YOUR PRIVACY WITH US – IN A NUTSHELL
We want you to be confident in the personal information and other data about you that we hold and use – this summary is for you to be able to understand this in a clear and concise way.
Why does Swytch need my personal information?
We only gather information that will allow us to provide you the best service possible or that we are required to do so by law or regulations. This information may also be used to sometimes send you offers but we will always give you the ability to opt out of these at any time (for example, via unsubscribe links in email or text marketing). You can also contact our support team to change your preferences at any time.
Below are the type of things we use your personal information for:
- To verify you as a customer/user (either as a business or a user) as well as to detect and prevent fraud
- Onboarding you and understanding which of our services you’re using
- Communicating updates to you about our services as well as network maintenance that might affect our services provided to you
- Allowing you to create an account with us to manage the service and keep track of usage
- To get a better understanding of you as a customer via emails, including offers we know you’d be interested in given your use of our services
That sounds fair, but how do you keep my information safe?
Your personal information is treated in the same way we treat our own data – with the upmost security and respect. We have strict procedures and controls in place to ensure that it is properly protected. We expect this same high level of care from all of our third party providers (those that provide services to us) too.
Thanks for the summary, but where can I find more details?
You can always get in touch with our support team with any further questions that you might have.
When and what personal information do you collect about me?
This varies – you might be signing up for our service, or you might just be showing interest in joining us. We’ll collect only the information that we believe is required to satisfy your intent.
Some of this information includes:
- Contact details about you, your company and employees
- Payment information including your credit/debit card
- Details of the services that you’ve used, purchased or shown interest in, including when and how you use them
Examples of when this information could be collected include: registering or purchasing a service from us, when you set up your account, download and use our apps, browse or visit our website or enter any promotion.
Why do you collect personal information from me?
We need to know and keep certain information about you so that we can, for example:
- Manage your account with us
- Provide you with services and support that you request
- Collect payment from you for these services
- Send important information about your account and our services
- Keep you up to date with our latest offers and understand what you are interested in
- Detect, prevent and protect both us and our users against fraud and cyber attacks
- Comply with any legal and regulatory obligations that we have
Is my data shared with anybody else?
We sometimes use third parties to perform services on our behalf or to provide service directly to you. An example of this is our payment processors – they manage our payments as well as carrying out fraud checks to protect us and our users.
We never share your data with a third party for advertising or any other purpose that isn’t directly linked to the services that we offer.
If I think the personal information you hold about me is incorrect, how do I get you to change it?
Simply contact our support team and they will assist you in correcting or updating your personal information,
How do I adjust my marketing preferences?
All such communication that we send to you will include unsubscribe links. Alternatively, you can contact our support team and they will be able to modify your preferences.
Please read this policy carefully as it provides you information on how we collect and process your information through your registration, use and interaction with our services (which includes our websites and apps).
Our services are not intended for use by children, however we will still process, retain and share information relating to children if they use our services in the same way that we do from all other users.
This policy applies even if you’re not one of our registered users and you interact with us as part of our business or if you provide us with information about somebody else as required in relation to our service. Examples include:
- Use of our services when they are paid for by somebody else
- Interacting with any promotion, survey, trial or prize draw
- Contacting our support team
- Making general enquiries about our services
This policy doesn’t apply to:
- Information about our employees or shareholders.
- Third party companies or organisations using your information to offer relevant online advertisements to you (eg. where they advertise our services and use cookie, tag and/or other technology).
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.
We are under a legal obligation to inform you of what personal information we are collect about you, what it is used for and why. There must be a good reason for our use and you your rights regarding this information should be presented to you. You have the right to know what information we hold about you, to request a copy of this information and to ask us to modify or remove it.
- When you express an interest in our service
- When you sign up to our service
- How we protect ourselves, our service and our users from fraud and other threats
- When providing you with the service itself including billing
- How we use it to market our services that we think will interest you
We always need a legal basis for anything that we do with your information. We usually rely on one of three reasons for this.
