Privacy Policy

Last updated: 8.5.2026.

This Privacy Policy explains how Digital gifts d.o.o., operating under the brand name Coffer (“Coffer”, “we”, “us”, or “our”), collects, uses, stores and shares personal data when you visit our website, place an order, contact us, or use our gift experience.

Coffer provides a physical gift experience combined with access to a digital asset value arranged through our regulated crypto partner, Digital Assets d.o.o., operating under the brand name Bitcoin Store.

Coffer is not a crypto exchange, wallet provider or custodian.

1. Who we are

The data controller for the personal data described in this Privacy Policy is:

Digital gifts d.o.o. Makarska ulica 17 Split, Croatia OIB/VAT ID: 45193514617/HR45193514617 Website: giftbycoffer.com Email: hello@giftbycoffer.com

For privacy-related questions or requests, you can contact us at hello@giftbycoffer.com.

2. What personal data we collect

We collect personal data that is necessary to operate our website, process orders, deliver gifts, communicate with customers, and support the gift claim flow.

2.1. Buyer data

When you place an order, we may collect:

  • full name
  • email address
  • phone number
  • shipping address
  • billing address
  • order details
  • payment status, such as whether the payment was successful, failed or refunded
  • customer support communication.

2.2. Guardian or adult contact person data

To administer the gift claim flow, we may collect data about the gift recipient’s guardian or another adult contact person, including:

  • full name
  • phone number
  • country of residence.

We use this information to associate the gift with the intended adult contact person and to support the gift claim flow with our regulated crypto partner.

We do not require a child’s name, date of birth, identification document or other child-specific information.

2.3. Gift message

You may choose to include a gift message. This is optional.

Please do not include sensitive personal data or unnecessary child-specific information in the gift message.

If you provide a gift message, we process it only to fulfil the order and provide the gift experience.

2.4. Payment data

Payments are processed by our payment provider, currently Stripe.

We do not collect or store full payment card numbers, CVV codes or full card details.

Stripe may process payment card data, billing data, fraud prevention data and transaction data in accordance with its own terms and privacy documentation.

We may receive limited payment-related information from Stripe, such as payment status, transaction identifier, card brand, last four digits of the card, billing details, refund status and fraud or risk indicators where relevant.

For more information about how Stripe processes personal data, please refer to Stripe’s own privacy policy.

2.5. Website and technical data

When you visit our website, we may process limited technical data necessary to operate, maintain and secure the website, such as:

  • IP address
  • browser and device information
  • server logs
  • pages visited
  • date and time of access
  • basic security and diagnostic information.

At this stage, we do not use analytics tools, marketing pixels or non-essential cookies.

If we introduce analytics, advertising pixels, newsletter tools or similar services in the future, we will update this Privacy Policy and, where required, ask for your consent.

3. How we use personal data

We use personal data for the purposes described below.

3.1. To process and deliver orders

We use buyer data, shipping data, billing data and order details to process purchases, prepare the gift, arrange delivery, communicate about the order, handle customer support, and manage refunds, complaints or delivery issues.

Legal basis: performance of a contract or steps prior to entering into a contract.

3.2. To administer the gift experience

We use guardian or adult contact person data to associate the gift with the intended adult contact person and support the gift claim flow.

Legal basis: performance of a contract and our legitimate interest in providing and securing the gift experience.

3.3. To coordinate with our regulated crypto partner

We may share limited guardian or adult contact person data with Bitcoin Store where this is necessary to associate the gift with the intended claim flow.

This may include:

  • full name
  • phone number
  • country of residence
  • gift-related reference or status information.

Legal basis: performance of a contract and our legitimate interest in enabling the gift claim flow.

3.4. To process payments

We use Stripe to process payments, confirm payment status, handle payment errors, manage refunds and prevent fraud.

Legal basis: performance of a contract, legal obligations and legitimate interest in secure payment processing.

3.5. To comply with legal, tax and accounting obligations

We may process and retain order, invoice, payment and accounting information to comply with applicable tax, accounting, consumer protection and business record-keeping obligations.

Legal basis: legal obligation.

3.6. To communicate with you

We may use your email address or phone number to send order confirmations, delivery updates, customer support replies, service information or information necessary for completing the gift experience.

Legal basis: performance of a contract and legitimate interest.

