Table of content

Privacy Policy

Table of content

Updated: 28.11.2023

1. Terms used

  • Cookies - Small text files that are sent to your computer's memory when you visit a website
  • Controller - A natural or legal person, public institution, agency or other body that alone or jointly with others determines the purposes and means of personal data processing
  • General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
  • Personal Data - Any information relating to an identified or identifiable natural person
  • Platform -  Swotzy application (app.swotzy.com), website (swotzy.com) and application programming interface (API)
  • Processing - Any activity related to Your Personal Data (including collection, retention, storage, modification, granting of access, deletion, making requests, transfer, organisation, use, distribution)
  • Processor - Natural or legal person, public institution, agency or other body who processes personal data on behalf of the controller

   

2. General Information

2.1. This privacy policy provides information to users of the Swotzy Platform regarding the Processing of Personal Data on the Platform.

3. Information about Data Controller

3.1. Our company’s name is SIA Swotzy, registration number 40203423552, legal address: Friča Brīvzemnieka iela 7, Liepāja, Latvija, LV-3401.

3.2. If you have any questions regarding this policy or the Processing of your Personal Data, you can contact us and our data protection specialist by writing to the email address:  info@swotzy.com.

4. General description of Personal Data Processing

4.1. This policy outlines how we process Personal Data of Platform users and other individuals whose data may come into our possession in relation to the Platform. By registering on the Platform and using it, you will have access to this policy. The purpose of this policy is to provide you with a general overview of our Personal Data Processing activities and purposes.

4.2. This is the current version of the policy. We reserve the right to make amendments and update this policy as necessary.

4.3. We are aware that Personal Data is valuable to you, and we will process it in accordance with confidentiality requirements and take care of the security of the Personal Data in our possession.

5. What Personal Data do we process?

5.1. Information You provide to us on Platform - name, surname, email address, phone number, company name and registration number, address.

5.2. Information about shipment sender and recipient -  name, surname, address, contact information.

5.3. Cookie data in accordance with the Cookie policy.

6. For what purposes do we process Personal Data and what is the legal basis for Personal Data Processing?

6.1. We will process your personal data only for pre-defined legitimate purposes, including:

  • 6.1.1. to provide you access to the Platform and receive services available in the Platform (e.g. order shipment);
  • 6.1.2. to verify identity, to prevent illegal use of the account and to ensure secure Platform environment;
  • 6.1.3. to  reply to Your inquiries and to communicate with You regarding the Platform or any changes in this policy and terms and conditions;
  • 6.1.4. to maintain and improve the Platform and our services, and to develop new services.

6.2. We will process your Personal Data only if there is an appropriate legal basis for Processing, including:

  • 6.2.1. provision of access to the Platform and the services available on it, i.e. to enter into a contract and for performance of its obligations;
  • 6.2.2. our legitimate interests;
  • 6.2.3. Your consent  - for receiving news and notifications in email, for using Cookies;
  • 6.2.4. fulfilment of legal obligations.

7. Who may have access to your Personal Data?

7.1. We take appropriate measures to process your Personal Data in accordance with applicable laws and ensure that your Personal Data is not accessed by third parties without a legal basis for processing your personal data.

7.2. Your Personal Data may be accessed, as necessary, by:

  • 7.2.1. our employees or specifically authorised individuals who require access to perform their job duties
  • 7.2.2. Personal Data Processors who provide us services only to the extent necessary, such as cloud computing service providers
  • 7.2.3. independent data controllers like postal merchants  and carriers whose services you request through the Platform
  • 7.2.4. state and municipal authorities in cases specified by applicable laws
  • 7.2.5. third parties, carefully assessing whether there is a suitable legal basis for such data disclosure, such as debt collectors, courts, alternative dispute resolution bodies, bankruptcy or insolvency administrators.

7.3. Once shipment is created on the Platform, sender’s, recipient’s and shipment data is transferred to the selected postal merchant as an independent Data Controller. Subsequently, further processing of Personal Data to deliver the shipment is carried out in accordance with the Personal Data Processing principles and terms and conditions of the selected postal merchant.

8. What type of Personal Data Processors do we choose?

8.1. We take appropriate measures to ensure the Processing, protection, and transfer of your Personal Data to data Processors in accordance with applicable laws. We carefully select Personal Data Processors and, when transferring data, assess the necessity and scope of the data to be transferred. The transfer of data to Processors is carried out in compliance with confidentiality and secure processing requirements for Personal Data.