- Performance of our service as requested by you – You have requested or signed up to a service from us, and as such we are entitled to process your information to provide you with that service and also to bill you for it
- Our legitimate interests – We make this decision having assessed whether our use of your information (or the use by a third party that we contract with) would be fair and without overriding your right to privacy. An example of this would be to prevent fraud or other threats against us, our service or our users. We do not use your information for activities where our interests are overridden by the impact on you unless we have your consent (which you may withdraw) or are otherwise required/permitted to do so by law.
- To comply with our legal or regulatory obligations – We may be required by law or regulation to process, retain and share your information
How do you access and update my information?
Information we hold about you can be viewed, requested and/or edited either directly within our service or by contacting our support team. Once we have processed your request we’ll be in touch with further details.
While we will always assist you with your request, we may refuse if we believe that by carrying out your request it would have a negative effect on others or the law prevents us from doing so.
All such requests are free of charge however we may reject requests if they are repetitive, excessive or if you don’t have the right to ask for the information. In these circumstances we will explain our reasons for not carrying out your request.
What if I do not want to receive marketing from you?
We use the information we hold about you to judge what we believe you may want, need or be interested in. With this information we can send you details about services, offers and other information we believe will be of interest and relevant to you.
You will continue to receive marketing communication until you opt out of receiving such information
You can opt out of receiving marketing from us at any time. All of our communication will provide a link through which you can modify your preferences or you can contact our support team with your request.
As we use your information under one or more of our legal basis for doing so, we do not usually rely on consent for using this information. If we were to use your information for any other purpose (such as allowing a third party to send you direct marketing communication via email or text message) then we would seek your explicit consent.
What should I do if I am concerned about the information you hold or what you are doing with it?
You can ask us at any time to correct, complete, delete or stop using any personal information that we hold about you by contacting our support team.
If you concern is about the use of your information in our marketing please refer to the specific section in this policy that covers marketing. You are also able to change your marketing preferences in any such communication you receive from us.
If you want us to stop using personal information we’ve collected via cookies on any of our services please refer to the Cookies section for details on how to do this.
Please note that in some cases, despite your request, we might decide to keep some or all information. This would only be for a legitimate reason, such as a legal or regulatory obligation on us to do so or to allow us to keep providing our services. An example of this would be your billing information – as a user of our service we need to keep certain information to show that we have charged you correctly. If this is the case then we will always tell you why we are keeping the information.
We have built our service in a way that protects information and respects your request. As such, when you delete, change or ask us to delete/change your information we might not do so straight away from our back-up systems, or copies on our active servers. We may also need to keep some information in order to fulfil your request.
What if I am looking to move my information to another provider?
You can ask us to move, copy or transfer the information you have given us if we provide you with our service or if you have said that we can use your information. Simply contact our support team with your request. We will normally complete such requests within 30 days.
Your information will be sent in an electronic format but we will do our best to send it in another format if required.
While we will always assist with any request you make, there may be times where we can refuse if sharing. For example, if providing you or another provider will have a negative effect on others because it includes the personal information about someone else or if a law or regulation prevents us from doing so.
Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
How to get a copy of the information that you hold about me?
Some of the information we hold about you is available for you to view directly within our service. You can also ask for further details by contacting our support team with your request.
If you work for one of our business/corporate customers then you may have to ask your employer to contact us with this request on your behalf.
We’ll usually get back to you within 30 days or sooner if required by law to do so.
All information will be provided to you electronically unless you request otherwise.
What data do you collect about me?
Personal information, or personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) or information that relates to a company.
There are different types of information that we may collect, store, use and transfer, such as:
- Contact information – billing/delivery address, email address and telephone numbers of the individual/business registering, as well as any administrators and authorised users. These are usually collected when registering and using our services.
- Identity information – title, full or partial name, username and other identifiers/handles, business or company name (could be the registered name and/or trading as name), job title and/or profession/industry of the individual/business registering, as well as any administrators and authorised users. These are usually collected when registering and using our services.
