All contents copyright © 2018 Swivel Secure. All rights reserved.
Swivel Secure Limited a private limited company registered in England and Wales, whose registered address is 1200 Century Way, Thorpe Park, Leeds, LS15 8ZA (registered company number 04068905). (“Swivel,” “We” or “Us”), is committed to respecting the privacy rights of visitors to the Swivel web site at www.swivelsecure.com and our associated customer support portal at supportdesk.swivelsecure.com (the “Site”). While visiting the Site, We may ask you (“You” or “Your”) to provide information that personally identifies you (“Personal Information”) for purposes of interacting with the Site.
Swivel Secure Limited may share data with our partner located in Spain. In relation to “controller” (Swivel Secure Limited) and “processor” (Swivel Secure Europe SA), we introduce as EU representative, Swivel Secure Europe SA.
Calle Punto Mobi, 4 – Piso 1 / 28805
Alcalá de Henares, Spain
Tel: +34 910 470 314
Each customer, not Swivel Secure, controls what will be shared from a license, and if they provide any data from the license, they control what information about you they should put into the service. This content may include contact information (such as your first and last name, email address, and phone number), professional information (such as the department you work for at your place of employment), or other types of information a customer chooses to submit. Use of this content by Swivel Secure is governed by agreements between Swivel Secure and the Customer.
We only collect Personal Information that You submit to Us via our “contact us” section. The data collected via our form will be Your name, company name, email address, phone number and country. We may also collect your IP address, as set out below.
Where You wish to set up a demo, We may collect the Personal Information including Your first name, last name, email address, mobile number and company name. These details will be stored for 14 days both locally on Our web server and on our cloud demo server instance to allow the demo to work. After 14 days details stored locally on the web server and on the cloud demo server will be deleted.
We may use Your Personal Information for the following purposes:
- To manage and administer the Site;y
- To improve Your user experience of the Site;
- To provide and improve the services We provide to You;
- To comply with legal obligations imposed on Us under applicable legislation;
- To send you marketing emails; and
- To undertake sales purposed telemarketing.
In order to process and use Your Personal Information, we rely on one of more of the following legal bases:
- Processing is necessary for the performance of the services We provide to You; or
- Processing is necessary for the purposes of a legitimate business interest pursued by Us; or
- You have given explicit consent to the processing of Your Personal Information for a specified business purpose, such as marketing.
For a European Economic Area (EEA) Individuals
If you are an individual in the European Economic Area (EEA), We collect and process information about You only where we have a legal basis or bases for doing so under applicable EU laws.
Except to the extent required by any applicable law or governmental or judicial body, We will not disclose Your Personal Information to any third party other than to (i) a regulator; (ii) to Our sales partners Swivel Secure Europe and Swivel Secure Inc. for the purposes of providing You with services and support; and (iii) third party suppliers, resellers and distributors to enable Us to provide services to You.
We do not provide specific Personal Information to unaffiliated third parties without Your consent. However, We may share aggregate, non-personally identifiable information with our business partners and other affiliated third parties (i.e., the number of users who have visited the Site on a specific day, etc.). Swivel may match aggregated user information with third party data. Also, We may disclose aggregated user statistics in order to describe our services to potential advertisers, partners and other third parties, and for other lawful purposes.
Therefore, We encourage You to ask questions before You disclose Your Personal Information to others.
To deliver services to You, it is sometimes necessary for Us to share your Personal Information outside the European Economic Area (EEA), for example with Our resellers located outside of the EEA. These transfers are subject to special rules under European and UK data protection law. These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA.
Your Personal Data may be collected, transferred to our affiliates and third parties that are based in other countries. The addresses of our can be found online at https://swivelsecure.com/contact-us/.
Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (as described in Article 46 of the General Data Protection Regulation), or we will ask you for your prior consent to such international data transfers.
If you would like further information regarding the mechanisms We use to comply with data protection law, please contact us.
Your Personal Information is stored in Microsoft Offce 365, our CRM (SalesForce) and Our support software program (Team Support). Access to these systems is limited to registered technology, which must be registered with our Mobile Device Management system. This allows Us to remotely block or wipe the device where your Personal Information is stored should it be lost or stolen.
We also hold physical records containing Personal Information, which are protected by being stored in locked cabinets and by access being limited to authorised personnel only. We also operate a clear desk policy to assist in protecting Personal Information. We will only hold Your Personal Information for the duration that is necessary to carry out the data processing purposes set out above, or where we are required to store it for longer under applicable laws.
