Privacy Statement - August 2018
S.W.I.F.T. SCRL (hereinafter “SWIFT”, with registered office at Avenue Adèle 1, B-1310 La Hulpe, Belgium) and other SWIFT entities as listed here are committed to protecting your privacy.
In this Privacy Statement, the terms “Controller”, “Data Subject”, “Personal Data”, “Processor” and “Processing” shall have the meaning given to these terms in the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) (hereinafter referred to as “EU Data Protection Law”).
The Privacy Statement explains how your Personal Data is processed by SWIFT, as data Controller for the data Processing activities described in this statement, when collected through our websites (e.g. when you submit your data through our online forms, when you are using swift.com as registered user or when you apply to job offers), or during the interactions you may have with us (e.g. when you attend our events, forums, trainings, or when you use our applications). In this regard, SWIFT will process all your Personal Data in compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection legislation (hereinafter “Data Protection Laws”). It can be supplemented by other Privacy Statements that are specific to the visited website, events or webinar you attend.
Our websites include amongst others:
- our Sibos website, available at sibos.com
- careers-swift.icims.com, and
- other URLs that redirect to swift.com.
We invite you to carefully read this Statement to understand our data Processing practices.
This Statement does not apply to any Personal Data Processing by SWIFT when providing its financial messaging services. Our other data Processing activities are covered by other SWIFT policies, which you can find on our central page available here. The main Data Protection policies are:
- The SWIFT Personal Data Protection Policy: it explains how we process our customer contact details (when collected on our websites - this part is common to this Statement - or on paper) and Personal Data that our customers encapsulate in SWIFT messages or files (“message data”). Where relevant for the purposes of this Statement, we will explicitly refer to that Policy.
- The SWIFT Data Retrieval Policy: it explains how we retrieve, use, and disclose message and traffic data. It is not relevant for the purposes of this Statement.
We may modify this Statement from time to time. Please check it periodically for changes, in particular when you submit Personal Data on our websites.
SWIFT processes Personal Data collected on our websites or through the interactions you have with us (see above), for the following purposes (together “SWIFT Purposes”):
- The provision of SWIFT services and products, including its websites
- The organisation of Sibos and other events
- Sending commercial communications, newsletters and other customer communications
- The operation of our websites (IP addresses, cookies, web acceleration, Data security, Data anonymisation for reporting and statistics)
For these purposes, SWIFT will generally process the following data pertaining to you (depending on the website/activity/form used by you): IP address, identification information (e.g. last name, first name, job title, contact details - such as mobile, landline, email address - company name, etc.), login and password, the history of your interactions with SWIFT (e.g. attendance dates to events, photograph, downloads from our websites, connection logs, etc.), your financial information (e.g. credit card details for billing purposes after your subscription to our events, invoicing history), etc.
More information about the use of your data for the specific purposes is given below. Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide your data when requested, you may not be able to benefit from our services, if that data is necessary to provide you with the services or if we are legally required to collect it.
You may also find more information on the use of your Personal Data (as a SWIFT customer) for SWIFT governance and for the provision of SWIFT services and products in the SWIFT Personal Data Protection Policy.
When you use our online recruitment tool (e.g. iCims) or send us a spontaneous application, you provide us with personal data in order to enter the recruitment process of SWIFT. SWIFT as a controller has the right to process your data based on following legal basis: (i) necessity to enter into an employment contract, (ii) compliance with a legal obligation to which the employer is subject or (iii) where the employer or a third party has a legitimate interest in using the personal data (e.g. for assessing and evaluating job applicants before eventually making an offer for employment, in order to ensure the good functioning of the employer’s own business.
We do not require any 'sensitive' data in our recruitment process. We therefore kindly request you not to communicate any personal details revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning your sex life or sexual orientation. Such data will be ignored and if possible deleted.
