PRIVACY POLICY
Last Updated: 21 July 2025
Introduction:
TopCashback Inc (“we”, “us” or “our”) is committed to respecting and protecting your privacy. In short, this privacy policy (“Privacy Policy”) explains how we collect, use, and disclose your personal data. Additionally, it describes your privacy rights under applicable law. This Privacy Policy is also subject to any other agreement you enter into with us. For purposes of this Privacy Policy, “you” and “your” means you as the user of Site (as defined below).
1. Important Information About RNL and You
TopCashback Inc operates the website (https://giftcards.topcashback.com, the “Site”), which is a platform where you can purchase digital gift cards (each an “E-Gift Card”) for your favorite retailers. By visiting the Site, you accept and consent to this Privacy Policy and the practices outlined in it. As it relates to your activity on the Site, we are the controller of, and are responsible for, your Personal Data. The Site is powered by RUNA NETWORK LIMITED (“RNL”) (company number 09281949 registered in England and Wales, with a registered office at First Floor, One Suffolk Way, Sevenoaks, TN13 1YL).
2. Data We Collect About You
Generally
“Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. It does not include data where the identity of the person has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of Personal Data about you which we have grouped together as follows:
- Identity Data includes first name, last name
- Contact Information includes your mailing address, phone number and email address.
- Technical Data includes internet protocol (IP) address, your browser type and version, time zone settings, browser plug-in types and versions, operating system, and other technology on the devices you use to access the Site.
- Usage Data includes information about how you use the Site.
- Financial Data includes card details, transaction information and merchant.
- Marketing Comms Data includes your preferences in receiving marketing from us and our third-parties and your communication preferences.
3. How Is Your Personal Data Collected
When You use the Site, we may collect Personal Data from you directly, or we may collect Personal Data automatically when you interact with the Site.
- Direct Interactions. You may give us your Identity Data and Financial Data by filing in forms or by corresponding with us through the Site (including when you process a transaction).
- Automated Technologies. As you interact with our Site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. You can manage your cookie preferences when first accessing our Site.
4. How We Use Your Personal Data
Generally
We will only use your Personal Data when the law allows it. Most commonly, We will use your Personal Data in the following circumstances:
- Where We need to perform the contract we are about to enter (or have entered into) with you.
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
We may use your Personal Data in de-identified form (de-identification being a process by which we eliminate any personal identifiers and personal details) for research or statistical purposes and to assist us in running our business. We may also share de-identified data in aggregated form with third parties for different purposes. When your Personal Data is included in anonymised, aggregated data, it becomes impossible to identify you or anything about you from that data.
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To assess and approve each proposed transaction | Identity, Contact, Financial | (a) Performance of a contract with you; (b) Legitimate interest in verifying your identity. |
| To process approve transactions on your behalf and retain records related to same | Identity, Contact, Financial, Transaction | (a) Performance of a contract with you |
| To manage our relationship with you, which includes: (a) notifying you about changes to our terms or privacy policy; (b) asking you to leave a review or take a survey. | Identity, Contact, Marketing Comms | (a) Performance of a contract with you; (b) Necessary to comply with legal obligation; (c) Necessary for our legitimate interests (to improve customer satisfaction through feedback). |
| To process, manage and investigate and resolve any claim or complaint raised by you | Identity, Contact, Financial | (a) Performance of a contract with you; (b) Necessary to comply with legal obligation. |
| To use data analytics to improve our Site, products/services, customer relationships and experiences | Technical, Usage | (a) Necessary for our legitimate interests (to define types of customers for our products/services, to keep our website updated and relevant and to develop business strategies) |
| To make suggestions and recommendations to you about goods or services that may be of interest to you, and/or to send you other marketing communications | Identity, Contact, Technical, Usage, Marketing and Communications | (a) Consent (marketing by text or email); (b) Necessary for our legitimate interests (to develop our products/services and grow our business). |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
5. Disclosures of Your Data
Generally
We may share your Personal Data with the parties set out below for the purposes outlined in the table above.