We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorised use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
|bscookie||.www.linkedin.com||Advertisement||This cookie is a browser ID cookie set by Linked share Buttons and ad tags.||2 years|
|_ga||.swivelsecure.com||Analytics||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years|
|_gid||.swivelsecure.com||Analytics||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years|
|_hjFirstSeen||.swivelsecure.com||Analytics||This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.||30 minutes|
|lang||.ads.linkedin.com||Functional||This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. This cookie is used to set default locale/language. This cookie is used by LinkedIn for identifying the Browser ID. ... This cookie is used by LinkedIn as part of their embedded services on the Website.||session|
|bcookie||.linkedin.com||Functional||This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.||2 years|
|lidc||.linkedin.com||Functional||This cookie is set by LinkedIn and used for routing.||1 day|
|lang||.linkedin.com||Functional||This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. This cookie is used to set default locale/language. This cookie is used by LinkedIn for identifying the Browser ID. ... This cookie is used by LinkedIn as part of their embedded services on the Website.||session|
|__cfduid||.tawk.to||Necessary||The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.||1 month|
|__cfduid||.r1.trackedweb.net||Necessary||The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.||1 month|
|__cfduid||.10degrees.uk||Necessary||The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.||1 month|
|DYNSRV||.10degrees.uk||Necessary||This cookie is used for load balancing purposes to decide which server to send the visitor.|
|_gat_UA-28415013-1||.swivelsecure.com||Other||Used by Google Analytics to throttle the number requests being sent.|
Kept for 1 minute.
Does not contain any PII.
|UserMatchHistory||.linkedin.com||Other||Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.||1 month|
|_hjid||.swivelsecure.com||Other||This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.||1 year|
You may decline to accept cookies sent by the Site by selecting an option on Your browser to reject cookies. Other sites linked to the
Site may also send cookies; however We do not control such activities. If You decline a cookie, You may not be viewing the Site in a
way in which it was designed to optimally be presented.
What benefits do I receive from cookies?
Swivel uses Google Analytics to analyse the activity of users on its website via anonymised data. Any personally identifiable information such as a user’s IP address is automatically anonymised. Details that are tracked are:
- The total time a user spends on your site;
- The time a user spends on each page and in what order those pages were visited;
- What internal links were clicked (based on the URL of the next pageview);
- The geographic location of the user;
- What browser and operating systems are being used;
- Screen size and whether Flash or Java is installed; and
- The referring site
An IP address is a number automatically assigned to Your computer whenever You access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. Swivel Secure does log IP addresses, or the location of Your computer on the Internet, for systems administration and troubleshooting purposes.
However, We do not use IP address logs to track Your session or Your behaviour on the Site.
What face data is your app collecting?
Our app does not collect any data. Our company may request access to the camera, to authenticate with Face ID.
For what purposes are you collecting this information? Please provide a complete and clear explanation of all planned uses of this data.
Our company may request camera access for the exclusive purpose of authenticating the user in a secure manner using Face ID.
Will the data be shared with any third parties? Where will this information be stored?
Since our company does not store Face ID in the internal database, we do not share the data with third parties except with the system provider, which in this case is Apple. (this all happens within IOS – SSL does not collect or store any data)
In our Privacy Notice P4.0 – Privacy Notice – Mobile App and P4.1 – Privacy Notice – Mobile App – IOS, we explain what data is retained in our database (Site ID and Username). The data retained in the database is for security criteria, as it only has a communication history that relates to the product.
Is your app restricted to users who are part of a single company? This may include users of the company’s partners, employees, and contractors.
The app will only authenticate to one appliance at one company. So yes, the app is restricted to users of a single company and the app is unique to each user.
Is your app designed for use by a limited or specific group of companies? If so, which companies use this app? If not, can any company become a client and utilize this app?
No, the app is to be used by any company that requests our Mobile App as part of their authentication solution.
What features in the app, if any, are intended for use by the general public?
None. All users pass through a validation process so none of the features are intended for use by general public.
Identify the specific countries or regions where you plan to distribute your app.
We sell across Europe, America and Asia.
How do users obtain an account?
The company which the user belongs to decides if they will use the mobile application as part of their user authentication. The process consists of providing a specific provision code to use the application. It’s not a public process.
Is there are any paid content in the app? For example, do users pay for opening an account or using certain features in the app?
No paid content in the app.
Who pays for the paid content and how do users access it?
How do users obtain a QR code?
As mentioned above, the company which the user belongs to decides if they will use the mobile application or not. A QR Code is generated internally and user receives it on their corporate email.
Effective Date and Changes