By making a purchase, opening an account at Swtch, using features of our website or providing your details to us over the phone, you acknowledge that your personal data may be used according to the practices set out in this policy.
In order to provide you with our services, sometimes we might need to collect some personal data from you. This is sometimes necessary for the functioning of our site and shopping experience (cookies), the efficient and safe transaction of your purchases (contact details, payment details) and the overall security of the website (IP addresses). But we promise to be transparent with you about how we collect, process, store and share that personal data:
- You’re always in control: your privacy will be respected at all times and we will put you in control with easy-to-use tools and clear choices
- Your data is safe: we are committed to maintaining the safety and security of all personal data from the point of collection to its deletion from our company, using appropriate security measures and controls
- You benefit from it: when we do process your personal data, we will do so to benefit you and to make your experience with Swtch better and to improve our products and services
We may also need to share your information with third parties who help us to provide our services, such as our couriers so they can deliver your items to you. We will make sure that all third parties we are engaged with treat your personal data with as much respect as we do.
Who we are
For the purpose of the General Data Protection Regulation, the data controller is Swtch Ltd, a limited company registered in England and Wales, registration number 10128238. Our official website address is: http://www.swtch.co.uk but we also keep online presences on Instagram, Facebook, Twitter and Pinterest. Our registered office is at Studio 2, Star Brewery, Castle Ditch Lane, Lewes, East Sussex, BN7 1YJ.
How we collect your data
This section explains how and when we collect your personal data.
Data you give to us:
- When you create an account on the Swtch website
- When you sign up for our newsletter and other marketing
- When you talk with us on the phone
- When you make an online enquiry
- If you send general emails or letters to us
Data we collect when you use our services:
- Transactional details when you order something from us
- Cookies data gathered from the devices you use to connect to our website or social media platforms
- Analytics data while you browse our website
Data from 3rd parties we work with:
- Analytics and usage data from the social media platforms Swtch is active on (Instagram, Facebook, Pinterest, Twitter)
- Google Ads (where applicable)
- Google Analytics
What personal data we collect and why we collect it
We have to collect some information from you so that we can provide you with our services, for example when you order items from us. We do our best to make sure that we do not collect excessive information from you and limit it to only what is necessary for us to provide the service you require.
We do not collect any special category personal data from any of our customers. This includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
The types of data we collect:
- Identity data – name and title
- Contact data – address, postcode, email address or telephone numbers;
- Transaction data – details of products/services you have purchased from us, including date and time of purchase and spend in relation to that purchase;
- Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
- Profile data – purchases or orders made by you, your interests, preferences, feedback and survey responses and preferences about the use of our services (including whether you are interested in certain services that we offer);
- Usage data – information about how you use our website, products and services; and
- Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences.
We will only use personal information about you if we have a legal basis to do so. You can request the legal uses for each piece of data from us, but in general the “legitimate interest” as per the GDPR regulations would only be
- To keep our records up to date (delivery, general contact, complaints and refunds)
- To better tailor our services to our customers and grow our business (promotions, feedback, surveys, competitions)
- To recover any debts owed to us (transactional data)
- Running our business, provision of administration and IT services, network security
- To study how customers use our website, to develop and improve our website (including bug-fixing) and to inform our marketing strategy
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information. Login cookies last for two days. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you have visited the other website.
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the Data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services.
The specific type of Personal Data collected by Google Analytics is Cookies and Usage Data.
Who we share your data with
We use MailChimp to help manage our marketing database and send out information to you, so your data, including your name, email address and phone number will be stored within the MailChimp system. MailChimp may process some of your personal data outside of the EEA and we have ensured that there are appropriate safeguards in place for doing so. MailChimp is Privacy Shield certified and also use Standard Contractual Clauses to ensure the security of processing outside of the EEA.
We will share your name, address, email address and phone number with our shipping partners so that they can deliver your items to you and contact you with delivery updates. We use different couriers depending on the size of the item you have ordered, how quickly you have requested your delivery, and where you live, but we will always tell you who will be delivering your order. This will include information on their own privacy policies and data protection provisions.
We use an online accounting system from Xero UK. Some of your transactional data (only data related to purchases) will be stored on Xero’s server and used for accounting purposes, invoicing, taxation etc. Their privacy notice is here. Apart from our staff, only our chartered accountants have access to that system and your data.
What automated decision making and/or profiling we do with user data
Swtch does not conduct any automated decision making, including profiling, on our customers.
How long we retain your data
We work hard to ensure that we do not keep your personal data for longer than is necessary to fulfil the purpose for which it was collected. Generally, we will not keep your personal details for longer than 6 years as this is the statutory retention period for HMRC records.
What rights you have over your data
If you have an account on this site, you can request to receive an the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request“). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify or correct the contact and order details we hold about you, please go to “My Account“.
To request to see your complete data, or request erasure of your personal information, please use this form: Data Access Request.
If you want to object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing.
How we protect your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
If you have any reason to believe that we have not processed your data according to the law, please let us know using the contact details in the ‘Who are we?’ section so we can investigate and fix the problem. If you are still not satisfied, the Information Commissioner’s Office has provisions for you to make a complaint with them here.