Get Swinto



The protection of your privacy and personal data is important for SWINTO J.S.C, which has adopted strong principles in that respect of the KOSOVO Law on Protection and Personal Data and GDPR.

This Data Protection Notice provides you with detailed information relating to the protection of your personal data by Swinto J.S.C (hereinafter “Swinto”). The rules set out in this document apply to any form of data, whether stored electronically or on paper, or on other data storage devices.

We are responsible, as a controller, for collecting and processing your personal data in relation to our activities. The purpose of this Personal Data Privacy Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.

Further information may be provided where necessary when you apply for, subscribe or use a specific product or service.



Data Controller: any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines purposes and means of personal data processing;

Personal Data: any information related to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Personal data subject – an identifiable natural person, who can be identified directly or indirectly, by referring to identification based on first name, last name, personal identification number, online identification, location information etc.

Sensitive Personal Data: personal data revealing ethnic or racial origin, political or philosophical views, religious affiliation, union membership or any data related to health condition or sexual life, any involvement in or removal from criminal or offence records retained in accordance with the law. Biometric characteristics are also considered sensitive personal data if the latter enable the identification of a data subject in relation with any of the abovementioned circumstances in this sub-paragraph;

Biometric Data: All personal data resulting from specific processing related to physical, physiological or behavioural characteristics of an individual that allows or confirms the unique identification of that natural person as well as visual images or dactyloscopic, psychological and behavioural data of all individuals but which are specific and permanent for each individual, if it can be used for identifying an individual, such as: fingerprints, finger papillary lines, iris, retina, facial features and DNA;

  • Processed in a lawful, fair;
  • Processed in a transparent manner;
  • Collected only for specific, explicit, and legitimate purposes (purpose limitation);
  • Adequate, relevant, and not excessive to the purposes for which the personal data are processed (data minimization)
  • Accurate, and where applicable, kept up to date (accuracy);
  • Kept no longer than necessary for the purposes for which the personal data are processed, or as required by law (storage limitation);
  • Processed under appropriate security measures for the personal data (integrity and confidentiality);
  • Data should not be transferred to other persons or companies without adequate security;


Swinto processes personal data in order to provide its services or when it is legally required to do so. The category of personal data to be processed depends on the requested services and products the client uses. If you wish to open an account using the app Swinto, you must provide more personal data. As such, the personal data that the Swinto processes fall into various categories, as provided in the list below. This list, however, is not exhaustive, as the client may be using other services and products which require to process additional personal data or when is require by legislation in force.
We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalized products and services. We may collect various types of personal data about you, including:

  • Name and surname;
  • Personal identification number;
  • Date and place of birth;
  • Copy of identification documents;
  • Citizenship;
  • Gender;
  • Residential status, postal address and e-mail;
  • Telephone numbers/ Contacts (Swinto uploads users’ Contact List to the Swinto API in order for them to connect with friends and family. Contact list will be synced with Swinto contacts in order to easily send and receive money from them);
  • Business information (for business clients);
  • Authentication data (signature sample);
  • Photography;
  • FATCA status and TIN number;
  • PEP status;
  • Work experience;
  • Education;
  • Data related to employment;
  • Credit /debit card details;
  • Details and history of transactions;
  • Data on banks or other financial companies;
  • Other data on the use of products and services;
  • Family details, Marital status.

Information related to your habits and preferences:

  • Data relating to your habits and preferences.

Technical Information:

  • User login and subscription Data, e.g. login credentials for online financial services;
  • Locations details from mobile or other device;
  • Unique identifier for your device;
  • IP address of the devices from which you access online financial services;
  • Details on the devices and technological you use;
  • Data for merchants that you pay with your card;
  • Data about cookies used by the website;
  • Data about your digital activities (e.g., IP address, browsing activity, geolocation, etc.).

