Privacy Policy

Last updated: 27 September 2022

1. INTRODUCTION

 

1.1 Scope of the Privacy Policy. This Privacy Policy details our commitment to protecting your  personal data that you provide us through the website www.swifteq.com, including related domain names, and/or use of our software applications, products and services (collectively, the “Services”). This Privacy Policy explains in detail how we collect, use, disclose, and protect your personal data, and what rights you have with regard to your personal data.  The Privacy Policy does not cover any third-party websites, applications or software that integrate with the Services or any other third-party products and services.

1.2 What is personal data? The term ‘personal data’ means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity.

1.3 Details of the data controller. The Services are provided by Swifteq Limited, an Irish company having a registered business address at 51 Bracken Road, Sandyford, Dublin, D18 CV48, Ireland.

1.4 Our role as a data controller and data processor. We act in the capacity of a data controller and data processor with regard to the personal data processed through the Services in terms of the applicable data protection laws, including the Irish Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which your personal data is handled by us, as explained in detail below:

  • Data controller. We are responsible for the collection and use of your personal data through our website and the Services, where we make decisions about the types of personal data that should be collected from you and the purposes for which such personal data should be used. Therefore, we act as a data controller with regard to the personal data collected directly through the Services (e.g., when you browse our website, conclude a service contract with us, or communicate with us). We comply with the data controller’s obligations set forth in the applicable laws.

  • Data processor. We act in the capacity of a data processor in situations when we access personal data that you control within the scope of the Services that we provide to you as our customer (the “Service Data”) and that Service Data contains personal data (e.g., your clients’ or employees’ personal data). We do not own, control, or make decisions about the Service Data. We process the Service Data only in accordance with the instructions issued by you. To ensure that the Service Data is processed in accordance with the strictest data protection standards, we offer a data processing agreement that is available at https://www.swifteq.com/dpa (the “DPA”). The DPA is incorporated by reference into our Service Agreement.

  • We have no direct relationship with individuals whose personal information we process in connection with our customers’ use of our Services. If you are an individual who interacts with our customer using the Services (such as a customer or an employee of one of our Customers) and would either like to amend your contact information or no longer wish to be contacted by one of our customers, please contact that customer that you interact with directly. Our customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal data in connection with the use of our Services by individuals with whom our customers interact.

1.5 Amendments. This Privacy Policy can be changed from time to time to address the changes in our business, the functionalities of the Services, the applicable laws, regulations, and industry standards. The amended version of the Privacy Policy will be posted on this page and, if we have your email address, we will send you a notice about all the changes implemented by us. We encourage you to review our Privacy Policy from time to time to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent.

1.6 Term and termination. This Privacy Policy enters into force on the date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.

1.7 Children. We do not knowingly collect personal data belonging to persons user the age of 18.

 

2. WHAT DATA DO WE COLLECT AS A DATA CONTROLLER?

In this section, we explain in detail what personal data we collect from you, for what purposes we use it, what technical data is collected automatically when you use the Services, and how we communicate with you.

 

2.1 Sources of personal data. We obtain your personal data from the following categories of sources:

  • Directly from you. For example, if you submit your personal data when you register your user account, order the Services, or contact us;

  • Directly or indirectly through your activity. When you use the Services, we automatically collect technical information about your use of the Services by means of cookies and analytics services; and

  • From third parties. We may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a legal basis for disclosing your personal data to us (for example, for payment processing purposes).

 

2.2 Collection of personal data. We comply with data minimisation principles. This means that we collect only a minimal amount of personal data that is necessary for your use of the Services. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. We do not repurpose your personal data. This means that we do not use it for any purposes that are different from the purposes for which your personal data was provided. Below, you can find an overview of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing it.

  • Free trials. When you request a free trial, we collect your full name, last name, email address, and password. We use such information to register and maintain your user account, enable you to use our free trial, maintain our business records, and contact you, if necessary. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate interests’ (i.e., operate, grow, and administer the Services). We will store this data until your user account is deleted.

  • Your account. When you register your user account as an account owner or an invited user, we collect your full name, email address, and password. When you update your user account, we collect your company information. We use such information to register and maintain your user account, enable you to purchase and use our Services, process your orders, contact you, if necessary, ensure security, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate interests’ (i.e., operate, analyse, grow, protect, and administer the Services). We will store this data until your user account is deleted, unless we are required by law to keep some records longer. 

  • Orders and payments. When you make a payment, our payment processor Stripe collects your name, credit card number, CVV code, billing address, and card expiry month and year.  We get access to your full name, billing address, and email address only. Your payment data is used to process payments and maintain our accounting records. The legal bases on which we rely are ‘performing our contractual obligations’ and ‘pursuing our legitimate interests’ (i.e., to administer and protect our business). We store such data for the time period prescribed by law (for 6 years).

