SwipeSign

Privacy Policy

At swipesign GmbH, situated at Elisabethstraße 15, Top 5A, 1010 Vienna, Austria (hereinafter referred to as "swipesign", "we", "us" or similar), we hold your privacy and personal rights in the highest regard.

Your data is handled with confidentiality and in strict compliance with all applicable legislation, notably the European Union General Data Protection Regulation (EU GDPR) and the Austrian Data Protection Act, as well as in accordance with the provisions set forth in these privacy policies.

In particular, we protect, together with our service providers and partners, all data processing operations in accordance with the current technical state of the art against unauthorized access, loss, misuse, and unauthorized modification.

These privacy policies (hereinafter "Declaration") describe how we process your personal data (i) when we provide services to you or you use our services, and (ii) when you visit our websites (swipesign.xyz) or platform (app.swipesign.xyz), or use services via our website or platform as a customer. If you already use services from swipesign, this Declaration also applies to data previously collected by us and stored by us that we may link and process with data collected or received in the future.

This Declaration forms part of the contract between you and us if it is included as a contractual component in the respective contract or referenced in the applicable General Terms and Conditions (GTC). If there are contradictions between this Declaration and the provisions of the respective contract or GTC, the latter shall prevail.

In addition to this Declaration, further data protection provisions such as those in your contract with us, in usage conditions, GTC, or other privacy policies may apply.

1. Responsible Entity

Responsible entity within the meaning of applicable data protection law:

swipesign GmbH

Elisabethstraße 15, Top 5A

1010 Vienna, Austria

Email: office@swipesign.xyz

Website: swipesign.xyz

2. General Information

Personal data ("data") means all information relating to an identified or identifiable natural person.

We process various categories of data from you, including:

  • Contact and identification data such as name, address, email address, telephone number, customer number
  • Personal details such as age, gender, nationality, language
  • User account information such as username and password
  • Financial data such as bank details, payment information, payment history
  • Contract data such as contract type, content, start and duration, billing data
  • Interaction and usage data like correspondence, chat contents, preferences, device information
  • Information about website and platform usage such as visited pages, IP address, cookies, browser settings, visit frequency and duration

2.1 Legal Basis of Processing

We process your data based on different legal grounds depending on the services you use from us:

  • Contract or pre-contractual measures (Art. 6(1)(b) EU GDPR)
  • Legal obligation (Art. 6(1)(c) EU GDPR)
  • Your consent given (Art. 6(1)(a) EU GDPR)
  • Legitimate interests, e.g., website security, service information, marketing communications you have not opted out of (Art. 6(1)(f) EU GDPR)

2.2 Purposes of Processing

Purposes include providing and maintaining our services, notifying changes, customer support, service improvement, usage monitoring, technical problem resolution, and sending news and offers relevant to you. If you do not provide certain data completely, contracts may not be concluded or services may be limited or unavailable. Additional processing beyond these purposes requires your explicit consent.

2.3 Duration of Processing

We process your data only as long as necessary for the respective purposes. Longer retention occurs only as required by law or other obligatory retention periods.

3. Website Data Processing: swipesign.xyz

3.1 SSL/TLS Encryption

We use SSL/TLS encryption to secure the transfer of confidential content such as inquiries sent to us via contact forms. Secure connections are indicated by "https://" and browser lock symbols.

Note that internet transmission such as via email may have security gaps unless encrypted by tools like PGP.

3.2 Server Log Files

We automatically collect certain server log data like browser type/version, OS, referring URL, IP address, and request times for statistical and security reasons. These are not directly linked to individual persons.

4. Platform Data Processing (app.swipesign.xyz)

Our platform operates on ISO 27001 certified servers in German data centers hosted by Hetzner. For account creation, or signature use without account, only name, email, and mobile number are required. For paid services, additional data like payment info is collected and stored in compliance with legal retention. For seamless login with your national government's electronic signature ID your data is directly processed by your national QTSP [Qualified Trust Service Provider] such as e.g. A-Trust.

4.1 Partner Signatures and Identification

For advanced and qualified electronic signatures, identification is done via our partners using API checks or digital identities based on your data. Partners may transfer personal identification data to us or inviting customers only for internal KYC purposes, subject to their privacy policies.

Partners include, A-Trust, eIDeasy, PXL Vision, and Nect. Detailed DPA statements can be found here:

A-Trust Privacy Notification & Data Protection Statement:
https://www.a-trust.at/downloads/de/Datenschutzmitteilung/Datenschutzmitteilung_Registrierungsprozess.pdf

eIDeasy Privacy Policy and Terms:
https://www.eideasy.com/legal/privacy-policy
https://www.eideasy.com/legal/terms-of-service

Nect Privacy Policy:
https://nect.com/en/legal/website-privacy-policy

PXL Vision Privacy Policy and Data Protection Information:
https://www.pxl-vision.com/en/website-privacy-policy

4.2 Support Requests

Support is managed via zendesk CRM, which may involve data transfer under EU standard contractual clauses ensuring GDPR compliance.

Zendesk Data Processing Agreement (DPA):
https://www.zendesk.com/company/data-processing-agreement

4.3 Payment and SMS Providers

Payments are processed via Stripe, subscription handling is carried out in cooperation with swipesign OÜ. Furthermore, SMS codes for authentication, including the mobile phone number, are sent via Twilio. To secure our services, we use Cloudflare for security reasons in compliance with applicable data protection regulations.

The detailed data protection provisions of the integrated partner companies can be found here:

Twilio Data Processing Addendum (DPA):
https://www.twilio.com/en-us/legal/data-protection-addendum

Stripe Data Processing Agreement (DPA):
https://stripe.com/legal/dpa

Brevo (formerly Sendinblue) Information on GDPR Compliance:
https://help.brevo.com/hc/en-us/articles/360001258744-How-does-Brevo-comply-with-the-GDPR

Hetzner Data Processing Agreement (DPA) as PDF:
https://www.hetzner.com/AV/DPA_en.pdf

Cloudflare Data Processing Addendum (DPA):
https://www.cloudflare.com/cloudflare-customer-dpa

5. Third-Party Services on the Website

We use cookies as detailed in our Cookie Policy.

Email notifications are sent via Brevo.

For marketing and tracking, technologies used include LinkedIn Insight Tag, Google Remarketing, and Brevo for newsletters and campaigns.

Social media links to LinkedIn and YouTube are referenced on our website and/or emails; visiting links directs you to those providers with their own privacy policies.

6. Data Subject Rights

You have rights including:

  • Right to access your data
  • Right to correction or deletion
  • Right to restriction of processing
  • Right to object based on your circumstances
  • Right to data portability
  • Right to withdraw consent

For exercising your rights, please contact us at support@swipesign.xyz, subject: <GDPR request>

You also have the right to inform yourself with the competent Austrian supervisory authority.

7. Contact Data Protection Officer

For questions about data protection:

swipesign GmbH

Elisabethstraße 15, Top 5A

1010 Vienna, Austria

Email: support@swipesign.xyz, subject: <data protection officer request>

8. Changes to Privacy Policy

We regularly update our privacy policies to comply with legal and technical changes.

Please always refer to the latest version on our website: https://swipesign.xyz/privacy