Last updated: 14th of December 2025

What Personal Information We Collect and Why

1. INTRODUCTION

Welcome to Gifty Code!

(Hereinafter collectively referred to as "Gifty Code", "we", "us", "our").

Gifty Code values your privacy and the protection of your personal data. This Privacy Policy describes what information we collect from you, how we collect it, how we use it, how we obtain your consent, how long we keep it in our databases, and with whom we share it.

By visiting the website (https://giftycode.com) and purchasing products, you are accepting the practices described in this Privacy Policy. Your use of the website and purchase of products are also subject to our Terms and Conditions.

This Privacy Policy may change from time to time. Your continued use of the website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. This Privacy Policy has been prepared and is maintained in accordance with all applicable UAE federal laws and regulations, including:

• UAE Federal Law No. 45 of 2021 on the Protection of Personal Data
• UAE Federal Law No. 2 of 2019 on the Use of Information and Communication Technology in Health Fields
• Payment Card Industry Data Security Standard (PCI-DSS)
• UAE Federal Tax Authority regulations
• UAE Commercial Companies Law
• All other applicable UAE laws and regulations

2. DATA CONTROLLER INFORMATION

The personal data of users collected and processed through this website will be under the responsibility and control of:

Gifty Code Platform.

Email: support@giftycode.com
WhatsApp Chat: +971 56 103 0694

Registered Entities:

• GIFTY CODETRADING L.L.C - O.P.C (License No: CN-5054702), Abu Dhabi, UAE
Gifty Code LLC (License No: 2324397), Sharjah, UAE

For complete company registration details and registered addresses, please refer to the footer of this website.

3. CONSENT

By using the website, registering on the website, placing an order, contacting us through our contact details, and providing us with personal information to communicate with you, you consent to our collection, storage, and use of your information on the terms contained in this Privacy Policy.

You may withdraw your consent at any time by sending us your request via:
• Email: support@giftycode.com
• WhatsApp Chat: +97156103 0694
• Contact page on our website

Please note that withdrawing consent may affect your ability to use certain features of the website or complete purchases.

4. TYPES OF INFORMATION WE COLLECT

The information we collect from our users and customers helps us to provide our products effectively and to personalize and continually improve the user experience on the website. These are the types of information we collect:

4.1. Information You Provide to Us

You provide information when you visit the website, register on the website, place an order, and/or communicate with us through our contact information. As a result of those actions, you might supply us with the following information:

Account Information:

- Username
- Email address
- Phone number

- Password (encrypted)

Identity Verification (KYC Documents):

- Government-issued identification (passport, National ID, driver's license)
- Selfie photo for identity verification
- Additional verification documents as required by payment processors or regulatory requirements

Order Information:
- Billing address
- Shipping address (if applicable)
- Product preferences

- Purchase history

Communication Information:

- Messages sent through contact forms
- Customer service inquiries

- Feedback and reviews

Additional Information:

- Any other information you provide to us directly or indirectly through our website or online presence. Gifty Code will not collect any personally identifiable information about you unless you provide it.

4.2. Information Collected Automatically

By accessing and using the website, you automatically provide us with the following information:

Technical Information:

- IP address
- Browser type and version
- Device type and operating system
- Referring URLs
- Pages visited and time spent on pages

- Clickstream data

Mobile Device Information (if accessing via mobile):

- Mobile device ID
- Device model and manufacturer
- Operating system version

- Mobile network information

Cookies and Tracking Technologies:

- Cookie data (see Section 12 for detailed information)
- Pixel tags
- Web beacons

- Local storage data

4.3. Payment Information

Your payment data will be processed by secure, PCI-compliant payment processors available on this website, including:

• Credit and debit card processors (Visa, Mastercard, American Express, Discover, Diners Club)

• PayPal
• Apple Pay
• Google Pay

• Additional payment methods as displayed at checkout

Payment processors will process and store your payment data securely and for the sole purpose of processing the purchase of products. We do not store your complete card details on our servers. All payment data is encrypted and handled according to PCI-DSS security standards.