Other personal information:

  • Data/ Images from security cameras in and around Swinto premises;
  • Voice recordings;
  • Complaints and information in relation to the execution of the data subject rights;
  • Investigations Data (e.g., sanctions and anti-money laundering checks);
  • Data from your interactions with us: (contact reports), our internet websites, our apps, our social media pages, meeting, call, chat, email, interview, phone conversation.

How Swinto collects your Personal Data

Swinto collects your personal data mainly when you use the services and products we offer. Your personal information is collected when you:

  • Open an account and/or register as a client;
  • Apply for any of our products or services;
  • Use financial services;
  • Visit or use our website through your browser cookies;
  • Visit our offices;
  • Contact Swinto by providing information verbally or in writing, via email, contact forms, telephone calls, Swinto application, applications where you can file complaints or other applications, contracts or other communication channels.

Swinto may also collect your data, within the limits allowed by law, indirectly from natural persons, legal entities or other sources, including:

  • Public registers (eg, central credit register, property register, Police website for validity verification of ID cards);
  • Socially or economically related parties (eg, employers, business owners, relatives or other persons);
  • Public authorities and law enforcement agencies;
  • Recruitment agencies.

SWINTO will use the personal data of the clients for the purposes listed below:

  • For identification and verification;
  • For opening virtual accounts;
  • To perform services for the issuance of electronic money;
  • Process data in relation to the fulfillment of contractual obligations for any of the financial product and service;
  • To perform payment services and other transactions to or from data subjects;
  • For issuing various credit products;
  • For online / digital services;
  • For marketing purposes;
    – For compliance with legal requirements, etc;
  • Fulfillment of legal and regulatory obligations (such as reporting and responding to requests from the Central Bank of the Republic of Kosovo);
  • Improving customer service and managing customer relationships;
  • Providing high quality and long-term services and products;
  • Prevention of money laundering, terrorist financing and fraud;
  • Ensuring proper risk management;
  • For market research;
  • Safeguarding Swinto’ legitimate interests (e.g video surveillance, resolving customer complaints, etc.);
  • For planning and statistical analysis, etc.

We never ask for personal data related to your religious, racial or ethnic origins, political opinions, philosophical beliefs, trade union membership, genetic data or data concerning your sexual orientation, unless it is required through a legal obligation.


For some reasons, we may collected information about you whereas you have not direct relationship with us. This may happen for instance when your employer provide us with information about you or your contact details are provided by one of our clients if you are for example:

  • Family members;
  • Legal representatives (power of attorney);
  • Company shareholders;
  • Representatives of a legal entity (which may be a client or a vendor);
  • Staff of service providers and commercial partners;
  • Personal contacts.


To comply with our legal and regulatory obligations. We use your personal data to comply with various legal and regulatory obligations, including:

  • Banking and financial regulations in compliance with which we:
    • Set up security measures in order to prevent abuse and fraud;
    • Detect transactions which deviate from the normal patterns;
    • Record, when necessary, phone calls, chats, email, etc.;
    • Prevention of money-laundering and financing of terrorism;
    • Reply to an official request from a duly authorized public or judicial authority;
    • Compliance with legislation relating to sanctions; and

To perform a contract with you or to take steps at your request before entering into a contract. We use your personal data to enter and perform our contracts, including to:

  • Provide you with information regarding our products and services;
    Assist you and answer your requests;
  • Evaluate if we can offer you a product or service and under which conditions; and
  • Provide products or services to our clients of whom you are an employee or a client.

To fulfill our legitimate interest. We use your personal data in order to deploy and develop our products or services, to improve our risk management and to defend our legal rights, including:

  • Proof of transactions;
  • Fraud prevention;
  • Training of our personnel;
  • IT management, including infrastructure management (e.g shared platforms) & business continuity and IT security;
  • Establishing aggregated statistics, tests and models, for research and development, in order to improve the risk management of our group of companies or in order to improve existing products and services or create new ones;
  • Personalizing our offering to you:
    • Improving the quality of our financial products or services;
    • Advertising products or services that match with your situation and profile which we achieve.

