Welcome

Data is something we handle with care each day. It isn't something we talk about much, but it is a subject we take very seriously and have strong process in place to ensure your privacy is protected.

  • We know it is a long document, so we wanted to make the key points super clear:
  • We respect your privacy, and handle the data you give us carefully.
  • We’ll only share some of that information with our shipping partners, to make sure your order arrives promptly and safely.
  • We’ll delete the personal details of your transaction one year later.
  • If you want to contact our Data Protection Officer, the quickest way is by email.

1. Introduction

1.1. We are committed to safeguarding your privacy.

1.2. This policy applies where we are handling your personal data; in other words, where we determine how that personal data is processed.

1.3. In this policy, ‘we’, ‘us’ and ‘our’ refer to &Open. You can find more information about us in Section 12.

2. How we use your personal data

2.1 In this section we have set out:

(a) the types of personal data that we may process;
(b) the reasons why we may process personal data; and
(c) the legal basis of the processing.

2.2 We may process data about your use of our website (‘usage data’). We get this usage data from Google Analytics. We may use this data to analyse how our website and services are being used. The legal basis for this is to help us monitor and improve our website and services.

2.3 We may process your account data (‘account data’). This is data we get from you, and may include your name, email address, telephone number and address. Account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is to aid in the proper administration of our website and business.

2.4 We may process information relating to transactions, including digital vouchers, that you enter into with us and/or through our website (‘transaction data’). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.

2.5 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (‘notification data’). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.

2.6 Please do not supply any other person's personal data to us, unless we prompt you to do so.

3. Providing your personal data to others

3.1 We may share your name, address and phone number with our shipping partners (and only with our shipping partners) in order to facilitate the safe and prompt delivery of your order.

4. International transfers of your personal data

4.1 In this section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

4.2 We may disclose your name and address to our shipping partners insofar as reasonably necessary to facilitate the fulfillment of an order that is being shipped to a location outside the EEA.

Retaining and deleting personal data

5.1 This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

5.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

5.3 We will retain your personal data as follows:

(a) personal data will be retained for a maximum period of 1 years following your last order, before being deleted.

5.4 In some cases we may hold your personal data even if you have not placed an order. In such cases, we will hold your data as outlined in 5.3a.

6. Amendments

6.1 We may update this policy from time to time by publishing a new version on our website.

6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.

6.3 We may notify you of changes to this policy by email.

7. Your rights

7.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:

(a) the supply of appropriate evidence of your identity for this purpose, we will usually accept a photocopy of your passport certified by a solicitor plus a copy of a utility bill showing your current address.

7.3 You may instruct us at any time not to process your personal information for marketing purposes. We will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

8. About cookies

8.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

8.2 Cookies may be either ‘persistent’ cookies or ‘session’ cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

8.3 If you do not wish to have cookies on your system, you can set your browser preferences to disable them.

9. Third-party analytics and advertising disclaimer

9.1 We and/or third-parties including advertising companies, social networking sites, and service providers on our behalf, use cookies, web beacons and other similar technology, to collect information for the purposes described in this Policy advertising, analytics, online behavioural marketing, monitoring performance and improvement of our online services (traffic, errors, page load time, popular pages, etc.). To opt-out of each analytics service and advertising/ remarketing service, you can make a Request to Opt-out in the following ways:

9.2 This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.

11. Digital gifting

If you are availing of our digital gifting cash transfer services - we partner with Hyperwallet in order to facilitate these transfers. Hyperwallet are a subsidiary of Paypal.

  • To learn more about Hyperwallet, their Terms of Service can be found here.
  • Alternatively, Hyperwallet’s Privacy Policy can be found here.

12. Additional options to opt-out

12.1 In addition to the above options to opt-out of the use of your information as described above, you have controls and choices with respect to collection and use of your information by third parties. These are summarised for you below. We do not control or maintain opt-out mechanisms for third party companies and are not responsible for their operation.

