Toggle Nav
Search
My Cart
  1. Buy Gift Cards
    1. BP Gift Cards
    2. Netflix Gift Cards
    3. Uber Eats Gift Cards
    4. Uber Gift Cards
    5. DoorDash Gift Cards
    6. Twitch Gift Cards
    7. Airbnb Gift Cards
    8. Spotify Gift Cards
    9. Amazon Gift Cards
    10. Xbox Gift Cards
    11. Woolworths Gift Cards
    12. Big W Gift Cards
    13. True Rewards For Gaming
    14. True Rewards For Her
    15. True Rewards For Him
    16. True Rewards For Kids
    17. True Rewards For Teens
    18. PlayStation™ Store
    19. Bunnings
  1. About Us
  2. Contact Us
  3. Blog
  1. Register
  2. Login

All the best gift cards,
all in one place

Shop Cards

Giftstation Privacy Notice

GiftStation Privacy Notice

Version 3.2 – September 2025  

This Privacy Notice explains how we process your Personal Data when you engage with our services, whether by browsing our website, completing transactions, visiting our establishments, or interacting with us in any other way. It also details how we may share your Personal Data with third parties and the safeguards we have implemented to protect your information. 

References to “we,” “us,” and “our” in this Privacy Notice refer to epay Australia Pty. Limited, a segment of the Euronet Worldwide group of companies.

To reach the Privacy Department or the Data Protection Officer (DPO) 

Email: [email protected]   

Postal mail: DPO, Calle Cantabria 2, 2-A Alcobendas Madrid, Spain 

We recommend reviewing this Privacy Notice regularly for updates, which will be posted on our Website. Where local laws require additional information, these are provided in the Regional Privacy Notices section.

Frequently Asked Questions (FAQs)

What Personal Data do we collect?

We only collect the Personal Data necessary to provide our services and comply with legal obligations. The specific categories of Personal Data collected may vary depending on the service or interaction.

From where do we obtain your data?

We collect Personal Data mainly from you, when you interact with our company and services. However, we may collect additional data to fulfil our obligations from other sources.

Why do we collect Personal Data?

We collect Personal Data to comply with our obligations with you and to comply with our legal obligations. We process your Personal Data to ensure the delivery and security of our services and/or improve our operations. Whenever we process your Personal Data for additional purposes, we will make sure to inform you and, when necessary, gather your consent.

For how long do we retain Personal Data?

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including the provision of services, compliance with legal obligations, or the exercise or defense of legal claims. Once Personal Data is no longer required, we securely delete or anonymize it in accordance with applicable laws.

With whom do we share Personal Data?

We may share Personal Data with Euronet Group companies, legal authorities, and selected third parties/partners when required to meet regulatory standards or fulfill contractual commitments.

Where is Personal Data stored?

We store Personal Data in secure facilities with stringent security controls. Any international transfer of Personal Data complies with all legal obligations and maintains the highest security standards.

What are your rights regarding Personal Data?

Depending on your location, you may have specific rights concerning your Personal Data under applicable laws. Common rights are described under the section “Your Rights”.

Notice to Website visitors

By visiting or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice. 

To the extent this Website allows access to other websites owned and operated by third parties, please note that this Privacy Notice will not apply to such websites, and thus, we will not be held responsible for the protection of personal data processed by these third parties. 

What Type of Personal Data Do We Collect?

The categories, purposes, and legal bases for collecting and processing your Personal Data when you visit and/or use our Website are listed below. Where the collection and processing of Personal Data is based on your consent, you may withdraw your consent at any time. 

Identification and contact data

This may include name, email, phone number, address, title, and other contact details. It may also include data you voluntarily provide during chats, calls, or written correspondence.

Purposes and Legal Basis for Processing

    • Service Provision: To manage your online inquiry via the Website form (i.e. registering your inquiry, contacting you, processing and responding to your inquiry). This processing is carried out based on our pre-contractual and/or contractual obligations.
    • Legal Claims and Archiving: To pursue any legal claims, as well as for archival purposes related to this purpose, including securing information in the event of the need to prove facts, when necessary to protect our legitimate interests.
    • Marketing: To provide advertising and marketing, including measuring the impact of our emails, based on your consent.
    • Giveaway Participation: To manage your participation in events or giveaways, based on your consent.
    • Regulatory Compliance: To comply with applicable laws, regulatory obligations, and decisions by competent authorities. This processing is required to meet our legal obligations.

