Privacy Policy
Swivel Secure Europe SA (hereinafter referred to as "SSE," "We," or "Us") is a private company registered in Spain and Portugal with its registered address at Calle Alfonso Gómez, 29 L13, 28037, Madrid, Spain (Company Registration Number: ESA886347). SSE is committed to safeguarding the privacy rights of visitors to its website, accessible at www.swivelsecure.eu (the "Site").
While using the Site, We may request certain personal information that can be used to identify you ("Personal Information") to facilitate interactions with the Site. This Privacy Policy outlines how We handle your Personal Information, including the types of data We collect, why We collect it, how We use it, and under what circumstances We may share it with third parties.
Accordingly, this Privacy Policy is subject to change without prior notice. Any such changes will be posted on this page. Please see the Effective Date stated at the conclusion of this Privacy Policy.
VISION
SSE is a Spanish-based cybersecurity company that provides authentication solutions for businesses and organizations. The company's vision is to provide easy-to-use, secure, and flexible authentication solutions to help businesses protect their critical assets, mitigate cyber threats, and comply with regulatory requirements.
SSE's vision is to simplify authentication for businesses of all sizes and industries. The company's solutions are designed to be easy to deploy and manage, with a user-friendly interface that can be customized to meet the specific needs of each organization. By providing robust authentication solutions to help businesses prevent unauthorized access to their systems and data, SSE aims to reduce the risk of data breaches and cyber-attacks and help organizations build trust with their customers and stakeholders.
SSE's vision is to help businesses protect their assets and maintain the trust of their customers and stakeholders through secure and user-friendly authentication solutions.
MISSION
SSE's mission is to provide advanced, flexible, secure authentication solutions enabling businesses to protect their critical assets and mitigate cyber threats. The company is committed to delivering easy-to-use solutions tailored to each organization's specific needs, regardless of size or industry.
SSE's solutions are designed to provide multi-factor authentication (MFA) and single sign-on (SSO) capabilities to various applications, including cloud-based and on-premises systems.
SSE is focused on delivering a high level of customer service and support to ensure that its solutions meet the evolving needs of its customers. The company is also committed to maintaining compliance with regulatory standards and guidelines, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).
In summation, SSE's mission is to provide easy-to-use, secure, and flexible authentication solutions that can help businesses protect their critical assets and maintain the trust of their customers and stakeholders.
SSE Roles & Responsibilities
SSE acts as the controller of your Personal Data, as outlined in this Privacy Policy, unless otherwise specified. This means SSE is responsible for determining how and why your Personal Data is processed when interacting with our services.
However, this Privacy Policy does not apply when SSE processes Personal Data in the role of a processor (or comparable roles, such as “service provider” in certain jurisdictions) on behalf of our customers. This includes situations where we provide cloud products and services that allow our customers (or their affiliates) to:
• Integrate their own websites and applications with our hosted platform,
• Offer or sell their own products and services,
• Send electronic communications to individuals, or
• Collect, use, share, or otherwise process Personal Data via our platform.
In these scenarios, our customers retain control over the data they process using our services, including determining what information to collect and share.
Each customer, not SSE, decides what data is shared or uploaded to our platform under their license. If they choose to input data, they determine the content, which may include:
• Contact Information: Such as your first and last name, email address, and phone number.
• Professional Information: Such as your role, department, or employer details.
• Other Information: Any other data a customer elects to provide.
SSE processes this data strictly in accordance with the agreements established between SSE and the customer. SSE does not independently control or decide how such data is used beyond the scope of these agreements.
If your Personal Data is processed by an SSE customer (or their affiliate) using SSE products and services, that customer acts as the controller of your data. For detailed information regarding how your data is handled in such cases, please contact the respective customer directly.
SSE is not responsible for the privacy or data security practices of its customers, which may differ from the standards and practices outlined in this Privacy Policy.
By engaging with SSE services, you acknowledge that the privacy terms applicable to your data depend on the agreements and practices of the customer utilizing our platform.
Contact Us
We only collect Personal Information that You submit to Us via our “contact us” section. The data collected via our form will be Your name, Your Surname, company name, email address, phone number and Job description. We may also collect your IP address, as set out below.
Where You wish to set up a demo, We may collect the same Personal Information. These details will be stored for 14 days both locally on Our web server and on our cloud demo server instance to allow the demo to work. After 14 days details stored locally on the web server and on the cloud demo server will be deleted.
