Last Revised 26th July 2023
Your use of our Services constitutes your agreement and direct consent to our data practices, and any other policies made available to you. If you do not agree, please notify us in writing, close your Swypex Account, delete any cookies related to our Services from your devices, and cease all use of the Services. In certain circumstances, the business customer on whose behalf we provide Services will need to confirm your choice before we can fully process your request.
If you have any questions or wish to exercise your rights and choices, please contact us at [email protected].
Anonymized data: Data related to a Holder that cannot be identified, considering the use of reasonable technical means available at the time of processing.
Authorization: Prior, explicit, express, and informed consent of the Holder to carry out the processing of personal data.
Consent: Free, explicit, informed, and unequivocal expression by which the Holder accepts the processing of their personal data for a specific purpose.
Data: Facts, statistics, details, and information provided or collected or learned about something or someone for reference or use or storage, or analysis.
Database: Structured set of data, including personal data, established in one or more places, on electronic or physical support.
Elimination: Elimination of data or data sets stored in a database, regardless of the procedure used.
Holder(s): Any natural or juristic person legally or factually holding, possessing, maintaining, and retaining personal data in a legal and effective manner, or any other manners, or by any means of storage, regardless of whether that person held such data initially or was transferred and/or acquired such data by any means of transfer.
Person: A natural person, juristic or legal person.
Personal data: Any data relating to an identified natural person, or one who is identifiable, directly or indirectly, by reference to such data and to other data such as a name, a voice, a photograph, an identification number, an online identity identifier, or any identifying data referring to the person’s psychological, medical, economic, cultural or social identity.
Privacy notice: Verbal or written communication addressed to the Holders of the personal data that are being processed by a company, in which they are informed about the existence of the personal data treatment policies that will be applied to them, the form of access them, and the purposes for which the Holders personal data will be used.
Processing: Any electronic or technological operation to write, collect, record, save, store, merge, display, send, receive, circulate, publish, erase, change, edit, retrieve, or analyze personal data using any electronic or technological medium partially or fully.
Cross-border transfer of personal data: Transferring, making available, recording, storing, circulating, publishing, using, displaying, sending, receiving, retrieving, or processing data within the Egyptian territory to another country abroad or vice versa.
Transmission: Processing of personal data that implies communication to a third party, within or outside the territory of the country, when said communication is intended to carry out a treatment by the person in charge on behalf of and on behalf of the database custodian, for fulfilling the purposes of the latter.
Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation, or deletion.
What Data Do We Collect?
We want you to know WHAT data we’re collecting. Below, we’ve listed the data we collect about you.
Personal Data: Any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
Government-issued photo identification
Name (Any combination of given, middle, and surname(s))
Date of Birth
Telephone or Mobile number(s)
Account access data
We also collect data which is essential in providing you with our Services, such as:
Routing and Account numbers
Tax identification number
Other necessary financial data
Names and data of the transacting parties
Other necessary transaction data
Third-Party Services: As part of our platform, we may offer customers expense management solutions that provides various features to facilitate financial management. One such feature involves the collection of invoice data and other relevant information from the ETA’s (Egyptian Tax Authority) official website.
Please note that we solely act as an intermediary to facilitate the retrieval of this information from the Egyptian Tax Authority’s website on your behalf.
By providing us with your credentials you are giving us direct consent to collect and process the relevant information as described above.
If you have any concerns or questions regarding the collection of data from third-party services, including the tax authority website, please contact our privacy team at [email protected].
Use of Customer Business Logos:
Swypex is committed to providing transparency and ensuring the privacy and security of our customers' information. As part of our efforts to showcase the success of our clients and promote our banking services, we may collect and use your business logo for advertising and marketing purposes. This clause outlines the terms of logo collection and usage:
Consent: We will seek your explicit consent before using your business logo for advertising or marketing purposes. You have the right to provide or withdraw consent at any time. To revoke consent, please contact our support team at [email protected].
Third-Party Sharing: Swypex may share your business logo with our affiliates, partners, and third-party service providers for the purpose of advertising and promoting our banking services. Rest assured that we will only share your logo with those who are contractually bound to uphold data privacy and security standards.
Display Location: Your business logo will be displayed on our website's "Partners" page, marketing collaterals, and other promotional materials related to Swypex's services.
Modification: We will not make any substantial modifications to your business logo without your express consent. However, minor alterations, such as resizing for display purposes, may be applied as necessary.
Retention Period: Your business logo will be retained for as long as it remains relevant to our advertising and marketing initiatives. If you choose to discontinue our services or request the removal of your logo, we will promptly remove it from our advertising materials.
Intellectual Property Rights: By providing your business logo, you affirm that you own all the necessary rights or have obtained the required permissions to grant Swypex the right to use the logo for advertising and marketing purposes. Swypex acknowledges that your business logo remains your intellectual property, and we do not claim any ownership or additional rights to it beyond the scope of this clause.
Contact Information: If you have any questions, concerns, or wish to request the removal of your business logo from our advertising materials, please contact our support team at [email protected].
