Privacy Policy

When you use our Services, you trust us with your personal data. The security and privacy of your data is our utmost importance. In this privacy notice, we describe our Privacy Policy and explain to you: what data we collect, how and why we collect it, as well as where we store it, for how long, and most importantly, how we keep it all secure.

For purposes of this Privacy Policy, "Swypex", "we", "our", and "us" refers to Swypex Technologies, and "you" or "your" refers to the natural person interacting with us.

This Privacy Policy applies to all data collected through our website (www.swypex.com), mobile application(s), product(s) (including Swypex’s physical or virtual prepaid cards (“Cards”)) , online platform(s), and/or any related services, sales, marketing or events, online or offline, referred to them collectively in this Privacy Policy as the "Services".

At Swypex, we’ve partnered with an issuing bank to provide you with our Services. We are governed by the terms of our agreement with the issuing bank and the applicable business customer; nevertheless, we guarantee you that, in accordance with the applicable Egyptian laws and regulations in this regard, your personal data is being kept private and confidential. In the event that we are processing the data for our own purposes, we will do so in accordance with the practices and policies described in this Privacy Policy.

Your use of our Services constitutes your agreement and direct consent to our data practices, and any other policies made available to you. If you do not agree, please notify us in writing, close your Swypex Account, delete any cookies related to our Services from your devices, and cease all use of the Services. In certain circumstances, the business customer on whose behalf we provide Services will need to confirm your choice before we can fully process your request.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy policy supplements other privacy policies and is not intended to override them.

If you have any questions or wish to exercise your rights and choices, please contact us at [email protected].

Anonymized data: Data related to a Holder that cannot be identified, considering the use of reasonable technical means available at the time of processing.

Authorization: Prior, explicit, express, and informed consent of the Holder to carry out the processing of personal data.

Consent: Free, explicit, informed, and unequivocal expression by which the Holder accepts the processing of their personal data for a specific purpose.

Data: Facts, statistics, details, and information provided or collected or learned about something or someone for reference or use or storage, or analysis.

Database: Structured set of data, including personal data, established in one or more places, on electronic or physical support.

Elimination: Elimination of data or data sets stored in a database, regardless of the procedure used.

Holder(s): Any natural or juristic person legally or factually holding, possessing, maintaining, and retaining personal data in a legal and effective manner, or any other manners, or by any means of storage, regardless of whether that person held such data initially or was transferred and/or acquired such data by any means of transfer.

Person: A natural person, juristic or legal person.

Personal data: Any data relating to an identified natural person, or one who is identifiable, directly or indirectly, by reference to such data and to other data such as a name, a voice, a photograph, an identification number, an online identity identifier, or any identifying data referring to the person’s psychological, medical, economic, cultural or social identity.

Privacy notice: Verbal or written communication addressed to the Holders of the personal data that are being processed by a company, in which they are informed about the existence of the personal data treatment policies that will be applied to them, the form of access them, and the purposes for which the Holders personal data will be used.

Processing: Any electronic or technological operation to write, collect, record, save, store, merge, display, send, receive, circulate, publish, erase, change, edit, retrieve, or analyze personal data using any electronic or technological medium partially or fully.

Cross-border transfer of personal data: Transferring, making available, recording, storing, circulating, publishing, using, displaying, sending, receiving, retrieving, or processing data within the Egyptian territory to another country abroad or vice versa.

Transmission: Processing of personal data that implies communication to a third party, within or outside the territory of the country, when said communication is intended to carry out a treatment by the person in charge on behalf of and on behalf of the database custodian, for fulfilling the purposes of the latter.

Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation, or deletion.

We want you to know WHAT data we’re collecting. Below, we’ve listed the data we collect about you.

Personal Data: Any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

We also collect data which is essential in providing you with our Services, such as:

Financial Data:

Transaction Data:

Third-Party Services: As part of our platform, we may offer customers expense management solutions that provides various features to facilitate financial management. One such feature involves the collection of invoice data and other relevant information from the ETA’s (Egyptian Tax Authority) official website.

This data may include details such as invoice numbers, amounts, dates, and any other relevant information necessary for expense tracking, accounting and financial management. We will handle this data in accordance with the terms outlined in this privacy policy.

Please note that we solely act as an intermediary to facilitate the retrieval of this information from the Egyptian Tax Authority’s website on your behalf.

