GDPR Compliance for the Swym platform and apps

The subject of user privacy is finally getting the attention it has always deserved. While the timing might suggest that this is because of the imminent deadline of the EU’s General Data Protection Regulation (GDPR), our opinion is that GDPR is just the catalyst. The staggering number of data breaches we’ve witnessed over the past few months, whether it was Yahoo Mail, Equifax, or more recently the Cambridge Analytica fiasco with Facebook, or any of the other less prominent ones, have all played a role. And especially when it becomes evident that these breaches might have influenced global political outcomes and therefore had a pretty significant impact on mankind as a whole, we know it has gone too far. For years now, privacy concerns have generally been taken for granted, but that has got to change – users are no longer willing to cede control of their data to some unknown corporation, especially when said firm might have no control over where that data ends up and how it gets used. And initiatives like the GDPR are forcing a decisive change in this regard. Whether it’s the attention or the stiff penalties that come with the new regulations, the fact remains that this movement is now getting a lot of momentum. Just the number of “you-will-be-opted-out of our cold email list” emails I have received in the past 72 hours bears testimony to the fact that we could well be entering a new, much more trustworthy digital economy. And given we’ve believed from day zero of our existence at Swym that this is how it should always have been, we couldn’t be more excited about the new direction.

We’ve embraced this opportunity to implement a number of changes to enable our customers to fulfill their personal data obligations to their end-users and be fully compliant with the GDPR. Our mission is to help e-commerce brands craft a seamless shopping experience for shoppers. We believe the average shopping journey is fraught with friction, and we are working to minimize that friction by tailoring the experience that each user receives to what we believe they are looking to accomplish. It goes without saying therefore, that gathering user context on behalf of the merchants we work with, forms the basis of what we do. We fully appreciate that this is your customer data, and we take the responsibility of securing that customer data and protecting their right to privacy very, very seriously. We are focused on helping  you deliver a delightful experience for your customers, but doing so in a fashion that is completely transparent to them, and with their explicit consent. While we have always approached our product design with that perspective firmly in mind, the new General Data Protection Regulation (GDPR) requirements provide a clear framework for us to translate those principles into action.

At its core, the GDPR is all about recognizing that consumers ultimately own their data. The regulation underlines that responsibility that organizations carry in being fully transparent about what consumer data they collect and how that gets used, and giving customers full control over their data. We’ve added a number of enhancements to ensure that you are fully compliant with the GDPR requirements when you use our platform.

User Consent:

As you are aware, Swym collects user data to help merchants re-engage customers via personalized triggered campaigns by leveraging their context/shopping history. In light of the new consent requirements, we will now ensure that such reengagement happens only if users explicitly opt into those campaigns.We’ve enhanced our opt-in process to clearly call out what they are opting into, and how that consent will get utilized. Note that these opt-in permissions include honoring user requests to be added to your email lists via your preferred Email Service Provider (ESP) as well and we are ensuring that all the ESPs we integrate with are compliant and following the same best practices as far as user consent is concerned.  In addition, we’ve also greatly simplified our Privacy Policy and our Terms of Service to specify exactly what data we collect from users and how that data gets stored and used.

User Data Rights

Consumers will now have important new rights to align with their ownership of their data, including the Right of Access, Right to object, Right to be forgotten, Right to Rectify and Right of Portability. To ensure your compliance via the data that the Swym platform is collecting and processing on merchants’ behalf, we will help you support all of these rights. As part of GDPR, your customers in the EU now have the following rights:

  • Right of Access: The right to request information on what data belonging to them is stored in our system.
  • Right to be Forgotten: The right to remove all of their data that is present in our system.
  • Right of Portability: The right to request that personal data held by one organization be transported to another in a machine-readable format.

If you receive any of the above requests from your customers,  you’ll now be able to View/Download(csv)/Delete that customer’s data from the Swym system via our Dashboard, by providing their email address. Note that the email address is the token of identification that we use for users, and hence that provision to query based on an email address. For requests to Delete userdata, all the data for that user will be erased from the Swym system within 30 days. Please note that we will maintain an audit trail of any such user requests for data removal for our records, and the audit trail will include details on the actual request that was made.

  • Right to Object:  The right to remove/deny access for Swym to any data belonging to them that’s present in our system..
  • Right to Rectify: The right to correct any of their data that is present in our system.

If you receive such a request from your customers, either objecting to their data, or asking for it to be updated, you can initiate a request asking us to remove/update said data by emailing us at support@swymcorp.com, and we’ll ensure that the requested change is effected within 30 days of receipt of the request

Data Protection:

We take the responsibility of ensuring the security and confidentiality of our customer data very seriously and have invested considerable effort in ensuring that our systems comply with the requirements stipulated by the GDPR. In accordance with the GDPR principles, personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. All of the Swym customer data is stored and processed via our cloud partners, Microsoft Azure, who employ best-in-class security and risk-management protocols and are fully GDPR compliant as well. For more information on Microsoft Azure’s GDPR compliance, please visit their resource center.

As indicated in our Terms of Service, Swym processes all Customer Data in the United States, and the transfer of Customer Data to our systems complies with all applicable laws, including but not limited to the GDPR. Please note that our terms also incorporate by reference the EU Standard Contractual Clauses set forth in the Decision 2010/87/EU of February 5, 2010.

Privacy by Design:

Even though the GDPR mandates Privacy by Design as one of its core requirements, the concept itself is a fairly mature one, and the principles behind it are very aligned with GDPR is trying to achieve as far as protecting user privacy. In our pursuit of building the ideal user experience for consumers, we firmly believe that protecting user privacy needs to be a foundational part of the solution, and not an afterthought. We are committed to processing only user data that is directly required by us to deliver on the functionality that we promise our customers, and we limit our usage of this data for only that purpose. We’ve updated our Privacy Policy to make it easier to comprehend and have clearly called out what data we collect and how we use it. We remain firm in our commitment to ensure that we maximize the value we deliver to end-users of our product, but doing so while ensuring that the security and integrity of their personal data is protected at all times.

We firmly believe that the compliance efforts that GDPR is necessitating are just the beginning, and whole-heartedly welcome the changes that this is bringing about. As passionate champions of users’ rights to their privacy, we are excited by what this means for the future. Giving users transparency and absolute control over their data will help create an environment of trust, and that trust will foster significantly improved engagement and growth in the digital economy. Towards that end, we are committed to continue investing in our efforts to be a first-class citizen when it comes to protecting user privacy and you’ll hear more on the subject from us in the months ahead. If you have questions on our compliance efforts, please email us at support@swymcorp.com and we’ll be happy to address them.