Your cookie settings

Cookies help us to make the site better and improve your browsing experience. By clicking “Ok”, you consent to our use of cookies. Find out more in our Privacy Policy

Privacy Policy

Effective 8 November 2022
* Multilingual version is available in Privacy Policy
CARDSMOBILE B.V. is a company registered and existing under Dutch law with KVK Number 80989659, located at Willem de Zwijgerlaan 350/2M, 1055 RD Amsterdam, the Netherlands (hereinafter also referred to as the 'Company', 'we').
We are the developers of the Swoo mobile app (hereinafter referred to as the 'App', 'Swoo'), where you can add your loyalty and discount cards to get discounts at your favorite stores using your smartphone and share the cards with friends and family. This Privacy Policy shall only be applicable to those services within the App.
We strive to make your shopping experience and the use of our App and services convenient and safe. We collect personal data to provide you access to all features in our App and in our services and improve their operation by making them even more convenient and secure.
The term 'personal data' (hereinafter also referred to as 'user data', 'data') takes into account the existing international practices on personal data protection in countries that provide an adequate level of such protection. It includes any information of yours that relates to or identifies you directly or indirectly, particularly by linking you an identifier such as your first name, surname, identification number, location data, online identifier, or one or more aspects of your physiological, genetic, religious, economic, or cultural identity.
Our Privacy Policy tells you what personal data we collect and for what purposes, how we use it, and how you can change, receive, or erase it. Please read the Privacy Policy carefully before using Swoo.

Why we collect personal data

Our legal basis for collecting and using personal data will depend on the relevant personal information and the specific context in which we collect it. Nevertheless, in any case, the data we collect, and process is obtained lawfully and on a legal basis.
We process personal data in the ways permitted by applicable laws on personal data protection, such as performing operations with or without the use of automation, in particular: collecting, recording, organizing, structuring, storing, adapting or changing, reviewing, using, disclosing (by transmission, distribution or otherwise making it available), matching or combining, limiting, erasing, or destroying personal data.
We process your personal data only when: (i) we need the personal data to fulfill our contractual obligations with you, including operation of the App and services; (ii) processing it is in our legitimate interests and does not violate your rights; (iii) processing it is necessary to comply with our obligations under applicable law; or (iv) we have your consent to process it, and such processing does not violate your rights.
If we ask you to provide data as required by applicable law or to fulfill a contractual obligation with you, we will explain why and tell you whether providing your personal data is mandatory or not, as well as the possible consequences if you do not provide such data.
In cases when the Privacy Policy allows your personal data to be used without your consent, we will notify you as to what personal data will be processed and for what purpose if doing so is technically and organizationally possible and not prohibited by applicable law.
Below is a list of the purposes for which we may use your personal data:

1. To enable you to use the App and services

We ask for your data to create an account, use the App (including digitizing loyalty and discount cards), and exchange information with you about our products and services.

2. To make the App and services even more convenient and reliable

User data also helps us ensure the stable operation of the App and other services and to optimize them. We are constantly checking our services for bugs and errors. If we find a bug, we study the data about the user's actions that we gathered before the problem occurred. This helps us fix it faster. We can also use data to improve existing services and create new ones, as well as to make the use of the App and the data of our users more secure

3. To assess the performance of the app and services

We use your data to track and analyze how our users interact with our App and services. For example, we analyze statistics on screen visits to optimize their internal structure and speed up the App. We also study statistics on the App updates by users to optimize the performance of the App's versions.

4. To stay in touch with you

We use your cell phone number and e-mail address to contact you and provide technical support. We also save your messages to our support team to address your concerns more effectively and quickly.

What personal data we collect

1. The data you share with us:

1.1. Contact info:
  • cell phone number;
  • e-mail address.
You can choose how to register in the App via a cell phone number or through third-party services. In certain cases, your e-mail address or cell phone number are required to contact the App support team.
1.2. Loyalty and discount card photos
We collect loyalty and discount card photos that you upload to Swoo yourself or get via a link from friends and open/save in the App. We create an image for your uploaded loyalty and discount card photos and load a barcode so you can get discounts at stores.
1.3. Other information and content that you provide voluntarily
We provide you with the ability to upload other information and content to Swoo, which is not related to the loyalty and discount card photos (collectively, 'User-Generated Content'), for storage and use. It is solely your decision to share User-Generated Content with us while using the App, so our processing of such data will be based on your consent.
We are not responsible for anything you decide to include in User-Generated Content. If you include in your User-Generated Content any information relating to others, you represent that you have full permission and authority to do so. You should not submit any User-Generated Content you do not wish to make available to us, and you must take special care to make sure your submissions comply with our Terms of Service. In particular, your submissions must not violate the privacy or other rights of others.