Payment Processor Privacy Policies:

• PayPal: https://www.paypal.com/us/legalhub/privacy-full
• Google Pay: https://policies.google.com/privacy

• Apple Pay: https://support.apple.com/en-us/HT203027

4.4. Contact Information

We may access some personal information about the user, such as name and email address, when the user or any third party communicates with us through our contact information. Personal information provided through our contact information is stored securely and processed in accordance with this Privacy Policy.

5. KYC DOCUMENT COLLECTION AND SHARING

5.1. KYC Verification Service Provider

We use ShuftiPro, a third-party KYC (Know Your Customer) verification service provider, to collect and verify customer identity documents. ShuftiPro is a secure, industry-standard identity verification platform that helps us comply with payment industry regulations and UAE laws.

Important: Before proceeding with KYC verification, you will be required to review and accept ShuftiPro's privacy policy and terms of service. ShuftiPro's privacy policy governs how they collect, process, and protect your verification data. By proceeding with the verification process, you consent to ShuftiPro's privacy policy in addition to this Privacy Policy.

For more information about ShuftiPro's privacy practices, please review their privacy policy during the verification process or visit their website.

5.2. What KYC Documents We Collect

To ensure secure transactions, prevent fraud, and comply with payment industry regulations and UAE laws, we may collect Know Your Customer (KYC) verification documents from customers through ShuftiPro's verification platform. This may include:

Government-issued identification documents:

- Passport
- National ID Card
- Driver's license
- Proof of address documents
• Identity verification:
- Selfie photo for identity verification
- Face verification (live or photo)
- Additional verification documents as required by payment processors or regulatory authorities

5.3. How We Use KYC Information

We use your KYC documents for the following purposes:

• Verify customer identity and prevent fraudulent transactions
• Comply with payment processor and banking regulations
• Comply with UAE anti-money laundering (AML) regulations
• Process and respond to chargeback disputes
• Meet legal and regulatory requirements
• Prevent fraud and unauthorized transactions
• Enforce purchase limits and account security

5.4. Who We Share KYC Information With

We may share your KYC documents with the following parties:

ShuftiPro (KYC Verification Service Provider):
- KYC documents are collected and processed by ShuftiPro on our behalf
- ShuftiPro verifies your identity documents and provides verification results to us
- ShuftiPro's processing of your data is governed by their privacy policy, which you must accept before proceeding with verification
- We receive verification results and status from ShuftiPro, but ShuftiPro may retain your verification data according to their privacy policy

Payment Processors and Payment Gateways:
- For transaction processing and fraud prevention
- As required by payment industry regulations
- Verification results may be shared to demonstrate compliance

Issuer Banks:
- In the event of chargeback disputes
- For fraud investigations
- As required by banking regulations
- KYC verification results may be shared to support dispute resolution

Regulatory Authorities:
- When legally required by UAE law
- For compliance with financial regulations
- In response to legal requests or court orders

Law Enforcement:
- When legally required
- In response to valid legal processes
- For fraud investigation and prevention

 5.5. Legal Requirements for Sharing KYC Information

Sharing KYC information with issuer banks during chargeback disputes and with payment processors is:

• Required by payment industry regulations (PCI-DSS, card network rules)
• Necessary for fraud prevention and dispute resolution
• Standard practice in e-commerce transactions
• Required by UAE financial regulations
• Protected by confidentiality agreements with all parties
• Essential for maintaining secure payment processing

5.6. Data Protection for KYC Documents

All KYC documents are:

• Processed through ShuftiPro's secure, encrypted platform
• Encrypted during transmission and storage
• Accessible only to authorized personnel
• Stored in secure, access-controlled systems
• Retained only as long as legally required
• Deleted in accordance with our data retention policy
• Protected by strict confidentiality agreements with ShuftiPro and other parties

Note: ShuftiPro may retain your verification data according to their privacy policy and data retention practices. For information about how ShuftiPro handles your data, please refer to their privacy policy, which you accept before proceeding with verification.