3.7. To protect our website and business

We may process technical data, logs and transaction information to detect, prevent and investigate fraud, misuse, security incidents or technical problems.

Legal basis: legitimate interest.

3.8. Marketing communications

We do not currently send marketing newsletters.

If we introduce marketing emails in the future, we will do so in accordance with applicable law. Where required, we will ask for your consent, and you will be able to unsubscribe at any time.

4. Bitcoin Store and KYC

The digital asset value connected to the Coffer gift is arranged through our regulated crypto partner, Bitcoin Store.

To claim the digital asset value, the recipient or their legal guardian may need to register with Bitcoin Store and complete identity verification, KYC, AML or other compliance checks required by Bitcoin Store and applicable law.

Bitcoin Store is responsible for the personal data it collects during registration, account creation, identity verification, wallet setup, compliance checks and the digital asset claim process. This processing is governed by Bitcoin Store’s own privacy policy and legal terms.

Coffer does not control Bitcoin Store’s KYC process.

Coffer does not receive or store full identity verification documents, selfies, ID cards, proof of address, tax identification information or similar KYC documentation from Bitcoin Store.

Coffer may receive limited gift status information where necessary, such as whether a gift code has been issued, initiated, claimed or completed.

5. Who we share personal data with

We may share personal data with the following categories of recipients where necessary:

  • payment providers, including Stripe
  • delivery and shipping providers
  • hosting and infrastructure providers, including Vercel
  • email and communication service providers
  • technical service providers and developers
  • accounting, tax, legal and business advisors
  • Bitcoin Store, where necessary for the gift claim flow
  • public authorities, regulators, courts or law enforcement where required by law.

We only share personal data where there is a valid purpose and legal basis.

6. International transfers

Some of our service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we rely on appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms under the GDPR.

7. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.

In practice:

  • order and transaction data may be kept for as long as equired by tax, accounting and business record-keeping laws
  • customer support communication may be kept for as long as necessary to resolve the issue and protect our legal interests
  • shipping data may be kept as long as necessary for delivery, complaints, returns and legal record-keeping
  • technical logs are kept for a limited period necessary for security, diagnostics and fraud prevention
  • optional gift messages are kept as long as necessary to provide the gift experience and handle related support or legal obligations.

Where we no longer need personal data, we delete it or anonymise it, unless we are legally required to keep it longer.

8. Your rights

Depending on the circumstances and applicable law, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate or incomplete data
  • request deletion of your personal data
  • request restriction of processing
  • object to processing based on legitimate interests
  • request data portability
  • withdraw consent where processing is based on consent
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact us at hello@giftbycoffer.com.

If you are in Croatia, you may also contact the Croatian Personal Data Protection Agency, AZOP.

9. Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

Access to personal data is limited to authorised personnel, contractors and service providers who need access for business, technical, support, accounting or legal purposes.

No online system is completely secure, but we aim to limit access, reduce unnecessary data collection and protect personal data throughout its lifecycle.

10. Children’s data

Coffer gifts may be intended for children or families, but our purchase and gift claim flow is designed to be handled by adults.

We do not require buyers to provide a child’s name, date of birth, identification documents or other child-specific data.

If a buyer voluntarily includes a child’s name or other child-related information in a gift message, we process that information only to fulfill the order and provide the gift experience.

The Bitcoin Store account creation, KYC and digital asset claim process must be completed by an eligible adult or legal guardian, according to Bitcoin Store’s own terms and legal requirements.

11. Cookies

At this stage, we do not use analytics cookies, advertising cookies or marketing pixels.

Our website may use strictly necessary technologies required for the website, checkout, security or basic technical operation.

If we introduce analytics, advertising, personalisation or other non-essential cookies in the future, we will update this Privacy Policy and, where required, provide a cookie banner or consent mechanism.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, including if we add new features, service providers, analytics tools, marketing tools, delivery options or changes to the gift claim flow.

The updated version will be published on our website with a new “Last updated” date.

13. Contact

For questions about this Privacy Policy or how we process personal data, contact us at:

Digital gifts d.o.o. Makarska ulica 17 Split, Croatia OIB/VAT ID: 45193514617/HR45193514617 Website: giftbycoffer.com Email: hello@giftbycoffer.com

Celebrating new beginnings with gifts that hold meaning for years to come.

© 2026 Coffer. All rights reserved.