2. The data we collect when you use the App and services

2.1. Web browsers and devices

We record information about the web browsers and devices that you use to access our services, which ensures the good functioning of auto-refresh, the screen dimmer when the battery is low, and other features of the App and services.
We collect unique identifiers, your web browser and device's type and settings, the operating system, and the app version number. We record information about how web browsers and devices interact with our services: IP address, crash reports, system activity information, date and time of visit, and the URL from which you navigated to them.
We receive this data when the App accesses our servers from your device, such as during installation or when checking for available updates.

2.2. Your activities

We collect data about your activities while using the App and services. This data includes:
  • Browsing history of the App screens and service pages;
  • Photographs of loyalty and discount cards;
  • Views of added cards and interactions with them;
  • The queries you searched for in the App and services.
This data allows us to optimize and improve the performance of the App and our services.
Access settings (activity tracking)
In your device settings, you can choose which actions you would like to share with the App and services. We collect some of your data even if you're not logged in, but you can adjust that. Such data includes:
  • Web browser settings. You can enable notifications when a cookie is saved or refuse to save cookies from a specific domain or any domains. But please note that cookies are essential for the correct operation of our services and website. For example, for automatic language detection.
  • Device settings. Your PC, smartphone, or tablet may have its own data collection settings. For example, you can specify exactly how your location data should be handled: always, only when using the App, or never.

2.3. Your location

When you use the App and services, we collect your location data. We can use it to automatically set the App language, for example.
We detect your location with a certain degree of accuracy. To do this, we consider:
  • GPS data;
  • IP address;
  • Data from the sensors on your device.
The types of location data we collect partially depend on your device settings. For example, if you have disabled location permissions on your device, the App language will automatically be set to English.

2.4. Information from Other Sources

We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our App through a third-party service, such as a social networking site or a third-party login service (Facebook, Apple ID, Google ID), we may collect information about you from that third party that you have made available via your privacy settings. We will only use this information where these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

3. Data we receive from third parties

The data we receive from third parties depends on the features you use in our App. For example, if you have set up the use of Swoo Pay, we may collect information about your transaction history, such as transaction amount, currency, merchant name, and transaction date/time. The specified data is also available to you in the App interface.

4. Using cookies

The use of cookies is designed to make the websites (https://swoo.app, https://swooapp.com) work correctly. For our services to remain secure and reliable, we collect and analyze IP addresses and cookies that allow us to verify that you are the owner of your account.
For example, we use cookies to learn how users interact with our services, which helps us improve our products. In particular, if we notice that a task takes too long to run or is struggling to perform, we can refine the corresponding feature.
We also use cookies to prevent unlawful actions performed by malicious software.
If cookies are blocked, the website will malfunction.
In some countries, including countries in the European Union, the information referred to in the paragraph above may be treated as personal data under applicable data protection laws.

5. Publicly available sources

We collect publicly available data to train our loyalty and discount card recognition robots and support bots to solve user issues more efficiently.

6. Sensitive data

We process certain categories of Personal Data depending on how you use our App. But in any case, we do not use and do not intend to use any sensitive data (e.g., photographs of social security numbers, photographs related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) that you provide to the App on a voluntary basis.
Subject to the following paragraph, we ask that you not disclose or upload to Swoo any sensitive personal data.
If you send or disclose any sensitive personal data to the App when you submit User-Generated Content to our App, you provide us with your simultaneous consent to our processing of such sensitive personal data in accordance with this Privacy Policy. If you do not consent to our processing of such sensitive personal data, you must not submit such User-Generated Content to our App.

7. Children

The services are not intended for use by persons under 16 years of age. If you are under 16 years old, you should not register for an account or share any information with us. We do not collect personal data from such persons.
If we become aware that we have collected personal data from someone under the age of 16, we will erase that information as soon as we become aware of it, depending on the circumstances. If you have any reason to believe that we have collected such data, please inform us immediately.

Your rights regarding personal data

To the extent permitted by applicable law, you have the following rights with respect to your personal data:
  • The right to access your personal data: At any time, you can ask us what personal data of yours we are storing, why we are processing it, to whom it has been disclosed, etc.
  • The right to rectification: You can request that we update your personal data if it is incomplete, outdated, or incorrect. Unfortunately, you can't change the cell phone number to which your App account is linked. However, you can register a new account for your new cell phone number and inform our tech support team. At your request, they will make the corresponding changes in our database and transfer your loyalty and discount cards and other User-Generated Content from one account to another and delete the old account.
  • The right to restriction of processing: At any time, you may request that we restrict the processing of your data to the extent you deem necessary. For example, if you think your data is inaccurate and we need time to verify it, we may pause the processing of your data to clarify whether or not this is true.
  • The right to erasure: At any time, you can ask us to erase all or some of the personal data that we have about you by sending an e-mail request to support@swooapp.com from the user's e-mail address or via the Support feature in the App after logging in. If you do this, you will no longer have access to your App account. You can request that we remove information from a particular service. This is possible in certain cases, which are governed by applicable data privacy laws. Data can be erased in the following ways: a) Erase data from certain services b) Completely delete the account. We will cease processing and erase the personal data about you in our possession within the timeframe required by applicable laws to protect personal data unless we are required or permitted to retain and/or use your personal data under regulatory requirements applicable to us.
  • The right to data portability (under certain circumstances): If you wish, you may ask us to download (export) all personal data we hold in a format acceptable for transfer to third parties. You can also export your own personal data from your App account if you need a copy or if you plan to use the data in a third-party service.
  • The right not to be subject to a decision based solely on automated processing: If we process your personal data automatically and make certain decisions based on it, and that decision significantly affects you, you can express your concerns and dispute the decision.
  • The right to complain to a supervisory authority: You can always file a complaint about the way we process your personal data.
If you are a resident of the European Union, you have data protection rights no less than what is specified by the General Data Protection Regulation (GDPR).