  • Enquiries. When you contact us by email or through the contact form available on our website, we collect your first name, last name, email address, and any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We will store this data until you stop communicating with us.

  • Newsletters. If you subscribe to our newsletter or purchase the services from us, we will inform you about our special offers by email. The legal bases on which we rely are ‘your consent’ (if you opt-in) and ‘pursuing our legitimate business interests’ (i.e., to promote our business). You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters or by contacting us directly. We will store your contact details until you unsubscribe from our newsletters.

 

2.3 Sensitive data. We do not collect or have access to any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data refers to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.   

 

2.4 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask for it, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Services, receive the requested information, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose. 

 

2.5 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).

 

2.6 Aggregate and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregate data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any legitimate purpose.

 

2.7 Transactional notices. If we have your email address and it is necessary to do so, we may send you important informational messages, such as order confirmations, payment receipts, invoices, and other technical or administrative emails. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.

 

3. WHAT DATA DO WE PROCESS AS A DATA PROCESSOR?

In this section, we explain what personal data we process on behalf of our customers.

 

3.1 When you give us access to the Service Data, we process all information that can be found in the Service Data, including any personal data the Service Data contains. In our Data Processing Policy available at https://www.swifteq.com/data-zendesk-apps, you can find information on what data we have access to in each of the software applications that we offer.

 

3.2 We process the Service Data to (i) provide you with the requested Services and (ii) perform our other contractual obligations. The legal basis on which we rely is ‘performing a contract with you’. We maintain access to such personal data until you stop using the Services.

4. COOKIES

In this section, we provide information about the cookies used by us.

 

4.1 When you browse our website or use our software applications, we collect your cookie-related data. We use such information to support log-in, analyse the technical aspects of your use of our website and applications, conduct our marketing campaigns, prevent fraud and abuse, and ensure security. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., to support and protect the Services) and ‘your consent’. We will store this data as long as analytics records are necessary for our activities or you withdraw your consent, unless some of the cookies expire earlier.

 

4.2 Cookie consent. When you visit our website, we will ask you to provide us with your consent to our use of all cookies via a cookie consent banner.[1]  If you do not provide your opt-in consent, we will not serve you our non-essential (statistics, marketing, and advertising) cookies. Please note that we may not be able to provide you with the best possible user experience on our website if not all cookies are enabled.

 

4.3 Disabling cookies. When we ask you to provide your consent to our use of non-essential cookies, you have the freedom not to provide such consent. If you would like to refuse our use of non-essential cookies later, you can do it at any time by declining cookies in your browser or device. For more information, you can consult the cookie management instructions of your browser:

 

4.4 List of our cookies. We use different types of cookies on our website and applications, including:

  • Essential technical cookies that are strictly necessary to ensure the correct functioning of the Services;

  • Marketing cookies that allow us to create, implement, and examine our marketing campaigns. Such cookies allow us to reach the right customers, analyse the productivity of our marketing campaigns, and offer you personalised advertisement; and

  • Statistics cookies that allow us to generate statistical reports about how you use our website.

 

Below, you can find a list of cookies that we use on the website, including their purpose and expiration time:

Essential technical cookies

Title
Provider
Expiration
Purpose
firebase:host:#.firebaseio.com
engage.wixapps.net
Persistent
Unclassified
hs
swifteq.com (USA)
Session
The cookie ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.
platform-viewer
frog.wix.com (USA)
Session
The cookie preserves the visitor's session state across page requests.
ssr-caching
swifteq.com (USA)
1 day
The cookie is necessary for the cache function. A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored on the visitor�s browser.
XSRF-TOKEN
bundler.wix-code.com (Ireland)
Session
The cookie ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.
XSRF-TOKEN
engage.wixapps.net (USA)
Session
The cookie ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.
XSRF-TOKEN
swifteq.com (USA)
Session
The cookie ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.

Statistics cookies

Name
Provider
Expiration
Purpose
fedops.logger.defaultOverrides
engage.wixapps.net (USA)
1 day
The cookie registers statistical data on users' behaviour on the website. Used for internal analytics by the website
fedops.logger.sessionId
swifteq.com (USA)
Persistent
The cookie registers statistical data on users' behaviour on the website. Used for internal analytics by the website
firebase:previous_websocket_failure
engage.wixapps.net (USA)
Persistent
The cookie is used to detect errors on the website - this information is sent to the website's support staff in order to optimize the visitor's experience on the website.
_ga
swifteq.com (USA)
2 years
The cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat
swifteq.com (USA)
1 day
The cookie is used by Google Analytics to throttle request rate.
_gid
swifteq.com (USA)
1 day
The cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website.
bSession
engage.wixapps.net (USA)
1 day
The cookie sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical
bSession
swifteq.com (USA)
1 day
The cookie sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.
capsule|#|##wix-visitor-data-key-#
swifteq.com (USA)
Persistent
The cookie registers statistical data on users' behaviour on the website. Used for internal analytics by the website

Marketing cookies

Name
Provider
Purpose
Expiration
svSession
swifteq.com (USA)
The cookie tracks a visitor across all wix.com sites. The information collected can be used to make advertisement more relevant for the visitor.
2 years

5. ANALYTICS AND ADVERTISING

In this section, you will find information on how your personal and non-personal data is used for analytics and advertising purposes.

