Privacy Statement - June 2018
SWIFT (with registered office at Avenue Adèle 1, B-1310 La Hulpe, Belgium) is committed to protecting your privacy.
This Privacy Statement explains how your personal data is processed by SWIFT when collected through our websites, or during various interactions you may have with us (for instance during events, forums, trainings, etc.). In this regard, SWIFT will process all your personal data in compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection legislation (hereinafter “Data Protection Laws”). It can be supplemented by other Privacy Statements that are specific to the visited website, events or webinar you attend.
Our websites include amongst others:
- our Sibos website, available at sibos.com
- careers-swift.icims.com, and
- other URLs that redirect to swift.com.
We invite you to carefully read this Statement to understand our data processing practices.
This Statement only applies to the processing of personal data collected by us on our websites. Our other data processing activities are covered by other SWIFT policies, which you can find on our central page available here. The main Data Protection policies are:
- The SWIFT Personal Data Protection Policy: it explains how we process our customer contact details (when collected on our websites - this part is common to this Statement - or on paper) and personal data that our customers encapsulate in SWIFT messages or files (“message data”). Where relevant for the purposes of this Statement, we will explicitly refer to that Policy.
- The SWIFT Data Retrieval Policy: it explains how we retrieve, use, and disclose message and traffic data. It is not relevant for the purposes of this Statement.
We may modify this Statement from time to time. Please check it periodically for changes, in particular when you submit personal data on our websites.
We process personal data collected on our websites for the following purposes (together “SWIFT Purposes”):
- SWIFT governance
- The provision of SWIFT services and products
- Organisation of Sibos and other events
- Sending commercial communications, newsletters and other customer communications
- The operation of our websites (IP addresses, cookies, web acceleration)
For these purposes, SWIFT will generally process the following data pertaining to you (depending on the website/activity/form used by you): IP address, last name, first name, job title, contact details (such as mobile, landline, email address…), login and password, company name, attendance dates to events, photograph, credit card details, etc.
More information about the use of your data for the specific purposes is given below.
You may also find more information on the use of your personal data (as a SWIFT customer) for SWIFT governance and for the provision of SWIFT services and products in the SWIFT Personal Data Protection Policy.
When you use our online recruitment tool (e.g. iCims) or send us a spontaneous application, you consent to SWIFT collecting your personal data relating to the position you apply for, such as your name, home or business address, e-mail or other contact details, and other relevant personal data as you may provide, for the purposes herein provided. We also require potential candidates to submit their resumes online and/or application letters.
We do not require any 'sensitive' data in our online recruitment process. We therefore kindly request you not to communicate any personal details revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sex life, litigation or judicial convictions. If you nevertheless provide us with such sensitive data, you agree that we may process it for our recruitment purposes.
We will process your data for the purposes of handling the whole recruitment process, assessing your application, considering you for future job openings and – where applicable – hiring you. We will keep all your data confidential. We will not share your data with third parties outside the SWIFT group, with the exception of recruitment counsels and other processors acting on our behalf.
You may always delete your data by using your login and password. Data provided during the recruitment process will not be kept longer than 3 years after the end of the recruitment process, unless SWIFT needs to keep the data (e.g. in case of confirmed employment) in order to keep the history of the employee (in which case the data will be deleted as per legal retention period applicable to HR files).
Sibos and Other Events
When you register for Sibos or other events, we collect personal data related to your subscription and participation to the event.
SWIFT therefore created dedicated privacy statements which you can refer to for more information:
- The Sibos Privacy statement
- Events Data Protection statement, available at the registration to the related event
Newsletters and Other Customer Communications
We may use your personal data that you submit on our websites, to provide you with commercial communications related to the SWIFT products and services that you use or purchased or the event to which you participated. Upon providing your contact details, you will have the possibility to opt-out for this type of communications.
In addition, you can consent to receive other commercial communications pertaining to SWIFT’s events, products and services, and its newsletters.
In case you agree as well to “Advanced Matching”, we will make sure that you only receive information which is the most relevant to you based on your profile and online interactions with SWIFT. Advanced Matching will enable us to identify topics or domains of interest to you and therefore understand your business needs, so that we can send you personalised communications.
If you are a SWIFT.com registered user, you can at any time manage your communication preferences and subscriptions to our newsletters by accessing your preference center through the secured area of “mySWIFT”. If you are not a SWIFT.com registered user, you can access your preference center through a link provided in each commercial e-mail from us.
In addition, you will at any time have the possibility to opt-out from commercial communications.
Your data will not be kept longer than two years after the last interaction between SWIFT and you, unless it is necessary to satisfy another purpose (e.g. the execution of a contract).
