Skip to main content

Privacy Policy

All contents copyright © 2018 Swivel Secure. All rights reserved.

Swivel Secure Privacy Policy

Swivel Secure Limited a private limited company registered in England and Wales, whose registered address is 1200 Century Way, Thorpe Park, Leeds, LS15 8ZA (registered company number 04068905). (“Swivel,” “We” or “Us”), is committed to respecting the privacy rights of visitors to the Swivel web site at www.swivelsecure.com and our associated customer support portal at supportdesk.swivelsecure.com (the “Site”). While visiting the Site, We may ask you (“You” or “Your”) to provide information that personally identifies you (“Personal Information”) for purposes of interacting with the Site.

We will take measures to ensure that the Personal Information You submit to Us remains private and is used only for the purposes as set out in this Privacy Policy. To further the protection of Your Personal Information, We have adopted a set of guidelines (outlined below) to describe the Personal Information we collect about You, why We collect it, how We use it and when We share it with third parties.

This Privacy Policy has been developed with the recognition that Internet technologies are rapidly evolving. Accordingly, this Privacy Policy is subject to change without prior notice. Any such changes will be posted on this page. Please see the Effective Date stated at the conclusion of this Privacy Policy.

Mobile Application Privacy Policy

Our mobile app uses Face ID, fingerprint on Apple devices and all biometric methods on Android, to authenticate users. No biometric data is stored or shared by the device. Read more about how we use your data within our Mobile Applications stated within this Privacy Policy.

EU Representative

Swivel Secure Limited may share data with our partner located in Spain. In relation to “controller” (Swivel Secure Limited) and “processor” (Swivel Secure Europe SA), we introduce as EU representative, Swivel Secure Europe SA.

Calle Punto Mobi, 4 – Piso 1 / 28805
Alcalá de Henares, Spain
Tel: +34 910 470 314
E-mail: espana@swivelsecure.com

Swivel Secure Roles & Responsibilities

Swivel Secure is the controller of your Personal Data, as described in this Privacy Policy unless otherwise stated. Please note that this Privacy Policy does not apply to the extent that we process Personal Data in the role of a processor (or a comparable role such as “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers various cloud products and services, through which our customers (and/or their affiliates) connect their own websites and applications to our hosted platform, sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Data via our cloud products and services.

Each customer, not Swivel Secure, controls what will be shared from a license, and if they provide any data from the license, they control what information about you they should put into the service. This content may include contact information (such as your first and last name, email address, and phone number), professional information (such as the department you work for at your place of employment), or other types of information a customer chooses to submit. The use of this content by Swivel Secure is governed by agreements between Swivel Secure and the Customer.

For detailed privacy information applicable to situations where a Swivel Secure customer (and/or a customer affiliate) who uses Swivel Secure products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy.

What kind of information do We collect from You?

This Privacy Policy applies to the processing of Personal Data that we collect in the following ways, as detailed in this section.

Contact Us
We only collect Personal Information that You submit to Us via our “contact us” section. The data collected via our form will be Your name, company name, email address, phone number and country. We may also collect your IP address, as set out below.

Demo Registration
Where You wish to set up a demo, We may collect your Personal Information including your first name, last name, email address, mobile number and company name. These details will be stored for 14 days both locally on Our web server and on our cloud demo server instance to allow the demo to work. After 14 days details stored locally on the web server and on the cloud demo server will be deleted.

How do We use Your Personal Information?

We may use Your Personal Information for the following purposes:

  • To manage and administer the Site;
  • To improve Your user experience of the Site;
  • To provide and improve the services We provide to You;
  • To comply with legal obligations imposed on Us under applicable legislation;
  • To send you marketing emails; and
  • To undertake sales purposed telemarketing.
Our legal basis for processing Your Personal Information

In order to process and use Your Personal Information, we rely on one or more of the following legal bases:

  • Processing is necessary for the performance of the services We provide to You; or
  • Processing is necessary for the purposes of a legitimate business interest pursued by Us; or
  • You have given explicit consent to the processing of Your Personal Information for a specified business purpose, such as marketing.

For a European Economic Area (EEA) Individuals
If you are an individual in the European Economic Area (EEA), We collect and process information about You only where we have a legal basis or bases for doing so under applicable EU laws.

When might We disclose Your Personal Information?

