&Open Website Privacy Policy

Website Privacy Policy

Last Updated: 27 May 2024

Data is something we handle with care each day. It isn't something we talk about much, but it is a subject we take very seriously and have strong processes in place to ensure your privacy is protected. We know it is a long document, so we wanted to make the key point super clear: We respect your privacy and handle the data you give us carefully.

You can find information on the cookies that we use in our Cookies Policy.

1. Introduction

1.1. We are committed to safeguarding your privacy.

1.2. This policy aims to give you information on how &Open collects and processes your personal data through your use of this website and associated Enterprise (terms and DPA available on request) and On-Demand gifting services. It also contains information on your privacy rights.

1.3. In this policy, ‘we’, ‘us’ and ‘our’ refer to &Open. &Open is the data controller and responsible for your personal data.You can find more information about us in Section 12.

2. How we use your personal data

2.1 In this section we have set out: the types of personal data that we may process; the reasons why we may process personal data; and the legal basis of the processing.

2.2 We may process data about your use of our website (‘usage data’). This is data such as number of users, session statistics, approximate geolocation and browser and device information. We may use this data to analyse how our website and services are being used. The legal basis for this processing is our Legitimate Interest to help us monitor and improve our website and services. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you and our customers the best service/product and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data on the basis of legitimate interests for activities where our interests are overridden by the privacy impact on you.

2.3 We may process your account data (‘account data’). This is data we get from you, and may include your name, username, password, email address, telephone number and address. Account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our Legitimate Interest to carry out the proper administration of our website and business.

2.4 We may process information relating to transactions, including digital vouchers, that you enter into with us and/or through our website (‘transaction data’). The transaction data may include your contact details and the transaction details. We do not store card payment information on our systems, card payments are processed by Stripe on their secure payment server. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our Legitimate Interest, namely our interest in the proper administration of our website and business.

2.5 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (‘notification data’). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.

2.6 Please do not supply any other person's personal data to us, unless we prompt you to do so.

2.7 Our site is not intended for children and we do not knowingly collect data relating to children (under 16 years of age).

3. Providing your personal data to others

We may provide your personal data to the third parties below for purposes set out in section 2:

  • Our shipping partners in order to facilitate the safe and prompt delivery of your order.
  • IT service providers, such as hosting and analytics tools.
  • Our group companies.
  • Our professional advisors such as accountants, auditors, lawyers, insurers etc.
  • Regulators and other public authorities where required by law.
  • With third party advisors, investors and/or purchases in connection with our negotiations for sale, merger, transfer of company assets, financing or acquisition.

4. International transfers of your personal data

We may transfer personal data outside of your country of residence in order to provide the services. Where we transfer personal data outside the European Economic Area (EEA), we ensure an appropriate degree of protection is afforded to it by implementing safeguards. We use appropriate mechanisms for international data transfers. We rely on decisions from the European Commission where they recognise that certain countries and territories outside of the EEA level of protection for personal information. These decisions are referred to as “adequacy decisions”.In other situations, we rely on standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK, where appropriate) or on derogations provided for under the applicable law to transfer information to a third country.

5. Retaining and deleting personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, regulatory proceedings, to respond to a legal request, to enforce and prevent violations of our terms of service, and protecting our rights and property or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

6. Amendments

6.1 We may update this policy from time to time by publishing a new version on our website and modifying the “Last Updated” date at the top of this Policy.

6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.

6.3 We may provide additional notice to you of changes to this policy as we consider appropriate in the exercise of our discretion

7. Your rights

7.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

  • Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and certain information about the processing.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there are valid grounds for doing so and subject to applicable law.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

If you want us to establish the data’s accuracy.

Where our use of the data is unlawful but you do not want us to erase it.

Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

 You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Right to data portability. You may have the right to receive certain of your information in a structured, commonly used and machine-readable format and to transmit such information to another controller.
  • Object to processing of your personal data where we process your data based on legitimate interest.We will assess your objection and determine whether we have any legitimate grounds/legal justification for continued processing.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Right to complain. EEA individuals have the right to make a complaint to the Irish Data Protection Commission, which is &Open’s lead supervisory authority. You may also direct your complaint or concern to your local data protection authority.

7.2 If you wish to exercise any of the rights above, please contact us at the details in section 12.

9. Third party analytics and advertising

9.1 For details of how we and third parties may use cookies, web beacons and other similar technology, please see our Cookies Policy.

10. Links to or from another website

10.1 Our website and services may contain links to other websites not operated or controlled by us (the ‘Third Party Sites’). All data provided, collected, maintained, stored or otherwise disclosed on these Third Party Sites, if any, is governed by their privacy policies. The links on the Website do not imply that we endorse or have reviewed the Third Party Sites, or their privacy policies, if any. We strongly encourage you to contact those sites directly for information on their privacy policies.

If you have accessed the Website through a link from certain of our advertising or marketing partners, the Website may include a frame of the applicable partner. Nevertheless, the information you provide to us through these framed web pages is collected by us, and our use of such information is governed by this Policy.

10.2 Cookies. For details on how to opt out of cookies, please see our Cookies Policy.

11. Additional options to opt-out

11.1 In addition to the option to opt-out of cookies as described in our Cookies Policy (http://www.andopen.co/cookies), you have controls and choices with respect to collection and use of your information by third parties. These are summarised for you below. We do not control or maintain opt-out mechanisms for third party companies and are not responsible for their operation.

11.2 Advertising opt-out. You can opt-out of sharing your information with third party companies engaged in targeted advertising including social networking sites such as Google, Twitter and Instagram using the following tools:

11.3 Google opt-out. If you are on the web, you can opt-out of Google Analytics by installing Google's opt-out browser add on: Google Analytics opt-out

Opt-out of interest-based Google ads using: Google ad personalisation

11.3 Twitter. To understand more about Twitter's Personalised Ads and marketing and exercise your privacy options, please visit: Privacy control for tailored ads (https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads)

You can learn more about Twitter's privacy practices and policies by visiting their Privacy Policy page at: Twitter privacy policy

11.4 Instagram advertising. To learn more about Instagram Ads and exercising your privacy options, visit: Ads on Instagram

12. Our details

12.1 Our website is owned and operated by And Open Gifts Ltd t/a &Open.

12.2 We are registered in Ireland under registration number 599378, and our registered office is at 13-15 St Clare’s Avenue, Harold’s Cross, Dublin 6W, D6W HH74.

12.3 You can contact us:

  • by post, to the above address
  • by telephone on +353 1 6638080
  • by email at dataprotection@andopen.co

Supplemental US Privacy notice

1. California Do Not Track Notice:

Because there are not yet common, industry accepted “do not track” standards and systems, our website does not respond to Do Not Track signals. In addition, we may allow additional third parties to collect personal information from your activity on our website, as described in the main Privacy Policy above.

2. California Shine the Light

The California Shine the Light law permits customers in California to request certain details about how their personal information is “shared” with third parties as defined in the Shine the Light law, and in some cases affiliates, if personal information is shared for those third parties’ or affiliates’ own direct marketing purposes. Californians may request information about our personal information sharing by contacting us at the email address indicated below. Please include “California Shine the Light Request” in the subject line and in the body of your message.

3. Contact for more information

For information and questions about the use of your Personal Information or your rights under US law, you may contact our Data Protection team at dataprotection@andopen.co

G2 Users Love Us
B Corp

Product