Automatic Data Collection:
When you use our Services, certain data is collected automatically. The primary use of this data is for the operations of our Services, and for your account security, anti-fraud measures, as well as for our internal analytics and reporting purposes. This may include device and usage data, your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical data.
Data Collected From Other Sources
We may also collect data from sources that may include data not mentioned above. This data can be collected through public databases, governmental databases, social media platforms, third parties, and any other legally permissible sources.
Why Do We Collect This Data?
Now that you know WHAT data we’re collecting, let us tell you WHY we’re collecting it.
We collect this data, via our Services or from outside sources, for business and commercial purposes that are legally permissible as described below:
To Provide and Maintain Our Services. We collect data to provide you and our business customers with our Services. This includes determining eligibility, facilitating account creation and login processes, operating and managing our Services, and otherwise providing Services requested by you and our business customers.
Complying with Legal Duties and Obligations. We collect data that is needed to abide by compliance and legal requirements when providing you and our business customers with our Services. This includes responding to legal requests where we may need to investigate the data.
Security and Fraud Detection. We collect data to prevent and detect any illegal, fraudulent, and unauthorized activities, where any breach of our agreements, contracts, policies, terms, and conditions may occur.
Improving Your Experience. At Swypex, we always want to improve your experience when using our Services. The data we collect is used for data analysis, to identify usage trends, determine the effectiveness of our Services, promotional campaigns, marketing, and overall user experience.
Communicating with You. We use the data we collect to send you technical notices, updates, new feature information, security alerts, information regarding changes to our policies, terms, conditions, as well as support and administrative messages.
Fulfilling and Managing Requests. We may use your data to fulfill and manage your requests regarding our Services.
Marketing and Advertising. We may, on certain occasions, use your data for marketing and advertising purposes; however, we will notify you and take your direct consent prior to any use of your data for this purpose.
At Your Direction. We may use the data we collect to fulfill any other purpose at your direction.
Notwithstanding the above, we may use data that does not identify you (including data that has been aggregated or Anonymized Data) for any purpose except as prohibited by law or contractual obligation applicable to us.
How Do We Collect This Data?
You might be wondering HOW we collect this data from you? Below we highlight the different methods and tools we use to collect data.
As is true with most other websites, Swypex’s Services collect certain data automatically and store it in log files. This data may include device and usage data, such as when and how you use our Services, your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical data.
We may also collect data through our Services, contracts, forms, service offers, events held by Swypex, telephone calls, emails, meetings, and through transmission or transfer by strategic allies.
Cookies and similar technologies
What are cookies?
Cookies are small text files that are generated by websites, apps, online media and advertisements that are stored on your browser and/or device. Cookies are used to make our Services more efficient, as well as to provide reporting data.
What are pixels?
Pixels, which are also called web beacons, are code snippets added to a website in order to gather data about your device and browser, including the device type, operating system, browser type and version, website visited, time of visit, referring website, IP address, advertising identifiers, location, and other similar data that uniquely identifies your device.
These tools allow us to:
Perform website and mobile analytics
Help prevent fraud and prevent attacks against our Services
Advertise and promote Swypex’s Services
Remember your information so you do not have to enter it again
Tailor our services to your preferences
You can block these at any time using your web browser settings, but doing so may limit your browsing experience and your ability to use certain features of our Services. If you require assistance in doing so please contact [email protected].
How Do We Keep Your Data Safe?
Now that you know WHAT, WHY and HOW we collect data, let’s look at how we’re keeping your personal data safe.
At Swypex, we have implemented the necessary technical, organizational and administrative security measures which are designed to protect the security of any data we collect and process. We ask you to do your part in keeping your data secure, as we cannot guarantee the security of the internet, which is not 100% secure. Although we will do our best to protect your data, transmission of data to and from our Services is at your own risk. You should only access our Services within a secure environment.
Have you heard of PCI Compliance?
To provide you with the highest international security standards, Swypex is officially PCI DSS Certified! PCI DSS or Payment Card Industry Data Security Standard is the international standard created to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
Where Is Your Data Stored?
The personal data Swypex collects from you is stored in one or more databases hosted by third parties located in Egypt. These third parties do not use or have access to your personal information for any purpose other than storage and retrieval. On occasion, Swypex engages third parties to send information to you, including information about our Services.
How Long Do We Store Your Data?
We retain the data until it no longer has business value, or is no longer required by law or regulations, and is eliminated from our database. All your personal data that Swypex collects may be eliminated upon verified request from you. For more information regarding your rights, please contact [email protected].
Sharing Data with Third Parties
Swypex may share your data with third parties. This includes our own group of companies, third-party service providers, and partners. We may also share your data in the event of a request from governmental agencies, law enforcement bodies, legal proceedings, courts, tribunals, or other entities who hold the right to do so.
Examples of data shared with third parties and the reasons why they are shared:
To Provide You with Our Services. We may share your data in order to achieve our legitimate business interests and to fulfil our contract with you.
Legal Requirements. We may share your data in the event that we need to comply with legal obligations, such as governmental requests, judicial proceedings, court orders, or any other legal proceedings.
