This privacy policy provides information regarding the collection, use, storage, and any other processing of personal data of customers (the “Customer”) of the SWISH company (the responsible for processing), in the context of the use of the charging service.
The company SWISH, SAS with capital of 1,181,978 Euros, registered in the Pontoise trade and companies register under number 977 649 425 whose head office is located at 385, rue de la belle Etoile - Parc des Nations Paris North 95700 Roissy-en-France.
As part of the provision of its services, the SWISH company is required to collect and record the Customer's personal data to carry out the following processing:
- management of the customer account (for the execution of the contract between the Customer and SWISH): in particular last name, first name, telephone number, email address, history of recharges carried out by the Customer, location and time of refills.
- management of the purchase of refills; the issuance of RFID cards, if applicable,
- provision to the customer of a dedicated application to carry out recharges at the terminals,
- management of payment and invoicing operations (for the execution of the contract entered into between the Client and SWISH),
-management of maintenance operations (for the execution of the contract between the Client and SWISH),
- customer relationship management (telephone / chat / email), as part of monitoring service provision provided for in the contract.
- recording of exchanges between customer service and the Customer by telephone or chat; for purposes to improve the quality of customer service (legitimate interest).
- management of communications relating to the operation of the service (sending notifications),
- fight against fraud during order payment and management of unpaid debts after order (for execution of the contract entered into between a Customer and SWISH), and SWISH's legitimate interest in ensuring the veracity and authenticity of transactions).
- sharing of information with commercial partners (listed below), for the execution of the contract concluded between the Client and SWISH.
- security of websites and mobile applications, for SWISH’s legitimate interest in ensuring security and the confidentiality of the data processed.
SWISH collects data directly from the Customer when using its website and its mobile application (account creation, navigation, customer service contact, etc.).
In some cases, SWISH may also collect data from third party partners in order to update the information available to it. These are the entities of the group to which it belongs (updating the profile common customers).
Your data is transmitted to SWISH partners who can process the data on their behalf; he are the entities of the group to which it belongs.
Your data is also transmitted to SWISH subcontractors, on its behalf, and according to its instructions, for the following operations:
Any person can exercise the following rights with SWISH:
To exercise their rights, the Customer must send their request by email (rgpd@swishforgood.com), or to the following postal address: SWISH, customer service (RGPD), 385 rue de la belle Etoile - Parc des Nations Paris Nord 95700 Roissy-en-France; the Customer must indicate his/her last name, first name, address, email and if possible, his/her customer reference. The request may be subject to identity verification.
SWISH sends a response within one month after receipt of the request to exercise the right. In certain cases, due to the complexity of the request or the number of requests, this deadline may be extended by 2 months.
In the event of no response, or an unsatisfactory response, the person concerned may contact the National Commission for Information Technology and Liberties (CNIL) at the address: www.cnil.fr
The Customer may formulate directives relating to the conservation, erasure and communication of his personal data after his death in accordance with article 40-1 of law 78-17 of January 6, 1978.
To better understand your rights, the Customer can go to the website www.cnil.fr
SWISH has determined precise rules regarding the retention period of the Customer's personal data.
- the retention period of a Customer's personal data will be ten years from the end of the contractual relationship with SWISH, as well as invoices.
- recordings of telephone conversations with the customer relations department are kept for a period of 3 months.
- the Customer's bank card data is kept on his account two months after the end of the contract. The Customer can consult the list of his registered cards, but also delete all or part of its content, directly on his account.
As data controller, SWISH takes all necessary precautions to preserve the security and confidentiality of data and in particular, prevent it from being distorted or from unauthorized third parties having access to it.
SWISH has deployed a robust security system to ensure the highest security of the data collected, and to detect data breaches. This includes physical security of the buildings housing the systems, security of the IT system to prevent external access to the data, and having secure backups of the data.
When it uses subcontractors, SWISH ensures that they comply with the rules relating to data protection.
Finally, when SWISH detects a personal data violation likely to create a high risk for rights and freedoms, the Customer will be informed of this violation as soon as possible.
In order to ensure the security of payments, SWISH uses the services of banking providers.
These providers are PCI-DSS certified. This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus to secure the protection of card and transaction data.
When you place an order by credit card payment with SWISH, the order taking system connects in real time with the payment system which collects the data and carries out various checks to avoid abuse and fraud. The data is stored on the servers of the payment provider, and is not transmitted to SWISH servers at any time. The payment provider requests authorization from the bank, and sends us a transaction number which allows transactions up to the amount of the authorization.
In order to secure the Customer's payment, the personal data collected on the site are processed to determine the associated level of fraud risk.
Any payment made by credit card is subject to automated profiling processing.
This anti-fraud analysis is based on the following personal data:
Any payment considered suspicious will be subject to verification by the anti-fraud service which may adjust the conditions of execution.
If a fraudulent payment is detected, the data may be transmitted to law enforcement as part of their investigative powers.
When using our services, information relating to the Customer's browsing is recorded using cookies or tags placed on the Customer's terminal (computer, smartphone or tablet).
The term cookie encompasses several technologies (cookies, tag, pixel, Javascript code) allowing navigation tracking or behavioral analysis of the Internet user.
The cookie is saved on the Customer's computer when he visits the SWISH website; this is a small text file saved by the browser on the computer, tablet or smartphone, and which allows user data to be stored in order to facilitate navigation and enable certain functionalities.
Article 82 of the Data Protection Act provides for the prior collection of the user's explicit consent to the placement of cookies on the user's terminal. This same article, however, provides that certain cookies are exempt from consent:
-when their sole purpose is to enable or facilitate communication by electronic means,
- when they are strictly necessary for the provision of an online communication service at the express request of the user.
Cookies are placed by SWISH for the purposes of navigation and operation of the site; they do not require consent because they allow:
- adapt the presentation of the website (and application) according to the terminal used,
- to memorize information relating to a form completed on our website (and application), as part of registration or access to an account,
- to allow access to reserved and personal areas of our site, such as the account, using identifiers;
- to implement security measures, for example when asked to log in to an account again after a certain period of time,
- to monitor the Customer's navigation to identify the risks of payment fraud.
The Customer can configure the navigation software so that cookies are saved in the terminal or, on the contrary, that they are rejected. The Customer also configures the browser software so that the acceptance or refusal of cookies is offered to you punctually, before a cookie is likely to be recorded in the terminal.
Edition 2024.10 – SWISH, SAS with capital of 1,181,978 Euros, registered with the RCS of Pontoise, under number 977 649 425, with its head office at 385, rue de la Belle Etoile, Parc des Nations, Building T3, 95700 Roissy en France.