How your personal data is transferred

1. What data you transfer, and when

You can transfer your information to our partners and control this process.
For example, if you review our App on Google Play, the App Store, or AppGallery, your name and photo will appear next to the posted review if you previously uploaded it to your app store account.

2. What data we transfer, and when

We do not disclose or transfer user data to natural or legal persons not affiliated with our company. However, there are exceptions, and you can find out more about them below.
We may transfer data to countries other than the country in which the data was originally collected. When we transfer your personal data to other countries, we will protect it as described in this Privacy Policy.
In any case, we adhere to the official requirements of applicable laws on personal data protection and only share your data with third parties when we are confident that we can protect your privacy and rights. For example, if you are a resident of the European Union, and if a third party is located in a country that the European Commission has not recognized as providing an adequate level of personal data protection, we ensure that there are agreements with the corresponding third party that include standard data protection provisions approved by the European Commission or other data protection measures recommended by the European Commission.

2.1. Transfer to third parties

We may share user data with third parties in the following cases:
  • To fulfill the contractual obligations between you and the Company. Such third parties include retailers and businesses whose loyalty and discount card photos you upload to the App to make purchases and hosting providers and companies that provide technical support to users.
  • When you have consented to transfer your personal data to them.
  • When we transfer our rights and obligations under an appropriate contract.
The transfer of your personal data to a third party may only be allowed to a minimal extent and only to fulfill tasks that correspond to the objective reason for collecting and transferring the data.
Don't worry about your data's security. It's processed according to our instructions, the Privacy Policy, and other privacy and security requirements applicable to our company.

2.2. Legal requirements

Like other IT and telecommunication companies, our company occasionally receives requests from officials and governmental bodies for user data.
In such cases, we may share your data with officials and governmental bodies, but only if we strongly believe that those entities have a right to receive, use, store, or disclose this data.
Usually, these are officials, governmental bodies, and organizations that act within the law to:
  • Ensure compliance with legal requirements, implement a court decision, or enforce a request from a governmental body;
  • Enforce compliance with the terms of the Terms of Service or investigate possible violations of it;
  • Identify, stop, or otherwise attempt to prevent fraud and work to fix technical bugs or security problems;
  • Protect the rights, property, or safety of the company, our users, or the public as required by applicable law and under the authority provided by law.
In any case, we carefully review all requests and often deny them if they are formulated too broadly or violate the applicable law.

How we protect your personal data

By collecting your data, we gain valuable information to identify and automatically fix security problems when they occur in the App and services. The security of your data is our priority, which is why we provide reliable protection of it. If your data is at risk, we'll immediately inform you about the problem and how to solve it.
Our servers are located in the EEA and other regions.
A particular user's information may be processed in a country other than the one where they reside. As such, the level of data protection and applicable laws may differ from country to country. However, regardless of where your data is processed, our company applies the same security measures described in this Privacy Policy and this section.
We may apply different measures to protect the collection, transfer, and storage of personal data that we collect, depending on the sensitivity of the personal data and the level of technological development.
To protect your data, we use physical, electronic, and procedural security measures following international standards. We review and update our data collection, storage, and processing methods, including physical security measures to prevent unauthorized access to our systems. We obtain the necessary certifications to ensure information security. We conduct systematic checks on the technical interaction of the App's system components along with checks of tech and IT equipment to ensure that we comply with security standards.
We do our best to protect the company and our users from unauthorized attempts to access, change, disclose, or destroy the data we store.

1. Here are some of the security measures we take:

  • We use encryption to ensure data confidentiality during transfer.
  • We use special means to protect accounts and conduct regular data backups.
  • We restrict network access to the company's servers and arrange physical barriers to server access.
  • We audit user actions and detect unauthorized access to data in a timely manner.
  • We regularly assess the damage and risks when processing personal data.
  • We install and use anti-virus software (with regular virus database updates).
  • We take measures to limit who has access to the servers and databases that store user data. We restrict data access to our employees, contractors, and agents and impose strict contractual obligations on them, providing for sanctions and/or firing for violation of those obligations. Personal responsibility is one of our primary requirements for the operation of the personal data protection system and a prerequisite for its effectiveness.

