We take your privacy and using your personal data very seriously. This policy covers how we collect personal data, what we do with it and who we share it with. It also tells you about your privacy rights and how the law protects you. It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
GVS Group is made up of different legal entities. This privacy policy is issued on behalf of the GVS Group so when we mention “GVS”, “we”, “us” or “our” in this privacy policy we are referring to the relevant company in the GVS Group responsible for processing your data.
GVS Prepaid Ltd will be the controller of the personal data you provide to us for the One4all Gift Card and Reward Card. GVS Prepaid Ltd is a UK registered company (number 09193070) and registered with the UK’s Information Commissioner's Office (ICO) with reference ZA084661.
GVS Gift Voucher Shop DAC will be the controller of the personal data you provide to us for the Bikes4work scheme and the Christmas Club (up until the point funds are converted into Gift Cards, where GVS Prepaid Ltd will be the controller). GVS Gift Voucher Shop DAC is a designated activity company registered in Ireland (number 348932)
You can contact us at:
|
Data Controller |
Data Controller |
Full name of legal entity: |
GVS Prepaid Limited. |
GVS Gift Voucher Shop DAC |
Name or title: |
Compliance Manager |
Compliance Manager |
Email address: |
||
Postal address: |
30 St John’s Lane, London, EC1M 4NB |
PO Box 8942, Malahide Co Dublin |
Telephone number |
0207 608 6299 |
01 870 8100 |
Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate and possible, you will be notified through your online account or by e-mail.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
By “your data”, “your personal data”, and “your information” we mean any information about you, which you or third parties provide to us. which is capable of identifying you. We also sometimes refer to “processing”. This means any operation we perform on such data or information, such as collection, organising, storing, updating, using, disclosing and erasing.
We may collect, use, store and transfer different kinds of personal data which we have grouped together follows:
We also collect aggregated data such as statistical or demographic data. This may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We use different methods to collect personal data from and about you, including:
- Direct Interactions: you or other person using our website (for example, someone who wishes to order a gift card for you) may give us identity data, contact data, financial data and profile data by entering the information on our website or give us in any other way, such as by communicating with us by post, email or telephone. This includes personal data provided when:
- Automatic Information: we may receive and automatically collect certain types of information whenever you interact with our website. This may include information about your electronic devices, browsing actions and patterns when you access our website or advertisements and other content served by or on behalf of us on other websites. We collect this information by using "cookies" and other similar technologies.
- Third Parties or publicly available sources: we may receive personal data about you from various third parties and public sources as set out below:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We have set out below, in a table format, a description of the purposes of our processing of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are processing your data.
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
Register/set-up our customer record, including completing and processing card orders and delivering gift cards to card recipients. |
|
|
Confirm and verify your identity |
|
|
Provide you with the products and services that you request or receive from, or via us, so that we can:
|
||
To manage our relationship with you, including:
|
||
To administer and protect our business and this website (including troubleshooting, data analysis, testing, research.) |
|
|
To deliver relevant website content in the most effective manner for devices (phone, computer, tablet) |
|
Where we need you to provide personal data by law, or under the terms of a contract we have with you or in order to enter into a contract we will inform you. If you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with gift cards). In this case, we may have to cancel a product or service you have with us or third parties have requested to provide you, but we will notify you if this is the case at the time, to the extent we are able to.
GVS, from time to time, may wish to contact you about offers or products that are relevant to you. You may receive marketing communications from us if you have given us permission. Where you give permission we may contact you by e-mail, mail, telephone, SMS or other means (as permitted by your consent).
We will get your express opt-in consent before we share your personal data with any company outside the GVS group of companies for marketing purposes.
You can at any time withdraw your consent to direct marketing by:
- Clicking on the unsubscribe option on any emails you receive
- Contacting us via phone, post or email using the email address chealy@one4all.ie with ‘Unsubscribe’ in the subject line
Whilst this will stop GVS from mailing you, if you’ve shared your personal data with a third party (such as our retailer of month promotion) unsubscribing from GVS mailings will not stop the third party from mailing you. You will still need to unsubscribe from the third party(ies) (if you so wish) in accordance with their unsubscribe procedures.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We will hold your data for no more than 6 years following the termination of our relationship with you. The period will be determined by the types of products and services you have purchased from us.
By law we have to keep basic information about you (including Contact, Identity, Financial and Transaction Data) for 5 years after our business relationship with you ends for anti-money laundering purposes.
We will retain information about you after you have terminated your use of our services, or if your account becomes dormant, for as long as permitted or required for legal, regulatory, fraud and other financial crime prevention purposes and for lawful permitted business purposes.
