Privacy Policy

1. Introduction

SwiftCase ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at www.swiftcase.co.uk or use our workflow automation platform and related services (collectively, the "Services").

We are registered in England and Wales. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller responsible for your personal data.

Please read this policy carefully. By using our Services, you acknowledge that you have read and understood this Privacy Policy. This policy should be read alongside our Terms of Service and Cookie Policy.

2. Information We Collect

2.1 Information You Provide

We collect personal information that you voluntarily provide when you:

• Register for an account or request a demo
• Subscribe to our newsletter or marketing communications
• Complete forms on our website
• Contact us via email, phone, or other channels
• Participate in surveys, promotions, or events
• Apply for employment opportunities

This information may include:

• Name and job title
• Email address and phone number
• Company name and business address
• Account credentials (username and password)
• Billing and payment information
• Any other information you choose to provide

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain technical information, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system and device information
• Pages visited, time spent, and navigation paths
• Referring website or source
• Date and time of access

2.3 Information from Your Use of the Platform

If you use our workflow automation platform, we also collect:

• Workflow configurations and automation rules you create
• Usage data and feature interactions
• Integration settings and API usage
• Error logs and performance data
• Data you input or process through workflows (as a data processor)

3. Legal Basis for Processing

Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

• Contract: Processing necessary to perform our contract with you or take steps at your request before entering a contract (e.g., providing the Services, managing your account).
• Legitimate Interests: Processing necessary for our legitimate business interests, provided these are not overridden by your rights (e.g., improving our Services, fraud prevention, marketing to existing customers).
• Consent: Where you have given clear consent for us to process your data for a specific purpose (e.g., marketing communications to non-customers).
• Legal Obligation: Processing necessary to comply with our legal obligations (e.g., tax records, responding to lawful requests from authorities).

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Create and manage your account
• Respond to your enquiries and provide customer support
• Send technical notices, updates, and security alerts
• Send marketing communications (where permitted)
• Monitor and analyse usage trends and preferences
• Detect, investigate, and prevent fraudulent or illegal activities
• Comply with legal obligations and enforce our terms
• Personalise your experience and provide tailored content

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

Service Providers

We engage trusted third-party companies to perform services on our behalf, such as hosting, payment processing, analytics, email delivery, and customer support. These providers are contractually bound to protect your data and may only use it for the specified purposes.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of SwiftCase, our users, or others.

With Your Consent

We may share your information for other purposes with your explicit consent.

6. International Data Transfers

Your data is primarily stored and processed in the United Kingdom using UK-based data centres. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK ICO
• Transfers to countries with adequate data protection laws
• Other legally recognised transfer mechanisms

7. Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and role-based permissions
• Multi-factor authentication options
• Regular backups and disaster recovery procedures
• Employee security training and awareness programmes
• Cyber Essentials certification

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify you of any breach affecting your personal data as required by law.

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including:

• Active accounts: For the duration of your account plus a reasonable period after closure
• Marketing contacts: Until you unsubscribe or withdraw consent
• Financial records: 7 years as required by UK tax law
• Legal claims: For the applicable limitation period

When data is no longer required, we securely delete or anonymise it.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data in certain circumstances ("right to be forgotten").
• Right to Restriction: Request that we limit how we use your data.
• Right to Data Portability:Request your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Rights Related to Automated Decisions:Not be subject to decisions based solely on automated processing.
• Right to Withdraw Consent:Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month, though we may extend this period for complex requests.

10. Marketing Communications

We may send you marketing communications about our products, services, and events if you have:

• Requested information from us or purchased our services
• Provided consent to receive marketing
• Not opted out of receiving such communications

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, updating your account preferences, or contacting us directly.

11. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information.

12. Third-Party Links

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also notify you by email. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection, if you believe your rights have been violated. You can contact the ICO at ico.org.uk or by calling 0303 123 1113.