We will process your data for the purposes of handling the whole recruitment process, assessing your application, and – where applicable – hiring you. We will keep all your data confidential and act in full compliance with applicable privacy laws (e.g. GDPR). We will not share your data with third parties outside the SWIFT group, with the exception of (i) service providers such as providers of HR management services, (ii) agents, advisors and other third parties providing services to support our business operations, such as recruitment agencies, background screening agencies and law firms, (iii) Governmental, judicial, regulatory and other bodies and authorities where required by applicable law.
You can always object further processing, update or delete your data by using your login and password.
SWIFT likes to inform you that your data will not be kept longer than required for the recruitment process’ needs unless SWIFT needs to keep the data (e.g. in case of confirmed employment) in order to keep the history of the employee (in which case the data will be deleted as per legal retention period applicable to HR files).
Sibos and Other Events
When you register for Sibos or other events, we collect personal data related to your subscription and participation to the event.
SWIFT therefore created dedicated privacy statements which you can refer to for more information:
- The Sibos Privacy statement
- Events Data Protection statement, available at the registration to the related event
Newsletters and Other Customer Communications
SWIFT has a legitimate interest to Process Personal Data that you submit on our websites or during your interactions with us (e.g. subscribe to an event), to provide you with commercial communications related to the SWIFT products and services that you use or purchased or the event to which you participated. In addition, you can consent to receiving other commercial communications pertaining to SWIFT’s events, products and services, and its newsletters. You can furthermore consent to “Advanced Matching”.
You have the right to opt-out for his type of communication at any moment without giving a motivation.
In case you agree to “Advanced Matching”, we will make sure that you only receive information which is the most relevant to you. Advanced Matching will enable us to identify topics or domains of interest to you, based on your preferences and online interactions with SWIFT (e.g. downloading factsheets), and therefore understand your business needs, so that we can send you personalised communications.
To monitor the effectiveness of email, online advertising and social media campaigns as well as the level of engagement on swift.com web pages, SWIFT measures the ratio of clicks on specific links provided through these different channels, and other online interactions, such as searching a page or watching a video. These types of processing are on aggregated data.
If you are a SWIFT.com registered user, you can at any time manage your communication preferences and subscriptions to our newsletters by accessing your preference center through the secured area of “mySWIFT”. If you are not a SWIFT.com registered user, you can access your preference center through a link provided in each commercial e-mail from us.
Your data will be kept no longer than two years after the last interaction between SWIFT and you or until the information is no longer necessary for the purposes for which we process it, unless we are required by law to keep the information for a longer period of time.
Operation of our Websites
SWIFT has a legitimate interest to Process your Personal Data for the operation of its websites and as detailed below:
For our internal purposes, we may use IP addresses (the Internet address of your computer) stored in web logs to generate aggregate statistics on the usage of our websites, such as volume, traffic patterns and time spent on a page.
The information stored with cookies include your name, first name, registration number on http://www.swift.com/, language preference and navigation settings, login ID, and IP addresses.
In addition, our websites use Google Analytics, a service which transfers traffic data to Google servers in the United States. For more information about this feature, you can read Google’s dedicated page available here.
Web Acceleration Services
For purposes of accelerating the consultation of our websites, we use the services of a supplier specialized in web acceleration services. This requires caching the content of our websites on a substantial number of servers worldwide.
This supplier only processes data on our instructions for these purposes, provides sufficient guarantees in respect of technical and organisational data security measures, and has committed to notify us in case of a security breach compromising your Personal Data (see also ‘Sharing Data’ section below).
Hyperlinks to other websites
Our websites may contain links to other websites not owned or operated by SWIFT. SWIFT is not responsible for the privacy practices of these websites.
Tracking of URL activation
Upon registration to certain services (such as SWIFT Index), we will send you by e-mail a dedicated URL where you can download the relevant materials. For purposes of measuring and following-up on the use of the service, we will track the identity of persons who activated such URL as well as the moment of download.