5.7. Your Rights Regarding KYC Information

You have the right to:
• Request access to your KYC documents
• Request correction of inaccurate information
• Request deletion (subject to legal retention requirements)
• Withdraw consent (may affect your ability to complete transactions)

For requests regarding KYC information, please contact us at support@giftycode.com.

6. HOW LONG WE KEEP YOUR DATA

Personal data provided by users and customers through the website will be retained for the time necessary to:

• Send the products (gift cards) to customers
• Process payments and complete transactions
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements
• Prevent fraud and ensure security
• Comply with payment processor requirements and investigations

Retention Periods:

Account Information:
- Active accounts: Retained while your account is active
- Closed accounts: The Account is closed immediately upon request. Personal information (name, email, phone, profile data) is deleted after a minimum of 6 months from your last order (may be extended up to 5 years if required by payment processors or regulatory requirements)

Transaction and Order Records:

- Payment Processor Requirements:

Must be retained for a minimum of 6 months from the date of your last order. The retention period may be extended up to 5 years if required by payment processor investigations, regulatory requirements, or ongoing disputes.

- Tax Compliance:
Transaction records (including customer address if required by tax regulations) must be retained for a minimum of 5 years from the date of the transaction, as required by UAE Federal Tax Authority regulations.
- Includes: order numbers, dates, products purchased, amounts paid, tax information, payment methods, delivery confirmations, customer address (if required for tax), and customer communications related to orders
- These records are retained even after account closure, as required by payment industry regulations and UAE tax laws

Customer Communication History:
- Retained as part of transaction records for payment processor requirements and tax compliance
- Not deleted upon account closure

KYC Documents:
- Retained for 5 years after the last transaction or as required by payment processors and regulatory authorities
- May be retained longer if required for ongoing legal disputes or regulatory investigations

 

Payment Information:
- Not stored on our servers; processed and retained by payment processors according to their policies

Marketing Data:
- Retained until you unsubscribe or request deletion
- Deleted immediately upon account closure or unsubscribe request

Cookies and Tracking Data:
- Retained according to cookie expiration periods (see Section 13)

Account Closure and Data Deletion:

When you request account closure:

1. Immediate Actions:
• Your account will be closed immediately, and login access will be  disabled
• Your email and phone will be removed from marketing lists
• Your account will no longer be accessible

2. Data Deletion Timeline:
• Your personal information (name, email, phone, profile data) will be deleted after a minimum of 6 months from your last order
• The deletion period may be extended up to 5 years if required by payment processor investigations, regulatory requirements, or ongoing disputes
• Customer address and transaction records will be retained for 5 years for tax compliance as required by UAE Tax Authority

3. Final Deletion:
• After 5 years from your last transaction, all records will be permanently deleted
• You will no longer be able to request access to any historical data

Legal Requirements:

Gifty Code is legally required to retain transaction and order records (including customer address if required) for:
Payment Processor Requirements: Minimum 6 months, extendable up to 5 years for investigations or disputes
Tax Compliance: Minimum 5 years as required by UAE Federal Tax Authority regulations, UAE Commercial Companies Law, and UAE Federal Law No. 7 of 2017 on Tax Procedures

These retention requirements apply even if you request account closure.

Right to Access During Retention Period:

Even after account closure, you have the right to:
• Request access to your transaction records (within the 5-year retention period)
• Request copies of invoices and receipts
• Request correction of any errors in transaction records

To request access to your transaction records after account closure, please contact us at support@giftycode.com with your order numbers or transaction dates.

