Privacy policy

1. Overview

SnapSwap International S.A. (SnapSwap) has developed this Privacy Policy to explain how we may collect, retain, process, share and transfer your Personal Data when you visit our Sites or use our Services. This Privacy Policy applies to your Personal Data when you visit Sites or use Services, and does not apply to online websites or services that we do not own or control.

This Privacy Policy is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Sites and Services. Please note that our Service offerings may vary by region. This Privacy Policy may be supplemented with additional notices depending on the Sites and Services concerned. We have defined some terms that we use throughout the Privacy Policy. You can find the meaning of a capitalised term in the Definitions section.

Please contact us at hello@snapswap.eu or hello@snaprove.com if you have questions about our privacy practices that are not addressed in this Privacy Policy.

2. What Personal Data Do We Collect?

We collect Personal Data about you when you visit our Sites or use our Services, including the following:

  • Registration and use information – When you register to use our SnaproveTM solution by establishing an Account, we will collect Personal Data as necessary to offer and fulfil the Service you request. We may require you to provide us with your name, postal address, telephone number, email address and identification information to establish an Account. We may require you to provide us with additional Personal Data as you use our Services.
  • Personal Data about you from third-party sources – We obtain information from third-party sources such as data providers, sanction databases, terrorist watchlists and credit bureaus, where permitted by law.
  • Other information we collect related to your use of our Sites or Services – We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.

3. Why Do We Retain Personal Data?

We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such Personal data in accordance with this Privacy Policy.

4. How Do We Process Personal Data?

We may Process your Personal Data for a variety of reasons that are justified under data protection laws in the European Economic Area (EEA) and Switzerland.

  • To operate the Sites and provide the Services, including to:
    • verify your identity
    • open your account
    • fulfil AML/KYC requirements for us and our partners
    • authenticate your access to an Account
    • communicate with you about your Account, the Sites, the Services
    • create an account connection between your Account and a third-party account or platform
  • To manage our business needs, such as monitoring, analysing, and improving the Services and the Sites’ performance and functionality. For example, we analyse User behavior and perform research about the way you use our Services.
  • To manage risk and protect the Sites, the Services and you from fraud by verifying your identity, and helping to detect and prevent fraud and abuse of the Sites or Services.
  • To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
  • For our legitimate interests, including to:
    • enforce the terms of our Sites and Services;
    • manage our everyday business needs, such as monitoring and analysing;

    • 5. Do We Share Personal Data?

    We may share your Personal Data or other information about you with others in a variety of ways as described in this section of the Privacy Policy. We may share your Personal Data or other information for the following reasons:

    With other companies that provide services to us: We share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity, or perform Customer Due Diligence checks.

    With our partners: We share Personal Data with companies that we perform the digital onboarding service for (our partners). These companies may, for example, use your Personal Data for at their discretion during the creation, verification and opening of your Account with them.

    With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for SnapSwap business purposes or as permitted or required by law, including:

    • if we need to do so to comply with a law, legal process or regulations;
    • to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to SnapSwap;
    • if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
    • to protect the vital interests of a person;
    • to investigate violations of or enforce a user agreement or other legal terms applicable to any Service;
    • to protect our property, Services and legal rights;
    • to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners.
    • to support our audit, compliance, and corporate governance functions.

    6. International transfers

    Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.

    The parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area and Switzerland. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data. We rely on Binding Corporate Rules approved by competent Supervisory Authority. Other transfers may be based on contractual protections. Please contact us for more information about this.

    7. How Do We Use Cookies and Tracking Technologies?

    When you visit our Sites, use our Services, or visit a third-party website for which we provide online services, we and our business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”) to recognise you as a User and to customise your online experiences, the Services you use, and other online content and advertising; measure the effectiveness of promotions and perform analytics; and to mitigate risk, prevent potential fraud, and promote trust and safety across our Sites and Services. Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Sites and Services may be limited or not possible.

    Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals.

