Global Privacy Policy

Latest update: August 1, 2021

Swipelux (defined below under “Our relationship to you”) is committed to protecting the privacy of visitors to our websites and our customers. This Privacy Policy describes how we handle your personal data when you access our services, which include our content on the websites located at swipelux.com, swipelux.com/buy or any other websites, pages, features, or content we own or operate (collectively, the "Site(s)"), or any Swipelux API or third party applications relying on such an API, and related services (referred to collectively hereinafter as "Services"). If you have any questions about this Policy, please send them to privacy@swipelux.com

Changes to this privacy policy

We may modify this Privacy Policy from time to time. Please check the date at the bottom of this notice to see when it was last updated.

Our Relationship to you

Swipelux operates internationally through entity (together “Swipelux”, “we”, “us”, “our”) in Estonia in order to provide Services to our customers.

Registry code: 16205129
Name:	 Swipelux OÜ
Address: Harju maakond, Tallinn, Mustamäe linnaosa, Vinkli tn 13, 12618
Value Added Tax identification number: EE102373402

Personal Information we collect

Personal information means any data which relates to a living individual who can be identified from that data, or from that data and other information which is in the possession of, or is likely to come into the possession of, Swipelux (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of Swipelux or any other person in respect of an individual. The definition of personal information depends on the relevant law applicable for your physical location.

Information you provide to us

This includes information you provide to us in order to establish an account and access our Services. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services (e.g. you will need to provide your bank account number if you would like to link that account to Swipelux), or is relevant for our legitimate interests described in greater detail below.

The nature of the Services you are requesting will determine the kind of personal information we might ask for, but may include:

Information we collect automatically or generate about you

This includes information we collect automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:

Information collected from third parties

This includes information we may obtain about you from third party sources. The main types of third parties we receive your personal information from are:

Anonymized and aggregated data

In addition to the categories of personal information described above, Swipelux will also process anonymized information and data that is not processed by reference to a specific individual. Types of data we may anonymize include transaction data, click-stream data, performance metrics and fraud indicators.

How we use your personal information

We may use your information in the following ways and for the following purposes:

  1. To maintain legal and regulatory compliance Swipelux needs to process your personal information in order to comply with anti-money laundering and security laws. In addition, when you seek to link a bank account to your Swipelux account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. We also process your personal information in order to help detect, prevent, and mitigate fraud and abuse of our Services and to protect you against account compromise or funds loss. If you do not provide personal information required by law, we will have to close your account.

  2. To provide Swipelux’s Services we process your personal information to provide Services to you. For example, when you want to store funds on our platform, we require certain information such as your identification, contact and payment information. Third parties that we use such as identity verification services may also access and/or collect your personal information when providing identity verification and/or fraud prevention services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. The consequences of not processing your personal information for such purposes is the termination of your account.

  3. To provide communications and customer services according to your preferences and in compliance with applicable law, we may send you marketing communications to inform you about events, to deliver targeted marketing and to share promotional offers. If you are a new customer, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please go to your account settings to opt-out or submit a request via privacy@swipelux.com We may send you service updates regarding administrative or account-related information, security issues, or other transaction-related information. These communications are important to share developments relating to your account that may affect how you can use our Services. You cannot opt-out of receiving critical service communications. We also process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

  4. In our legitimate business interests sometimes the processing of your personal information is necessary for our legitimate business interests, such as:

    • quality control and staff training;
    • to enhance security, monitor and verify identity or service access, and to combat spam or other malware or security risks;
    • research and development purposes;
    • to enhance your experience of our Services and Sites; or
    • to facilitate corporate acquisitions, mergers, or transactions.

Legal bases for processing your information

For individuals located in the European Economic Area, United Kingdom or Switzerland at the time their personal data is collected, we rely on legal bases for processing your information under the relevant data protection legislation. These bases mean we will only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), for our legitimate interests to operate our business, to protect Swipelux’s or your property rights, or where we have obtained your consent to do so. We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission.

Disclosing your personal information to third parties

We allow your personal information to be accessed only by those who require access to perform their work and share it only with third parties who have a legitimate purpose for accessing it. Swipelux will never sell or rent your personal information to third parties without your explicit consent. We will only share your personal information with the following types of third parties:

Third-party sites and services

If you authorize one or more third-party applications to access your Swipelux Services, then information you have provided to Swipelux may be shared with those third parties. A connection you authorize or enable between your Swipelux account and a non-Swipelux account, payment instrument, or platform is considered an “account connection.” Unless you provide further permissions, Swipelux will not authorize these third parties to use this information for any purpose other than to facilitate your transactions using Swipelux Services. Please note that third parties you interact with, should have their own privacy policies and Swipelux is not responsible for their operations or their use of data they collect.

Examples of account connections include:

How we protect and store personal information

Swipelux implements and maintains reasonable measures to protect our information and information systems. Customer files are protected with safeguards according to the sensitivity of the relevant information. Reasonable controls (such as restricted access) are placed on our computer systems. Physical access to areas where personal information is gathered, processed or stored is limited to authorized employees.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the US, Malta and elsewhere in the world where our facilities or service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

As a condition of employment, Swipelux’s employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive personal information is limited to those employees who need to it to perform their roles. Unauthorized use or disclosure of confidential customer information by a Swipelux employee is prohibited and may result in disciplinary measures.

When you contact a Swipelux employee about your file, you may be asked for some personal details. This type of safeguard is designed to ensure that only you, or someone authorized by you, has access to your file. You also play a vital role in protecting your own personal information. When registering with our Services, choose a password of sufficient length and complexity, don’t reveal it to any third-parties and immediately notify us if you become aware of any unauthorized access to or use of your account.

Retention of personal information

How long we hold your personal information for will vary. The retention period will be determined by the following criteria:

If you have further questions about our data retention practices, please contact us at privacy@swipelux.com

If we anonymize your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.

Children's personal information

We do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, Swipelux will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services, so we can take action to prevent access to our Services.

Cross border transfers

Swipelux is an international business with operations in countries including the UK and the EU. This means we may transfer to locations outside your country. When we transfer your personal information to another country, we will ensure that any transfer of your personal information is compliant with applicable data protection law.

Your privacy rights

Depending on applicable law of where you reside, you may be able to assert certain rights related to your personal information. These rights include:

You can exercise your rights by contacting us using the details listed below. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

How to contact us

If you have questions or concerns regarding this Privacy Policy, or if you have a complaint, please contact us at privacy@swipelux.com, or by writing to us at the Swipelux entity addresses provided above.

If you reside in the EU, you can file a complaint with the International Centre for Dispute Resolution by phone at +1.212.484.4181, or through your relevant data protection authority.

In the UK, the data protection authority is the Information Commissioner's Office.

In Malta, the data protection authority is the Information and Data Protection Commissioner.

In Singapore, the data protection authority is the Personal Data Protection Commission.

Privacy Policy last updated: Aug 1, 2021