Gifty Code may be allowed to retain personal data for a longer period whenever:
• The user has given consent to such processing (as long as consent is not withdrawn)
• Required for the performance of a legal obligation
• Required by order of an authority
• Necessary for legal claims or disputes

Once the retention period expires, personal data shall be deleted. Therefore, the right to access, the right to erasure, and the right to rectification cannot be enforced after expiration of the retention period.

7. HOW WE USE YOUR INFORMATION

In general, we use the information we collect primarily to provide, maintain, protect, and improve our current website and products. We use personal information collected through our website as described below:

7.1. Service Provision
• User registration and account management
• Send products (gift cards) to customers
• Process payments and transactions
• Provide customer support and respond to inquiries

7.2. Business Operations
• Improve our products, website, and how we operate our business
• Understand and enhance your experience using our website and products
• Enforce daily and weekly purchase limits per user
• Protect the website from fraudulent payments and unauthorized access

7.3. Communication
• Send you related information, including:
- Order confirmations
- Invoices and receipts
- Technical notices
- Updates and security alerts
- Support and administrative messages
• Communicate with you about upcoming events, offers, and news about products and services offered by Gifty Code and our selected partners
• Email marketing (with your consent)
• SMS text messages (with your consent)
• WhatsAapp text messages (with your consent)

7.4. Security and Fraud Prevention
• Protect, investigate, and deter against fraudulent, unauthorized, or illegal activity
• Verify customer identity (KYC)
• Monitor transactions for suspicious activity
• Comply with anti-money laundering (AML) regulations

7.5. Analytics and Improvement
• Link or combine your information with other information we get from third parties to help understand your needs and provide you with better service
• Analyze website usage and improve user experience
• Conduct market research and analysis

7.6. Legal Compliance
• Comply with UAE laws and regulations
• Respond to legal requests and court orders
• Enforce our Terms and Conditions
• Protect our rights and the rights of our users

8. HOW WE SHARE INFORMATION

The personal information of our customers and users is an important and fundamental part of our business. Under no circumstances will we sell or share information with third parties that has not been previously authorized by the user, customer, or owner of the personal data. We share user and customer information only and exclusively as described below.
8.1. Third-Party Service Providers
We use the services of third parties to perform certain functions on our behalf and through our website and services. Examples include:
KYC Verification Services: ShuftiPro - Identity verification and KYC document processing (see Section 5 for details)
Payment Processors: Processing payments (PayPal, Apple Pay, Google Pay, credit card processors)
Hosting Services: Building and hosting the website
Communication Services: Sending emails and SMS/WhatsApp messages
Analytics Services: Analyzing data and website performance
Marketing Services: Providing marketing assistance
Customer Support: Delivering customer service support
These third-party services and tools may have access to personal information needed to perform their functions, but may not use that information for other purposes. Information shared with these third-party services will be treated and stored in accordance with their respective privacy policies and our privacy policy.

Important: When using ShuftiPro for KYC verification, you will be required to accept ShuftiPro's privacy policy before proceeding. ShuftiPro's processing of your verification data is governed by their privacy policy, which is separate from this Privacy Policy.

8.2. Payment Processors and Issuer Banks

We share payment and KYC information with:

Payment Processors: For transaction processing, fraud prevention, and compliance
Issuer Banks: In the event of chargeback disputes, fraud investigations, or as required by banking regulations
Card Networks: As required by payment industry regulations

All sharing is done in compliance with PCI-DSS standards and payment industry regulations.

8.3. Email Marketing

We use the information provided by users to send relevant information to our users and customers. By registering as a user and placing an order, you authorize us to use your information for email marketing. We will use third-party services to conduct email marketing, so we may share certain information with some of these third parties for the sole and exclusive purpose of sending emails through email marketing and in accordance with our privacy policy.

You can unsubscribe from marketing emails at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at support@giftycode.com

• Updating your account preferences

8.4. SMS Text Messages and WhatsApp

We use SMS text messages and WhatsApp to send different types of messages, such as:

• Notifications about your order
• Special content and offers on our products
• Account security alerts

• Customer support communications
• Login and registration links.