When Your Data Has Been Anonymized. When your data has been anonymized and no longer reveals your personal identity.
For Everyone’s Safety. We may also share your data in the event that we believe there has been a violation of our contracts, terms, agreements, policies and applicable laws. This data may be used to investigate or as evidence when necessary.
Third-Party Service Providers. We may also share your data with our third party service providers, or any other third party that performs services for us or on our behalf. This may include identity verification, payment processing, legal requirements, hosting services, consulting services, customer service, email delivery, sms notifications and marketing efforts. In order to prevent fraud or any breaches of our terms, agreements, contracts or policies, we may allow third parties to use tracking technologies. We may also allow third parties to use tracking technology to determine the effectiveness of our Services. In all cases, it is important to note that we will get your express opt-in consent before we share your personal data with any third party for any of the above mentioned purposes
With Your Consent. If you have given us consent to use your data as specified by you.
Transfer of Business. We may share your data in the event that another business performs any mergers, acquisitions, sales or purchases of company assets, financing and negotiations with Swypex.
With Our Business Partners. We may share your data with our business partners in order to offer you certain products, services, or promotions.
Right to Withdraw/Opt out. You have the right to withdraw and/or opt. out consent to transfer your data to a third party at any time by contacting us or deleting your information.
Do We Collect Data from Minors?
We do not knowingly attempt to solicit or receive information from children. By using our Services, you represent that you are at least 18 years of age. If we learn that data from users who are less than 18 years of age has been collected, we will stop our Services to the user and will take the appropriate measures to promptly delete such data from our records. If you are aware of any data collected by Swypex from individuals who are under the age of 18, please contact us immediately at [email protected].
What Are Your Data Privacy and Protection Rights?
We’re not the only ones worried about your data privacy. Government regulations around the world exist to protect your personal data. At Swypex we abide by The Arab Republic of Egypt’s Personal Data Protection Law “PDPL”. Below we list your data rights:
Right to Be Informed. You have the right to be informed about what data is collected about you and how such data has been processed.
Right of Access. You have the right to access a copy of your personal data in a commonly used and machine-readable format for free. We may charge for additional copies.
Right of Data Portability. You may have the right to data portability which allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This enables you to obtain and reuse your personal data across different services.
Right to Be Forgotten. You may have the right to request the elimination of your personal data we collect.
Right to Object. You may have the right, at any time, to object to our collection and processing of your personal data, whether the processing is for marketing communications or even legitimate business interests.
Right to Correction. You may have the right to correct us regarding any inaccurate or incomplete personal data.
Right to Restriction of Processing. You may have the right to request the restriction of processing of your data under certain conditions.
If you would like to learn more about your data rights or would like to exercise your rights, please contact us at [email protected].
Principles of Data Protection
At Swypex, the following seven key principles lie at the heart of our data protection protocols.
1. Lawfulness, fairness, and transparency. We identify our lawful basis for collecting and using personal data, and we do not process the data in a way that is unduly detrimental, unexpected, or misleading to the individuals concerned.
2. Purpose limitation. We have clearly identified our purpose or purposes for processing, and have documented those purposes, including details of our purposes in our privacy information for individuals. We regularly review our processing and, where necessary, update our documentation and our privacy information for individuals. If we plan to use personal data for a new purpose other than a legal obligation or function set out in law, we check that this is compatible with our original purpose or we get specific consent for the new purpose.
3. Data minimization. We only collect personal data we actually need for our specified purposes. We have sufficient personal data to properly fulfill those purposes, and we periodically review the data we hold and delete anything we don’t need.
4. Accuracy. We ensure the accuracy of any personal data we create, have appropriate processes in place to check the accuracy of the data we collect, and record the source of that data. We have a process in place to identify when we need to keep the data updated to properly fulfill our purpose, and we update it as necessary. If we need to keep a record of a mistake, we clearly identify it as a mistake. We comply with the individual’s right to rectification and carefully consider any challenges to the accuracy of personal data. As a matter of good practice, we keep a note of any challenges to the accuracy of personal data.
5. Storage limitation. We know what personal data we hold and why we need it. We carefully consider and can justify how long we keep personal data. We have a policy with standard retention periods where possible, in line with documentation obligations. We regularly review our information and erase or anonymize personal data when we no longer need it or are no longer required by law or regulations. We have appropriate processes in place to comply with individuals’ requests for erasure under “The Right To Be Forgotten”. We clearly identify any personal data that we need to keep for public interest archiving, scientific or historical research, or statistical purposes.
6. Integrity and confidentiality (security). The data we collect must be managed with the technical, human, and administrative measures that are necessary to provide security to the records avoiding its adulteration, loss, consultation, use, or unauthorized or fraudulent access.
7. Accountability. The adoption and demonstration of effective measures capable of proving the observance and compliance with the personal data protection regulations, and even the effectiveness of these measures.
Updates and Modifications to This Policy
If you have any questions about your data, privacy, or rights, or wish to exercise your rights, please feel free to contact us at [email protected].