 

5.1 Collection of analytics data. When you use the Services, our third-party analytics service providers collect certain technical analytics data collected from you. Such data includes the following information:

  • URL addresses from which you access the Services;

  • Your device type;

  • Your operating system;

  • Average time that you spend;

  • Number of visits;

  • Visitor bounces;

  • Session by traffic source;

  • Approximate geo-location data; and

  • Your IP address.

 

5.2 Purposes of analytics data. We use your analytics data to analyse what kind of users access and use the Services, measure your engagement, see which parts of the Services are interesting to you, improve our content, develop new products, and investigate and prevent security issues and abuse. In most cases, analytics data is non-personal and it does not allow us to identify you as a natural person. However, some of such data like your IP address may be considered personal data and we will make sure that we have the necessary legal basis for processing such data. When we process your analytics data that is personal data, we rely on the ‘legitimate interest’ (i.e., to analyse, improve, and protect the Services) and ‘your consent’ bases.

5.3 Google Analytics. We use Google Analytics, a web analytics service provided by Google LLC registered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google generates statistical information by means of cookies and creates reports about your use of the Services. The cookies served by Google are anonymous first-party cookies that do not allow us to identify you in any manner. The information generated by cookies will be transmitted to and stored by Google on servers in the United States. To ensure your privacy, your IP address will be anonymised and Google will not combine your IP address with other information Google holds about you. Thus, Google will not be able to identify you. In certain cases (e.g., when required by law or when third parties conduct services on behalf of Google), Google may transfer the information to third parties. For more information about Google Analytics’ privacy practices, please visit https://support.google.com/analytics/answer/6004245. If you would like to opt out from Google Analytics, you can do so by installing a Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=en. We will ask you to provide us with your consent for non-essential Google Analytics cookies through a cookie consent banner. If you do not provide such consent, we will not use Google Analytics to analyse your use of the Services.

5.4 Interest-based advertising. You may encounter targeted interest-based advertising based on your use of the Services and other websites on the Internet. Where necessary, we will seek your consent (for example, for the use of non-essential advertising cookies). You can control how such advertising is shown to you or opt-out from targeted advertising by consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org. Where interest-based advertising uses non-essential cookies, we will ask your consent for such cookies.

 

6. HOW LONG DO WE STORE YOUR DATA?

In this section, we explain for how long we keep your data in our systems and how we delete it.

 

6.1 Storage of personal data. We and our data processors store your personal data only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to update or delete your personal data, whichever comes first. For more details about the period for which each type of personal data is stored, please refer to sections 2.2 and 3. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems. We do not store any personal data longer than strictly necessary.

6.2 Storage of non-personal data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include storing non-personal data for the period of time needed for us to examine our activities, fulfil our contractual obligations, pursue our legitimate interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

6.3 Storage as required by law. When we are obliged by law to store your personal data for a certain period of time (e.g., for keeping accounting records), we will store your personal data for the time period stipulated by the applicable law (in Ireland, accounting records must be kept for at least 6 years) and delete the personal data as soon as the required retention period expires.

 

7. HOW DO WE DISCLOSE YOUR DATA?

In this section, you can find information about third parties that may have access to your personal data.

 

7.1 Disclosure to data processors. We keep your personal data in strict confidentiality. However, if necessary for the intended purpose of your personal data, we will disclose your personal data to entities that provide services on our behalf (our data processors). Your personal data may be shared with entities that provide technical support services to us, such as hosting, payment processing, and email distribution services. We do not sell your personal data to third parties and do not intend to do so in the future. The disclosure of your personal data is limited to the situations when it is required for the following purposes:

  • Ensuring provision of the Services;

  • Processing your payments;

  • Responding to your enquiries;

  • Pursuing our legitimate interests (e.g., accounting record keeping, and business growth);

  • Enforcing our rights, preventing fraud, and security purposes;

  • Carrying out our contractual obligations;

  • Law enforcement purposes; or

  • If you provide your prior consent to such a disclosure.

