Gyfto

Legal

Privacy Policy

This Privacy Policy describes how ARTEMIX LIMITED handles personal data when you access or use the website gyfto.net, purchase digital gift cards, or otherwise communicate with us. We process personal data in line with the General Data Protection Regulation (GDPR).

Last updated 4 May 2026

1. Identity of the Data Controller

ARTEMIX LIMITED acts as the data controller for all personal data processed through the website and related services. Company number: 758562.

Registered office: 36-42 Donnybrook Road, Donnybrook House, D04 E6X0 Dublin, Ireland.

2. Categories of Personal Data

Depending on how you interact with us, we may process different categories of personal data. This includes information you provide directly, such as your name, email address, order details and any communications with customer support.

We also automatically collect certain technical and usage data when you access the Website, including your IP address, browser type, device characteristics, language settings, approximate location and interaction data.

In connection with transactions, we may receive and process limited payment-related information from our payment partners, including confirmation of payment, transaction reference data and fraud-prevention signals such as IP and device-related risk indicators.

We may also receive data from service providers supporting payment processing, fraud prevention, analytics, hosting, security and website functionality.

3. Purposes of Processing and Legal Grounds

We process personal data only where necessary and in accordance with applicable data protection laws.

Personal data is processed to fulfil orders, deliver Digital Gift Cards and provide customer support, which is necessary for the performance of a contract.

We also process personal data to facilitate payments, verify transactions, prevent fraud, detect misuse and manage chargebacks, based on both contractual necessity and our legitimate interest in protecting our business and payment ecosystem.

Certain data is processed to comply with legal obligations, including accounting, tax and record-keeping requirements.

We further process personal data to operate, maintain and secure our Website and systems, based on our legitimate interests.

Transactional communications are sent as part of contract performance. Marketing communications to existing customers may be sent where permitted by law, based on legitimate interests, and you may opt out at any time.

Non-essential cookies and similar technologies are used only with your consent.

Personal data may also be used to establish, exercise or defend legal claims, including in connection with payment disputes and chargebacks.

4. Fraud Prevention and Platform Security

We apply technical and organisational measures to protect our services, users and transactions. This includes the use of automated screening tools and risk assessment systems that analyse transaction-related data, including IP addresses, device information and behavioural signals, in order to detect and prevent fraud, unauthorised activity and misuse.

Where relevant, such processing may involve automated decision-making, however, appropriate safeguards are in place and decisions may be subject to human review where required.

5. Cookies and Similar Technologies

This Privacy Policy also governs our use of cookies and similar technologies. Cookies are small files stored on your device that support website operation, remember preferences, analyse performance and, where consented, enable marketing measurement. A detailed Cookies section is included below.

6. Disclosure of Personal Data

We disclose personal data only where necessary, proportionate and subject to appropriate safeguards.

This includes sharing data with payment processors, acquirers and financial institutions to process transactions and manage chargebacks, as well as with providers of hosting, IT infrastructure, security, fraud prevention, analytics and communication services.

Personal data may also be shared with professional advisers or public authorities where required by law.

All third parties are subject to contractual obligations to ensure confidentiality and data protection compliance.

7. Transfers Outside the EEA

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms recognised under the GDPR.

8. Data Retention

Personal data is retained only for as long as necessary for the purposes described in this Policy and in accordance with legal obligations.

Transaction and accounting records are typically retained for up to seven (7) years. Fraud-prevention and security-related data, including transaction logs and technical identifiers, may be retained for up to twenty-four (24) months. Customer support communications are generally retained for up to three (3) years following resolution.

Marketing preferences are retained until you withdraw consent or object to such processing. Cookies are retained according to their defined lifespan.

9. Your Data Protection Rights

Under the GDPR, you have the right to request access to, rectification or erasure of your personal data, to restrict or object to certain processing activities, and to receive data in a portable format where applicable. You may also withdraw consent at any time where processing is based on consent.

You have the right to lodge a complaint with the Data Protection Commission in Ireland or another competent supervisory authority.

10. Cookies

Overview

Cookies are used to ensure the website functions correctly, to analyse usage and to support features and marketing where permitted.

Cookie Categories

We use the following types of cookies:

  • Strictly necessary cookies essential for core functionality and security.
  • Performance cookies used to generate aggregated usage statistics.
  • Functional cookies that remember user preferences.
  • Advertising cookies, applied only with your consent.

Cookie Consent and Management

On your first visit, you will be presented with options to accept or manage non-essential cookies. You may adjust your preferences at any time through browser settings or site controls. Blocking cookies may affect certain features.

Third-Party Cookies

Some cookies are set by third-party providers. These parties act under their own privacy policies and are selected based on appropriate data protection standards.

11. Policy Updates

We may revise this Privacy Policy from time to time. The "Last updated" date indicates when changes were last made. Significant changes will be communicated through the website.

12. Contact

For all privacy-related and general inquiries, please contact: gdpr@gyfto.net.