1. ACKNOWLEDGMENT
1.1 This Privacy Policy (“Policy”) is an electronic record prepared and maintained in accordance with the provisions of the Information Technology Act, 2000, as amended by the Information Technology (Amendment) Act, 2008, and the rules framed thereunder. The relevant provisions and legal requirements governing electronic records under these Acts are duly incorporated herein.
1.2 This electronic record has been automatically generated by a computer system and therefore does not require any physical or digital signature for its authenticity or enforceability under Indian law.
1.3 This Privacy Policy is published in compliance with Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011, which mandates the publication of privacy, data protection, and user-related terms governing access to or usage of the online platform operated by GiftedToAll India Ltd., available at www.GiftedToAll.com (“Website” or “e-Portal”).
1.4 This Policy outlines how GiftedToAll India Ltd. collects, uses, shares, and protects user data and personal information in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and all other applicable laws of India.
2. PENALTIES IN LAW
The misuse, manipulation, or unauthorized handling of data, systems, or electronic communications may constitute an offence under the Information Technology Act, 2000 and related Indian statutes. The following legal provisions define such offences and corresponding penalties:
2.1 Tampering with Computer Source Documents
Under Section 65 of the IT Act, 2000, any person who knowingly or intentionally conceals, destroys, or alters any computer source code required to be maintained by law shall be punishable with imprisonment up to three (3) years, or with a fine up to ₹2,00,000 (Rupees Two Lakhs Only), or with both.
2.2 Hacking with Computer Systems
Under Section 66 of the IT Act, 2000, any person who, with intent to cause wrongful loss or damage, destroys, deletes, alters, or diminishes the value or utility of data or affects it injuriously by any means shall be punishable with imprisonment up to three (3) years, or with a fine up to ₹1,00,000 (Rupees One Lakh Only), or with both.
2.3 Receiving Stolen Computer Data or Devices
Under Section 66B of the IT Act, 2000, any person who dishonestly receives or retains any stolen computer resource or communication device, knowing or having reason to believe it to be stolen, shall be punishable with imprisonment up to three (3) years, or with a fine up to ₹1,00,000 (Rupees One Lakh Only), or with both.
2.4 Publishing or Transmitting Obscene Information
Under Section 67 of the IT Act, 2000, any person who publishes or transmits any obscene or lascivious material in electronic form shall be punishable with imprisonment up to two (2) years and a fine up to ₹2,000 (Rupees Two Thousand Only), or with both.
In the event of a subsequent conviction, such imprisonment may extend to five (5) years along with a fine up to ₹2,000 (Rupees Two Thousand Only) as per Section 292 of the Indian Penal Code (IPC).
2.5 Sending Offensive or Publishing False Information
Under Section 66A of the IT Act, 2000, any person who sends by means of a computer resource or communication device any information that is grossly offensive, menacing, or false with intent to cause annoyance, inconvenience, danger, insult, or injury shall be punishable with imprisonment up to three (3) years, and with a fine as determined by the competent court of law.
3. DATA COLLECTED THROUGH OUR WEBSITE
At GiftedToAll India Ltd. (“the Company,” “we,” “our,” or “us”), your privacy and data security are our highest priorities. We are fully committed to maintaining the confidentiality, integrity, and lawful use of all personal, transactional, and business information collected through our website www.GiftedToAll.com (“the e-Portal”).
The following outlines the different types of data we collect and the purposes for which they are used.
3A. Data Provided by Users
3A.1 During the registration or account creation process, users may be asked to provide standard personal information such as their name, email address, phone number, and other essential details. This information is used solely to create user accounts, verify identity, and facilitate service delivery. The Company does not sell, rent, or trade such personal data with any third party for commercial purposes.
3A.2 Additional data may be collected from users who interact with our integrated services, such as social media logins, loyalty or reward programs, or third-party promotional activities. These data points help us enhance personalization, communication, and service efficiency.
3A.3 Users may voluntarily provide images, documents, or files for specific services, such as product customization, verification, or contests. Such data is securely stored in encrypted environments hosted on Company-approved servers and cloud infrastructure.
3B. Data Obtained During User Interaction
3B.1 Our e-Portal may use AI-powered chatbots and interactive chat tools to enhance user support and experience. These systems may record basic conversational data and interaction history to improve future responses and user satisfaction.
3B.2 Users may create User-Generated Content (UGC)—including comments, reviews, testimonials, suggestions, or contest submissions. Such information, when voluntarily shared, becomes part of our website content and may be visible to other users in accordance with our moderation policies.
3B.3 We employ analytics and tracking software to collect behavioral and technical information such as device type, IP address, browsing duration, preferences, and navigation patterns. These data help us optimize performance, enhance user experience, and tailor promotional offers.
3C. Data from Digital Voucher Partners
3C.1 During the Sales Partnership or Digital Voucher Partner registration process, we may collect legally required business and identification information such as company registration details, contact numbers, tax identification numbers, and addresses.
3C.2 All data shared by Sales Partners – including business operations and contacts – are treated as confidential and proprietary information and are not disclosed without explicit consent, except as required by law.