Behavioral and Technical Information

Information collected through cookies or other tracking technologies such as IP address, network activity, browsing behavior, browser type, time zone, screen resolution, plug-ins, operating system, device signature, and technical characteristics.  

 For more information, please read our Cookie Policy. 

Purposes and Legal Basis for Processing

    • Website Security and Integrity: To ensure the efficient operation, management, safety and security of our Website. Please note that, amongst other safeguards, we have tools to protect our Website for the purposes of fraud prevention and security controls. This processing is based on our legitimate interest.
    • Website Maintenance and Improvement: To undertake activities to verify or maintain the quality of the Website, and to improve, upgrade, or enhance the Website, including to administer the Website for internal operations, such as troubleshooting, data analysis, testing, research, statistical and survey purposes. This processing is based on our legitimate interest.
    • Usability Tracking and Testing: To track detailed user activity across the Website or other platforms (e.g. which buttons are clicked, how far pages are scrolled, etc.). These tools allow us to understand how visitors interact with our content and features, enabling us to test improvements and optimize usability. This tracking is cookie-based and implemented under our legitimate interest in improving our services and user experience. Where required by applicable law, we obtain your consent before activating such tracking technologies.
    • Personalization: To measure and evaluate your behavior using automated processing to provide you with a more personalized Service. This processing activity is based on your consent.

Location Data

    • Service provision: We may collect information about your location when you visit our Website. This does not include your exact location. This information is processed based on our legal obligations.
    • Nearby Locations: We may collect information about your location when you visit our Website to show you our nearest locations. This information is based on your consent.

Non-identifiable Data

Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“Non-identifiable Data”). This Non-identifiable Data may be used to improve our internal processes or delivery of services, without further notice to you. We may use aggregate data for a variety of purposes, including analyzing, evaluating and improving our Website and its content. 

General Notice

Where do we Obtain your personal data

We collect Personal Data from the following sources: 

    • Directly from you through your direct interactions and the submission of online forms, requests for information or complaints, as set out above. 
    • Through passive collection of information about your interactions, including page clicks, time spent, or other automatically collected meta-data. 
    • Internet service providers.  

How Long We Keep Personal Data

We retain Personal Data only as long as necessary to provide requested services and to meet legal, accounting, and reporting obligations. The retention period is determined by specific requirements and may include:

    • Customer Service and Contractual Relationship: We retain your Personal Data while you remain our customer. When our contractual relationship concludes, we restrict your data to ensure it is only accessible to comply with legal requirements.
      • Marketing: We will process your Personal Data for marketing purposes unless you have opted out, as described in this Privacy Notice, or until we become aware that you are no longer interested, or that your data is no longer accurate.
      • Legal and Regulatory Requirements: We keep your Personal Data as long as needed to comply with all applicable legal obligations, including commercial, tax, and anti-money laundering regulations. During this period, your Personal Data is restricted to prevent use for any other purpose and will be accessed only when necessary to fulfill these obligations.

Please note that if you request data deletion we may still be required to retain some of it to comply with our legal obligations. The information retained will only be accessible by limited personnel to comply with any legal requirement and will be dully deleted after the obligation is due.

Do We Disclose Personal Data?

Euronet Group Affiliates

We may disclose Personal Data to Euronet and its affiliated companies for everyday business purposes and fulfil compliance obligations within the Group.

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details, Behavioral and Technical Data.

Purpose: Sharing data with affiliates for customer service, compliance, and daily business functions. This may include 24/7 customer support requiring data access across Euronet Group affiliates.

In the event of a sale, acquisition, merger, or reorganization involving Euronet or any company within the Euronet Group, we may transfer Personal Data to third parties, ensuring appropriate protection measures.

This processing is carried out to comply with legal obligations and/or to perform contractual obligations, as applicable.

Third-Party Service Providers

We may share certain Personal Data with third-party service providers to support compliance verification, service delivery, and marketing efforts.

Types of Personal Data: Identification and Biometric Data, Financial Details, Contact Details, Transactional, Behavioral, and Technical Data.

