Version number: 1.0
Effective date: November 26th
1. Who are we?
2. What’s the point of this policy?
- 2.1. It tells you what to expect when we collect your personal information via our own website or when end-users use our service on our clients’ websites. Our service involves providing users the option to buy related products (e.g., “products frequently bought together”).
- 2.2. Generally, the policy covers only information provided to us. If you give personal information to other people, such as our clients or other websites, please check their privacy policies.
3. Might the policy change?
- 3.1. Yes. Please check it whenever you visit our website.
4. What do we collect?
- 4.1. On our own website, information which you upload or otherwise give us such as:
- your name and contact details if you request a demo;
- contact or other information which you give or allow us to use for newsletters or other marketing; and
- automated information about your use of our website such as: the internet protocol (IP) address used to connect your device to the internet, connection information such as browser type and version, information about your device including device-type and device identifier, operating system and platform, mobile network data, a unique reference number linked to the data you enter on our system, login details, the site from which you arrived at our service, details of your activity with date / time stamps including pages you visited.
- 4.2. On our clients’ sites, we may collect (using a cookie – see section 10 below):
- information about an end-user’s visibility of, or interaction with, our suggested related products including adding them to a basket or selecting different versions of the product;
- information about an end user’s interaction with a basket that includes any related products; and
- any related and other products bought by the end-user as well as the associated order number or identifier generated on our client’s website.
5. What’s our reason / legal basis for collecting the information?
- 5.1. Because it’s necessary to take steps at your request to enter into a contract with you and/or to perform such a contract. This applies to initial enquiries and to contact details.
- 5.2. Because it’s in our “legitimate interests”, e.g., to manage and improve our service including tracking usage patterns, enhancing optimisation and preventing or detecting fraud or abuse. This applies to automated usage data.
- 5.3. Because you’ve specifically agreed on our service (e.g, by ticking a consent box). This applies to contact or other information which you give or allow us to use for newsletters or other marketing. You can withdraw permission at any time as explained on our service or by emailing us at the above email address.
6. How long do we keep personal information?
- 6.1. In relation to our own site:
- we will keep names and contact details until any contract with you has ended (or for 24 months if you don’t enter a contract with us);
- we may hold on to some of your information for longer (typically up to six years) if reasonably needed for legal, regulatory or tax reasons;
- we will keep your information which we use only for newsletters or other marketing until you tell us to stop sending you such messages; and
- we will generally keep automated browsing information for up to 26 months.
- 6.2. In relation to end-user information collected on our clients’ sites: we will keep end-user data for up to two years.
7. To whom do we send or make available your personal information?
- 7.1. To other people who supply us with a service, e.g. website hosts, cloud providers and businesses which help us send communications or monitor our website and which provide us with analytics and other IT services.
- 7.2. In relation to end-user purchase information collected on our clients’ sites, to the client on whose site we collected the data (to enable performance-reporting, payment and auditing).
- 7.3. To regulators, the police and other law enforcement authorities to help deal with fraud and abuse and/or comply with legal requirements.
- 7.4. To insurers and professional advisers in connection with our insurance cover or to deal with legal claims.
- 7.5. To potential buyers so far as reasonably necessary, in the case of an actual or proposed (including negotiations for a) sale or merger or business combination involving all or the relevant part of our business.
8. Do we send your information outside the EU?
- 8.1. Your personal information which we collect is stored within the EU and is not transferred to any third countries except as follows.
- 8.2. In relation to our own site, your personal information (e.g., IP address, browsing information) may be transferred to the US by Google for analytics. Transfer is on the basis of a contracts with EU-mandated standard contractual clauses designed to provide adequate safeguards for your personal information. Google was formerly certified under the EU-US Privacy Shield Framework which is no longer applicable due to a court decision; we understand that the authorities are working on a replacement and we aim to update our policy to reflect this in due course.
9. What rights do you have?
- 9.1. If the legal requirements are met: To ask us for access to your personal information, to rectify it if there are mistakes, to delete it or restrict its use in certain circumstances or to “data portability” or to withdraw any consent you’ve given (e.g. marketing).
- 9.2. You may also have the right to object to use of your personal information in certain circumstances.
- 9.3. If you have a complaint about how we are dealing with your personal information, please contact us via the email address above. If you are not happy with our response or think we are not handling your personal information in accordance with the law, you have the right to complain to the Information Commissioner’s Office (ICO).
- 9.4. For more information about your rights, visit the ICO’s website www.ico.org.uk
10. What about cookies?
- 10.2. On our own website, we may place a cookie notice cookie to store your response to our cookie notice.
- 10.3. Google also places cookies on our own website in connection with its Google Analytics (“GA”) service. These kinds of cookies recognise and count the number of website visitors as well as providing other information about the visit such as duration, route through the website and where the visitor came from. This information helps us to improve the way our website works, for example by making sure users find what they need easily. More information:
- Google’s overview of GA data practices and safeguarding
- How to specifically opt out from GA cookies
- Google’s use of its partners’ data
- 10.4. We place cookies on our clients’ sites called “swogoTransactionId” or “swogoVariantIdx”. The purpose of these cookies is to help us generate lists of related products and to enable us to collect the end-user information explained above (see section 4). The cookies themselves do not include any personal information. We regard these cookies as essential for our service. They are placed at the point when the end-user first visits the page that includes related products. The cookies are deleted either when the end-user makes a purchase or, if no purchase is made, within 30 days. Our clients can adjust end-user consent and opt-out settings for our cookies.