Privacy Policy
Last updated: 1 May 2023
This website and all associated products and services are provided and managed by YrTech Ltd, a company registered in England and Wales under number 12027843 (the "Service"). The Service is intended for use "as is".
This Privacy Policy is to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information where they decided to use the Service.
If you choose to use the Service you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.
The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions unless otherwise defined in this Privacy Policy.
GDPR Data Protection Officer
We have appointed a Data Protection Officer to handle responsibility for personal data and to deal with all requests for information. This person is named as: Ben Prior and can be contacted at gdpr@yrtech.co.uk.
We may use technology to track the patterns of behaviour of visitors using the Service. This can include using a "cookie" which would be stored on your browser. You can modify your browser to prevent this happening but this will cause some areas of the Service to stop operating correctly. The information collected in this way cannot be used to identify you. If you have any questions/comments about privacy, you should e-mail us at gdpr@yrtech.co.uk.
Information Collection and Use
We adhere to ethical standards in gathering, using, and safeguarding any information you provide. Parts of the Service (namely YrTech Forms) are used by developers to create HTML forms (Users) and by website visitors who submit forms on Users' websites (Respondents). The information we receive from Users and Respondents and how we handle it differs, as set out below.
Users
As a User, we collect information relating to you and your use of our Services from a variety of sources:
Information we collect directly from the User
- Registration Information: Information you provide to us when you signup for an account
- Profile Settings: you can view and edit your preferences and personal details on the "My Profile" page within your Dashboard. For example settings such as communication preferences and account details.
- Form Submission Data: We store form data (fields and values) for you.
- Subscription Information: We store information about your subscription level. If you subscribe to a paid plan, we require you to provide your billing details
Information we collect about the User indirectly or passively when interacting with us
- Usage data: We collect usage data about Users whenever they interact with The Services.
- Device and Application data: We collect data from the device and application the User uses to access The Services, such as the IP address and browser type. We may also infer the geographic location based on the User IP address.
- Information from Third parties: We may collect User personal information or data from third parties if the User gives permission to those third parties to share such information with us (e.g. third partiy features such as "Login using Google" or "Login using Apple")
- Information from cookies and page tags: We may use third-party tracking services that employ cookies to collect aggregated and anonymized data about visitors to our websites. This data may include usage and User statistics.
Respondents
As a Respondent, when you respond to a form hosted by YrTech Forms, we collect, on behalf and upon instructions of Users, information relating to you and your use of our services from a variety of sources:
Information we collect directly from the Respondent
We collect and store the form responses from Respondents. The User is responsible for that data and manages it. The User is normally the same person that invited the Respondent to fill out the form and sometimes they have their own privacy policy.
When responding to a form hosted by us, you may provide personal information or data. Please note that YrTech is not responsible for the content of that form, so if you have any questions about a forms you are completing, please contact the User directly.
Information we collect about the Respondent from other sources on behalf of Users
- Usage data: On behalf of Users, we may collect usage data about Respondents whenever they interact with The Service.
- Device and Application data: On behalf of Users, we collect data from the device and application the Respondent uses to access The Service, such as, the IP address, browser type and operating system. We may also infer the geographic location based on the Respondent IP address
- Information from cookies and page tags: We may use third-party tracking services that employ cookies to collect aggregated and anonymized data about visitors to our websites. This data may include usage and User statistics.
Our obligations as data processor when processing Respondents' data on behalf of Users
When we process Respondents' data on behalf of Users, the User who creates the form is the Data Controller in relation to the data of Respondents using such form, and YrTech is the Data Processor of such Respondents data (hereinafter, User shall be referred to as the “Data Controller” and YrTech as the “Data Processor). For the processing of Respondents' data on behalf of the Data Controller, the Data Processor undertakes to fulfill the following obligations:
- To treat the personal data only to carry out the provision of The Service, in accordance with the instructions given by the Data Controller (unless there is a legal rule that requires complementary processing, in such a case, the Data Processor will inform the Data Controller of that legal requirement prior to the processing, unless the Law prohibits it on public interest grounds).
- To maintain the duty of secrecy with respect to the personal data to which the Data Processor has access, even after the termination of the contractual relationship, and to ensure that their employees have committed to maintain the confidentiality of the personal data processed.
-
To ensure, taking into account the available technology, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, that they will apply adequate technical and organizational measures to ensure a level of security appropriate to the risk, including, where appropriate, among other things:
- The encryption of personal data;
- The ability to ensure the continued confidentiality, integrity, availability and resilience of the systems and services;
- The ability to restore the availability and access to personal data quickly in the event of a physical or technical incident;
- A process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures in order to ensure the safety of the processing;
-
To keep under their control and custody the personal data to which they have access in relation with the provision of The Service, and to not disclose them, neither transfer or otherwise communicate them, not even for their preservation, to persons unrelated with the provision of The Service covered by this Agreement.
However, the Data Controller may authorize, expressly and in writing, the Data Processor to use another data processor (hereinafter, the “Subcontractor”), whose identification data (full company name and identification number) and subcontracted services must be communicated to the Data Controller, prior to the provision of the service, at least with one (1) month in advance. The Data Processor will also inform the Data Controller of any change envisaged in the incorporation or substitution of the Subcontractors, giving thus to the Data Controller the opportunity to object to such changes.
