Privacy Policy

Privacy

For Our Clients

With this notice or message, we want to inform you that the protection of your personal data is important to Swinto Kosova Sh.a. Therefore, we have adopted a privacy policy, which is in compliance with local legislation, GDPR and international best practices in the field of personal data protection.

This data protection notice provides you with detailed information regarding the protection of your personal data by Swinto Kosova Sh.A (“we”). The rules set out in this document apply to any form of data, whether stored electronically, on paper or on other devices where data is stored.

We are responsible, as the controller, for the collection and processing of your personal data in connection with our activities. The purpose of this privacy notice is to inform you about what personal data we collect about you, the reasons why we use and share this data, how long we keep it, what your rights are and how you can exercise them.

Further information may be provided when necessary, when you apply for, subscribe to or use a particular product or service.

Definitions

Personal data controller: Any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Swinto Kosova Sh.a is the controller of personal data.

Subject of personal data: An identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identification number, an online identifier or location data.

Personal data: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.

Sensitive personal data: Personal data revealing ethnic or racial origin, political or philosophical opinions, religious beliefs, trade union membership or any data concerning health or sex life. This also includes any inclusion or deletion in criminal or misdemeanour records kept in accordance with the law. Biometric characteristics are also considered sensitive personal data if they enable the identification of the data subject in relation to any of the above circumstances.

Biometric data: All personal data resulting from specific processing and relating to the physical, psychological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that person. These include visual images, dactyloscopic data, as well as features that are unique and permanent to each individual, such as: fingerprints, finger papillary lines, iris, retina, facial features and DNA.

Principles of personal data processing

The processing of personal data will be carried out in full compliance with the principles of personal data processing, as set out in the Law on Personal Data Protection. These principles stipulate that personal data must be:

  • Processed fairly and lawfully;
  • The principle of correctness and transparency;
  • Processed for specific purposes and in an appropriate manner;
  • The data must be adequate, relevant and not exceed the purposes for which they were collected;
  • Be accurate and up-to-date;
  • They should not be kept longer than necessary to accomplish the intended purpose;
  • Processed in accordance with the rights of the subject;
  • Data should not be transferred to other persons or companies without adequate security;
  • Accountability.

Type of personal data that Swinto processes

Swinto processes personal data to provide its services or when required by law. The category of personal data processed depends on the services requested and the products used by the customer. If you want to open an account in the Swinto application, you must provide more personal data. Therefore, the personal data that Swinto possesses is divided into different subcategories. The list presented below is not limiting, as the customer may also use other services and products that require the processing of additional personal data or when required by applicable legislation. We collect and use your personal data to the extent necessary within the framework of our activities and to achieve a high standard of personalized products and services. We may collect different types of personal data about you, including:

  • Name and Surname;
  • Personal identification number;
  • Date and place of birth;
  • Copy of personal identification documents;
  • Citizenship;
  • Gender;
  • Residential and email address;
  • Phone numbers/Contacts (Swinto uploads the user's contact list to the Swinto API so that they can connect with friends and family. The contact list you have on your phone will be synchronized with Swinto contacts so that you can send and receive money from them);
  • Business information (for business customers);
  • Authentication data (signature sample);
  • Photography;
  • FATCA status and TIN number;
  • PEP status;
  • Professional experience;
  • Education;
  • Employment-related data;
  • Credit/debit card details;
  • Transaction details and history;
  • Data about banks or other financial companies;
  • Other data on the use of products and services;
  • Family situation (e.g. marital status);
  • Data related to your habits and preferences:
    • Data regarding your leisure activities and interests.

Technical Information:

  • User registration and subscription data, e.g. registration credentials for online financial services;
  • Data/locations from mobile or other device;
  • The unique identifier for your device;
  • IP address of the devices with which you access online financial services;
  • Data on the technological device you use;
  • Data about merchants where you pay with your card;
  • Data about cookies used by the website;
  • Information related to your digital activities (e.g. IP address, browsing activity, geolocation, etc.);

Other personal data:

  • Data/Views from security cameras in and around Swinto's premises;
  • Data/Voice Recordings;
  • Data regarding complaints and information regarding the execution of the data subject's rights;
  • Data from investigations (e.g. sanctions and anti-money laundering controls);
  • Data from your interactions with us: (contact reports), our websites, our applications, our social media pages, meetings, calls, chats, emails, interviews, telephone conversations;

How Swinto collects your Personal Data

Swinto collects your personal data primarily when you use the services we offer. Your personal data is collected when you:

  • Open an account and/or register as a customer;
  • Apply for any of our products or services;
  • Use financial services;
  • Visit or use our website through your browser's cookies;
  • Visit our offices;
  • Contact Swinto by providing information verbally or in writing, via email, contact forms, telephone calls, the Swinto application, applications where you can file complaints or other applications, contracts or other communication channels;

Swinto may also collect your data, within the limits permitted by law, indirectly from natural persons, legal entities or other sources, including:

  • Public registers (e.g., property register, Police website for verification of identity card validity);
  • Socially or economically related parties (e.g., employers, business owners, relatives or other persons);
  • Public authorities and law enforcement agencies
  • Recruitment agencies.

