1. Introduction

Welcome to Finvanta Tech FZCO ("Company", "we", "our", "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://finvanta.ae/ (the "Site"), use our services including the purchase and redemption of gift cards and vouchers, and when you interact with us in connection with our affiliate website https://bitriffil.com/.

Please read this Privacy Policy carefully. By accessing or using our Site and services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Site.

2. Data Controller

For the purposes of the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and, where applicable, the EU General Data Protection Regulation ("GDPR"), the data controller is:

Finvanta Tech FZCO
Building A1, Dubai Digital Park
Dubai Silicon Oasis, UAE

Company Email: finvantatech@gmail.com
Contact Number: +971 55 254 4797

3. Personal Data We Collect

We may collect, use, store and transfer the following types of personal data about you:

3.1 Information You Provide to Us

• Identity Data: full name, date of birth, username or similar identifier.

• Contact Data: billing address, delivery address, email address, telephone number.

• Transaction Data: details about gift card or voucher purchases, redemption history, order value, and payment information.

• Account Data: your login credentials, account preferences, and communication preferences.

• Communication Data: your correspondence with us via email, phone, or our contact forms.

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, and device information.

• Usage Data: information about how you use our Site, products and services, including gift card activations, redemptions, and browsing behaviour.

• Cookies and Tracking Technologies: We use cookies and similar tracking technologies to monitor activity on our Site and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

3.3 Information from Third Parties

• Payment Processors: we receive confirmation of payment and transaction status from our payment service providers, but we do not store full credit/debit card numbers.

• Technical Service Providers: analytics providers (such as Google) and advertising networks.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

4.1 To Provide and Manage Our Services

• Process and fulfil your gift card and voucher orders.

• Activate and manage gift card balances and redemptions.

• Verify your identity and age where required.

• Manage payments, fees and charges.

• Communicate with you regarding your orders, including sending order confirmations and redemption notifications.

4.2 To Improve and Develop Our Site and Services

• Monitor and analyse usage patterns and trends to improve our Site and customer experience.

• Develop new products, services, features, and functionality.

• Troubleshoot technical issues and ensure network security.

4.3 Marketing and Communications

• Send you promotional information about our products, services, offers, and events that may interest you, where permitted by law and with your consent where required.

• Deliver relevant website content and advertisements to you.

• Measure or understand the effectiveness of advertising we serve to you.

You have the right to withdraw your consent to marketing at any time by contacting us or by using the unsubscribe link in any marketing email.

4.4 Legal Compliance and Protection

• Comply with legal and regulatory obligations, including anti-money laundering and counter-terrorist financing requirements.

• Enforce our Terms and Conditions and other legal rights.

• Protect against fraud, unauthorised transactions, claims, and other liabilities.

• Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

5. Legal Basis for Processing (for GDPR Purposes)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal data depends on the specific purpose for which we process it:

Purpose

Legal Basis

Order processing, gift card activation and redemption

Performance of a contract with you

Account management

Performance of a contract with you

Marketing communications

Consent (or legitimate interests for existing customers, where permitted)

Site improvement and analytics

Legitimate interests (to improve our services and user experience)

Fraud prevention and legal compliance

Legal obligation and legitimate interests

Cookies (non-essential)

Consent

6. Disclosure of Your Personal Data

We may share your personal data with the following categories of recipients:

6.1 Service Providers and Business Partners

• Payment processors and financial institutions to process your transactions.

• IT and system administration service providers who help us operate our Site and business systems.

• Delivery and fulfilment partners where required to deliver physical gift cards.

• Marketing and analytics providers who assist us in understanding our customers and improving our services.

• Customer relationship management (CRM) providers.

All our service providers are contractually obligated to protect your personal data and may only process your data in accordance with our instructions.

6.2 Affiliates and Group Companies

We may share your data with our affiliate https://bitriffil.com/ for operational, analytical, and marketing purposes, subject to compliance with applicable data protection laws.

6.3 Legal and Regulatory Authorities

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction.

6.5 With Your Consent

We may share your personal data with third parties when you have given us your explicit consent to do so.

7. International Data Transfers

Finvanta Tech FZCO is based in the UAE, and your personal data will be processed in the UAE. We may also transfer your data to service providers located in other countries.

• UAE PDPL Compliance: When transferring personal data outside the UAE, we will ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the UAE Data Office, or transfers to jurisdictions that provide an adequate level of data protection.