In case of making use of the power recognized in the previous paragraph, the Data Processor is obliged to transfer and communicate to the Subcontractor the whole obligations that for the Data Processor derive from this Agreement and, in particular, the provision of enough guarantees that he will apply appropriate technical and organizational measures, so that the processing complies with the applicable regulations
In any case, access to the data made by natural persons who render their services to the Data Processor, acting within the organizational framework of the latter by virtue of a commercial and non-labor relationship, is authorized. In addition, access to the data is granted to companies and professionals that the Data Processor has hired in their internal organizational framework in order to provide general or maintenance services (computer services, consulting, audits, etc.), as long as such tasks have not been arranged by the Data Processor with the purpose of subcontracting with a third-party all or part of the Services provided to the Data Controller.
- To delete or return to the Data Controller, at their choice, all personal data to which they have had access in order to provide The Service. Likewise, the Data Processor undertakes to delete the existing copies, unless there is a legal rule that requires the preservation of the personal data. However, employees and other personnel working for the Data Processor are entitled to access Users and Respondents data as required to carry out their obligations under the terms of their contract
- To notify the Data Controller, without undue delay, of any personal data security breaches of which he is aware, giving support to the Data Controller in the notification to the relevant Agencies or other competent Control Authority and, if applicable, to the interested parties of the security breaches that occur, as well as to provide support, when necessary, in the carrying-out of privacy impact assessments, and to assist the Data Controller so they can fulfill the obligation of responding to the requests to exercise certain rights.
- To bring, in writing, a record of all categories of processing activities performed on behalf of the Data Controller.
- To cooperate with the appropriate Agencies or Control Authority, at its request, in the fulfillment of its power
- To make available to the Data Controller the whole information necessary to demonstrate the fulfillment of the obligations established under this Agreement, as well as to allow and contribute to the performance of audits, including inspections, by the Data Controller or by a third-party authorized by them
Rights to Access, Rectify or Erase Data
As part of these terms, you are prohibited from allowing any form of illegal data to enter our systems and we will act only as a data processor for this data. The fundamental rights for the data subjects are your responsibility as the data controller, these include but are not limited to:
- The right to be informed
- The right of access
- The right of rectification f
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Cancelling Your Account
You may cancel your account and you may opt out of receiving any emails from us at any time by changing the settings in your account profile page and by changing the preferences in each of your forms. Deleting your account will cause all the data in the account to be permanently deleted from our systems within a reasonable time period, as permitted by law and will disable your access to any other services that require an account. We will respond to any such request, and any appropriate request to access, correct, update or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).
International Transfer
Your information, including Personal Information, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ to those from your jurisdiction.
If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to the United Kingdom and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Notice to California Residents
Pursuant to California Civil Code 1798.115
Effective January 1, 2020, the California Consumer Privacy Act ("CCPA") grants California residents various rights regarding their personal information relating to that resident or household that is held or collected by a business.
Your CCPA Rights
CCPA provides California residents with particular rights regarding their personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information:
Right to Know - You may request an overview of the personal information we have collected about you in your account. You may request a list of the companies with which we share personal information in the course of providing our service to you.
Right to Delete - You may request deletion of the personal information that we have collected about you in your account, for any reason. However, we may retain certain information as required or permitted by applicable law.
To make such a request, please send an email to privacy@giftster.com.com or write us:
CPPA Privacy Rights
YrTech Ltd
29 Eastern Way
Bury St Edmunds
Suffolk, IP327AB, UK
Notice to Residents of the European Union
For those within the European Economic Area (EEA), the General Data Protection Regulation (GDPR) that went into effect on May 25, 2018 affords you certain European Privacy Rights to your personal data.
These rights are as follows: (a) the right to access any personal information being held about you, (b) the right to have any personal information being held about you permanently deleted (provided that the information is not required to comply with a legal obligation or claim), (c) the right to promptly rectify any inaccurate personal information, (d) the right to restrict processing of your personal information (provided that processing is not required to comply with a legal obligation or claim), (e) the right to request transfer of your personal information directly to a third party if technically feasible, and (f) the right to object to the processing of any personal data at any time.
Right to Object to Direct Marketing
We only send marketing communications to members we believe to be located in the EEA with your prior consent, and you may opt-out of such communications at any time by clicking the "unsubscribe" link found within email updates or by changing your communication preferences in the Service. You will continue to receive essential account-related information even if you unsubscribe from marketing communications emails.
All members can object to the processing of personal information for the purposes of direct marketing at any time, with no fee to do so, by contacting gdpr@yrtech.co.uk.
Cookies
Cookies are files with a small amount of data that are commonly used to identify a user as they navigate through or return to an App or website. These are sent to your Browser from the web servers that The Service connects to and are stored on your device's internal memory. The Service use "cookies" in order to identify you each time you use The Service and to allow you to login to your secure and private dashboard area.
Service Providers
We may employ third-party companies and individuals due to the following reasons:
a) To facilitate The Service;
b) To provide or support The Service on our behalf;
c) To perform Service-related services; or
d) To assist us in analyzing how The Service is used.
We want to inform users of The Service that these third parties may have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
Security
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Links to Other Sites
This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Children's Privacy
These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions. If you are under the age of 13 then please do not use The Service.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us.