12.2 Advertising opt-out
You can opt-out of sharing your information with third-party companies engaged in targeted advertising including social networking sites such as Google, Twitter and Instagram using the following tools:

12.3 Google opt-out
If you are on the web, you can opt-out of Google Analytics by installing Google's opt-out browser add on: Google Analytics opt-out

Opt-out of interest-based Google ads using: Google ad personalisation

12.3 Twitter
To understand more about Twitter's Personalised Ads and marketing and exercise your privacy options, please visit: Privacy control for tailored ads

You can learn more about Twitter's privacy practices and policies by visiting their Privacy Policy page at: Twitter privacy policy

12.4 Instagram advertising
To learn more about Instagram Ads and exercising your privacy options, visit: Ads on Instagram

13. Our details

13.1 Our website is owned and operated by And Open Gifts Ltd t/a &Open.

13.2 We are registered in Ireland under registration number 599378, and our registered office is at 13-15 St Clare’s Avenue, Harold’s Cross, Dublin 6W, D6W HH74.

13.3 You can contact us:

(a) by post, to the above address
(b) by telephone on +353 1 6638080
(c) by email at dataprotection@andopen.co

14. Data protection officer

14.1 You can contact our data protection officer using any of the details listed in Section 12.

Privacy policy notice for California residents

This California Privacy Notice ("Notice") supplements the information contained in our Privacy Policy and applies only to residents of California. &Open Gifts LIMITED (referred to here as “we,” “our,” or “&Open") is committed to protecting your privacy. This Notice applies to our offline and online data collection practices, including when you visit or use our website andopen.co and any other website owned or operated by us (the "Website"), participate in our online community, enquire about our products and services, subscribe to our mailing lists, participate on our gifting platform, engage with us on social media websites or otherwise interact with us in any manner (collectively, our "services").

California state law confers certain rights relating to personal information to its residents.

Right to know about personal information collected, disclosed or sold

You have the right to request that we disclose to you the following information about personal information we collect from you:

  • categories of personal information collected;
  • categories of sources of personal information collected;
  • the business or commercial purpose for collecting personal information;
  • the categories of third parties with whom we share personal information; and
  • the specific pieces of personal information we have collected about you over the past 12 months.

You also have a right to request that we disclose if we have sold or disclosed your personal information for a business purpose over the past 12 months and, if so, the categories of personal information sold or disclosed and the categories of third parties to whom personal information was sold or disclosed, along with the business or commercial purpose for which the personal information was sold or disclosed a ("Request to Know").

Request to know
To make a Request to Know, please submit a verifiable consumer request pursuant to the instructions below. You may only make a verifiable consumer Request to Know twice within a 12-month period. We will acknowledge your Request to Know within 10 business days and will attempt to respond substantively within 45-90 days.

The Request to Know must provide sufficient information to allow us to verify that you are the person about whom the personal information was collected, sold or disclosed and must contain sufficient detail to allow us to properly understand, evaluate and respond to your request. If we cannot verify your identity, we will not be able to respond to your request.

You can make a Request to Know what personal information we have about you in the following ways:

Once we receive your Request to Know, we will begin the process to verify that you are the person that is the subject of the request (the "Verification Process"). The Verification Process consists of matching identifying information provided by you with the information we have about you in our records. You should be prepared to provide us with information that will help us to verify your identity.

Information collected
Within the past 12 months, we have collected the following categories of personal information about California consumers as described in the chart in Annex 1.

Information disclosed
We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding 12 months:

  • Personal Identifiers
  • Commercial Information
  • Internet Activity

For details regarding the categories of third parties with whom we have disclosed this information, please see Annex.

Right to request deletion of personal information

Requests to delete
You have the right to request the deletion of your personal information collected or maintained by us ("Request to Delete"), subject to certain exceptions permitted by law.

To make a Request to Delete, please submit a verifiable consumer request pursuant to the instructions below. We will acknowledge your Request to Delete within 10 business days and will attempt to respond substantively within 45-90 days.

The verifiable consumer Request to Delete must provide sufficient information to allow us to verify that you are the person about whom the personal information was collected, sold or disclosed and must contain sufficient detail to allow us to properly understand, evaluate and respond to your request. If we cannot verify your identity, we will notify you if this is the case.