8.2. Currently, we collaborate with the following categories of data Processors:

  • 8.2.1. IT infrastructure and cloud computing service providers
  • 8.2.2. Digital marketing service providers like mailing services

8.3. The categories of data Processors we work with may change from time to time, and we will inform you by making changes in this document.

9. Are your Personal Data sent to countries outside the European Union (EU) or the European Economic Area (EEA)?

9.1. We do not transfer data to countries outside the European Union or the European Economic Area, that does not ensure adequate protection of Personal Data.

10. For how long will we store your Personal Data?

10.1. Your personal data will be retained for as long as necessary for the purposes of processing and in accordance with applicable legal requirements. When determining the retention period for personal data, we consider the requirements of applicable laws, contractual obligations, your instructions (e.g., in the case of consent), and our legitimate interests. If your personal data is no longer necessary for the specified purposes, we will delete or destroy it.

10.2. Commonly applied retention periods for personal data include:

  • 10.2.1. Personal data necessary for the performance of a contract between you and Swotzy will be retained until the contract is fulfilled and any other applicable retention periods are met (see below)
  • 10.2.2. Personal Data necessary for direct marketing purposes will be retained until you withdraw your consent
  • 10.2.3. Personal Data that must be retained to comply with legal requirements will be kept for the specific periods determined by the respective regulatory acts. For example, the Law on Accounting stipulates that supporting documents must be kept until the day they are no longer needed to determine the commencement and track the progress of each economic transaction, but not less than five years.
  • 10.2.4. Personal Data necessary to demonstrate compliance with obligations will be retained in accordance with the prescribed limitation periods in applicable laws.

11. What are your rights as a Data Subject regarding the Processing of your Personal Data

11.1. Data rectification - If there are any changes to your Personal Data that you have provided to us, such as changes in contact address or email, please contact us and submit the updated information so that we can fulfill the relevant purposes of data processing.

11.2. Right to access and rectify your Personal Data - In accordance with the provisions of the General Data Protection Regulation, you have the right to request access to your Personal Data that is in our possession, request its rectification, deletion, restriction of processing, object to the Processing of your data, as well as the right to data portability in the cases and manner specified in the General Data Protection Regulation. We respect these rights for you to access and control your Personal Data, and therefore, upon receipt of your request, we will respond within the timeframes established by applicable laws (usually no later than one month, unless there is a specific request that requires a longer time to prepare a response), and if possible, we will rectify or delete your Personal Data accordingly.

11.3. Withdrawal of consent - If the Processing of your Personal Data is based on your consent, you have the right to withdraw your consent at any time, and we will no longer process your Personal Data that was processed based on your consent for the respective purpose. However, please note that withdrawing consent does not affect the lawfulness of Processing based on legal obligations, contractual obligations, our legitimate interests, or other legal bases for lawful data Processing.

11.4. You also have the right to object to the Processing of your Personal Data if the processing is based on our legitimate interests.

11.5. Upon receiving your request, we will evaluate its content and your ability to be identified, and depending on the specific situation, we may request additional identification from you to ensure the security and disclosure of your data to the appropriate person.

12. Where can you lodge a complaint regarding Personal Data Processing issues?

12.1. If you have any questions or objections regarding the Processing of your Personal Data by us, we encourage you to first contact us.

12.2. However, if you believe that we have not been able to mutually resolve the issues at hand and you consider that we are still infringing upon your rights to Personal Data protection, you have the right to lodge a complaint with the Data State Inspectorate - https://www.dvi.gov.lv/lv, Elijas iela 17, Rīga, LV-1050.

13. Why do you need to provide Personal Data?

13.1. Primarily, we collect your information to fulfil contractual obligations, comply with legal obligations, and pursue our legitimate interests. In these cases, obtaining specific information is necessary to achieve the respective purposes, and therefore, failure to provide such information may jeopardise the fulfilment of the contract.

14. How do we obtain Personal Data?

14.1. We obtain your Personal Data from you when you register and use the Platform, as well as when you communicate with us.

15. Are your Personal Data used for automated decision-making?

15.1. We do not use your Personal Data for automated decision-making.