Operation of our Websites
When you browse our public websites, you do so anonymously. For our internal purposes, we may use IP addresses (the Internet address of your computer) stored in web logs to generate aggregate statistics on their usage, such as volume, traffic patterns and time spent on a page.
The information stored with cookies may include -amongst others- your name, first name, registration number on http://www.swift.com/, language preference, login ID, and IP addresses.
Web Acceleration Services
For purposes of accelerating the consultation of our websites, we use the services of a supplier specialized in web acceleration services. This requires caching the content of our websites on a substantial number of servers worldwide.
This supplier only processes data on our instructions for these purposes, provides sufficient guarantees in respect of technical and organizational data security measures, and has committed to notify us in case of a security breach compromising your personal data (see also ‘Sharing Data’ section below).
Hyperlinks to other websites
Our websites may contain links to other websites not owned or operated by SWIFT. SWIFT is not responsible for the privacy practices of these websites.
Tracking of URL activation
Upon registration to certain services (such as SWIFT Index), we will send you by e-mail a dedicated URL where you can download the relevant materials. For purposes of measuring and following-up on the use of the service, we will track the identity of persons who activated such URL as well as the moment of download.
We are committed to protect your personal data against accidental or unlawful destruction, accidental loss, alteration, and unauthorized disclosure or access. Therefore, we monitor and record the traffic, both incoming and outgoing, in order to preserve the security, integrity and availability of our infrastructure. These data are kept for up to one year. Data can be kept longer when a security issue has been encountered and evidences need to be kept for SWIFT to exercise its rights and remedies. Any personal data collected during this process may be shared by SWIFT with the relevant authorities.
Please be aware that we cannot ensure the security of your data on your computer or during transmission over the Internet. In this regard, we advise you to take every possible precaution to protect personal data stored on your computer and transiting on the Internet.
SWIFT also developed, for its own but also your legitimate interest, a two-factor authentication security mechanism to reinforce the security of the non-public parts of its websites – more information can be found here. This mechanism will process your personal data (e.g. mobile phone number) in order to confirm your identity while accessing non-public parts of our website (e.g. you may receive a security code by SMS, which you need to type in a security field on Swift.com).
Data Submitted on Behalf of Someone Else
If you provide personal data of another person to SWIFT for the purposes mentioned above, you shall ensure that (i) this person has been duly informed about SWIFT's right to process such personal data as set out herein and has been provided with the present Privacy Statement, (ii) such personal data are collected and supplied in accordance with applicable legislation and without infringing such person's or any third party rights and (iii) you have obtained his or her prior consent where needed.
Your personal data will not be kept by SWIFT for longer than necessary (see above for more details), after which your personal data will be deleted.
During this period, you have the right to consult, correct, restrict and even erase your own personal data in accordance with the Data Protection Laws, and you can oppose to the use of your personal data for direct marketing purposes.
In addition, where relevant, you can withdraw your consent at any time and without motivation for those types of data processing to which you consented. Note however that this does not affect the lawfulness of the data processing based on your consent before the withdrawal.
Finally, in some circumstances, you have as well the right to oppose to the processing of your personal data mentioned above.
You can update your own privacy settings and review and update your personal data at any time through your preference center (see section “Direct Marketing”, above) and your profile page. In addition, you may exercise your data protection rights by sending your request together with a proof of your identity to SWIFT's Privacy Officer (see below).
If you have any other questions or complaints regarding the processing of your personal data, you can also contact the SWIFT’s Privacy Officer or lodge a complaint with the supervisory data protection authority. As SWIFT is established in Belgium, the lead data protection authority is:
Belgian data protection authority
Rue de la Presse 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
The SWIFT Privacy Officer carries out internal supervision in connection with our responsibilities under this Statement.
You may exercise your rights and address any questions to the Privacy Officer:
- by letter to S.W.I.F.T. SCRL, attention of Privacy Officer, Avenue Adèle 1, 1310 La Hulpe, Belgium
- by e-mail to email@example.com.
When required for the SWIFT Purposes, we may share your data with other offices in the SWIFT group (see the SWIFT Offices page), carefully selected suppliers, or other selected third parties (typically SWIFT partners or sub-contractors).
Before sharing your data, we require such third parties to only process your personal data on our instructions and to provide sufficient guarantees in respect of the technical and organizational security measures protecting the data processing activities.
Such SWIFT offices or third parties may be located in or outside the European Economic Area (EEA), including in countries that do not offer a level of data protection considered as adequate under a EU Commission adequacy decision.
In the latter case, we ensure the lawfulness of such transfers by:
- agreeing with other SWIFT offices on the standard contractual clauses approved by the European Commission Decision 2004/915/EC of 27 December 2004
- agreeing with third parties on the most appropriate statutory, contractual, or self-regulatory basis (for example Privacy Shield certification) to allow such transfers.