You can make a Request to Delete in the following ways:


Once we receive your request to delete, we will need to verify that you are the person that is the subject of the request (the "Verification Process"). The Verification Process consists of matching identifying information provided by you with the information we have about you in our records when making your request, you should be prepared to provide us with information that will help us to identify you.

Depending on the sensitivity of the personal information you are requesting to delete, we may need to match identifying information from your request with information from our records. If your request to delete involves deleting very sensitive information, we may also need a signed declaration stating that you are the consumer whose personal information is the subject of the request.

We will retain correspondence, documents and information related to any Request to Know, Request to Delete, or Request to Opt-Out for 24 months as required by law.

Third-party analytics and advertising disclaimer

We and/or third-parties including advertising companies, social networking sites, and service providers on our behalf, use cookies, web beacons and other similar technology, to collect information for the purposes described in this Policy advertising, analytics, online behavioural marketing, monitoring performance and improvement of our online services (traffic, errors, page load time, popular pages, etc.). To opt-out of each analytics service and advertising/ remarketing service, you can make a Request to Opt-out in the following ways:

This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.

Links to or from another website

Our Website and services may contain links to other websites not operated or controlled by us (the "Third Party Sites"). All data provided, collected, maintained, stored or otherwise disclosed on these Third Party Sites, if any, is governed by their privacy policies. The links on the Website do not imply that we endorse or have reviewed the Third Party Sites, or their privacy policies, if any. We strongly encourage you to contact those sites directly for information on their privacy policies.

If you have accessed the Website through a link from certain of our advertising or marketing partners, the Website may include a frame of the applicable partner. Nevertheless, the information you provide to us through these framed web pages is collected by us, and our use of such information is governed by this Policy.

Cookies
As explained in our "Cookies and other technology" section, you can opt-out of cookies using your browser.

Please note:

  • Opt-outs are device and browser based. You must opt-out on each device and each browser where you want your choice to apply.
  • Opt-outs may be stored via cookies. If you clear cookies, your opt-out may no longer be valid and you must opt-out again where you want your choices to apply.
  • We may still share your information with our service providers that help us perform functions that are necessary for our business such as vendors that host our website and analytics processors. These entities are contractually obligated to keep this information confidential and not use it for any purpose other than for the services they provide to our business.
  • You may still receive ads from us that are not tailored to your interests.

Additional options to opt-out

In addition to the above options to opt-out of the use of your information as described above, you have controls and choices with respect to collection and use of your information by third parties. These are summarised for you below. We do not control or maintain opt-out mechanisms for third party companies and are not responsible for their operation.

Advertising opt-out
You can opt-out of sharing your information with third-party companies engaged in targeted advertising including social networking sites such as Google, Twitter and Instagram using the following tools:

Google opt-out
If you are on the web, you can opt-out of Google Analytics by installing Google's opt-out browser add on: Google Analytics opt-out

Opt-out of interest-based Google ads using: Google ad personalisation

Twitter
To understand more about Twitter's Personalised Ads and marketing and exercise your privacy options, please visit: Privacy control for tailored ads

You can learn more about Twitter's privacy practices and policies by visiting their Privacy Policy page at: Twitter privacy policy

Instagram advertising
To learn more about Instagram Ads and exercising your privacy options, visit: Ads on Instagram

Right to non-discrimination for exercising consumer privacy rights

You may designate an authorised agent to make a request on your behalf under the California Consumer Privacy Act.

Authorised agents may make requests under the California Consumer Privacy Act on behalf of consumers by emailing dataprotection@andopen.co. We will require authorised agents to provide proof of the consumer’s consent to and designation of the authorised agent for the purpose of making the request, and will require authorised agents to provide information necessary to verify the identity of the consumer who is the subject of the request. We may also require that a consumer verify his or her own identity directly with us before we respond to an authorised agent’s request.

Caloppa compliance statement

California Do Not Track Notice: Because there are not yet common, industry accepted “do not track” standards and systems, our website does not respond to Do Not Track signals. In addition, we may allow additional third parties to collect personal information from your activity on our website, as described in the “Information Collection and Use” section above.