Jobs
We may collect your Personal Information including your first name, last name, email address, mobile number and a CV document. These details will be stored for 6 months on our hosting provider. Please consult our Recruitment Policy.
For the purpose of recruiting and hiring
We process your Personal Data, such as contact, job applicant, and biographical data, to assess your application and to evaluate and improve our recruitment system, our application tracking and recruitment activities. We also use your Personal Data to communicate with you regarding your application or opportunities at SSE that appear over time that we believe may be of interest to you. We also use your Personal Data to send you new hire and employee experience information. We may verify your information, including through reference checks and, where allowed, background checks.
How do We use Your Personal Information?
We may use Your Personal Information for the following purposes:
-
To manage and administer the Site;
-
To improve Your user experience of the Site;
-
To provide and improve the services We provide to You;
-
To comply with legal obligations imposed on Us under applicable legislation;
-
To send you marketing emails; and
-
To undertake sales purposed telemarketing.
Our legal basis for processing Your Personal Information
In order to process and use Your Personal Information, we rely on one of more of the following legal bases:
-
Processing is necessary for the performance of the services We provide to You; or
-
Processing is necessary for the purposes of a legitimate business interest pursued by Us; or
-
You have given explicit consent to the processing of Your Personal Information for a specified business purpose, such as marketing
For a European Economic Area (EEA) Individuals
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis or bases for doing so under applicable EU laws.
When might We disclose Your Personal Information?
Except to the extent required by any applicable law or governmental or judicial body, We will not disclose Your Personal Information to any third party other than to (i) a regulator; (ii) to Our sales person at SSE and BIO-key Inc. for the purposes of providing You with services and support; and (iii) third party suppliers, resellers and distributors to enable Us to provide services to You.
We do not provide specific Personal Information to unaffiliated third parties without Your consent. However, We may share aggregate, non-personally identifiable information with our business partners and other affiliated third parties (i.e., the number of users who have visited the Site on a specific day, etc.). SSE may match aggregated user information with third party data. Also, We may disclose aggregated user statistics in order to describe our services to potential advertisers, partners and other third parties, and for other lawful purposes.
It should be noted, however, that this Privacy Policy only addresses the use and dissemination of information that We collect from You. To the extent that You disclose any information to other parties, through other web sites on the Internet linked to the Site, different policies may apply. Since SSE does not control the privacy policies of third parties, You are subject to the privacy customs and policies, if any, of that third party, and SSE shall not be responsible for the use or dissemination of Your Personal information by that third party.
Therefore, We encourage You to ask questions before You disclose Your Personal Information to others.
Transferring Your Personal Information outside of the EEA
To deliver services to You, it is sometimes necessary for Us to share your Personal Information outside the European Economic Area (EEA), for example with Our resellers located outside of the EEA. These non-EEA countries do not have the same data protection laws as the EEA.
Your Personal Data may be collected, transferred to our affiliates and third parties that are based in other countries. The addresses of our can be found online at https://www.swivelsecure.eu/en/contacto
Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (as described in Article 46 of the General Data Protection Regulation), or we will ask you for your prior consent to such international data transfers.
If you would like further information regarding the mechanisms We use to comply with data protection law, please contact Us.
Storage and Transfer of Your Personal Information
Your Personal Information is stored in either Microsoft Office 365, our CRM (Holded and SalesForce).
We also hold physical records containing Personal Information, which are protected by being stored in locked cabinets and by access being limited to authorised personnel only. We operate a clear desk policy to assist in protecting Personal Information. We will only hold Your Personal Information for the duration that is necessary to carry out the data processing purposes set out above, or where we are required to store it for longer under applicable laws.
We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
How we delete the data?
We keep policies and procedures regarding the deletion of Customer Data in compliance with applicable NIST guidance and data protection laws, taking into account available technology so that Customer Data cannot be practicably read or reconstructed. Customer Data is deleted using secure deletion methods including digital shredding of encryption keys, standards of SOC 2 Type II and hardware destruction in accordance with NIST SP800-88 guidelines.
How do we keep your personal information secure?