    When you access our Sites or content or use our Services, we may place small data files called cookies or pixel tags on your computer or other device. We use these technologies to:

    • Recognize you as a customer
    • Customize services, content, and advertising
    • Measure promotional effectiveness
    • Collect information about your computer or other access device to mitigate risk, help prevent fraud and promote trust and safety

    We use both session and persistent cookies when you access our website or content. Session cookies expire and no longer have any effect when you log out of your account or close your browser. Persistent cookies remain on your browser until you erase them or they expire.

    We also use Local Shared Objects, commonly referred to as "Flash cookies", to help ensure that your account security is not compromised, to spot irregularities in behavior to help prevent fraud and to support our sites and services.

    We encode our cookies so that only we can interpret the information stored in them. You are free to decline our cookies if your browser or browser add-on permits, but doing so may interfere with your use of our website. The help section of most browsers or browser add-ons provides instructions on blocking, deleting or disabling cookies.

    You may encounter SnapSwap cookies or pixel tags on websites that we do not control. For example, if you view a web page created by a third party or use an application developed by a third party, there may be a cookie or pixel tag placed by the web page or application. Likewise, these third parties may place cookies or pixel tags that are not subject to our control and the SnapSwap EU Privacy Policy does not cover their use.

    8. What Are Your Rights?

    Subject to limitations set out in EEA data protection laws, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact us if you wish to exercise these rights. If you wish to complete an access request to all personal data that SnapSwap holds on you, please note that photo identity will be required to prove your identity.

    9. How Do We Protect Your Personal Data?

    We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party.

    10. Can Children Use Our Services?

    The Sites and Services are not directed to children under the age of majority. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of majority, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of majority.

    11. What Else Should You Know?

    Changes to this Privacy Policy.

    We may revise this Privacy Policy from time to time to reflect changes to our business, the Sites or Services, or applicable laws. The revised Privacy Policy will be effective as of the published effective date.

    If the revised version includes a substantial change, we will provide you with 30 days prior notice by posting notice of the change on the “Policy Update” page of our website. We also may notify Users of the change using email or other means.

    12. Contact Us

    You may contact us if you have general questions or concerns about this Privacy Policy and supplemental notices or the way in which we handle your Personal Data.

    If you are not satisfied by the way in which we address your concerns, you have the right to lodge a complaint with the Supervisory Authority for data protection in your country.

    We have appointed a data protection officer ("DPO"). Our DPO has a number of important responsibilities including:

    • monitoring compliance with the GDPR and other data protection laws;
    • raising awareness of data protection issues, training SnapSwap International S.A. staff and conducting internal audits; and
    • cooperating with supervisory authorities on our behalf.​

    If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us or our DPO via support channel (hello@snapswap.eu).

    13. Geographical area

    We process your personal data within the EEA. In the event that we need to transmit your personal data outside the EEA, the transmission shall be in accordance with the requirements of the GDPR.

    14. Definitions

    • Account means an account with SnapSwap and/or its corporate clients or partners.
    • Device Information means data that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device IP address; information about you’re your device’s web browser and internet connection you use to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data (e.g., Touch ID/Fingerprint to verify your identity).
    • >Geolocation Information means information that identifies, with reasonable specificity, your location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation.
    • SnapSwap means SnapSwap International S.A. In this Privacy Policy, SnapSwap is sometimes referred to as “we,” “us,” or “our,” depending on the context.
    • Personal Data means information that can be associated with an identified or directly or indirectly identifiable natural person. “Personal Data” can include, but is not limited to, name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, and government-issued credentials (e.g., driver’s license number, national ID, passport number).
    • Process means any method or way that we handle Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, and consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
    • Services means our white label digital onboarding solution SnaproveTM which we provide to our business partners as an alternative method of customer onboarding.
    • Sites means the websites, mobile apps, or other online properties through which SnapSwap offers the Services and which has posted or linked to this Privacy Policy.
    • Technical Usage Data means information we collect from your phone, computer or other device that you use to access the Sites or Services. Technical Usage Data tells us how you use the Sites and Services, such as what you have searched for and viewed on the Sites and the way you use our Services, including your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies.
    • User means an individual who uses the Services or accesses the Sites and has established a relationship with SnapSwap (for example, by opening an Account and agreeing to the SnapSwap User Agreement) or otherwise uses the Services.