Buyatab Online Inc. Privacy Policy

This version in effect since July 1, 2023.

Buyatab Online Inc. (“Buyatab”, “we”, or “us”) is committed to protecting and respecting your privacy. This policy sets out the basis on which Buyatab will use and disclose any personal information that you provide to us, or we collect from you, as a user of our services and our website (collectively, our “Services”).

Your personal information enables users like you to place orders for gift cards from the merchants, companies, and organizations with whom we do business (“Merchants”) for delivery to yourself, other people, or entities (“Recipients”). Our Services may be embedded on the websites, mobile apps, and social media sites of our Merchants. When you use our Services on those sites, you may also be providing information to Merchants, and the Merchants’ privacy policies will apply to their collection, use, and disclosure of such information.

Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. By using our Services, you are explicitly accepting and consenting to the practices described in this Privacy Policy.

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following data about you:

  • Information you give us. You may give us information about you when using the Services or by corresponding with us by phone, e-mail, or otherwise.

The information you give us may include your name and your Recipient’s name; your address and your Recipient’s address; your e-mail address and your Recipient’s e-mail address; your phone number and your Recipient’s phone number; your payment method and payment information, including credit card information; your order transaction details; your personal message(s); or photograph(s), images, or other content that you provide.

By submitting personal information in respect of you and anyone else, you warrant that you have the full authority to do so and are not violating any applicable law, including privacy law regarding minors, by providing it.

  • Information we collect about you. Information we may automatically collect may include technical information, such as IP address; device type and identity; login information, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform; information about your visit, including the full Uniform Resource Locators clickstream to, through, and from our Services (including date and time); products you viewed or searched for; page response times, download errors, and length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page; and any phone number or email address used to contact our customer service specialists.
  • Information we receive from other sources. We may receive information about you if you use or visit any internet sites & services that use our Services or if you transact with our Merchants or any other third parties with whom we do business.

We may also collect information about you as required or permitted by law.

COOKIES

A cookie is a very small piece of information in the form of a text file placed on your device memory by many internet sites & services that you visit. We use cookies only to store basic information and never to store any password or credit card information.

We may use the following types of cookies to help us to provide you with a good experience when you visit internet sites & services that use our Services:

  • Strictly necessary cookies to help support the structure of the internet sites & services that are displayed to you when using our Services. These enhance the look and feel of our Services. They also help to improve navigation and allow you to return to webpages you have previously visited.
  • Performance cookies to provide aggregated statistics on users of our Services and their browsing behaviour. This enables us to make the use of our Services easier for you, and if necessary, to make improvements. The data is aggregated and anonymized to provide generalized, anonymized information.
    You can find more information about the individual cookies we use and purposes for which we use them in the table below:

Cookie

Purpose

Duration

AWSALB

Used for load balancing infrastructure

Expires in 40 days

Anti-forgery token

Used to prevent fraudulent transactions

Expires in 30 days

Session beacon

Used to ensure that the checkout process is completed by the original

Expires in 30 days

Shopping cart

Used to store any incomplete shopping cart information on the user’s machine

Deleted upon completion of the checkout process or until the browser cache is cleared

Google Analytics

Used for to track visitors and for site performance analytics

Expire after 2 years

Spam Bot Protection (Re-captcha)

Used to detech abuse traffic without user interaction

Expires after 6 months

Live Chat

Used for customer service

Expires after 6 months

You can set your browser to accept or reject all specific cookies. You can also set your browser to alert you each time a cookie is presented to your device or opt out of Google Analytics by installing Google’s opt-out browser add-on. You may also utilize your own tracking tools, such as Adobe Analytics, for cookie tracking and customer analytics, but you are responsible for the transmission and/or storage of any personally identifiable information, and any claims for damages that result from any loss or theft thereof. You can delete cookies that have been stored on your device, but if you prevent us from placing cookies on your device, or if you subsequently delete a cookie, it may not be possible for you to use our Services effectively.

USES MADE OF THE INFORMATION

We may use information about you for the following purposes:

  • to process and fulfil your order;
  • to communicate with you, including to notify you about changes to policies or terms and conditions and to provide you with information about other goods or services that are similar to those that you have already purchased or enquired about, subject to applicable law;
  • to ensure that content from our Services are presented in the most effective manner for you and for your device;
  • to administer and improve our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to allow you to participate in interactive features of our Services, when you choose to do so;
  • as part of our efforts to keep our Services safe and secure;
  • for risk control, fraud detection and prevention, and compliance with laws and regulations; and
  • as required or permitted by law.

DISCLOSURE OF YOUR INFORMATION

We may share your personal information with members of our group, which means our subsidiaries and related companies.

We may share your information with selected third parties including:

  • The Merchant and your Recipient to which the gift card relate to fulfil your order.
  • Suppliers and subcontractors we engage to provide services to us (such as data storage, technical, infrastructure, platform, or applications services or payment processing or order fulfilment services).
  • Market researchers, advertisers, or other parties, not to disclose information about identifiable individuals to such parties, but to provide them with aggregate anonymized information about our users.
  • Analytics and search engine providers that assist us in the improvement and optimization of our Services.

We may also disclose your information to third parties in the following circumstances:

  • In the event that we decide to sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
  • If substantially all of our assets are acquired by a third party, in which case personal information held will be one of the transferred assets.
  • In order to comply with legitimate governmental requests, subpoenas, court orders, or legal obligations; or in order to enforce or apply the terms and conditions of our Services or other agreements; or to protect the rights, property, or safety of Buyatab, our customers, or other parties. This includes exchanging information with other companies and organizations for the purposes of fraud detection and prevention and risk control.
  • As required or permitted by law.

WHERE WE STORE YOUR PERSONAL INFORMATION

Buyatab is a Vancouver, British Columbia, Canada-based company and our Merchants, suppliers, and subcontractors may be located worldwide.