- Financial information – bank details or payment card details of the business/individual who registered for our services. These are usually collected when registering and using our services.
- Marketing/Communication information – preferences around receiving marketing and communication from us and/or third parties sent to the individual/business registering, as well as any administrators and authorised users. These are usually collected when registering and using our services.
- Profile information – usernames/handles, passwords, purchases or orders made, interests, preferences and feedback of the individual/business registering, as well as any administrators and authorised users. These are usually collected when registering and using our services.
- Technical information – IP address, location and timezone data, login data, browser and device type, operating system/platform and other technology on the devices used to access our service, unique device identifiers (such as IMEI number, MAC address, mobile phone number), mobile/wireless/wired network related data of the individual/business registering, as well as any administrators and authorised users. These are usually collected when registering and using our services.
- Transaction information – payments (to and from us) and details of services you have received, consumed and/or used from us to the individual/business registering, as well as any administrators and authorised users. These are usually collected when registering and using our services.
We also collect, use and share statistical and/or demographic information for any purpose – this is known as aggregated data. While such data is derived from your personal information it is not considered personal data as any information that can identify an individual has been removed and as such cannot reveal any individual’s identity. If this data is later combined with your personal data and you can be identified as an individual then we treat this new combined data as personal information and as such it will only be used in accordance with this policy.
We do not collect any information that could be deemed to be “Special Categories of Personal Data”. This includes details about your beliefs (religious, political, philosophical or other), race, sexual orientation, health, criminal convictions and offences.
How do you collect my personal information?
We use a variety of methods when collecting data from and about you, including:
Automated – As you interact with our service we may collect technical and usage information as described in this policy. This could be done using cookies, server logs or other similar technologies.
Direct – This is where you provide data to us directly via your interaction with our service. This could be by filling in a form, corresponding with us, enquiring or registering for our service, providing us feedback or requesting help.
Third parties and publicly available sources – This is where we use other data providers to obtain further or enhance existing information about you. These include:
- Analytics providers such as Google and Facebook based outside the EU
- Advertising networks such as Google, Facebook, Twitter, LinkedIn based outside the EU
- Email deliver providers such as MailChimp and MailJet based outside the EU
- Usage Data from communication providers such as Hutchinson 3G based outside the EU
- Search information providers such as Google or Yahoo based outside the EU
- Technical, payment and deliver services such as Stripe based outside the EU and ChartMogul based outside the EU
- Support and helpdesk providers such as Help Scout based outside the EU
- Publicly available sources such as Companies House based inside the UK
What if I don’t want to provide you with my information?
There is some data which is necessary for us to provide you with our service, while other data is required by law/regulation.
You are under no obligation to register and use our service, but for us to provide you with the service and fulfil our current or future contractual obligations with you, as well as any requirements put on us by law or regulation, we require your information.
If we cannot provide you with the service or fulfil our legal/regulatory duties due to a limitation on the amount of information that you provided to us we may refuse your registration or cancel any existing service with us as if we are not able to perform our contractual obligations to you and we will notify you of this.
What about cookies?
We also collect data about your usage while you are using our service via cookies that can be used to generate pseudonyms for your user profile and as such these cookies can store information about your visit and your interaction with our service.
Our services use the following cookies:
- Google (google.com / firebase.com) – Expires after 2 years – Usage and advertising tracking
- Facebook (facebook.com) – Expires after 2 years – Usage and advertising tracking
- Help Scout (helpscout.com) – Expires after 2 years – Usage and support tracking
- Active Campaign (activecampaign.com) – Expires after 2 years – Usage tracking and information capture
- HubSpot (hubspot.com) - Expires after 2 years – Usage tracking and information capture
Where and how is my information stored?
All information that you provide us is stored on our secure servers which have industry standard security and firewalls. While we store your information securely users should be aware of their own security and avoid, for example, sharing passwords.
We have security safeguards in place as to how we collect, store and disclose your information. With these in place our security procedures require us to request additional proof of identity from you before we disclose personal information. These safeguards also have measure to protect your information from loss as well as improper or unauthorised access and usage.