3D. Transaction Data
3D.1 During checkout, shoppers provide information such as billing and shipping addresses, contact details, and order identification numbers. We retain limited transactional records to ensure smooth processing, returns, and customer support. Such data is not shared or sold to external entities.
3D.2 All financial transactions are processed through SSL-encrypted channels and PCI-DSS-compliant payment gateways. We employ industry-standard encryption to safeguard transaction integrity and protect users against unauthorized access or fraud.
3E. Financial Data
3E.1 For online purchases, customers may be required to input sensitive financial information, including credit/debit card details, bank account numbers, or UPI credentials.
3E.2 To protect financial privacy, we do not store or retain any sensitive financial information on our servers. Users are redirected to secure, trusted payment gateways managed by licensed financial institutions. These third parties independently ensure the safety of financial data in compliance with the Reserve Bank of India (RBI) and Information Technology Act, 2000 regulations.
3F. Personal Data / Information
We collect personal data to deliver accurate, lawful, and personalized services. This may include:
- Full name, address, and contact details;
- Age, gender, and nationality; and
- Communication preferences and interests.
Such information is collected under lawful consent, used solely for legitimate business purposes, and stored in compliance with data retention obligations under Indian law.
3G. Cookies
Our website uses cookies – small text files placed on your device – to improve functionality and user experience. Cookies allow us to collect technical information such as browser type, session time, pages visited, and user preferences.
- You may choose to accept or decline cookies as per your browser settings.
- As required by government regulations, users are prompted for consent before cookie activation.
- Disabling cookies may affect certain functionalities of the website.
4. PRIVACY PROTECTION
We implement multi-layered security measures to protect all data collected through our e-Portal from unauthorized access, misuse, or loss.
4A. Secure Coding
We employ industry-standard programming frameworks, coding practices, and secure database management to prevent data breaches, cross-site scripting, SQL injections, and other vulnerabilities.
4B. Secure Integrations
Only verified and security-audited third-party applications and APIs are integrated into our system. Each integration undergoes safety checks and complies with internationally recognized standards such as ISO 27001 and OWASP guidelines.
4C. Installation of Security Software
We regularly deploy advanced security technologies and software tools, including:
- Anti-virus and anti-malware solutions,
- Spam and phishing filters,
- Vulnerability scanning and debugging tools,
- Data encryption systems, and
- SSL certificates for secure communication.
We continually upgrade these systems to address emerging cyber threats.
4D. Best Security Practices
Our technical and compliance teams actively monitor fraudulent or suspicious activities and take immediate preventive measures. This includes identifying and blocking:
4D.1 Fake or impersonated user profiles.
4D.2 Code injection attempts through user-generated fields such as comments or reviews.
4D.3 User-generated content promoting nudity, racism, communal hatred, or political propaganda.
4D.4 Spam emails, unsolicited marketing messages, and phishing attempts.
4D.5 Unauthorized access attempts, hacking, or data scraping.
We maintain robust monitoring systems and cooperate with law enforcement agencies to investigate, remove, and prosecute malicious users or cybercriminals attempting to exploit the platform.
5. CHANGES IN PRIVACY POLICY
5.1 GiftedToAll India Ltd. reserves the right to revise, amend, or update this Privacy Policy at any time, as deemed necessary to comply with legal, operational, or technological developments. Updates may reflect improvements in data protection practices, changes in applicable laws, or new features introduced on the Website.
5.2 The Company may, at its discretion, notify users of significant policy updates by email or by displaying a prominent notice on the Website. However, such notifications are not mandatory, and users are responsible for reviewing the latest version of the Privacy Policy periodically.
5.3 In the event of material changes, we may provide notice through appropriate communication channels, including email and/or an on-screen message displayed prior to the new policy’s effective date. The “Effective Date” indicated at the top of the Privacy Policy shall signify the latest version in force.
5.4 You are encouraged to review this Privacy Policy regularly to stay informed about how we collect, store, protect, and use your personal data. Continued use of our Website following the posting of an updated Privacy Policy shall be deemed as your acceptance of the revised terms.
5.5 All changes and amendments to this Privacy Policy shall become effective immediately upon publication on the current web page unless stated otherwise.
6. PRIVACY OF MINORS
6.1 The services and content provided through www.GiftedToAll.com are intended solely for use by individuals aged 18 (Eighteen) years and above. The Company does not knowingly collect, store, or process any personally identifiable information (PII) from children or minors below this legal age of consent.
6.2 We explicitly discourage individuals under 18 years of age from registering, transacting, or sharing any personal or financial information on the Website. Any such use must occur only under the direct supervision and consent of a parent or legal guardian.
6.3 If you are a parent or guardian and become aware that your child has provided us with personal data without your consent, you are requested to contact us immediately through the contact details provided in this Policy.
6.4 Upon verification, if we determine that any personal data belonging to a minor has been inadvertently collected, we shall promptly delete or anonymize such information from our servers and records in compliance with applicable Indian data protection laws and the IT (Reasonable Security Practices and Procedures) Rules, 2011.