By placing an order and opting to receive our SMS messages or WhatsApp messages, you agree to these terms and conditions.

By entering your phone number in the checkout form, you consent to receive SMS text notifications and WhatsApp messages from us (order notifications, including abandoned cart reminders) and offers on our products. Please note that your consent to receive or not receive these messages is not a condition of any purchase on our website.

Your phone number and purchase information will be shared with the SMS marketing platform and WhatsApp service provider we use. This data will be used to send you targeted marketing messages and notifications. When sending text messages or WhatsApp messages, your phone number will be shared with our applicable messaging carriers and service providers to fulfill the sending and delivery of the messages.

To unsubscribe from SMS messages:

• Reply with "STOP" to any SMS message we send you

• Contact us at support@giftycode.com

To unsubscribe from WhatsApp messages:

• Reply with "STOP" to any WhatsApp message we send you

• Contact us at support@giftycode.com or WhatsApp: +971 56 103 0694

You understand and agree that alternative methods of unsubscribing, such as the use of alternative wording or requests, will not be considered a reasonable means of unsubscribing. Message and data usage fees may apply.

8.5. Business Transfers

In the event that Gifty Code is created, merges with, or is acquired by another entity, your information will most likely be transferred. Gifty Code will email you or place a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

8.6. Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the website
• Protect the personal safety of users of the website or the public
• Protect against legal liability

8.7. With Your Consent

We may share your information with other parties when you have given us your explicit consent to do so.

9. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: All sensitive data is encrypted during transmission and storage
Access Controls: Limited access to personal information on a need-to-know basis
Secure Servers: Data stored on secure servers with firewalls and intrusion detection
PCI-DSS Compliance: Payment data processed according to PCI-DSS standards
Regular Security Audits: Periodic security assessments and updates
Employee Training: Staff trained on data protection and security practices
Secure Payment Processing: We do not store complete card details on our servers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

If you have any questions about security on our website, please contact us at support@giftycode.com.

10. YOUR RIGHTS UNDER UAE DATA PROTECTION LAW

Under UAE Federal Law No. 45 of 2021 on the Protection of Personal Data and other applicable laws, you have the following rights regarding your personal information:

10.1. Right to Access
You have the right to request access to your personal information and receive a copy of the data we hold about you.

10.2. Right to Rectification
You have the right to request correction of inaccurate or incomplete personal information.

10.3. Right to Erasure
You have the right to request deletion of your personal information. When you request account closure:

• Your account will be closed immediately and login access disabled
• Your personal information (name, email, phone, profile data) will be deleted after a minimum of 6 months from your last order (may be extended up to 5 years if required by payment processors or regulatory requirements)
• Customer address and transaction records will be retained for 5 years for tax compliance as required by UAE Tax Authority

After the retention periods expire, your personal data will be permanently deleted. For complete details, please see Section 6.

10.4. Right to Withdraw Consent
You have the right to withdraw your consent at any time where we rely on consent to process your personal information.

10.5. Right to Account Closure
You have the right to request closure of your account at any time. When you request account closure:

• We will immediately close your account and delete your personal profile information
• We will remove you from all marketing communications
• However, we must retain transaction and tax records (including customer address if required by tax regulations) for 5 years as required by UAE Tax Authority regulations
• After 5 years from your last transaction, all records will be permanently deleted

To request account closure, please contact us at support@giftycode.com.

10.6. Right to Lodge a Complaint
You have the right to lodge a complaint with the UAE Data Protection Authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at:
• Email: support@giftycode.com
• WhatsApp: +971 56 103 0694

We will respond to your request within 30 days, as required by UAE law.

11. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than the UAE, including countries that may not have the same data protection laws as the UAE. When we transfer your information internationally, we ensure that:

• Appropriate safeguards are in place to protect your information
• The transfer complies with applicable data protection laws
• Your information is protected according to this Privacy Policy

By using our website, you consent to the transfer of your information to countries outside the UAE for the purposes described in this Privacy Policy.

12. CHILDREN'S PRIVACY

We are committed to protecting the privacy of children. Our website and products are not intended for persons under the age of 18. We do not knowingly collect personal information from children under the age of 18.

If we become aware that a person under the age of 18 has provided us with information, we will take the necessary steps to delete that information and terminate that person's account immediately.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@giftycode.com, and we will delete such information.

13. COOKIES AND TRACKING TECHNOLOGIES

13.1. What Are Cookies

Cookies are small text files that are stored on your computer or mobile device when you visit a website. They allow the website to recognize your device and remember if you have been to the website before. Cookies are a very common web technology; most websites use cookies and have done so for years.

Cookies are widely used to make the website work more efficiently. Cookies are used to measure which parts of the website users visit and to personalize their experience. Cookies also provide information that helps us monitor and improve the performance of the website.

13.2. Cookie Settings
If you do not want cookies to be dropped on your device, you can adjust the setting of your Internet browser to reject the setting of all or some cookies and to alert you when a cookie is placed on your device. For further information about how to do so, please refer to your browser 'help', 'tool', or 'edit' section.

Please note that if you use your browser settings to block all cookies, including strictly necessary cookies, you may not be able to access or use all or parts of the functionalities of the website.

If you want to remove previously-stored cookies, you can manually delete the cookies at any time. However, this will not prevent the website from placing further cookies on your device unless and until you adjust your Internet browser setting as described above.

Cookie Management Links:
• Microsoft Edge: https://support.microsoft.com/en-us/office/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
• Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data/sfri11471/mac
• Opera: https://help.opera.com/en/latest/web-preferences/

Mobile Devices:
• Android: https://support.google.com/answer/32050
• iOS: https://support.apple.com/en-us/HT201265

13.3. Types of Cookies We Use
We use the following types of cookies:

Strictly Necessary Cookies:
These cookies are essential for the website to perform its basic functions. They cannot be disabled.

Security Cookies:
We use these cookies to help identify and prevent potential security risks.

Analytics and Performance Cookies:
Performance and analytics cookies collect information about how users interact with our website, including the most visited pages, as well as other analytical data. We use this data to improve how our website works and to understand how users interact with the website.

Advertisement Cookies:
These cookies are used to display relevant advertising to visitors using the website, as well as to understand and report on the effectiveness of ads served on our website. Advertisement cookies track details such as the number of unique visitors, the number of times specific advertisements have been shown, and the number of clicks the advertisements have received. These cookies are also used to create user profiles, such as showing you ads based on content you have viewed on our website or other websites.

13.4. Third-Party Cookies
Some cookies are placed by third-party services that appear on our pages. We do not control these cookies. Please refer to the privacy policies of these third parties for more information.

14. THIRD-PARTY WEBSITES

Except as otherwise expressly included in this Privacy Policy, this document addresses only the use and disclosure of information Gifty Code collects from you. If you disclose your information to others, whether other users or suppliers on Gifty Code, different rules may apply to their use or disclosure of the information you disclose to them.

Gifty Code does not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable. Gifty Code is not responsible for the privacy or security practices of other websites on the Internet, even those linked to or from our website.

Gifty Code encourages you to ask questions before you disclose your personal information to others.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page with a new "Last updated" date
• Sending you an email notification (if you have provided your email address)
• Displaying a prominent notice on our website

Your continued use of the website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

16. CONTACT US

If you have questions or concerns about this Privacy Policy, the handling and security of your data, or wish to exercise your rights under UAE data protection laws, please contact us:

Gifty Code Platform

Email: support@giftycode.com
WhatsApp: +971 56 103 0694

We will respond to your inquiry within 30 days, as required by UAE data protection law.