Data Protection Policy

Data Protection Policy

GiftBox Systems, Data Protection Policy

We appreciate the trust you place in us when sharing personal data, whether it be the Charity or the Customer’s information. The security of that data is very important to us. In this document, we will explain how we collect, use and protect personal data entrusted to us.

Data Protection 

GiftBox Systems wish to make the following core and abiding principles:

  1. - We will never share any information with anyone not appropriately authorised to have access to the data
  2. - We will always undertake best industry practices to protect your data from unwarranted disclosure
  3. - Data will be stored in the countries sanctioned by the laws of the country where we operate. At this time, all

This notice informs you about information we hold, what we do with it, how we will look after it and with whom we might share it.

"Personal data" in this context refers to the information we hold about you from which you can be identified.

Storage, Back-up & Retention of personal data

GiftBox Systems is a Singapore-domiciled organisation and our primary offices are in the Singapore.

Our websites and web applications are hosted in SG and are accessed only by our staff. Our operations in other countries have their own dedicated servers and not connected to our Singapore operations.

In all these instances, we have appropriate contractual and security measures in place to ensure that personal data is protected.

Our customer support management, marketing and accounting systems for all our businesses are either Singapore-based or, if elsewhere, are required to comply with our data protection policies.  Our payment processors and banking arrangements are based in the Singapore.

To ensure adequate protection of data in the event of a disaster, we retain a back-up copy of your database and application set-up in a separate server in SG for a rolling fourteen-day period.  Our policies for protection of that data is also controlled by this policy.

What types of personal data do we handle about Customers?

The personal data we hold includes:

  • - Contact details such as names, occupation, email addresses, phone numbers & photos
  • - Personal data gathered by organisations that use GiftBox Systems applications about the people they serve
  • - Contracts which might include Charity institutions personal data


What are the purposes for processing customer personal data?

Processing refers to doing anything with the data, such as accessing, disclosing, destroying or using the data in any way. 

The specific purposes for which we process your personal data include;

  • - Contractual management
  • - To provide support services
  • - To marketing additional or new services for Charities and Organisations as they become available to  To market additional or new services for Charities as they become available to
  • - To support a legal obligation, such as to document compliance with exercised rights


What is the lawful basis for processing?

GiftBox Systems will only process personal data when it is legally justifiable to do so.

  • - The processing is necessary for the performance of a contract you have (or are enquiring to enter into) with us
  • - The processing is a legal obligation
  • - The processing taking place meets a legitimate interest of the company (including direct marketing)


Sharing your information

We only share your personal data with third parties when one of the lawful grounds (above) is met, and then only with the organisation to which the data refers.  We do not share data from one Charity to another.

We believe in protecting your privacy and therefore do not under any circumstances provide your personal information to third parties for marketing purposes.

Security of your Information

Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.

We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

Retaining Information

We will only retain information for as long as necessary for the specified purposes and in-line with legal obligations. Third party contracts and finance data is retained for 6 years.

What if the data we hold is incorrect?

It is important that the information we hold is kept up to date. If personal details change or if they are currently inaccurate then it is important that you let us know by contacting our Data Protection Officer.

What if you need to exercise any of your other rights regarding personal data?

If you’d like to exercise any of your other rights apart from the right of rectification or access, please contact our Data Protection Officer (details at the end of this privacy notice) for more details.

What about the personal data we process on behalf of our customers?

GiftBox Systems is a data processor for the data it processes on behalf of its customers. Therefore, the purposes, lawful basis and retention periods in relation to the processing of our customers’ service user and staff personal information should be made available directly through them as they are the Data Controllers.

If you have any questions about the data we process on behalf of our customers, please get in touch with our Data Protection Officer (details at the end of this privacy notice) who will support you in getting in touch with the relevant customer contact.

GiftBox will only process customer data as directed and agreed by the Service Provider’s Data Controller. GiftBox Systems will not respond to individuals serviced by Charities.

Technical Information related to our Web Servers

In order to ensure that each visitor to our websites can use and navigate the site effectively, we collect the following:

  • Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
  • Your login information, browser type and version, time zone setting, browser plug-in types and versions; Operating system and platform;
  • Information about your visit, including the Uniform Resource Locators (URL) clickstream to, through and from our site.
  • Our cookies do not collect personal information and are provided simply to improve user performance.

Contact our Data Protection Officer

If you would like a more detailed explanation on any of the aspects covered above or have any other queries, then please contact our Data Compliance and Security Officer who acts as the company’s Data Protection Officer on +65 6817 7768  or email