It is important to understand that the Egyptian Tax Authority’s website is a separate entity governed by its own privacy policies and terms of use. While we strive to ensure the security and confidentiality of the data we collect from these third-party sources, we cannot guarantee the security measures or policies implemented by the Egyptian Tax Authority’s website. We encourage you to review the privacy policies and terms of use of the Egyptian Tax Authority’s website before providing your consent for accessing your data.

By providing us with your credentials you are giving us direct consent to collect and process the relevant information as described above.

You also acknowledge that you have read and understood the privacy policies and terms of use of the Egyptian Tax Authority’s website.

If you have any concerns or questions regarding the collection of data from third-party services, including the tax authority website, please contact our privacy team at [email protected].

Swypex is committed to providing transparency and ensuring the privacy and security of our customers' information. As part of our efforts to showcase the success of our clients and promote our banking services, we may collect and use your business logo for advertising and marketing purposes. This clause outlines the terms of logo collection and usage:

Purpose of Logo Collection: By agreeing to our Privacy Policy and Terms of Service, you grant us permission to collect and use your business logo. The primary purpose of collecting logos is to feature them on our website, marketing materials, and promotional content to highlight our valued customers' achievements.

Consent: We will seek your explicit consent before using your business logo for advertising or marketing purposes. You have the right to provide or withdraw consent at any time. To revoke consent, please contact our support team at [email protected].

Third-Party Sharing: Swypex may share your business logo with our affiliates, partners, and third-party service providers for the purpose of advertising and promoting our banking services. Rest assured that we will only share your logo with those who are contractually bound to uphold data privacy and security standards.

Display Location: Your business logo will be displayed on our website's "Partners" page, marketing collaterals, and other promotional materials related to Swypex's services.

Modification: We will not make any substantial modifications to your business logo without your express consent. However, minor alterations, such as resizing for display purposes, may be applied as necessary.

Retention Period: Your business logo will be retained for as long as it remains relevant to our advertising and marketing initiatives. If you choose to discontinue our services or request the removal of your logo, we will promptly remove it from our advertising materials.

Intellectual Property Rights: By providing your business logo, you affirm that you own all the necessary rights or have obtained the required permissions to grant Swypex the right to use the logo for advertising and marketing purposes. Swypex acknowledges that your business logo remains your intellectual property, and we do not claim any ownership or additional rights to it beyond the scope of this clause.

Contact Information: If you have any questions, concerns, or wish to request the removal of your business logo from our advertising materials, please contact our support team at [email protected].

By continuing to use our banking services, you signify your agreement with this clause regarding the use of your business logo for advertising and marketing purposes as outlined in our Privacy Policy.

When you use our Services, certain data is collected automatically. The primary use of this data is for the operations of our Services, and for your account security, anti-fraud measures, as well as for our internal analytics and reporting purposes. This may include device and usage data, your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical data.

We may also collect data from sources that may include data not mentioned above. This data can be collected through public databases, governmental databases, social media platforms, third parties, and any other legally permissible sources.

Now that you know WHAT data we’re collecting, let us tell you WHY we’re collecting it.

We collect this data, via our Services or from outside sources, for business and commercial purposes that are legally permissible as described below:

Notwithstanding the above, we may use data that does not identify you (including data that has been aggregated or Anonymized Data) for any purpose except as prohibited by law or contractual obligation applicable to us.

You might be wondering HOW we collect this data from you? Below we highlight the different methods and tools we use to collect data.

As is true with most other websites, Swypex’s Services collect certain data automatically and store it in log files. This data may include device and usage data, such as when and how you use our Services, your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and other technical data.

We may also collect data through our Services, contracts, forms, service offers, events held by Swypex, telephone calls, emails, meetings, and through transmission or transfer by strategic allies.

What are cookies?

Cookies are small text files that are generated by websites, apps, online media and advertisements that are stored on your browser and/or device. Cookies are used to make our Services more efficient, as well as to provide reporting data.

What are pixels?

Pixels, which are also called web beacons, are code snippets added to a website in order to gather data about your device and browser, including the device type, operating system, browser type and version, website visited, time of visit, referring website, IP address, advertising identifiers, location, and other similar data that uniquely identifies your device.

These tools allow us to:

You can block these at any time using your web browser settings, but doing so may limit your browsing experience and your ability to use certain features of our Services. If you require assistance in doing so please contact [email protected].

Now that you know WHAT, WHY and HOW we collect data, let’s look at how we’re keeping your personal data safe.

At Swypex, we have implemented the necessary technical, organizational and administrative security measures which are designed to protect the security of any data we collect and process. We ask you to do your part in keeping your data secure, as we cannot guarantee the security of the internet, which is not 100% secure. Although we will do our best to protect your data, transmission of data to and from our Services is at your own risk. You should only access our Services within a secure environment.