We provide limited access to only the information required for employees, agents, contractors and third parties to fulfil their responsibilities. Their use and access to your information is governed by our instructions to them and they are under the same obligations present in this policy.
Should there be a breach (or suspected breach) of your information we have procedures in place for us to notify both you and any applicable regulator of such an event where we are legally required to do so.
We use secure internet connections wherever possible in order to protect the transmission of your information to us over the internet. However, transmission of your information is carried out at your own risk. We have strict security procedures and features to prevent attempt unauthorised access once the information is received by us.
Who do you share my information with?
There are times when we may share your personal data with third parties for the purposes described in this policy.If your information is shared with any third party we will always require them to keep it secure and have it treated in accordance with the law.We do not allow third parties to use your information for their own purposes and only allow them to process your information for specific purposes and in accordance with our instructions. These parties include:
- We may be under legal and/or regulatory obligations when we must share your personal information. We also have a duty to protect rights, property, the safety of users and our own platforms/services, or others. We may exchange information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- Any party who we may choose to sell, transfer or merge parts of our business or our assets, or where we choose to acquire or merge with another business or asset. Any change of this type would mean that the new owners may acquire your personal data but it would still be subject to the terms set out in this policy
- The third parties listed below
- Stripe, ChartMogul and Profitwell who provide or enhance all payment, subscription and billing services.
- Mailchimp, Mailjet and SMTP.com who provide account operational & notification emails.
- Active Campaign and HubSpot who provide pre-customer marketing, customer onboarding and product updates.
- HelpScout who provide the chat/help system.
- Facebook and Google for usage analytics and marketing activites
- Service providers acting as processors providing IT and system administration services, based inside the EU and UK.
- Professional advisers acting as processors or joint controllers including accountants, consultants, lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services, based in the UK.
- HMRC, regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances, based in the UK
- Law Enforcement and/or National Security Services who may require (on demand) reporting of phone system activities in certain circumstances.
How long do you store my information for?
We will only store your information for as long as it is necessary for us to full the purposes we collected it for. This includes the satisfaction of any legal, regulatory, accounting or reporting obligations we have.
The amount, nature, sensitivity, risk and purpose of your information is considered when deciding how long we keep such information.
By law we must hold basic information about users for six years after they cease being users. Basic information includes contact, identity, financial and transaction information.
You can request from us at any time the retention status of your information by contacting our support team.
You can ask us to delete your data at any time, however not all data can be removed as regards our obligations and responsibilities listed.
We will anonymise your information (where it can no longer be used in a way that would identify you specifically) in some circumstance in order to continue using the data for research or statistical purposes. In this instance we can continue using the information indefinitely and without any further notice to you.
Just so I’m clear, what are my rights regarding the information you hold about me?
In summary, you have the right to:
- Request access to your information
- Request correction of your information
- Request your information is deleted
- Request the processing of your information be restricted (under certain conditions)
- Object to the processing of your data (under certain conditions)
- Request to transfer your information to a third party
- Withdraw your consent at any time where your consent was required and obtained
There is no charge for you to request any of the above actions from us. However, where we believe requests are unfounded, repetitive or excessive then we may ask for a fee to be paid in order to carry out your request, else we may refuse to comply with your request in such circumstances.
To ensure that we are releasing information to the person who has the right to access it we may sometimes ask for additional specific information from you so that we can confirm your identity.
All legitimate requests shall receive a response within one month. If your request is particularly complex or if you make number of requests it make take us longer to complete, in which case we will notify you accordingly.
What if I need more details about how you use my information or I just want to discuss it with you?
In the first instance please get in touch with our support team and your enquiry will reach our Data Protection Officer.
Alternatively, you can write to the address below and mark it for their attention.
Swytch Mobile Limited
47 Dean Street
If you want to make a complaint on how we have handled your personal information, please contact our data protection officer who will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner – https://ico.org.uk/