In order to fulfil the purposes for processing your personal data, as set out above, we may need to share your personal data for the purposes set out above (see Purposes and legal bases for which we use your personal data).
We will share your personal data with other companies in the GVS group of companies (which includes our subsidiaries, our ultimate holding company and its subsidiaries) who provide (or procure the provision of) the card delivery and customer contact centre services, IT, system administration. All GVS group companies are obliged to respect the confidentiality of this personal information.
We may also share your personal data with selected third parties, including:
Where we disclosure personal data to such third parties we do so under a contract which includes requirements for the third party to have adequate security measures in place, only use the personal data for the purposes it was provided for and to delete or return it once no longer needed.
We may also disclose personal information to third parties under the following circumstances:
If we are under a legal duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions of our products and other agreements; or to protect the rights, property, or safety of GVS, our customers, or others. This includes exchanging information with other companies and organisations, such as law enforcement departments, regulators, government departments (e.g. Revenue, HMRC), for the purposes of fraud protection, anti-money laundering and credit risk reduction.
The majority of our third-party processors are based in the European Economic Area (EEA) however, when your personal data is transferred outside the EEA for further processing by the recipients described above, we ensure at least one of the following safeguards is implemented:
We take all steps reasonably necessary to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Our site has security measures in place to protect the loss, misuse and alteration of the information under our control. Our secure server software (SSL) is the industry standard and among the best software available today for secure commerce transactions. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read as the information travels over the Internet.
All parties with access to your personal data are all subject to a strict duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the UK Information Commissioner’s Office (ICO) (where GVS Prepaid is the data controller) or The Irish Office of the Data Protection Commissioner (DPC) (where GVS Gift Voucher Shop DAC is the data controller) of a breach where we are legally required to do so.
Under the General Data Protection Regulation (GDPR), you, as a data subject have a number of rights which are detailed below:
If you wish to exercise any of the rights set out above, please write to Compliance Manager, One4all, PO Box 8942, Malahide, Co Dublin.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Where GVS Prepaid Ltd is the controller, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
Where GVS Gift Voucher Shop DAC is the controller, you have a right to complain to the Ireland’s Office of the Data Protection Commissioner (DPC) (https://www.dataprotection.ie/docs/Home/4.htm)
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or DPC so please contact us in the first instance.
A 'cookie' is a small piece of information that many web sites use to help make shopping online easier. Information is stored on your computer's hard drive (in your browsers temporary internet files folder).
Our Website uses and stores this type of information, as with that obtained from other cookies used on the site, to help it improve the services to its users. Our Website does not store personally identifiable information in your cookie in order to minimise any security risk.
When you visit this site, your cookie helps us keep track of your shopping cart contents. If you choose to buy from us, your cookie allows us to recognise you and the contents of your shopping cart.
We use an independent measurement and research company to gather data regarding the visitors to this web site using cookies and code which is embedded in the site. Both the cookies and the embedded code provide statistical information about visits to pages on the site, the duration of individual page view, paths taken by visitors through the site, data on visitors' screen settings and other general information. This data is for GVS use only.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
The table below lists the cookies we collect and what information they store.
COOKIE name |
COOKIE Description |
CART |
The association with your shopping cart. |
CATEGORY_INFO |
Stores the category info on the page that allows to display pages more quickly. |
CUSTOMER |
An encrypted version of your customer id with the store. |
CUSTOMER_AUTH |
An indicator if you are currently logged into the store. |
CUSTOMER_INFO |
An encrypted version of the customer group you belong to. |
CUSTOMER_SEGMENT_IDS |
Stores the Customer Segment ID |
EXTERNAL_NO_CACHE |
A flag, which indicates whether caching is disabled or not. |
FRONTEND |
You session ID on the server. |
GUEST-VIEW |
Allows guests to edit their orders. |
LAST_CATEGORY |
The last category you visited. |
LAST_PRODUCT |
The most recent product you have viewed. |
NO_CACHE |
Indicates whether it is allowed to use cache. |
PERSISTENT_SHOPPING_CART |
A link to information about your cart and viewing history if you have asked the site. |
RECENTLYCOMPARED |
The items that you have recently compared. |
STF |
Information on products you have emailed to friends. |
STORE |
The store view or language you have selected. |
USER_ALLOWED_SAVE_COOKIE |
Indicates whether a customer allowed to use cookies. |
VIEWED_PRODUCT_IDS |
The products that you have recently viewed. |