Except to the extent required by any applicable law or governmental or judicial body, We will not disclose Your Personal Information to any third party other than to (i) a regulator; (ii) to Our sales partners Swivel Secure Europe and Swivel Secure Inc. for the purposes of providing You with services and support; and (iii) third party suppliers, resellers and distributors to enable Us to provide services to You.

We do not provide specific Personal Information to unaffiliated third parties without Your consent. However, We may share aggregated, non-personally identifiable information with our business partners and other affiliated third parties (i.e., the number of users who have visited the Site on a specific day, etc.). Swivel may match aggregated user information with third party data. Also, We may disclose aggregated user statistics in order to describe our services to potential advertisers, partners and other third parties, and for other lawful purposes.

It should be noted, however, that this Privacy Policy only addresses the use and dissemination of information that We collect from You. To the extent that You disclose any information to other parties, through other websites on the Internet linked to the Site, different policies may apply. Since Swivel Secure does not control the privacy policies of third parties, You are subject to the privacy customs and policies, if any, of that third party, and Swivel Secure shall not be responsible for the use or dissemination of Your Personal Information by that third party.

Therefore, We encourage You to ask questions before You disclose Your Personal Information to others.

Transferring Your Personal Information outside of the EEA

To deliver services to You, it is sometimes necessary for Us to share your Personal Information outside the European Economic Area (EEA), for example with Our resellers located outside of the EEA. These transfers are subject to special rules under European and UK data protection laws. These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA.

Your Personal Data may be collected and transferred to our affiliates and third parties that are based in other countries. The addresses of our can be found online at https://swivelsecure.com/contact-us/.
Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (as described in Article 46 of the General Data Protection Regulation), or we will ask you for your prior consent to such international data transfers.

If you would like further information regarding the mechanisms We use to comply with data protection law, please contact us.

Storage and Transfer of Your Personal Information

Your Personal Information is stored in Microsoft Office 365, our CRM (SalesForce) and Our support software program (Team Support). Access to these systems is limited to registered technology, which must be registered with our Mobile Device Management system. This allows Us to remotely block or wipe the device where your Personal Information is stored should it be lost or stolen.

We also hold physical records containing Personal Information, which are protected by being stored in locked cabinets and by access being limited to authorised personnel only. We also operate a clear desk policy to assist in protecting Personal Information. We will only hold Your Personal Information for the duration that is necessary to carry out the data processing purposes set out above, or where we are required to store it for longer under applicable laws.

We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorised use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

Cookies

Our Site uses cookies to distinguish You from other users of our Site. By continuing to use our Site, you are agreeing to Our use of cookies. A cookie is a text file made up of numbers and letters, that a web site can send to Your browser, which may then be stored on Your computer’s hard drive. The Site can only access the information from a cookie sent by the Site. We cannot access other cookies sent by other web sites or the information contained therein. Additionally, We are not provided with Your email address or any other information about You through the use of a cookie. The only way We would be provided with such information is if You specifically submit that information to Us.

Why does the Site use cookies?

Swivel uses cookies to track usage of the Site and further customise Your experience when You are visiting the Site. By tracking usage, We can best determine what features of the Site best serve You. No Personal Information is tracked.

CookieDomainTypeDescriptionDuration
bscookie.www.linkedin.comAdvertisementThis cookie is a browser ID cookie set by Linked share Buttons and ad tags.2 years
_ga.swivelsecure.comAnalytics This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.2 years
_gid.swivelsecure.comAnalytics This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.2 years
_hjFirstSeen.swivelsecure.comAnalyticsThis is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.30 minutes
lang.ads.linkedin.comFunctionalThis cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. This cookie is used to set default locale/language. This cookie is used by LinkedIn for identifying the Browser ID. ... This cookie is used by LinkedIn as part of their embedded services on the Website.session
bcookie.linkedin.comFunctionalThis cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.2 years
lidc.linkedin.comFunctionalThis cookie is set by LinkedIn and used for routing.1 day
lang.linkedin.comFunctionalThis cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. This cookie is used to set default locale/language. This cookie is used by LinkedIn for identifying the Browser ID. ... This cookie is used by LinkedIn as part of their embedded services on the Website.session
__cfduid.tawk.toNecessaryThe cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.1 month
__cfduid.r1.trackedweb.netNecessaryThe cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.1 month
__cfduid.10degrees.ukNecessaryThe cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.1 month
DYNSRV.10degrees.ukNecessaryThis cookie is used for load balancing purposes to decide which server to send the visitor.
recordIDswivelsecure.comOther1 year
dmSessionIDswivelsecure.comOther20 minutes
_gat_UA-28415013-1.swivelsecure.comOtherUsed by Google Analytics to throttle the number requests being sent.
Kept for 1 minute.
Does not contain any PII.
1 minute
UserMatchHistory.linkedin.com OtherLinkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.1 month
AnalyticsSyncHistory.linkedin.comOther1 month
_hjid.swivelsecure.comOtherThis cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.1 year
May I decline to accept a cookie?

