DATA PRIVACY POLICY
Last Modified: 11 July 2023
The below terms (together with the documents referred to) tell you how we store customer data.
Swish ("we", "our", "us" or "Swish") is committed to protecting the privacy of all users of our app, services and platform (the "Services" and "Platform(s)"). Please read the following privacy policy ("Privacy Policy") carefully which explains how we use and protect your information.
By using our Services and Platform(s), you agree and where required, you consent, to the collection, use, transfer, disclosure, retention and protection of, your information as set out in this policy (together with any other documents referred to on it).
1. CONTACT DETAILS
If you have any queries or requests concerning this privacy policy or how we handle your data more generally, please get in touch with us using the following details.
Email Address: privacy@swish.app
2. HOW WE COLLECT YOUR INFORMATION
2.1 We collect certain information when you interact with us or when you use our Services. We may from time to time, also look at how visitors use our Site(s), to help us improve our services and optimise customer experience.
2.2 We collect information:
- when you install the Swish app;
- when you contact us directly via email, phone, post, message or via any chat function we may offer from time to time; and
- when you browse our Platform and use our Services (before and after you create an account with us).
2.3 As an app available through Shopify, we have access to certain information provided by you to Shopify and we sometimes read and use this information in providing our Services. We do not store this data, which remains under the control of Shopify.
3. INFORMATION THAT WE COLLECT FROM YOU
3.1 As part of our commitment to the privacy of our customers and visitors to our Platform more generally, we want to be clear about the sorts of information we will collect from you.
3.2 When you visit the Platform and subscribe for Services, you are asked to provide information about yourself including your name and contact details. We don't ask for this information, we can load it through Shopify for as long as the app is installed.
3.3 We also collect information when you contact us or provide us with feedback, including via e-mail, letter, phone via any chat function we may offer from time to time.
3.4 Particular types of information we collect include:
- products added to a wishlist;
- product variants added to a wishlist;
- references to products, variants added to wishlist;
- partial product data, partial product metafields;
- the date a product is added to a wishlist;
- the details of the owner of the wishlist;
- the Shopify customer ID of the wishlist owner;
- partial information about your Shopify store (e.g. domain).
3.5 Swish does store and does have access to your Shopify account information.
3.6 We may at times require and have access to personal data provided by you to Shopify.
4. USE OF YOUR INFORMATION
4.1 We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information:
- if we need to process your information in order to provide you with the service you have requested or to enter into a contract;
- we have your consent;
- we have a justifiable reason for processing your data; or
- we are under a legal obligation to do so.
4.2 Where we need to, in order to provide you with the Service(s) you have requested or to enter into a contract, we use your information:
- to supply the Service(s) you have requested;
- to enable us to collect payment from you save that as at the date hereof, we don't collect payments, Shopify does;
- to contact you where necessary concerning our Service(s), such as to resolve issues you may have with your order.
4.3 We also process your data where we have a justifiable reason for doing so - for example, personalisation of our Service(s), including processing data to make it easier and faster for you to do certain things. We have listed these reasons below:
- to improve the effectiveness and quality of Service(s) that our customers can expect from us in the future;
- to enable our customer support team to help you with any enquiries or complaints in the most efficient way possible;
- to contact you for your views and feedback on our Service(s) and to notify you if there are any important changes or developments to the Site(s), Platform or our Service(s), including letting you know that our services are operating in a new area, where you have asked us to do so;
- to analyse your activity so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud;
- to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect the rights of Swish or others (including to prevent fraud);
- if you submit comments and feedback regarding the Service(s), we may use such comments and feedback on our app and in any marketing or advertising materials. We will only identify you for this purpose by your first name and the city in which you live.
4.4 Where we rely on legitimate interest as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests.
4.5 Where we are under a legal obligation to do so we may use your information to:
- create a record of your Order(s) and Subscription(s); and/or
- comply with any legal obligation or regulatory requirement to which we are subject.
4.6 To provide the Service(s) to you, for example, for a csv export or dashboard functionality, we obtain and use the information provided by you to Shopify on an as-needed basis. This information is never stored by Swish.
5. COOKIES
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Platform may become inaccessible or not function properly.
6. DIRECT MARKETING
Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know about our other products and services that may be of interest to you and we may contact you to do so by email.
7. RETENTION OF YOUR INFORMATION
7.1 We will not retain your information for any longer than we think is necessary.
7.2 Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of Your information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
7.3 When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- our legitimate interests where we have carried out balancing tests;
- (potential) disputes;
- guidelines issued by relevant data protection authorities.
7.4 Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
8. DISCLOSURE OF YOUR INFORMATION
8.1 The information we collect about you will be stored safely. We are very careful and transparent about who else your information is shared with.
Sharing your information internally
8.2 We may share your information with our other group companies only where necessary for the purposes set out in section 4.
Sharing your information with third parties
8.3 We may share your information with third-party service providers. The types of third-party service providers whom we share your information with include:
- IT service providers (including cloud providers): for the purposes of data storage and analysis;
- Customer support partners: who will help us to resolve any issues you may have with our Service(s);
- As applicable from time to time, marketing and advertising partners: so that they can ensure that you see advertising which is more relevant to you and send you email marketing on our behalf.
8.4 Swish will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy when it is transferred to third parties.
8.5 If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.
8.6 We may also share your information:
- if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement. This includes exchanging information with other companies and other organisations for the purposes of fraud protection and prevention;
- in order to enforce our contractual terms with you and any other agreement;
- to protect the rights of Swish, or others, including to prevent fraud;
- with such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police.
International transfers of data
8.7 Certain personal data we collect from you is processed or transferred outside the European Economic Area ("EEA") to the United States and/or the countries in which Swish operates or may operate in the future. These countries may not have the same protections for your personal data as the EEA has, which protection includes the General Data Protection Regulation (“GDPR”). However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA subject to GDPR protections. There are, therefore, certain safeguards in place when your data is processed outside of the EEA.
8.8 We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- we use the EU approved Standard Contractual Clauses;
- where your personal data is transferred to third party providers based in the US, data may be transferred to them if they have self-certified under the Privacy Shield framework in relation to the type of data being transferred, which requires them to provide similar protection to personal data shared between the EU and the US.
9. SECURITY
9.1 We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected.
9.2 We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
9.3 Where you have chosen a password that allows you to access certain parts of the Platform, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
9.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Platform; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
10. YOUR RIGHTS
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact us using the contact details set out above. For additional information on your rights, please contact your data protection authority and see below.
10.1 The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.
10.2 The right of access. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (see Contact Details).
10.3 The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (see Contact Details).
10.4 The right to erasure. This is also known as "the right to be forgotten" and, in simple terms, enables you to request the deletion or removal of certain information that we hold about you by contacting us (see Contact Details).
10.5 The right to restrict processing. You have rights to "block" or "suppress" further use of your information. When processing is restricted, we can still store your information, but will not use it further.
10.6 The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (see Contact Details).
10.7 The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
10.8 The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
10.9 The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences or disabling cookies as set out in sections 7 and 8 above.
11. CHANGES TO OUR PRIVACY POLICY
Any changes to our privacy policy will be posted to the Platform and, where appropriate, we will notify you of the changes for example by email or push notification.
12. COMPLAINTS
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
Data Protection Commission
Postal Address
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Telephone
+353 578684800
+353 (0)761 104 800
Lo Call Number 1890 252 231
Email
info@dataprotection.ie