We take reasonable and appropriate steps to protect the Personal Information entrusted to us and treat it securely in accordance with this Privacy Policy. SSE implements physical, technical, and organizational safeguards designed to protect your Personal Information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We also contractually require that our suppliers protect such information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
Children's Privacy
Our Services do not address anyone under the age of 136. We do not knowingly collect personal identifiable information from children under 136. In the case we discover that a child under 136 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
Your Privacy Rights
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email espana@swivelsecure.eu or use the information supplied in the ‘Contact us’ section. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
· The right to be informed
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.
· The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
a) The purposes of the processing.
b) The categories of personal data concerned.
c) The recipients to whom the personal data has been disclosed.
d) The retention period or envisioned retention period for that personal data.
e) When personal data has been collected from a third party, the source of the personal data.
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or unreasonable expense (which you may have to meet), we will inform you.
· The right to rectification
If you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
· The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure. You can find the form in the section “Right to Erasure”.
Cookie | Domain | Type | Description | Duration |
|---|---|---|---|---|
bscookie | .www.linkedin.com | Advertisement | This cookie is a browser ID cookie set by Linked share Buttons and ad tags. | 2 years |
_ga | .swivelsecure.eu | Analytics | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. | 2 years |
_gid | . swivelsecure.eu | Analytics | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form. | 1 day |
_hjFirstSeen | . swivelsecure.eu | Analytics | This is set by Hotjar to identify a new user�s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions. | 30 minutes |
lang | .ads.linkedin.com | Functional | This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. | session |
bcookie | .linkedin.com | Functional | This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page. | 2 years |
lidc | .linkedin.com | Functional | This cookie is set by LinkedIn and used for routing. | 1 day |
lang | .linkedin.com | Functional | This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. | session |
__cfduid | .tawk.to | Necessary | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. | 1 month |
__cfduid | .r1.trackedweb.net | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. | 1 month | |
__cfduid | .10degrees.uk | Necessary | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. | 1 month |
DYNSRV | .10degrees.uk | Necessary | This cookie is used for load balancing purposes to decide which server to send the visitor. | |
recordID | swivelsecure.eu | Necessary | No description | 1 year |
dmSessionID | swivelsecure.eu | Other | No description | 20 minutes |
_gat_UA-28415013-1 | swivelsecure.eu | Other | No description | 1 minute |
UserMatchHistory | .linkedin.com | Other | Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. | 1 month |
AnalyticsSyncHistory | .linkedin.com | Other | No description | 1 month |
_hjid | swivelsecure.eu | Other | This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 1 year |
May I decline to accept a cookie?
You may decline to accept cookies sent by the Site by selecting an option on Your browser to reject cookies. Other sites linked to the Site may also send cookies; however We do not control such activities. If You decline a cookie, You may not be viewing the Site in a way in which it was designed to optimally be presented.
What benefits do I receive from cookies?
Overall, the use of cookies helps to give You a customised experience at the Site. Through the use of cookies, We will know what’s working and what’s not. That information is then used to keep our Site fresh and relevant to You. Cookies also allow the personalisation of any online services We may provide to You.
Your Right to Opt-Out
You have the right to opt out at any time. In the "Right to erasure" section of our website you can find the option to stop receiving our marketing emails and in our cookie notice you can select your cookie usage preferences.
Google Analytics
SSE uses Google Analytics to analyse the activity of users on its website via anonymised data. Any personally identifiable information such as a user’s IP address is automatically anonymised. Details that are tracked are:
-
The total time a user spends on your site;
-
The time a user spends on each page and in what order those pages were visited;
-
What internal links were clicked (based on the URL of the next pageview);
-
The geographic location of the user;
-
What browser and operating systems are being used;
-
Screen size and whether Flash or Java is installed; and
-
The referring site
IP Addresses
An IP address is a number automatically assigned to Your computer whenever You access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. SSE does log IP addresses, or the location of Your computer on the Internet, for systems administration and troubleshooting purposes.
However, We do not use IP address logs to track Your session or Your behaviour on the Site.
Effective Date and Changes
This Privacy Policy is effective as of January 2024. SSE reserves the right to modify the terms of this policy at any time and in our sole
discretion, by posting a change notice to this page. Your continued use of the Site following our posting of a change notice will constitute binding acceptance of those changes.
The Swivel Secure Privacy Policy was revised and affective as of November, 2024.
Contact Us
Questions, comments, and requests regarding this Privacy Policy are welcomed and should be directed to espana@swivelsecure.eu.