Last Updated: 27 May 2024
Data is something we handle with care each day. It isn't something we talk about much, but it is a subject we take very seriously and have strong processes in place to ensure your privacy is protected. We know it is a long document, so we wanted to make the key point super clear: We respect your privacy and handle the data you give us carefully.
You can find information on the cookies that we use in our Cookies Policy.
1.1. We are committed to safeguarding your privacy.
1.2. This policy aims to give you information on how &Open collects and processes your personal data through your use of this website and associated Enterprise (terms and DPA available on request) and On-Demand gifting services. It also contains information on your privacy rights.
1.3. In this policy, ‘we’, ‘us’ and ‘our’ refer to &Open. &Open is the data controller and responsible for your personal data.You can find more information about us in Section 12.
2.1 In this section we have set out: the types of personal data that we may process; the reasons why we may process personal data; and the legal basis of the processing.
2.2 We may process data about your use of our website (‘usage data’). This is data such as number of users, session statistics, approximate geolocation and browser and device information. We may use this data to analyse how our website and services are being used. The legal basis for this processing is our Legitimate Interest to help us monitor and improve our website and services. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you and our customers the best service/product and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data on the basis of legitimate interests for activities where our interests are overridden by the privacy impact on you.
2.3 We may process your account data (‘account data’). This is data we get from you, and may include your name, username, password, email address, telephone number and address. Account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our Legitimate Interest to carry out the proper administration of our website and business.
2.4 We may process information relating to transactions, including digital vouchers, that you enter into with us and/or through our website (‘transaction data’). The transaction data may include your contact details and the transaction details. We do not store card payment information on our systems, card payments are processed by Stripe on their secure payment server. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our Legitimate Interest, namely our interest in the proper administration of our website and business.
2.5 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (‘notification data’). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
2.6 Please do not supply any other person's personal data to us, unless we prompt you to do so.
2.7 Our site is not intended for children and we do not knowingly collect data relating to children (under 16 years of age).
We may provide your personal data to the third parties below for purposes set out in section 2:
We may transfer personal data outside of your country of residence in order to provide the services. Where we transfer personal data outside the European Economic Area (EEA), we ensure an appropriate degree of protection is afforded to it by implementing safeguards. We use appropriate mechanisms for international data transfers. We rely on decisions from the European Commission where they recognise that certain countries and territories outside of the EEA level of protection for personal information. These decisions are referred to as “adequacy decisions”.In other situations, we rely on standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK, where appropriate) or on derogations provided for under the applicable law to transfer information to a third country.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, regulatory proceedings, to respond to a legal request, to enforce and prevent violations of our terms of service, and protecting our rights and property or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
6.1 We may update this policy from time to time by publishing a new version on our website and modifying the “Last Updated” date at the top of this Policy.
6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
6.3 We may provide additional notice to you of changes to this policy as we consider appropriate in the exercise of our discretion
7.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
— If you want us to establish the data’s accuracy.
— Where our use of the data is unlawful but you do not want us to erase it.
— Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
— You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
7.2 If you wish to exercise any of the rights above, please contact us at the details in section 12.
9.1 For details of how we and third parties may use cookies, web beacons and other similar technology, please see our Cookies Policy.
10.1 Our website and services may contain links to other websites not operated or controlled by us (the ‘Third Party Sites’). All data provided, collected, maintained, stored or otherwise disclosed on these Third Party Sites, if any, is governed by their privacy policies. The links on the Website do not imply that we endorse or have reviewed the Third Party Sites, or their privacy policies, if any. We strongly encourage you to contact those sites directly for information on their privacy policies.
If you have accessed the Website through a link from certain of our advertising or marketing partners, the Website may include a frame of the applicable partner. Nevertheless, the information you provide to us through these framed web pages is collected by us, and our use of such information is governed by this Policy.
10.2 Cookies. For details on how to opt out of cookies, please see our Cookies Policy.
11.1 In addition to the option to opt-out of cookies as described in our Cookies Policy (http://www.andopen.co/cookies), you have controls and choices with respect to collection and use of your information by third parties. These are summarised for you below. We do not control or maintain opt-out mechanisms for third party companies and are not responsible for their operation.
11.2 Advertising opt-out. You can opt-out of sharing your information with third party companies engaged in targeted advertising including social networking sites such as Google, Twitter and Instagram using the following tools:
11.3 Google opt-out. If you are on the web, you can opt-out of Google Analytics by installing Google's opt-out browser add on: Google Analytics opt-out
Opt-out of interest-based Google ads using: Google ad personalisation
11.3 Twitter. To understand more about Twitter's Personalised Ads and marketing and exercise your privacy options, please visit: Privacy control for tailored ads (https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads)
You can learn more about Twitter's privacy practices and policies by visiting their Privacy Policy page at: Twitter privacy policy
11.4 Instagram advertising. To learn more about Instagram Ads and exercising your privacy options, visit: Ads on Instagram
12.1 Our website is owned and operated by And Open Gifts Ltd t/a &Open.
12.2 We are registered in Ireland under registration number 599378, and our registered office is at 13-15 St Clare’s Avenue, Harold’s Cross, Dublin 6W, D6W HH74.
12.3 You can contact us:
Because there are not yet common, industry accepted “do not track” standards and systems, our website does not respond to Do Not Track signals. In addition, we may allow additional third parties to collect personal information from your activity on our website, as described in the main Privacy Policy above.
The California Shine the Light law permits customers in California to request certain details about how their personal information is “shared” with third parties as defined in the Shine the Light law, and in some cases affiliates, if personal information is shared for those third parties’ or affiliates’ own direct marketing purposes. Californians may request information about our personal information sharing by contacting us at the email address indicated below. Please include “California Shine the Light Request” in the subject line and in the body of your message.
For information and questions about the use of your Personal Information or your rights under US law, you may contact our Data Protection team at dataprotection@andopen.co
Product
Solutions
Company
Resources
Legal
Contact Us
Follow Along