This Privacy Policy explains how Mauzo Ventures (“GIFXi”, “we”, “us” or “our”) collects, uses, shares and protects personal data when you use the GIFXi platform, website and related services (the “Services”). We are committed to handling personal data responsibly and in line with applicable laws, including the EU GDPR and India’s Digital Personal Data Protection Act, 2023.
1. Who we are
GIFXi is an employee rewards, recognition and corporate gifting platform operated by Mauzo Ventures, based in Gurugram, India. Depending on the context, we act as a data processor on behalf of our Customers (employers running rewards programmes) and as a data controller for our own website visitors and account administrators.
2. Information we collect
- Account & contact data — name, work email, phone number, company, role and login credentials.
- Employee & programme data — provided by Customers (or their HRMS) to run rewards: employee IDs, names, work email, team, location, dates such as birthdays and work anniversaries, and points balances.
- Reward & order data — redemptions, gift selections, and shipping details for physical goods such as kits, gifts and awards.
- Usage & device data — IP address, browser type, pages visited and interactions, collected via cookies and similar technologies.
- Communications — messages you send us and demo or support requests.
3. How we use information
We use personal data to: provide, operate and improve the Services; issue, deliver and ship Rewards; authenticate users and secure accounts; provide customer support; send service and transactional messages; comply with legal obligations; and, where permitted, send relevant marketing (you can opt out at any time). For Customer programme data, we process it only on the documented instructions of the Customer.
4. Legal bases for processing
Where the GDPR applies, we rely on: performance of a contract; our legitimate interests (such as securing and improving the Services); your consent (for example, certain cookies and marketing); and compliance with legal obligations. Where the DPDP Act applies, we process personal data for lawful purposes with notice and, where required, consent.
5. Cookies and analytics
We use strictly necessary cookies to operate the site and, with your consent where required, analytics cookies to understand usage and improve the experience. You can control cookies through your browser settings. Disabling some cookies may affect how the site functions.
6. How we share information
We share personal data with: brands, merchants and fulfilment or logistics partners to deliver Rewards and ship physical goods; service providers (such as hosting, payment and communications vendors) under appropriate contracts; your connected systems (HRMS, identity providers) at your direction; and authorities where required by law. We do not sell personal data.
7. International transfers
We may transfer and process personal data in countries other than where you are located. Where we do, we apply appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, to protect your data.
8. Data security
We maintain technical and organisational measures designed to protect personal data, including AES-256 encryption, access controls, SSO & SCIM, audit trails, and an information-security programme aligned with ISO 27001. No method of transmission or storage is completely secure, but we work continuously to protect your information.
9. Data retention
We retain personal data only as long as necessary for the purposes described, to provide the Services, and to comply with legal, accounting and reporting obligations. When data is no longer needed, we delete or anonymise it. Customer programme data is retained according to our agreement with the Customer.
10. Your rights
Subject to applicable law, you may have the right to access, correct, update, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent. For Customer programme data, please direct requests to your employer (the controller); we will assist them as processor. To exercise rights regarding data we control, contact us using the details below.
11. Children’s privacy
The Services are intended for business use by adults. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will take appropriate steps to remove it.
12. Grievance & data protection contact
For privacy questions, requests or complaints, contact our privacy team at privacy@gifxi.com. In accordance with India’s DPDP Act and applicable rules, our Grievance Officer can be reached at the same address. We will respond within the timelines required by law.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, where appropriate, provide additional notice. Please review this page periodically.
14. Contact us
Mauzo Ventures (operating GIFXi), Gurugram, India — hello@gifxi.com or visit our contact page.