GlobagiftGlobagift

Privacy Policy

Last Updated: February 13, 2026

This Privacy Policy explains how Globagift (a brand name of Globapay Holdings Ltd., "we," "us," or "our") collects, uses, shares, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and Irish data protection law.

1. Data Controller

Globapay Holdings Ltd.
20 Harcourt St
Dublin D02 H363
Ireland
Registered Company No: 781644
Email: [email protected]

2. Scope

  • The Globagift website and platform
  • B2B digital gift card services
  • Customer support interactions
  • Marketing communications

3. Personal Data We Collect

Business Contact Information: Company details, contact names, business emails, phone numbers, billing addresses.

Account and Authentication Data: Username/password (encrypted), account settings, 2FA data.

Transaction Data: Purchase and redemption records, amounts, dates, references, voucher codes, history.

Technical Data: IP address, browser/device data, cookies, access logs, and usage patterns.

Communications Data: Support messages, correspondence, feedback, and survey responses.

4. Lawful Basis for Processing

  • Contractual Necessity (Article 6(1)(b)) for platform operations and transactions.
  • Legal Obligation (Article 6(1)(c)) for accounting, tax, and legal compliance.
  • Legitimate Interests (Article 6(1)(f)) for security, service improvement, and operational analysis.
  • Consent (Article 6(1)(a)) for non-essential cookies and marketing where required.

5. How We Use Your Data

  • Provide and maintain services
  • Process transactions and manage accounts
  • Authenticate users and prevent fraud
  • Provide customer support
  • Send service notifications and transactional emails
  • Improve platform performance and features
  • Comply with legal and regulatory obligations
  • Send marketing communications with consent
  • Conduct analytics and business intelligence

6. Data Retention

  • Transaction records: 7 years
  • Account data: account duration plus 1 year
  • Marketing data: until consent withdrawal or 2 years inactivity
  • Technical logs: 12 months
  • Support communications: 3 years

You may request deletion earlier, subject to legal obligations.

7. Data Sharing and Disclosure

  • Processors: cloud hosting, payment processors, email providers, support tooling, analytics providers.
  • Business partners: merchant of record partners and relevant fulfillment partners.
  • Legal disclosures: where required by law, court order, or security/fraud prevention needs.
  • Business transfers: merger, acquisition, or asset sale scenarios.

All processors are bound by Data Processing Agreements compliant with GDPR Article 28.

8. International Data Transfers

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy mechanisms where available
  • Supplementary safeguards and transfer impact assessments

9. Cookies and Tracking Technologies

  • Essential cookies: Required for authentication, security, and session handling.
  • Analytics cookies: Optional, used to improve site and platform experience.
  • Marketing cookies: Optional, used to measure campaign effectiveness.

You can manage your choices at any time from the "Cookie Settings" link in the footer.

10. Your GDPR Rights (Articles 15-22)

  • Right of Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Rights related to Automated Decision-Making
  • Right to Withdraw Consent
  • Right to Lodge a Complaint

11. Security Measures

  • Encryption in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Access control and authentication controls
  • Security monitoring and regular assessments
  • Staff training and incident response processes

12. Contact and Complaints

For privacy requests or questions, contact:
Email: [email protected]
Address: Globapay Holdings Ltd., 20 Harcourt St, Dublin D02 H363, Ireland

Supervisory Authority:
Data Protection Commission (Ireland)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone: +353 578 684 800
Email: [email protected]
Website: www.dataprotection.ie

13. Data Breach Notification

If a personal data breach occurs, we will notify the Irish Data Protection Commission within 72 hours where required by GDPR Article 33, and affected individuals without undue delay where high risk applies under Article 34.

14. Children's Privacy

Our services are designed for business use and are not directed to individuals under 16 years of age.

15. Automated Processing

We do not currently engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

16. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that may present high risk to individuals' rights and freedoms.

17. Changes to This Policy

We may update this policy periodically. Material changes may be communicated by email to account holders, website notice, or in-platform notice. Continued use after changes constitutes acceptance.

18. Legal Basis Summary Table

Processing ActivityLawful BasisGDPR Article
Account managementContract6(1)(b)
Transaction processingContract6(1)(b)
Financial record-keepingLegal obligation6(1)(c)
Fraud preventionLegitimate interest6(1)(f)
Platform securityLegitimate interest6(1)(f)
Service improvementsLegitimate interest6(1)(f)
Marketing emailsConsent6(1)(a)
Analytics cookiesConsent6(1)(a)

© 2026 Globapay Holdings Ltd. All rights reserved.