch private limited company) located at Strawinskylaan 613, 1077XX Amsterdam, The Netherlands.
The email addresses of our newsletter recipients and further data described in the context of this information are stored on Giftmio and Mindbox's respective servers. Mindbox uses this information to send out and evaluate the newsletters on our behalf. In addition, Mindbox can use this data to optimize or improve its services, e.g., for the technical optimization of the dissemination and the presentation of the newsletter or for economic purposes to determine from which countries the recipients come. However, Mindbox doesn't use the data of our newsletter recipients to contact them independently or transfer data to third parties except in cases prescribed by Mindbox's Privacy Policy (https://mindbox.cloud/documents/privacy-policy/).

To register for the newsletter, we only need your email address. Any other voluntarily provided information about you is only used to personalize the newsletter. You can change the personal data you share with us at any time.

There are cases when we direct newsletter recipients to Mindbox’s websites. For instance, our newsletters contain a link with which newsletter recipients can access newsletters online (if there are any problems displaying the newsletter in the email program).

You may terminate the receipt of our newsletter at any time, which means you revoke your consent to receive it. By doing so, your consent to the dissemination of the newsletter via Mindbox and statistical analysis thereof expires at the same time. Unfortunately, it's impossible to cancel the dissemination of the newsletter via Mindbox or the statistical evaluation thereof through other means. You may withdraw your consent to receive our newsletter at any time by changing the notification settings in your account. In addition, you can find a link to unsubscribe at the bottom of each of our newsletters.

The processing of your personal data relies on the following legal basis:

• Your consent, if you have given us such consent (Art. 6 (1) (a) of GDPR)
• The initiation or execution of a contract with you (Art. 6 (1) (b) of GDPR)
• The fulfillment of legal obligations (Art. 6 (1) (c) of GDPR)
• The implementation of our legitimate interests (Art. 6 (1) (f) of GDPR).

Giftmio takes all technical and organizational security measures to protect your personal data from loss, unauthorized disclosure, or other misuse. Data is stored in a safe environment that isn't open to public access. Your personal data may be encrypted before transmission in some instances (e.g., processing your login data). This means that communication between your device and our servers will include recognized encryption measures if your browser supports doing so.

Our staff has been trained in privacy matters and responsibly handling personal data and information to which they gain access.

Please be aware that should you contact us via email, the confidentiality of the information therein may not be ensured. Third persons may have access to the contents of emails.

For Giftmio to execute its business processes conveniently and optimally, it may be necessary for specific data to be processed by trusted third parties and reliable partners.

These third parties may:

• Process payments
• Fulfill orders
• Send emails
• Manage communications (e.g., newsletters, security notifications, chat, etc.)
• Host websites

Conduct other related activities on behalf of Giftmio. However, Giftmio only shares data needed to serve the specific purpose for which the third parties are engaged. Giftmio ensures that these third parties are under similar obligations to maintain privacy and confidentiality as Giftmio's employees and will handle your information in the way and to the extent Giftmio is permitted to. Giftmio doesn't allow any third party to use your information for any purposes for which the data wasn't collected.

Giftmio will only disclose your personally identifiable information (PII) outside your country if it's necessary for processing. However, as a member of the worldwide group of companies, each local entity may maintain or perform data processing operations in countries outside the European Economic Area (EEA) or in countries without an adequate level of data protection if doing so is required for the fulfillment of our obligations or the underlying contract with you. Furthermore, our subcontractors, which we engage in acting on its behalf concerning the processing of your PII, may be domiciled in such areas.

To secure the transfer and processing of PII under Chapter 5 of GDPR, we've implemented and requested the required technical and organizational measures and have entered into the appropriate contractual frameworks with our group of companies and subcontractors, which ensure that the data recipient has implemented an adequate level of data privacy in its organization as required by GDPR. This includes signing Data Processing Agreements and European Union standard contractual clauses issued by the EU Commission. These precautions are appropriate safeguards stipulated by Article 46 GDPR and local data protection laws in effect, ensuring that your information will be treated securely, confidentially, and under the applicable data protection laws.

If we are acquired by or merge with a third party, we reserve the right, in either of these circumstances, to transfer or assign the information we have collected from you as part of such a merger, acquisition, sale, or other change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your information is treated, transferred, or used.

Data is transferred to countries outside the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data by employing contractual agreements or other suitable guarantees, such as certifications or proven compliance with international security standards.

We'll retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law.

You have the following rights concerning our processing of your personal data:

• The right to access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object (on grounds related to your particular situation) if your personal data is processed based on our legitimate interest
• The right to withdraw your consent at any time in the event of any consent-based processing of your personal data without affecting the lawfulness of processing said data based on consent before your withdrawal
• The right to lodge a complaint with a supervisory authority.

You may exercise your legal rights by contacting us via email at data-support@giftmio.com
If you're registered as a publisher or an advertiser on our website, you may access your account and correct or delete some of your data.

While observing applicable privacy legislation, we'll erase your data without any action required by you if your data retention is no longer necessary for the purpose pursued or retention is no longer allowed for any legal reason. We may restrict processing instead of erasing your data where it's legally not allowed to be erased (e.g., legal obligations to maintain your personal data).

We may modify this Privacy Policy and our data security provisions at any time, particularly if new laws and/or regulations need to be adopted or if we regard amendments as reasonable.

For any questions or requests about your personal data's security, contact us at data-support@giftmio.com