We are committed to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, and unauthorized disclosure or access. Therefore, we monitor and record the data exchange (IP address, timestamp, volumes), both incoming and outgoing, in order to preserve the security, integrity and availability of our infrastructure. In addition, in case of suspicious activity, SWIFT might collect data (including personal data) from various sources (e.g. public sources, threat intelligence providers, etc.) in order to start and manage its own investigation.
These data are kept for up to one year. Data can be kept longer when a security issue has been encountered and evidences need to be kept for SWIFT to exercise its rights and remedies.
Any Personal Data collected during this process may be shared by SWIFT with the relevant authorities.
Please be aware that we cannot ensure the security of your data on your computer or during transmission over the Internet. In this regard, we advise you to take every possible precaution to protect Personal Data stored on your computer and transiting on the Internet.
Data anonymisation for reporting and statistics
SWIFT has a legitimate interest to produce reports and statistics about the usage of its websites (e.g. visitors per day, geographical reach, etc.).
These reports will be fully anonymised.
Data Submitted on Behalf of Someone Else
If you provide Personal Data of another person to SWIFT for the purposes mentioned above, you shall ensure that (i) this person has been duly informed about SWIFT's right to process such Personal Data as set out herein and has been provided with the present Privacy Statement, (ii) such Personal Data are collected and supplied in accordance with applicable legislation and without infringing such person's or any third party rights and (iii) you have obtained his or her prior consent where needed.
When required for the SWIFT Purposes, we may share your data with other offices in the SWIFT group (see the SWIFT Offices page for more information), carefully selected suppliers (e.g. security specialists, maintenance suppliers, marketing/events organisation suppliers), or other selected third parties (typically SWIFT partners or sub-contractors).
Before sharing your data, we require such third parties to only process your Personal Data on our instructions and to provide sufficient guarantees in respect of the technical and organisational security measures protecting the data processing activities.
Such SWIFT offices or third parties may be located in or outside the European Economic Area (EEA), including in countries that do not offer a level of data protection considered as adequate under a EU Commission adequacy decision.
In the latter case, we ensure the lawfulness of such transfers by:
- agreeing with other SWIFT offices on the standard contractual clauses approved by the European Commission Decision 2004/915/EC of 27 December 2004;
- agreeing with third parties on the most appropriate statutory, contractual, or self-regulatory basis (for example Privacy Shield certification) to allow such transfers.
You have a right to obtain more information about these safeguards used to transfer data outside of EEA, by contacting our Data Protection Officer (see below).
Your Personal Data will not be kept by SWIFT for longer than necessary, after which your Personal Data will be deleted. As general rule, and unless specified differently in this Privacy Statement, SWIFT will keep your data for the duration of the statute of limitation applicable to our relationship with you.
During this period, you have the right to access, correct, restrict, receive a copy and even erase your own Personal Data in accordance with the Data Protection Laws, and you can object to the processing of your Personal Data for direct marketing purposes.
In addition, where relevant, you can withdraw your consent at any time and without motivation for those types of data Processing to which you consented. Note however that this does not affect the lawfulness of the data Processing based on your consent before the withdrawal.
Finally, in some circumstances, you have as well the right to object to the Processing of your Personal Data mentioned above.
You can update your own privacy settings and review and update your Personal Data at any time through your preference center (see section “Newsletters and Other Customer Communications”, above) and your profile page. In addition, you may exercise your data protection rights by sending your request together with a proof of your identity to SWIFT's Privacy Officer (see below).
If you have any other questions or complaints regarding the Processing of your Personal Data, you can also contact the SWIFT’s Privacy Officer or lodge a complaint with the supervisory data protection authority in your country of residence, place of work or where an incident took place. In Belgium, the data protection authority is:
Belgian data protection authority
Rue de la Presse 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
The SWIFT Privacy Officer carries out internal supervision in connection with our responsibilities under this Statement.
You may exercise your rights and address any questions to the Privacy Officer:
- by letter to S.W.I.F.T. SCRL, attention of Privacy Officer, Avenue Adèle 1, 1310 La Hulpe, Belgium
- by e-mail to firstname.lastname@example.org.