Purpose

    • Compliance and Fraud Prevention: Personal Data may be shared with verification and analytics providers to fulfill regulatory obligations and mitigate risk (e.g., to verify customer data or detect suspicious activity).  This processing is carried out to comply with our legal obligations or, where applicable, based on your consent.
    • Service Delivery: Our Partners and third parties, such as agents and correspondents, may access Personal Data to assist in delivering services. This processing is based on our contractual obligation.
    • Marketing: Advertising networks and social media platforms may receive data to deliver personalized ads and adapt to user preferences. This processing is based on your consent.

Note: The definition and scope of “third-party service providers” may vary based on country regulations.

Authorities

We may be required to disclose your Personal Data, including Sensitive Personal Data, to legal or regulatory authorities for compliance, to enforce agreements, or to fulfill legal requests.

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details.

Purpose: To comply with applicable laws, respond to binding requests from public authorities, support investigations, or fulfill obligations related to the processing of financial transactions. This processing is based on our legal obligations.

Partners

Personal Data may be shared with strategic partners when necessary to deliver our services or to ensure they comply with their legal obligations.

Types of Personal Data: Identification Data, Transactional Data, Financial Details.

Purpose and Legal Basis for Processing

    • Purpose: Service provision in collaboration with strategic partners. This is carried out as part of our contractual obligations.
    • Regulatory Compliance: To help our partners comply with legal or regulatory requirements applicable to them. This processing is based on legal obligations.
    • Operational Efficiency and Risk Management: To support secure and seamless service delivery across different partners or service providers, or to prevent abuse or misuse of our services. This processing is based on our legitimate interests.

Professional Partners

We may disclose Personal Data to professional advisors, including lawyers, consultants, auditors, or accountants, to fulfill our legal and business obligations.

Types of Personal Data, Identification Data, Video Surveillance, Transactional Data, Financial Details. (Legal obligation and Legitimate interest)

 Legitimate Interest

When we use your Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect your rights. You may request information on any processing based on legitimate interest.

International Transfers

We are a global company with global operations, partners and suppliers. Where it is necessary for the efficient and effective performance of a business transaction or the fulfilment of one of the uses of Personal Data outlined above, we may need to transfer your Personal Data, from the country of collection to other countries, which may have data protection laws that are different from the laws where you live. When such transfer is required, we implement appropriate safeguards to ensure it receives the same level of protection and the transfer is done according to our legal obligations.

Personal Data of Minors

We do not provide services directly to minors, as defined by applicable local legislation, or proactively collect their personal information. If you are considered a minor under your local laws, ensure to have the necessary authorizations from your legal guardian to use the Sites or Offerings or share personal data with us.

If you learn that a minor has unlawfully provided us personal data, please contact us at [email protected]

Security

We are dedicated to safeguarding your Personal Data and have implemented robust, commercially reasonable security measures to prevent its loss, misuse, or unauthorized alteration. We continuously work to protect your data in line with international best practices by applying rigorous physical, electronic, and managerial safeguards.

To prevent unauthorized access, we employ advanced physical and organizational security measures that are regularly updated to ensure the highest level of protection while maintaining cost efficiency. All Personal Data is stored in secure locations, protected by firewalls and other sophisticated security systems with restricted administrative access.

Our personnel, as well as all activities related to your Personal Data, are governed by strict confidentiality agreements that enforce compliance with our organization’s Privacy Policy.

Our goal is to uphold the highest standards of data protection by industry-leading practices that safeguard your privacy.

Accuracy of Personal Data 

We are committed to keeping your Personal Data accurate and up to date. We take reasonable steps to ensure the accuracy of your Personal Data by ensuring that the latest Personal Data we have received is accurately recorded and when considered necessary, we run periodic checks and request that you update your Personal Data.

You may request a correction or update to your Personal Data if it is inaccurate, as outlined in the Your Rights section below.

Your Rights

To exercise any of your rights, please email us at [email protected]. To safeguard your privacy and maintain security, we may ask you to verify your identity and provide additional information.