End-to-end encryption

End-to-end encryption provides the highest level of data security. On each of your devices, the data that you store in the App is protected with a key derived from information unique to that device. We never collect or store your files, encryption keys and passwords in an unencrypted or invertible form.
End-to-end encryption requires that you use two-factor authentication for your account (via verification by phone number, Facebook ID, Apple ID or Google ID) and set a passcode on your device. With two-factor authentication, your account can be accessed only on your device. Keeping Swoo up to date, using two-factor authentication for your account, and protecting your device with a passcode are the most important things that you can do to maintain the security of your devices and data.
The measures we take are designed to provide a level of security corresponding to the risk of processing your personal data. Still, please keep in mind that Internet safety is not guaranteed to be 100% secure.

2. Fraud prevention

If we detect an attempt to hack our App, the illegal use of someone else's account, the unlawful use of loyalty and discount programs in fraudulent activities, or another abuse of our services that violates our policies, we reserve the right to deactivate your account or take other measures, such as initiating an identification procedure by sending you an SMS with a verification code. Under certain circumstances, we may also report the violation to relevant government authorities.
If we think your account has been hacked, we will notify you and inform you about how to protect it.

How we store your personal data

We store personal data that we collect from you when we have an ongoing legitimate business need to do so (for example, to provide you access to the App and services to which you have requested access or comply with applicable legal, tax, or accounting requirements).
We will store your personal data until we fulfill the purpose for which it was collected, as required by applicable laws on personal data protection, or until you request for it to be deleted.
The collected data is stored for a period of time. The duration of storage depends on the type of information and how we use it. For example:
  • You can delete loyalty and discount card photos at any time.
  • We keep information about your cell phone number, e-mail address, and how often you use our services until you decide to delete your account in the App or we delete it due to long-term disuse.
We store some data for longer if doing so is required by law or necessary for legitimate business purposes, such as tax, legal, accounting, fraud or abuse prevention, and/or other purposes. This data may be stored even after the account is deleted.
We store your personal information in different regions, such as Poland and Ireland, depending on the country in which you reside. Because your data may be located outside of the EEA, which has not been recognized by the European Commission as providing an adequate level of data protection, we guarantee that we take all necessary measures to protect your data and its processing under applicable data protection regulations.

How data is erased

When we have no ongoing legitimate business need to process your data, or you have requested that we erase it, we will either erase or anonymize your data. Or, if that is not possible (for example, because your data was stored in backup archives), we will store it securely and isolate it from further processing until it can be erased.
That means that your data completely disappears from our servers or is stored there in an anonymized form.
We take additional data protection measures to ensure that your data is not accidentally erased or removed due to unlawful acts. Therefore, your data won't be removed from our servers and backup systems immediately upon your request, but after some period of time (no more than 30 calendar days).

What else you need to know about the Privacy Policy

General information

Applicability of the Privacy Policy

The Privacy Policy applies to the App, the website, and services provided by our company and its affiliates.
This document does not apply to some services with a privacy policy of their own that does not include this document.
This Privacy Policy does not control:
  • Data processing procedures in other companies and organizations that advertise our services;
  • Services offered by other natural or legal persons, including products or websites that have our company's services implemented, links to which appear in search results or in our services.

Changes to the Privacy Policy

We regularly update the Privacy Policy and process user information according to the most current published version. However, we do not intend to restrict user rights described in this document in the future without user’s clear consent.
We always indicate the date of the most recent changes to the Privacy Policy, post updates to our website, and provide access to previous versions of the Policy.
If significant changes are made to the document, we will inform you of them by additional means. In some cases, we will send an in-App notification.

Communications

1. Data Protection Officer, DPO

To comply with applicable laws on personal data protection and to ensure an adequate level of security in the processing of your data and its professional protection, we have appointed an officer authorized to represent us and our interests concerning our responsibilities for the processing of personal data.
The contact information of the Data Protection Officer is dataprotection@swooapp.com
The responsibilities of the Data Protection Officer include but are not limited to, answering any questions from you and from regulatory authorities.

2. Inquiries about data protection issues

We respond to all requests we receive from you as natural persons who want to protect their rights under applicable laws on personal data protection.
If you make a request, we will have thirty (30) calendar days to reply, and in some cases, that period may be extended an additional two (2) months. If you want to exercise any of these rights, please contact us. Before processing any request, we may ask you for certain information to verify your identity.
If you have any questions regarding our Privacy Policy or about your personal data that we store, or if you would like to exercise one of your data protection rights, please feel free to contact us at dataprotection@swooapp.com.