EN 
DA 
SE v. 2.0
This privacy policy describes how Swiipe (“we” or “us”) process your personal data in relation to our services, newsletter and our website.
1. Data controller
Swiipe is a payments and check-out solution with the goal of improving the online shopping experience. Our contact information:
Swiipe ApS
CVR no.: 39 06 01 08
Ryvangs Allé 91
2900 Hellerup
Denmark
Telephone: +45 7196 9616
Email: dataprotection@swiipe.com
2. Swiipe services
We provide services both for private online shoppers (“customers”) and business users (“merchants”). When it is Swiipe who determines the purpose and means of processing your personal data, then Swiipe is a data controller.
Note that in some instances Swiipe also acts as a data processor. When we process personal data on behalf of other entities (data controllers) and under their instructions, then please contact the respective data controller to address your rights.
Regardless of whether Swiipe acts as a data controller or data processor, your data is always safeguarded and processed in accordance with applicable law.
3. The types of processing
Described below are the various purposes of processing your personal data.
a. One-click buy for private online shoppers
If you complete the check-out process on one of our merchant's online stores and you opt in for our services, then we process your personal data, such as identity, contact information, order information and payment card information. We do so to offer a more streamlined shopping experience across all our merchant’s online stores.
Our legal basis for processing such data is your consent, based on article 6(1)(a) in the General Data Protection Regulation (“GDPR”) and our legitimate interest based on article 6(1)(f). Our legitimate interest is to improve your shopping experience and to identify you, as well to prevent fraudulent use of our service.
To facilitate and enable our One-click buy service we process your personal data and order details. To also provide our payment solution we process your payment card information, which is encrypted and tokenized. Our legal basis in this context is performance of a contract in accordance with article 6(1)(b) in the GDPR. Tokenization is the process of turning a meaningful piece of data, such as an account number, into a random string of characters called a token that has no meaningful value, if the data should be breached.
Once you have given consent and confirmed your consent via email, you will be able to access, edit, or delete your data via the Swiipe portal.
b. One-click buy checkout, payments, and other solutions for merchants
If you choose to implement our free One-click buy checkout solution on your online store, then we process your personal data (eg. contact information) and business data (eg. business address, website domain, VAT-no.). We also process the data of your customers as described above in section 3.a.
We process your data to communicate with you, provide you with access to our full range of services, as well as support for the services that you choose to implement on your online store. Our legal basis for processing such data is the fulfilment of our contract, based on article 6(1)(b) in the GDPR.
Once you have given agreed to our terms and confirmed via email, you will be able to access, edit, or delete your data, as well as opt in and out of our various services via the Swiipe portal.
If you choose to opt in for our payments services you will need to have a merchant account with our acquiring partners Clearhaus A/S (CVR no.: 33 74 99 96, Danish FSA no.: 22006). If you don’t already have a merchant account with Clearhaus A/S, then we process the necessary data for the approval process.
The merchant account data is also stored by us after the approval process is concluded, which is secured with double layer encryption, in accordance with article 6(1)(b) in the GDPR. The reason for us to do so, is to ensure service continuity for our merchants in the event that we need to switch to a different acquiring partner, which would require all merchants to go through another approval process.
We may also process your personal data to improve and optimize our services, as well to prevent fraudulent use of our service. Our legal basis is legitimate interest, based on article 6 (1)(f) of the GDPR.
We store and process your data for as long as it is necessary to fulfill our services or as long as the contract is effective, and your consent is active. When required by law we may keep your data to comply with accounting or financial security requirements in accordance with article 6 (1)(c) of the GDPR.
c. Our website and Swiipe portal
When you use our website or Swiipe portal, we process your personal data (eg. IP address). Our legal basis for processing such data is based on article 6(1)(f) of the GDPR, where our legitimate interest is to gather statistics that we can use to optimize your experience, when visiting our website and Swiipe portal.
We also use cookies, and you can read our Cookie policy here.
d. Our newsletter. Vores nyhedsbrev
When you sign up for our newsletter, we process your personal data such as name and email address. We do so to deliver our newsletter to you. Our legal basis for processing such data is your consent based on article 6(1)(a) in the GDPR.
We store this data for as long as you want to receive our newsletter, and you can unsubscribe at any time by clicking the ‘Unsubscribe’ button in the newsletter or by contacting us on dataprotection@swiipe.com.
e. Job applications
When you apply for a position at Swiipe, we process the data that you provide us with, data from others you have agreed for us to contact and also data from publicly available sources. Our legal basis for processing such data is our legitimate interest, based on article 6(1)(f). Our legitimate interest is to assess you for the respective job listing. We only keep it for the duration of the listen, then we delete all data.
Once you are employed with us, you can read more about we process your data in our internal privacy policy.
4. Recipients and categories of recipients
We can share or disclose your personal data to our third parties such as our external partners and affiliates to be able to conduct our services. We will only share your data when it is strictly necessary for us to conduct our services, or when compelled by law or legal process.
5. Data transfers outside EU/EEA
We may in some instances transfer your personal data to recipients outside the EU/EEA. This only applies when we use suppliers processing data outside the EU/EEA. These transfers will be made in accordance with the GDPR and valid transfer mechanism such as the EU Commission’s standard contractual clauses.
6. Protection of your personal data
We take all necessary technical and organizational security measures to protect your data. We also only work with data processors who employ the same level of security regarding the safeguarding of your personal data. When appropriate we always use strong encryption and tokenization, as well as restrict internal access to personal data to the outmost minimal amount of employees.
7. Your data protection rights.
If you wish to exercise any of your legal rights explained below, please reach out to us and we will address your request within 30 days at dataprotection@swiipe.com To ensure that your data is protected against unauthorized persons, you may be asked to provide information confirming your identity to exercise your rights.
If you wish to withdraw your consent, then contact us at dataprotection@swiipe.comThis only applies to the instances, where our processing is dependent on your consent.
a. Right of access
If your data is inaccurate, incorrect, or incomplete you can ask us to correct or complete your data. This option is also available in the user portal, where you can edit your information. Find it here.
b. Right to rectification
If your data is inaccurate, incorrect, or incomplete you can ask us to correct or complete your data. This option is also available in the user portal, where you can edit your information. Find it here.
c. Right to erasure/right to be forgotten
Your data is your data. Therefore, you have the right to ask for your data to be deleted when no longer needed, or when processing is unlawful. This option is also available in the user portal, where you can delete your information or your account. Find it here.
d. Right to object
You are entitled to object to the processing of your personal data, for example for marketing purposes, or for grounds relating to your particular situation. Maybe you consider that your interests and freedoms are affected, in which case please reach out to us and we will closely examine your objection. Contact us on dataprotection@swiipe.com.
e. Right to restriction
You can ask us to limit the use of your personal data, so that we can continue to store your personal data, but not use it for any other purpose without your consent.
f. Right to data portability
You are entitled to receive a copy of your personal data in a commonly used and machine-readable format which you can further share with another service provider (data controller).
8. Any questions?
If you have any questions about the way we handle your personal data, you can contact us at any time by sending us an email at dataprotection@swiipe.com.
If you wish to file a complaint about our processing of your personal data, you can contact: the Danish Data Protection Agency (DA: Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark, phone: +45 3319 3200, email: dt@datatilsynet.dk.
9. Changes to this policy
This privacy policy may change at any time to reflect business development and/or regulatory changes. We inform about such changes either within the Service or via email depending on the nature of the change. If the changes are substantial, you will receive reasonable advance notice.
This privacy policy was last updated in July 2022.
