Privacy Policy - Lovin' Gift Cards

Lovin’ Gift Cards Bingo Pvt. Ltd. Last updated: 05 November 2025

This Policy explains how we collect, use, disclose, and protect personal information when you visit our website, create an account, or purchase and redeem gift cards, mobile top‑ups, and eSIMs. We align our practices with international standards (GDPR/UK GDPR, CCPA/CPRA) as good practice.

1) Who we are

Brand: Lovin’ Gift Cards

Operator/Owner: Bingo Pvt. Ltd.

Address: Khaldeh Highway, Mount Lebanon, Abou Ghaida Building, 4th floor

Email: Info@bingo-private-limited.com

Mobile/WhatsApp: +961 3 471 269

Website: www.lovingiftcards.com

We offer Lebanese merchant gift cards (e.g., supermarkets, fuel, sports retailers) and white‑label global gift cards, mobile top‑ups, and eSIMs via partners DT One and LikeCard.

2) Information we collect

2.1 Information you provide

Account & profile: name, email, phone number, password, country, language.
Orders & redemptions: billing address, delivery email/phone, recipient name.
KYC (where required): national ID/passport number and image, date of birth, proof of address (only when required by carriers/issuers or anti‑fraud rules).
Support: message content, attachments/screenshots; call recordings if applicable.
Marketing preferences: consent choices and communication settings.

2.2 Automatically collected

Device/usage data: IP address, device type, OS/browser, referral URLs, pages viewed, timestamps, clickstream.
Cookies & similar tech: see the Cookies section below.

2.3 From third parties

Payment gateways: Areeba, Whish, and Netcommerce provide transaction status and fraud‑screening signals. We use 3‑D Secure (3DS). No card details are stored on lovingiftcards.com; card data is handled by the gateways in accordance with PCI DSS.
Identity/KYC vendors (if used): verification status, match results, liveness checks.
Fulfillment partners: DT One and LikeCard may confirm activation, balance, or fraud checks for your order.

We do not intentionally collect sensitive categories unless strictly required for KYC/anti‑fraud, and then only with safeguards.

3) How we use information

Provide, operate, and improve the Services (process orders, deliver codes/top‑ups/eSIMs, manage accounts, support users).
Prevent fraud and abuse; comply with carrier/issuer rules and security requirements.
Perform identity verification/KYC where required by telecom/eSIM providers or risk triggers.
Process payments and refunds; maintain accounting and tax records.
Communicate about orders, security alerts, and updates.
Personalize content and offers; run analytics and product research.
Send marketing communications with consent and enable easy opt‑out.

Legal bases (GDPR/UK GDPR)

Contract performance (delivering your order).
Legitimate interests security, fraud prevention, service improvement.
Consent marketing and certain cookies; some KYC contexts.
Legal obligation tax/accounting; responding to lawful requests.

Processors/service providers: cloud hosting, email/SMS, analytics, support tools, payment gateways (Areeba, Whish, Netcommerce), KYC vendors.
Fulfillment partners: DT One and LikeCard to deliver gift cards/top‑ups/eSIMs (only necessary data such as order ID, product SKU, target phone/email, and risk checks if applicable).
Merchants/issuers: as needed to activate or troubleshoot a gift card.
Payment processors: to process payments, refunds, and fraud screening through 3DS and PCI‑DSS compliant systems.
Authorities/law enforcement: where required by law or to protect rights and safety.
Business transfers: in connection with mergers, acquisitions, or asset sales.

We do not sell personal information. Under CCPA/CPRA, we do not “sell” or “share” personal information for cross‑context behavioral advertising.

5) International transfers

We may process and store information in countries outside your own. Where required, we implement safeguards such as Standard Contractual Clauses for EEA/UK data and vendor due diligence to ensure a comparable level of protection.

6) Data retention

We retain personal information only for as long as necessary for the purposes in this Policy and to meet legal, accounting, or reporting requirements:

Account data: while the account is active and 3 years after last activity; then deletion or anonymization.
Order and transaction records: 7 years to satisfy accounting and tax obligations.
KYC/identity verification data (if collected): up to 5 years after the last transaction or as required by telecom/issuer rules; then secure deletion or anonymization.
Support tickets and communications: 2 years after ticket closure for quality and dispute resolution.
Web/server and security logs: up to 12 months for security, debugging, and abuse prevention.
Marketing consent records (opt‑in/opt‑out): up to 6 years to demonstrate compliance, unless law requires longer.
Fraud screening and failed payment attempt metadata: up to 3 years to prevent abuse.

Where exact retention is not required by law, we apply the shortest period necessary and use minimization and anonymization where feasible.

7) Your rights

Depending on your location, you may have rights to access, correct, delete, object to or restrict processing, port data, withdraw consent, and opt out of marketing communications. You may also lodge a complaint with your local data protection authority (EEA/UK).

To exercise rights, contact Info@bingo-private-limited.com. We may request identity verification.

8) Security

Encryption in transit (HTTPS/TLS) and at rest where applicable.
Access controls, role‑based permissions, least‑privilege practices.
Fraud monitoring and anomaly detection.
Vendor security reviews and data processing agreements.
Payments: Transactions are processed by Areeba, Whish, and Netcommerce using 3‑D Secure (3DS). No card details are stored on lovingiftcards.com; payment data is handled by PCI‑DSS compliant gateways.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9) Children’s privacy

Our Services are not directed to children under 13 (or the minimum age in your country). We do not knowingly collect personal information from children. If we learn that we have, we will delete it.

10) Cookies and similar technologies

Categories:

Strictly necessary: sign‑in, secure sessions, checkout.
Functional: language and currency preferences.
Analytics: usage insights to improve the Services.
Marketing: only with your consent, to deliver and measure campaigns.

Manage cookies via our cookie banner and your browser settings. You can withdraw consent at any time.

11) Third‑party services and links

Our Services may link to third‑party sites or rely on third‑party features. Their privacy practices are governed by their own policies. For partner fulfillment, DT One and LikeCard act as our processors or independent controllers depending on context.

12) Do Not Track (DNT) and Global Privacy Control (GPC)

We currently do not respond to browser “Do Not Track” signals, but we honor applicable consent requirements and will respect recognized GPC signals where required by law.

13) Changes to this policy

We may update this Policy from time to time. The “Last updated” date at the top indicates the latest revision. Where appropriate, we will notify you via email or in‑app notice.

14) Contact us