This can be achieved by:

  • Segmenting our prospects and clients;
  • Analyzing your habits and preferences in the various channels (emails or messages, visits to our website, etc.);
  • Administer a contest, sweepstakes, giveaway, competition, or other similar marketing campaign and managing events;
  • Communicating about our products, services, offers, news;
  • Customer service, including responses to your inquiries;
  • To improve and personalize your experience on our websites and applications;
  • Account maintenance including administering any consumer loyalty or rewards programs that are associated with your account;
  • To process and ship prize won through your participation to our promotional games;
  • Your data may be aggregated into anonymized statistics that may be offered to professional clients to assist them in developing their business. In this case your personal data will never be disclosed and those receiving these anonymized statistics will be unable to ascertain your identity.

To respect your choice if we requested your consent for a specific processing.

In certain cases, we must require your consent to process your data, for example:

  • Where the above purposes lead to automated decision-making, which produces legal effects or which significantly, affects you. At that point, we will inform you separately about the logic involved, as well as the significance and the envisaged consequences of such processing;
  • If we need to carry out further processing for purposes other than those above in section III, we will inform you and, where necessary, obtain your consent;
  • For interaction on social networks for the purposes of running contests;


If the processing of personal data is necessary but there is no statutory basis for such processing, Swinto obtains consent from the data subject.

Your consent is revocable at any time and you can withdraw your consent via the same form as you provided the consent or through our contact channels free of charge. The withdrawal of consent shall not affect the lawfulness of the processing carried out based on the consent granted before it was withdrawn.


To fulfill the aforementioned purposes, we disclose your personal data to, but not limited to:

  • Service providers which perform services on our behalf;
  • Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
  • Professionals (Lawyers, Public notaries, Auditors).


Your personal data may be transferred to the competent authorities of the Republic of Kosovo, to third parties – local and international entities to comply with applicable law and for services provided by Swinto.

In case of international transfers originating from the European Economic Area (EEA), where the National Agency for Privacy and Information has recognized a non-EEA country as providing an adequate level of data protection, your personal data may be transferred in compliance with Data Protection Law in force where the controller is established on basis:

For transfers to non-EEA countries whose level of protection has not been recognized by National Agency for Protection of Personal Data, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:

  • Standard Contractual Clauses for transfer of personal data approved from National Agency for Protection of personal data;
  • Binding corporate rules


We will retain your personal data for the longer of the period required in order to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.

Swinto will process your personal data even after the termination of the contractual relationship, for as long as it is required by legislation in force. Data relating to account details will be stored for at least 6 years from the date of account closure.

When we have no on-going legitimate business need to process your personal information, we will delete them in accordance with our internal process  or we will anonymize it, until deletion is possible.


In accordance with applicable laws and regulations, you have the following rights:

  • The right to be informed — You have the right to be informed about the collection and use of your personal data.
  • To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data;
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified accordingly;
  • To erase: you can require the deletion of your personal data, to the extent permitted by law;
  • To restrict: you can request the restriction of the processing of your personal data;
  • To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing;
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time;
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.

In accordance with applicable laws and regulations, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority.

Automated decision-making and profiling

Swinto does not use profiling or automated decision-making when establishing business relations with data subjects.

Swinto may, however, use automated decision-making and profiling to screen individuals, companies, and suspicious transactions, or to identify payments subject to international sanctions related to the prevention of money laundering, fraud, and terrorist financing.

The use of personal data may be expanded, depending on the products and services offered by SWINTO, in accordance with legislation in force.


We use your personal data to manage our website and the Swinto app and to make sure that content from our website is presented in the most effective way for you. For more information, please see our Cookies Policy.


We may need to regularly update this Data Protection Notice. We invite you to review the latest version of this notice online and we will inform you of any material changes through our website or through our other usual communication channels. If you have questions or comments about this policy, email us at info@swinto.com