Depending on your location, your rights concerning Personal Data under applicable laws may include:

    1. Right to Know: You have the right to know what Personal Data is collected, sold, or shared, and with whom.
    2. Right to Access: You may request access to a copy of your Personal Data.
    3. Right to Correct: You can request corrections to inaccuracies in your Personal Data.
    4. Right to Delete: You may request deletion of your Personal Data under certain conditions.
    5. Opt-Out Rights:
      • You may opt-out of the processing of Personal Data for targeted advertising.
      • You may opt-out of the processing of Sensitive Personal Data.
      • You may opt-out of the processing of Personal Data for profiling that leads to legal or significant effects on you.
    6. Right to Limit Use of Sensitive Data: You may request to limit the use and disclosure of Sensitive Personal Data to specific, permitted purposes.
    7. Right to Restrict Processing: You can request restrictions on data processing under certain conditions.
    8. Right to Object: You may object to the processing of your Personal Data, for example, for direct marketing purposes.
    9. Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or similarly significant effects.
    10. Right of No Retaliation: You have the right not to face discrimination for exercising your Personal Data rights.

We will respond to your requests promptly and within the timeframe required by law. For specific rights in your jurisdiction, refer to the Regional Privacy Notice section below.

Please note that some rights may not be enforceable due to business or legal requirements necessary to provide our services, such as anti-money laundering, contractual, or compliance obligations. However, we will always respond to any rights requests as outlined above, and you may have additional rights based on your location.

Privacy Complaints

If you have a complaint about how we process your Personal Data, please contact us at [email protected].

Under applicable privacy laws, you may also have the right to lodge a complaint with a Data Protection Authority or other regulatory body if you believe we have not fulfilled our obligations under this Privacy Notice or the relevant legal requirements.

Marketing Communications

You will receive marketing messages if you have explicitly given us permission to use your Personal Data for that purpose. This occurs, for example, when:

    • You opt in during registration; or
    • You update your preferences in your profile settings.

With your consent, we provide tailored information about our products and services. We use data analysis to offer targeted communications, advertisements, and invitations to exclusive events, along with product and service recommendations that may interest you. You may withdraw your consent at any time.

How to Opt Out or Withdraw Consent

You can stop receiving marketing communications at any time. If you do so, we will remove you from our marketing list and you will no longer receive promotional updates. You may also opt back in later if you wish.

You can withdraw your consent or opt out using any of the following:

    • By updating your preferences in your profile;
    • By clicking the opt-out link included in our communications;
    • By contacting us at [email protected].

If you have any additional questions or if you wish to start receiving marketing communications, please contact [email protected].

Third Party Advertisement

Third-party advertisers provide advertisements that are displayed on our website, our App, or elsewhere in our Services. Third-party advertisers don’t have access to any of the information our customers have given us directly. Typically, advertisers rely on cookies or some other web/app-based mechanism to assess which advertisements may be interesting to you.

We do not place “Targeting Cookies” or enable “Targeting” on your system without your consent, where required by law.

If you have provided your consent by accepting Targeting Cookies on the Website or enabled Targeting on the App, we may use third parties to do so (remarketing and Similar Audience features). With your consent, we may share your Personal Data with third parties for such marketing purposes. You can opt-out of advertising by modifying your cookies settings.

Third parties are not bound by our Privacy Notice. To understand the privacy practices of a third-party, you should visit the third-party website and review their privacy policy. You can find all the third parties that may use Cookies for targeting in our Cookie Policy.

Captcha and Bot Protection Tools

To protect our website and forms from spam, abuse, and automated misuse, we use CAPTCHA technologies. These tools analyze user behavior to distinguish human users from bots.

    • Google reCAPTCHA: This service helps us verify that form submissions are made by real people. It may collect and process information such as mouse movements, IP address, browser data, time spent on the page, and other technical indicators. This data is processed directly by Google in accordance with its own Privacy Policy and Terms of Service. The use of reCAPTCHA is based on our legitimate interest in maintaining the security and integrity of our services.

Regional Privacy Notices

Notice to Australian Residents

To all residents in Australia, the rights you may exercise regarding the processing of your Personal Data are the following:

    • Right to Know
    • Right to Access
    • Right to Correct Inaccuracies
    • Right to Deletion
    • Right to Restrict Processing

You may also ask us to explain our data policies and practices according to the applicable law.

From the day we receive your request, we will respond to you within a maximum time of 30 days.

To contact the local Data protection authority, go to: Office of the Australian Information Commissioner.

Contact Euronet Privacy

For queries, suggestions, or complaints, please contact our Privacy Department directly.

    • Email: [email protected] 
    • Postal mail: DPO, Calle Cantabria 2, 2-A Alcobendas Madrid, Spain

 

© 2025 epay Australia Pty Ltd.