    SWINTO will use customers' personal data for the purposes listed below:

    • For identification and verification;
    • For opening virtual accounts;
    • For the provision of services for the issuance of electronic money;
    • Processing data related to the fulfillment of contractual obligations for each financial product and service;
    • For the performance of payment services and other transactions for or by data subjects;
    • For the issuance of various credit products;
    • For online/digital services;
    • For marketing purposes;
    • For compliance with legal requirements etc.;
    • Fulfilling legal and regulatory obligations (such as reporting and responding to requests from the Central Bank of the Republic of Kosovo);
    • Improving customer services and customer relationship management;
    • Providing high-quality and long-lasting services and products;
    • Prevention of money laundering, terrorist financing and fraud;
    • Ensuring proper risk management;
    • For market research;
    • Safeguarding Swinto's legitimate interests (e.g. camera surveillance, resolving customer complaints, etc.);
    • For planning and statistical analysis, etc.

    We never ask for personal data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data regarding your sexual orientation, unless required by a legal obligation.

    II. SPECIFIC CASES OF COLLECTION OF PERSONAL DATA, INCLUDING THEIR INDIRECT COLLECTION

    In certain circumstances, we may collect and use the personal data of individuals with whom we have, may have or have had a direct relationship, or for example, potential customers. For some reasons, we may also collect information about you, while you do not have a direct relationship with us. This may happen, for example, when your employer provides us with information about you or your contact details are provided by one of our customers if you are, for example:
    • Legal representative (authorization);
    • Shareholder of the company;
    • Representative of a legal entity (which may be a customer or vendor);
    • Employee of service providers and trading partner;
    • Contacted staff.

    III. WHY AND ON WHAT BASIS DO WE USE YOUR PERSONAL DATA?

    To comply with our legal and regulatory obligations, We use your personal data in accordance with various legal and regulatory obligations, including: • Banking and financial regulations in compliance with which we:
    • We establish security measures to prevent abuse and fraud;
    • Detect transactions that deviate from normal patterns; and
    • We record, when necessary, phone calls, conversations, e-mails, etc.;
    • We prevent money laundering and terrorist financing;
    • Responding to an official request from a duly authorized public or judicial authority;
    • Compliance with legislation related to sanctions and embargoes; and

    To perform a contract with you or to take steps at your request prior to entering into a contract, We use your personal data to enter into and perform our contracts, in order to: • Provide you with information about our products and services;
    • To assist you and respond to your requests;
    • To assess whether we can offer you a product or service and under what conditions; and
    • To provide products or services to our clients of whom you are an employee or customer (for example: in the context of cash management).

    To fulfill our legitimate interest, We use your personal data to distribute and develop our products or services, to improve risk management and to protect our legal rights, including: • Evidence of transactions;
    • Fraud prevention;
    • Training our staff;
    • IT management, including infrastructure management (e.g. shared platforms), business continuity and IT security;
    • Creating statistics, tests and models collected for research and development, with the aim of improving the risk management of our group of companies or improving existing products and services or creating new ones;
    • Personalizing our offer for you through:
    • Improving the quality of our banking, financial or insurance products or services;
    • Advertising products or services that match your situation and profile that we reach.

    This can be achieved by: • Segmenting our customers and potential customers;
    • Analyzing your habits and preferences across various channels (visits to our branches, emails or messages, visits to our website, etc.);
    • Administration of a contest, promotional lottery, giveaway, competition or other similar marketing campaign and event management;
    • Communication about our products, services, offers, news;
    • Customer service, including answering your questions;
    • Improving and personalizing your experience on our websites and applications;
    • Account maintenance including administration of any loyalty or customer reward programs associated with your account;
    • Processing and awarding prizes won through your participation in our promotional games.
    • Your data may be aggregated into anonymous statistics that may be provided to professional clients to help them develop their business. In this case, your personal data will never be disclosed and those receiving these anonymous statistics will not be able to determine your identity.