• GDPR Compliance (for EEA residents): For transfers from the EEA to the UAE or other third countries, we will implement appropriate safeguards, including the European Commission's Standard Contractual Clauses, to ensure that your personal data remains protected.

You may request a copy of the appropriate safeguards we have put in place by contacting us.

8. Data Security

We have implemented appropriate technical and organisational security measures to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. These measures include:

• Encryption: All personal data is transmitted using Secure Socket Layer (SSL) technology.

• Access Controls: Access to personal data is restricted to employees and service providers who need to know that information to process it on our behalf.

• Secure Storage: Personal data is stored on secure servers with firewalls and other industry-standard protections.

• Data Minimisation: We limit the collection and retention of personal data to what is strictly necessary for the purposes described in this Privacy Policy. We do not store full credit/debit card numbers.

• Regular Testing: We regularly test our systems and processes for vulnerabilities.

While we use reasonable efforts to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Transaction Data: We retain transaction information (including gift card purchase and redemption history) for a period of up to 5 years to comply with legal and regulatory obligations, including tax and anti-money laundering requirements.

• Account Data: If you have an account with us, we retain your account data for as long as your account remains active and for a reasonable period thereafter in case you decide to reactivate your account.

• Marketing Data: We retain your contact data for marketing purposes until you withdraw your consent or object to processing.

• Technical Data: We retain technical and usage data for up to 12 months for analytics and system improvement purposes.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. Your Data Protection Rights

Depending on your location and applicable law (including the UAE PDPL and GDPR), you may have the following rights regarding your personal data:

Right

Description

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances (e.g., where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent).

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances (e.g., where you contest the accuracy of the data).

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller (where technically feasible).

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (the UAE Data Office for UAE residents, or your local data protection authority for EEA residents).

To exercise any of these rights, please contact us using the details in Section 13 (Contact Us). We will respond to your request within 30 days in accordance with applicable law.

Please note: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

11. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to distinguish you from other users, remember your preferences, and analyse how you use our Site.

11.1 What are Cookies?

Cookies are small text files that are placed on your computer, smartphone, or other device when you visit a website. They are widely used to make websites work more efficiently and to provide information to the owners of the site.

11.2 Types of Cookies We Use

• Strictly Necessary Cookies: These are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our Site, use a shopping cart, or make purchases.

• Functional Cookies: These are used to recognise you when you return to our Site, enabling us to personalise our content for you and remember your preferences.

• Analytical/Performance Cookies: These allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our Site works.

• Targeting Cookies: These record your visit to our Site, the pages you have visited, and the links you have followed. We may use this information to make our Site and the advertising displayed on it more relevant to your interests.

11.3 Managing Cookies

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of our Site and may affect your ability to make purchases.

For more information about cookies and how to manage them, you can visit www.aboutcookies.org or www.allaboutcookies.org.

12. Children's Privacy

Our Site and services are not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and you become aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your data protection rights, or wish to make a complaint, please contact us at:

Finvanta Tech FZCO
Building A1, Dubai Digital Park
Dubai Silicon Oasis, UAE

Email: finvantatech@gmail.com
Phone: +971 55 254 4797

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

The "Last updated" date at the top of this Privacy Policy indicates when it was last revised. Any changes will become effective when we post the revised Privacy Policy on the Site. Your continued use of the Site and our services following the posting of changes constitutes your acceptance of such changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

15. Governing Law

This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), without regard to its conflict of law principles.

16. Specific Provisions for Gift Cards and Vouchers

As a provider of gift cards and vouchers, we process your personal data for the following specific purposes:

• Purchase and Activation: When you purchase a gift card or voucher, we collect identity and payment data to process your transaction, activate the card or voucher, and deliver it to you (whether electronically or via physical card).

• Redemption: When you or the recipient redeem a gift card or voucher, we may collect the recipient's contact information (where provided) to verify the validity of the card or voucher and process the redemption.

• Balance Management: We maintain records of gift card and voucher balances, activation dates, expiration dates, and transaction history to ensure accurate balance information and prevent fraud.

• Fraud Prevention: We monitor gift card and voucher transactions for suspicious activity and may share data with fraud prevention agencies where necessary.

• Customer Support: We use your communication data to respond to inquiries regarding lost, stolen, or damaged gift cards, balance inquiries, and other gift card-related issues.

We do not sell or share your gift card or voucher transaction data with third parties except as necessary to process transactions, prevent fraud, or comply with legal obligations.