Contact for more information

For information and questions about the use of your Personal Information or this California Consumer Privacy Act Notice or your rights under California law, you may contact our Data Protection Officer at dataprotection@andopen.co

Annex 1

NOTICE OF COLLECTION, USE AND DISCLOSURE

We collect personal information from you in various ways and for various purposes as explained below.

Sources of Information Category and Types of Information we collect How we use it Third parties with whom we may share this information
You when you visit or access or use our Website and services, participate on our gifting platform, post content on our Website or submit a form on our Website, otherwise volunteer your information to us, enter a promotion or competition conducted by us including engaging with us on social media sites such as Instagram, Twitter, or communicate with us via phone (including text) or email. Personal Identifiers - name, title, company where you work, mailing address, telephone number, email address, images, location. Commercial Information - such as products purchased, obtained, considered, reviewed or other purchasing or consuming habits. To process your gift, provide you with the products requested, and contact you about your gift; to respond to your requests, follow up with you after you have communicated with us or submitted information to us; provide customer service and support; To improve our business, services, and social media; To provide you with a customised user experience; To send promotional communications or marketing offers (unless you have requested that we not send such communications); For marketing, research, legal, and other business purposes; To comply with our policies, procedures, and legal obligations, including complying with law enforcement or governmental authority requests, investigating fraudulent activity, resolving disputes, and enforcing our legal agreements and policies. Consultants, service providers, and contractors that we use to support our business and operations (e.g. vendors hosting or operating our Website, entities that provide shipping, tracking and delivery services, companies that help with communication services such as email campaigns; vendors that provide analytics services, and fraud detection service providers) who have agreed to keep the information confidential and use it only to provide the applicable services; Third party companies we work with who help us gather information from you, communicate with you and provide services to you, entities that assist with data analytics such as Instagram/Twitter, entities that assist with analysing our Website metrics, advertising, and online behavioural re-marketing including social networking sites like Instagram, and Twitter; Third parties (including, without limitation, governmental agencies) if required to do so by law, regulation or court order; to respond to governmental and/or law enforcement requests; An acquirer or successor-in-interest in the event of a reorganisation, merger, sale, change of control, consolidation, joint venture, assignment, transfer or other disposition of all or any part of &Open or its affiliates including any negotiation thereof.
Your computer or mobile device, your online activities and interactions with us on our Website, services, your activity on our social media channels or through our third-party sources. Internet/Network Activity - IP address, your device information, domain name, browsers you used to access our Website and services, webpages viewed, time spent on webpages, links clicks, transactions entered into and site-navigation patterns. Analyse and track usage of our services including our Website and social media accounts; Determine the popularity of our products and services; Better understand how you use our Website and services; Develop new products and service offerings; Enhance, modify, or improve our Website, services, and products; Provide you with a customised guest experience and present offers tailored to your personal preferences; To send promotional communications or offers including invitations to events, taking surveys, and participating in promotions (unless you have requested that we not send such communications); For other marketing, research, legal, and other business purposes; for analytics and profiling technology to customise your experience, statistical purposes, deliver content (including advertising) tailored to your interests and how you use our online services, to market to you through targeted advertising; To comply with our policies, procedures, and legal obligations, including complying with law enforcement or governmental authority requests, investigating fraudulent activity, resolving disputes, and enforcing our legal agreements and policies. Consultants, service providers, and contractors that we use to support our business and operations; Third party companies we work with who help us gather information from you, communicate with you, entities that assist with data analytics such as Google and Instagram, entities that assist with analysing our Website metrics, advertising, and online behavioural remarketing including social networking sites like Instagram, and Twitter; Third parties (including, without limitation, governmental agencies) if required to do so by law, regulation or court order; to respond to governmental and/or law enforcement requests; An acquirer or successor-in-interest in the event of a reorganisation, merger, sale, change of control, consolidation, joint venture, assignment, transfer or other disposition of all or any part of &Open or its affiliates including any negotiation thereof.