    Respect your choice if we have requested your consent for a specific processing

    In certain cases, we must request your consent to process your data, for example:
    • When the above purposes lead to automated decision-making, which produces legal effects or significantly affects you. At that point, we will inform you separately about the logic involved as well as the significance and envisaged consequences of such processing;
    • If we need to carry out further processing for purposes other than those set out above in section III, we will inform you and, where necessary, obtain your consent.
    • For interaction on social networks for the purposes of organizing competitions.

    Swinto's legal obligations towards you and the consent I obtain from you

    If the processing of personal data is necessary and there is no statutory basis for this processing, Swinto obtains consent from the data subject. Your consent is revocable at any time and you can withdraw your consent in the same form as you gave it or via our contact channels free of charge. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

    IV. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

    To fulfill the aforementioned purposes, we disclose your personal data, but not limited to:
    • Service providers who perform services on our behalf;
    • Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
    • Some regulatory professionals such as lawyers, notaries, auditors.

    V. TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA

    Your personal data may be transferred to the competent authorities of the Republic of Kosovo, to third parties – local and international entities to comply with applicable legislation and for services for which Swinto needs to perform payments or financial services;
    In the case of international transfers originating from the European Economic Area (EEA), where the Privacy and Information Agency has recognized a non-EEA country as ensuring an adequate level of data protection, your personal data may be transferred in accordance with the applicable Data Protection Law, where the controller is determined based on:

    For transfers to non-EEA countries whose level of data protection is not recognised by the State Agency for Personal Data Protection, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to fulfil our contract with you as in the case of an international payment) or implement one of the following safeguards to ensure the protection of your personal data:
    • Standard contractual clauses for the transfer of personal data approved by the State Agency for Personal Data Protection;
    • Binding Corporate Rules.

    Swinto will only transfer data to third parties when required by law or if you have consented to the transfer. When data is transferred, the transfer only occurs in accordance with the provisions of Law No. 06/L – 082 on the Protection of Personal Data and if the country or international organization in question ensures an adequate level of data protection.

    VI. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

    The retention period of personal data depends on the category of that personal data and the purposes for which it is processed. However, personal data are processed for as long as is necessary for Swinto to carry out its obligations in relation to the purpose for which the personal data were collected or as required by applicable legal and regulatory frameworks.
    Swinto will process your personal data even after the termination of the contractual relationship, for as long as required to fulfill legal obligations and documentation requirements.
    Personal data related to account information is retained for 6 years from the date of account closure.
    Swinto justifies the retention period based on the purposes for processing personal data and complies with legal obligations for data retention. If personal data is no longer required, it will be deleted in accordance with our deletion processes or anonymized, i.e. stripped of all possible identifying characteristics.

    VII. WHAT ARE YOUR RIGHTS AND HOW CAN WE EXERCISE THEM?

    In accordance with applicable regulations, you have the following rights:
    • The right to be informed – You have the right to be informed about the collection and use of your personal data;
    • Have access: you can obtain information regarding the processing of your personal data and a copy of such personal data;
    • To correct: when you believe that your personal data is inaccurate or incomplete, you may request that such personal data be amended accordingly;
    • To delete: you may request the deletion of your personal data, to the extent permitted by law;
    • To restrict: you may request the restriction of the processing of your personal data;
    • Object: you may object to the processing of your personal data, for reasons relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling in connection with such direct marketing;
    • Withdraw your consent: if you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time;
    • Data portability: where lawfully applicable, you have the right to have your personal data that you have provided to us returned to you or, where technically feasible, transferred to a third party.
    Në përputhje me rregulloren e zbatueshme, përveç të drejtave tuaja më sipër, ju po ashtu keni të drejtë të parashtroni një ankesë tek autoriteti kompetent mbikëqyrës.

    Automated decision-making and profiling

    Swinto does not use profiling and automated decision-making when establishing working relationships with the data subject.
    However, Swinto may use automated decision-making and profiling to monitor individuals, companies, suspicious transactions or to identify payments subject to international sanctions related to the prevention of money laundering, fraud and terrorist financing.
    The use of personal data may be expanded from time to time, depending on the products and services offered by SWINTO, in accordance with the laws and regulations on the protection of personal data, as well as other relevant laws in force.

VIII. “COOKIES” POLICY

We use your personal data to manage our website and the Swinto application, to ensure that the content of our website is presented to you in the most relevant and effective way. For more information, please see our Cookies Policy.

IX. HOW CAN YOU BE INFORMED ABOUT CHANGES MADE TO THIS DATA PROTECTION NOTICE?

We may need to update this Privacy Notice from time to time. We encourage you to review the most current version of this notice online and we will notify you of any material changes via our website or other customary communication channels. If you have any questions or comments about this policy, please email us at info@swinto.com.