- Brands to process your purchase transactions.
- Service providers such as professional advisers (e.g. lawyers, accountants), web and app hosting services, website optimisation services, website usage services, email services, data management platform provision, E-Gift Card distribution services, customer relationship management services, marketing tracking partners, messaging services, online and offline marketing services, to handle, store, or use certain Personal Data on our behalf.
- Our affiliates.
- Third parties to whom we may sell, transfer or merge part of our business assets.
- Regulators or legal authorities (such as law enforcement) to meet our legal obligations, prevent criminal activity or for reasons of substantial public interest.
6. Processors and International Transfers
Personal data we collect may be transferred to, stored and processed in, the United States and any other county outside the European Economic Area (EEA) in which our data processors are located. RNL, as our processor for delivering these Services, engages subprocessors which are listed here: https://runa.io/subprocessors.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
9. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the following rights:
- Right to Know/Access: Often referred to as a “data subject access request”, you have the right to know the Personal Data we have collected about you.
- Right to Correct: You have the right to correct inaccurate Personal Data about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct the inaccurate Personal Information about you.
- Right to Delete: You have the right to request that we delete the Personal Data we collected from you and maintained, subject to certain exceptions.
- Right to Portability: You have the right to receive Personal Data concerning yourself in a structure commonly used and machine-readable formation and to have that data transmitted to another controller.
- Right to Restrain: You have the right to restrain our processing of Personal Data: (i) for a period of time where the accuracy of the Personal Data is contested by You; (ii) where the processing is unlawful and you oppose erasure of the Personal Data; (iii) where we no longer need the Personal Data but it is required by you for establishment/defense of legal claims; and/or (iv) you have objected to our use of the Personal Data but we need to verify whether we have an overriding legitimate grounds for using the Personal Data.
- Right to Object: You have the right to object to our processing of Personal Data for direct marketing purposes; or on the basis of a legitimate interest.
- Right to Opt-Out/In of Sale/Sharing: You have the right to opt-out or to opt-in to having your Personal Data sold or shared as defined under applicable law.
- Right to Non-Discrimination: You have the right to not receive discriminatory treatment by us for the exercise of any of your above listed rights. We do not discriminate against users for exercising the rights granted to them under applicable law.
To exercise your rights outlined above, you must provide us with sufficient information for us to determine your identity and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it. Please submit your request to us by email: privacy@topcashback.com.
We do not use your Personal Data to profile you in furtherance of decisions that produce legal or significantly similar effects (as may be defined under applicable law).
Additionally, you may choose to lodge a complaint regarding our privacy practices with your applicable data privacy supervisory authority in your jurisdiction.
10. California Opt-Out of Sale / Sharing Disclosure
You may opt out of the sale/sharing of your Personal Data:
- by submitting a request via email to privacy@topcashback.com; or
- by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.
11. Additional Details
Data Protection Officer Contact Details
If you have any questions or complaints about this Privacy Policy or Our privacy practices, you can reach Our data privacy officer by email at privacy@topcashback.com
Controller Contact Details
Controller Name: TopCashback Inc
Controller Address: 201 West Passaic, Suite 303, Rochelle Park NJ 07662
Controller Contact: Vadim@topcashback.com
Changes to the Privacy Policy
We may make changes to the Privacy Policy from time to time to keep it up to date and accurate based on our privacy practices. If we make material changes, we will notify you by email.
Third Party Links
This website may include links to third-party websites (“TPW”), plug-ins, and applications. Clicking on those links or enabling those connections may allow third-parties to collect and disclose data about you. We do not control those TPWs, and are not responsible for their privacy practices.
12. Glossary
- Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
- Processing in relation to Personal Data, this means any operation or set of operations which is performed on it. This includes collecting, storing, recording, using, amending, analysing, disclosing or deleting it.