The protection of your privacy and personal data is important for SWINTO J.S.C, which has adopted strong principles in that respect of the KOSOVO Law on Protection and Personal Data and GDPR.
This Data Protection Notice provides you with detailed information relating to the protection of your personal data by Swinto J.S.C (hereinafter “Swinto”). The rules set out in this document apply to any form of data, whether stored electronically or on paper, or on other data storage devices.
We are responsible, as a controller, for collecting and processing your personal data in relation to our activities. The purpose of this Personal Data Privacy Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.
Further information may be provided where necessary when you apply for, subscribe or use a specific product or service.
Data Controller: any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines purposes and means of personal data processing;
Personal Data: any information related to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data subject – an identifiable natural person, who can be identified directly or indirectly, by referring to identification based on first name, last name, personal identification number, online identification, location information etc.
Sensitive Personal Data: personal data revealing ethnic or racial origin, political or philosophical views, religious affiliation, union membership or any data related to health condition or sexual life, any involvement in or removal from criminal or offence records retained in accordance with the law. Biometric characteristics are also considered sensitive personal data if the latter enable the identification of a data subject in relation with any of the abovementioned circumstances in this sub-paragraph;
Biometric Data: All personal data resulting from specific processing related to physical, physiological or behavioural characteristics of an individual that allows or confirms the unique identification of that natural person as well as visual images or dactyloscopic, psychological and behavioural data of all individuals but which are specific and permanent for each individual, if it can be used for identifying an individual, such as: fingerprints, finger papillary lines, iris, retina, facial features and DNA;
I. WHICH PERSONAL DATA DO WE USE ABOUT YOU?
Swinto processes personal data in order to provide its services or when it is legally required to do so. The category of personal data to be processed depends on the requested services and products the client uses. If you wish to open an account using the app Swinto, you must provide more personal data. As such, the personal data that the Swinto processes fall into various categories, as provided in the list below. This list, however, is not exhaustive, as the client may be using other services and products which require to process additional personal data or when is require by legislation in force.
We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalized products and services. We may collect various types of personal data about you, including:
Information related to your habits and preferences:
Other personal information:
How Swinto collects your Personal Data
Swinto collects your personal data mainly when you use the services and products we offer. Your personal information is collected when you:
Swinto may also collect your data, within the limits allowed by law, indirectly from natural persons, legal entities or other sources, including:
SWINTO will use the personal data of the clients for the purposes listed below:
We never ask for personal data related to your religious, racial or ethnic origins, political opinions, philosophical beliefs, trade union membership, genetic data or data concerning your sexual orientation, unless it is required through a legal obligation.
II. SPECIFIC CASES OF PERSONAL DATA COLLECTION, INCLUDING INDIRECT COLLECTION
For some reasons, we may collected information about you whereas you have not direct relationship with us. This may happen for instance when your employer provide us with information about you or your contact details are provided by one of our clients if you are for example:
III. WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA?
To comply with our legal and regulatory obligations. We use your personal data to comply with various legal and regulatory obligations, including:
To perform a contract with you or to take steps at your request before entering into a contract. We use your personal data to enter and perform our contracts, including to:
To fulfill our legitimate interest. We use your personal data in order to deploy and develop our products or services, to improve our risk management and to defend our legal rights, including:
This can be achieved by:
To respect your choice if we requested your consent for a specific processing.
In certain cases, we must require your consent to process your data, for example:
If the processing of personal data is necessary but there is no statutory basis for such processing, Swinto obtains consent from the data subject.
Your consent is revocable at any time and you can withdraw your consent via the same form as you provided the consent or through our contact channels free of charge. The withdrawal of consent shall not affect the lawfulness of the processing carried out based on the consent granted before it was withdrawn.
IV. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
To fulfill the aforementioned purposes, we disclose your personal data to, but not limited to:
V. TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA
Your personal data may be transferred to the competent authorities of the Republic of Kosovo, to third parties – local and international entities to comply with applicable law and for services provided by Swinto.
In case of international transfers originating from the European Economic Area (EEA), where the National Agency for Privacy and Information has recognized a non-EEA country as providing an adequate level of data protection, your personal data may be transferred in compliance with Data Protection Law in force where the controller is established on basis:
For transfers to non-EEA countries whose level of protection has not been recognized by National Agency for Protection of Personal Data, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:
VI. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will retain your personal data for the longer of the period required in order to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
Swinto will process your personal data even after the termination of the contractual relationship, for as long as it is required by legislation in force. Data relating to account details will be stored for at least 6 years from the date of account closure.
When we have no on-going legitimate business need to process your personal information, we will delete them in accordance with our internal process or we will anonymize it, until deletion is possible.
VII. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable laws and regulations, you have the following rights:
In accordance with applicable laws and regulations, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority.
Automated decision-making and profiling
Swinto does not use profiling or automated decision-making when establishing business relations with data subjects.
Swinto may, however, use automated decision-making and profiling to screen individuals, companies, and suspicious transactions, or to identify payments subject to international sanctions related to the prevention of money laundering, fraud, and terrorist financing.
The use of personal data may be expanded, depending on the products and services offered by SWINTO, in accordance with legislation in force.
VIII. COOKIES POLICY
We use your personal data to manage our website and the Swinto app and to make sure that content from our website is presented in the most effective way for you. For more information, please see our Cookies Policy.
IX. HOW CAN YOU KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE?
We may need to regularly update this Data Protection Notice. We invite you to review the latest version of this notice online and we will inform you of any material changes through our website or through our other usual communication channels. If you have questions or comments about this policy, email us at firstname.lastname@example.org