To provide you with the highest international security standards, Swypex is officially PCI DSS Certified! PCI DSS or Payment Card Industry Data Security Standard is the international standard created to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.

The personal data Swypex collects from you is stored in one or more databases hosted by third parties located in Egypt. These third parties do not use or have access to your personal information for any purpose other than storage and retrieval. On occasion, Swypex engages third parties to send information to you, including information about our Services.

At Swypex, we will only store your data as long as it is necessary for the purposes set out in this Privacy Policy. Swypex retains personal, banking and financial data for the duration of the customer’s business relationship with Swypex and for a period of time thereafter, for analysis of our Services, and for historical and archiving purposes. Noting that we will follow the provisions of the Egyptian laws in terms of storing your data.

We retain the data until it no longer has business value, or is no longer required by law or regulations, and is eliminated from our database. All your personal data that Swypex collects may be eliminated upon verified request from you. For more information regarding your rights, please contact [email protected].

Swypex may share your data with third parties. This includes our own group of companies, third-party service providers, and partners. We may also share your data in the event of a request from governmental agencies, law enforcement bodies, legal proceedings, courts, tribunals, or other entities who hold the right to do so.

Examples of data shared with third parties and the reasons why they are shared:

We do not knowingly attempt to solicit or receive information from children. By using our Services, you represent that you are at least 18 years of age. If we learn that data from users who are less than 18 years of age has been collected, we will stop our Services to the user and will take the appropriate measures to promptly delete such data from our records. If you are aware of any data collected by Swypex from individuals who are under the age of 18, please contact us immediately at [email protected].

We’re not the only ones worried about your data privacy. Government regulations around the world exist to protect your personal data. At Swypex we abide by The Arab Republic of Egypt’s Personal Data Protection Law “PDPL”. Below we list your data rights:

If you would like to learn more about your data rights or would like to exercise your rights, please contact us at [email protected].

At Swypex, the following seven key principles lie at the heart of our data protection protocols.

1. Lawfulness, fairness, and transparency. We identify our lawful basis for collecting and using personal data, and we do not process the data in a way that is unduly detrimental, unexpected, or misleading to the individuals concerned.

2. Purpose limitation. We have clearly identified our purpose or purposes for processing, and have documented those purposes, including details of our purposes in our privacy information for individuals. We regularly review our processing and, where necessary, update our documentation and our privacy information for individuals. If we plan to use personal data for a new purpose other than a legal obligation or function set out in law, we check that this is compatible with our original purpose or we get specific consent for the new purpose.

3. Data minimization. We only collect personal data we actually need for our specified purposes. We have sufficient personal data to properly fulfill those purposes, and we periodically review the data we hold and delete anything we don’t need.

4. Accuracy. We ensure the accuracy of any personal data we create, have appropriate processes in place to check the accuracy of the data we collect, and record the source of that data. We have a process in place to identify when we need to keep the data updated to properly fulfill our purpose, and we update it as necessary. If we need to keep a record of a mistake, we clearly identify it as a mistake. We comply with the individual’s right to rectification and carefully consider any challenges to the accuracy of personal data. As a matter of good practice, we keep a note of any challenges to the accuracy of personal data.

5. Storage limitation. We know what personal data we hold and why we need it. We carefully consider and can justify how long we keep personal data. We have a policy with standard retention periods where possible, in line with documentation obligations. We regularly review our information and erase or anonymize personal data when we no longer need it or are no longer required by law or regulations. We have appropriate processes in place to comply with individuals’ requests for erasure under “The Right To Be Forgotten”. We clearly identify any personal data that we need to keep for public interest archiving, scientific or historical research, or statistical purposes.

6. Integrity and confidentiality (security). The data we collect must be managed with the technical, human, and administrative measures that are necessary to provide security to the records avoiding its adulteration, loss, consultation, use, or unauthorized or fraudulent access.

7. Accountability. The adoption and demonstration of effective measures capable of proving the observance and compliance with the personal data protection regulations, and even the effectiveness of these measures.

While we continue to grow our Services, we may need to update this Privacy Policy from time to time. We will notify you when the updated version is accessible, and it will be effective as soon as it is accessible. We may notify you by prominently posting a notice of such changes, or by sending you a direct notification. We encourage you to review this Privacy Policy frequently and learn more about your Data Privacy Rights.

If you have any questions about your data, privacy, or rights, or wish to exercise your rights, please feel free to contact us at [email protected].