7.2 List of data processors. We choose our data processors carefully and make sure that they ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The data processors that will have access to your personal data are:

Name
Address
Jurisdiction
Processing
Wix Analytics
00 Terry A Francois Boulevard Sixth Floor San Francisco, CA 94158 USA
US
Analytics data
Plausible Analytics
Plausible Insights OÜ Västriku tn 2, 50403, Tartu, Estonia
EU
Analytics data
Google Analytics
1600 Amphitheatre Parkway in Mountain View, California.
US
Analytics data
Klenty Soft Inc.
340 S , Lemon Ave,, 2331, Walnut, Palo Alto, CA 91789, US
US
Name and Email address of End User
Google (Gmail)
1600 Amphitheatre Parkway in Mountain View, California.
US
Name and Email address of End User
Wix
The Reflector, 8 Hanover Quay, Grand Canal Dock, Dublin, D02 DP23
EU
Name and email address
Stripe
354 Oyster Point Blvd, South San Francisco, California 94080, US
US
Name, email address, business address, payment information
June.so
NA, San Francisco, US
US
Name and email address of each Authorised User
UAB Baltsoft
Lauksargio 111, Vilnius, LT-10105, Lithuania
EU
Articles text and images
Fullstory
FullStory, Inc., 120 Ottley Drive Suite 100, Atlanta GA 30324 1745 Peachtree Street, Suite G Atlanta, Georgia 30309
US
Name, email address and IP address of each Authorised User
Auth0 Inc
10900 NE 8th St, Bellevue, WA 98004, US
US
Name, email address and IP address of each Authorised User
Amazon Web Services
Amazon Web Services EMEA SARL, One Burlington Plaza, Burlington Road, Dublin 4, Dublin
EU
Name, email address and IP address of each Authorised User. Information contained in any ticket collected by the Customer, in relation to each Customer End User or Employee
Crisp IM SAS
2, Boulevard de Launay, Nantes, Pays de la Loire 44100, FR
EU
Name, email address and IP address of each Authorised User

7.3 International transfers. Some of our data processors may be based outside the country where you reside. For example, if you reside in a country belonging to the European Economic Area (EEA), we may need to transfer your personal data outside the EEA. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection (e.g., a data processing agreement based pre-approved Standard Contractual Clauses).

7.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose as it does not identify you as a natural person. For example, we may share it with prospects or partners for business or research purposes, for improving the Services, responding to lawful requests from public authorities or developing new products and services.

7.5 Legal requests. If requested by a public authority, we will disclose information about the users of the Services to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

 

8. HOW DO WE PROTECT YOUR DATA?

Here you can find information on how we protect your data against breaches.

 

8.1 Security measures. We implement technical and organisational information security measures   that protect your personal data from loss, misuse, unauthorised access and disclosure. The security measures taken by us are described in detail in our Security Policy available at https://www.swifteq.com/security-policy. We use at least the following measures:

  1. Access to personal data is restricted, controlled and recorded;

  2. Access to personal data is allowed to only those employees, who require the personal data to perform their functions and only to the extent required to perform their functions;

  3. We maintain adequate access control mechanisms (e.g., two-factor authentication, password protection, and limited access) covering any systems, servers, or files;

  4. secure destruction of personal data, when there is no legal basis for further processing;

  5. Secure passwords and password encryption;

  6. All servers and data are stored securely in Amazon Web Services (AWS) facilities in Europe, Ireland. This service provider meets international security standards such as ISO 27001 and SOC 1, 2 and 3; and

  7. DDOS mitigation.

8.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

 

9. HOW CAN YOU MANAGE YOUR PERSONAL DATA?

Here you can find detailed information about the rights that you have with regard to your personal data and how to exercise those rights.

 

9.1 The list of your rights. You have the right to control how we process your personal data in the instances where we act as a data controller. Subject to any exemptions provided by law, you have the following rights:

  • Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;

  • Right to rectification: you can rectify inaccurate personal data that we hold about you;

  • Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;

  • Right to restriction: you can ask us to restrict the processing of your personal data;

  • Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;

  • Right to object: you can ask us to stop processing your personal data;

  • Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or

  • Right to complaint: you can submit your complaint regarding our processing of your personal data.

9.2 How to exercise your rights? If you would like to exercise any of your legitimate rights, please contact us by using our contact details available at the end of the Privacy Policy and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we can identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.

9.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 30 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority. In Ireland, the Data Protection Commission is the supervisory authority responsible for ensuring the rights to data protection (see https://www.dataprotection.ie).

 

10. CONTACT

If you have any questions about this Privacy Policy, your rights, or our data protection practices, please contact us by using the following contact details:

Email: legal@swifteq.com

Postal address: Swifteq Limited, 51 Bracken Road, Sandyford, Dublin, D18 CV48, Ireland