You may decline to accept cookies sent by the Site by selecting an option on Your browser to reject cookies. Other sites linked to the
The site may also send cookies; however, We do not control such activities. If You decline a cookie, You may not be viewing the Site in a
the way in which it was designed to optimally be presented.

What benefits do I receive from cookies?

Overall, the use of cookies helps to give You a customised experience at the Site. Through the use of cookies, We will know what’s working and what’s not. That information is then used to keep our Site fresh and relevant to You. Cookies also allow the personalisation of any online services We may provide to You.

Google Analytics

Swivel uses Google Analytics to analyse the activity of users on its website via anonymised data. Any personally identifiable information such as a user’s IP address is automatically anonymised. Details that are tracked are:

  • The total time a user spends on your site;
  • The time a user spends on each page and in what order those pages were visited;
  • What internal links were clicked (based on the URL of the next pageview);
  • The geographic location of the user;
  • What browser and operating systems are being used;
  • Screen size and whether Flash or Java is installed; and
  • The referring site
IP Addresses

An IP address is a number automatically assigned to Your computer whenever You access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. Swivel Secure does log IP addresses, or the location of Your computer on the Internet, for systems administration and troubleshooting purposes.
However, We do not use IP address logs to track Your session or Your behaviour on the Site.

Mobile Application Policy

What face data is your app collecting?
Our app does not collect any data. Our company may request access to the camera, to authenticate with Face ID.

For what purposes are you collecting this information? Please provide a complete and clear explanation of all planned uses of this data.
Our company may request camera access for the exclusive purpose of authenticating the user in a secure manner using Face ID.

Will the data be shared with any third parties? Where will this information be stored?
Since our company does not store Face ID in the internal database, we do not share the data with third parties except with the system provider, which in this case is Apple. (this all happens within IOS – SSL does not collect or store any data)

Which are the relevant sections of your privacy policy that explain the collection, use, disclosure, sharing, and retention of face data?
In our Privacy Notice P4.0 – Privacy Notice – Mobile App and P4.1 – Privacy Notice – Mobile App – IOS, we explain what data is retained in our database (Site ID and Username). The data retained in the database is for security criteria, as it only has a communication history that relates to the product.

Please quote the specific text from your privacy policy concerning face data.
Our company does not retain biometric data (face or fingerprint data), as noted on the privacy policy on our website.

Is your app restricted to users who are part of a single company? This may include users of the company’s partners, employees, and contractors.
The app will only authenticate to one appliance at one company. So yes, the app is restricted to users of a single company and the app is unique to each user.

Is your app designed for use by a limited or specific group of companies? If so, which companies use this app? If not, can any company become a client and utilize this app?
No, the app is to be used by any company that requests our Mobile App as part of their authentication solution.

What features in the app, if any, are intended for use by the general public?
None. All users pass through a validation process so none of the features are intended for use by the general public.

Identify the specific countries or regions where you plan to distribute your app.
We sell across Europe, America and Asia.

How do users obtain an account?
The company to which the user belongs decides if they will use the mobile application as part of their user authentication. The process consists of providing a specific provision code to use the application. It’s not a public process.

Is there any paid content in the app? For example, do users pay for opening an account or using certain features in the app?
No paid content in the app.

Who pays for the paid content and how do users access it?
Not applicable.

How do users obtain a QR code?
As mentioned above, the company to which the user belongs decides if they will use the mobile application or not. A QR Code is generated internally and the user receives it in their corporate email.

Effective Date and Changes

This Privacy Policy is effective as of May 25, 2018. Swivel Secure reserves the right to modify the terms of this policy at any time and in our sole discretion, by posting a change notice to this page. Your continued use of the Site following our posting of a change notice will constitute binding acceptance of those changes.


Contact Us

Questions, comments, and requests regarding this Privacy Policy are welcomed and should be directed to dataprivacy@swivelsecure.com.