In the event that we share your personal information with our Merchants, suppliers, or subcontractors as described in this policy, your information may be processed and stored in the country where they are located.

Personal information may be subject to disclosure under the laws of jurisdictions where the personal information is stored or handled and it may be accessible to law enforcement and national security authorities of those jurisdictions.

For information about Buyatab’s use of suppliers and subcontractors outside Canada to process personal information, please contact us at the address provided below.

EUROPEAN VISITORS

The data controller is Buyatab Online Inc., B1 – 788 Beatty Street, Vancouver, BC, V6B 2M1 Canada.

Our Privacy Officer can be reached by e-mail at privacy@buyatab.com.

The data that we collect from you, including your personal data, will be transferred to, and stored at, in countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or subcontractors. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provision of support services. By submitting your personal data, you agree to the transfer, storing, and processing of such personal data, as required to provide you with the Services. We will take steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, but transfers of your personal data to countries outside the EEA may involve possible risks due to the absence of an adequacy decision or other safeguards under the EU General Data Protection Regulation.

CALIFORNIA VISITORS

Buyatab does not sell or share personal information with third parties for their marketing purposes. Pursuant to the California Consumer Protection Act, under certain circumstances, California consumers have the right to request that Buyatab disclose or delete the specific pieces of personal information Buyatab collected about that consumer.

If you are a California consumer, you may submit a request for this information or for deletion of this information by e-mail at privacy@buyatab.com. If required to do so, Buyatab will respond to your request in the manner and time provided for in the California Consumer Protection Act.

California Sensitive Information Disclosure: The table below describes the categories of sensitive personal information (as defined under California law) we collect and why. It also indicates whether we “sell” or “share” such information (as those terms are defined under California law). We do not “sell” sensitive personal information for purposes of cross-context behavioral advertising. We may share information as described below.

Category of Sensitive Personal Information

Purposes for which Information is Collected

Is information sold or shared for the purpose of cross-context behavioral advertising?

Social security, driver’s license, state identification card, or passport number.

·         Determining eligibility for employment

·         General human resources administration

·         Facilitating business travel

·         Providing products or services requested by customers

·         Detecting and preventing fraud

·         Complying with legal obligations and regulations

·         Conducting recordkeeping

No

Racial or ethnic origin

·         Reporting certain demographic workforce data to federal, state and/or local government agencies as required or permitted by applicable law

·         Promoting diversity, equity, and inclusion within the company

No

Contents of a consumer’s email, and text messages unless the business is the intended recipient of the communication

·         Managing network and IT systems security

·         Monitoring use of IT and communication systems

·         Ensuring compliance with internal policies and procedures

·         Protecting confidential information, intellectual property and other business interests

·         Investigating unlawful or improper acts

No

Health

·         Administering and maintaining employee benefits

·         Ascertaining employee fitness to perform job duties with or without reasonable accommodation

·         Managing absences from work

·         Complying with legal obligations related to health and safety

No

YOUR RESPONSIBILITY FOR PRIVACY

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Ultimately, you are responsible for maintaining the secrecy of your password and/or any personal information in your possession. Always be careful and responsible regarding your personal information.

SECURITY OF YOUR PERSONAL INFORMATION IS IMPORTANT TO US

Buyatab takes commercially reasonable steps to ensure that personal information is kept safe from loss, unauthorized access, modification, or disclosure. Among the steps we take in order to protect your information are:

  • premises security;
  • restricted data access to personal information;
  • deploying technological safeguards like security software and firewalls to prevent hacking or unauthorized computer access; and
  • internal password and security policies.

Except where we are required by law to disclose personal information, we will use contractual arrangements to protect personal information disclosed to third parties.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Services or the internet sites & services that use our Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

WITHDRAWAL OF CONSENT

Individuals have the right to withdraw their consent to the collection, use, or disclosure of personal information at any time, except where that withdrawal would frustrate the performance of a legal obligation by Buyatab. Upon reasonable written notice given to Buyatab, such personal information held by Buyatab that is identifiable to that individual will be removed from our records and a notice of the impact of that removal will be provided to the individual. Notwithstanding the foregoing, if you withdraw consent, Buyatab nonetheless reserves the right to retain, collect, use, and disclose personal information without your consent where we are permitted or required by law to do so.

OPTING OUT

You may wish to opt out of receiving certain information and marketing or promotional materials from us. You may do so by using the unsubscribe mechanism provided in the message or by contacting us at the address set out below.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

Personal information will be retained in accordance with this policy for as long as may be necessary or relevant for the purpose of collection, or as may be required or permitted by law.

LINKED SITES

Our Services may, from time to time, contain links to and from the internet sites & services of other parties. If you follow a link to any of these internet sites & services, please note that these parties may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to other internet sites & services.

ACCESS TO INFORMATION

You have the right to access the personal information that we have about you and to request correction of personal information that you believe to be inaccurate. If you wish to access your personal information or request a correction of your personal information, you should contact our Privacy Officer at the address set out below who will be pleased to assist you. Upon receiving a written access and/or correction request and any handling fee that may be required by Buyatab to the extent permitted by applicable law, and where the identity of the requestor can be confirmed, personal information held by Buyatab that is identifiable to the requestor, as well as information on all use and disclosures of that personal information, will be released to the requestor within 30 days, except where denial of that release is required or permitted by law, and if necessary Buyatab will correct the personal information of the requestor. If we deny your request for access to or refuse a request to correct personal information, we will explain why.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy Policy in the future will be posted on this page. The effective date of changes to this policy will be noted above so that you can be fully informed about our privacy policies and practices. Please check back frequently to see any updates or changes to our Privacy Policy.

CONTACT

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to our Privacy Officer at privacy@buyatab.com.