Last update: July 2022
Last update: July 2022
Table of contents
S.W.I.F.T. SC (hereinafter “SWIFT”, with registered office at Avenue Adèle 1, B-1310 La Hulpe, Belgium) and other SWIFT entities as listed here are committed to protecting your privacy.
In this Privacy Statement, the terms “Controller”, “Data Subject”, “Personal Data”, “Processor”, and “Processing” shall have the meaning given to these terms in the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) (hereinafter referred to as “EU Data Protection Law”).
The Privacy Statement explains how your Personal Data is processed by SWIFT, as data Controller for the data Processing activities described in this statement. This applies to data collected through our websites (for example, when you submit your data through our online forms, when you use swift.com as a registered user, or when you apply for job offers), or collected during interactions you may have with us (for example, when you attend our events, forums, trainings, or when you call us or send us emails, mails or use our applications). In this regard, SWIFT will process all your Personal Data in compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection legislation (hereinafter “Data Protection Laws”). This Privacy Statement can be supplemented by other Privacy Statements that are specific to the visited website, or specific to events or webinars that you attend.
Our websites include amongst others:
- our Sibos website, available at sibos.com
- https://swift.wd3.myworkdayjobs.com/Join-Swift, and
- other URLs that redirect to swift.com.
We invite you to carefully read this Privacy Statement to understand our data Processing practices.
This statement does not apply to any Personal Data Processing by SWIFT when providing its financial messaging services. Our other data Processing activities are covered by other SWIFT policies, which you can find on our Data Protection Policies page available here. The main data protection policies are:
- The SWIFT Personal Data Protection Policy: This policy explains how we process our customer contact details (when collected on our websites - this part is common to this Privacy Statement - or on paper) and Personal Data that our customers encapsulate in SWIFT messages or files (“message data”). Where relevant for the purposes of this Privacy Statement, we will explicitly refer to this statement.
- The SWIFT Data Retrieval Policy: This policy explains how we retrieve, use, and disclose message and traffic data. It is not relevant for the purposes of this Privacy Statement.
SWIFT may modify this Privacy Statement from time to time. Please check it periodically for changes, in particular when you submit Personal Data on our websites.
SWIFT processes Personal Data collected on our websites or through the interactions you have with us (see above), for the following purposes (together “SWIFT Purposes”):
- The provision of SWIFT services and products, including its websites
- The organisation of Sibos and other events
- Sending commercial communications, newsletters, and other customer communications like surveys
- The management of contacts and relationships with our suppliers, customers and prospects
- The operation of our websites (IP addresses, cookies, web acceleration, data security, Data anonymisation for reporting and statistics, and for customer retention)
- The improvement and preservation of our websites and infrastructures
For these purposes, SWIFT will generally process the following data pertaining to you (depending on communication channel, the website, activity, or form used by you): IP address, identification and contact information (for example, last name, first name, job title, company name, contact details - such as mobile, landline, e-mail or post address), login and password, the history of your interactions with SWIFT (for example, attendance dates to events, photographs, downloads from our websites, connection logs), your financial information (for example, credit card details for billing purposes after your subscription to our events, invoicing history) and any other messages (e.g. comment, content of letter, etc.) you would leave us.
More information about the use of your data for specific purposes is given below. Where applicable, we indicate whether, and why, you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide your data when requested, and if that data is necessary to provide you with SWIFT services and products or if we are legally required to collect it, then you may not be able to benefit from our services.
You may also find more information about the use of your Personal Data (as a SWIFT customer) for SWIFT governance and for the provision of SWIFT services and products in the SWIFT Personal Data Protection Policy.
When you use our online recruitment tool (for example, Workday) or when you send us a spontaneous application, you provide us with Personal Data in order to enter the recruitment process of SWIFT. SWIFT, as a Controller, has the right to process your data based on the following legal basis: (i) necessity to enter into an employment contract, (ii) compliance with a legal obligation to which the employer is subject or (iii) where the employer or a third party has a legitimate interest in using the personal data (for example, to assess and evaluate job applicants before eventually making an offer for employment, and to ensure the good functioning of the employer’s own business).
We do not require any 'sensitive' data in our recruitment process. We therefore kindly request you not to communicate any personal details revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning your sex life or sexual orientation. Such data will be ignored and if possible deleted.
We will process your data for the purposes of handling the whole recruitment process, assessing your application, and – where applicable – hiring you. We will keep all your data confidential and act in full compliance with applicable privacy laws (for example, GDPR). We will not share your data with third parties outside the SWIFT group, with the exception of (i) service providers such as providers of HR management services, (ii) agents, advisors, and other third parties providing services to support our business operations, such as recruitment agencies, background screening agencies, and law firms, (iii) governmental, judicial, regulatory, and other bodies and authorities where required by applicable law.
You can always object to further processing, update, or delete your data by using your login and password.
Your data will not be kept longer than required for the recruitment process needs unless SWIFT needs to keep the data (for example, in case of confirmed employment) on the history of the employee (in which case, the data will be deleted as per legal retention period applicable to HR files).
Sibos and Other Events
When you register for Sibos or other events, we collect Personal Data related to your subscription and participation to the event.
For this purpose, SWIFT has created dedicated privacy statements, which you can refer to for more information:
Marketing Communication and Surveys
SWIFT has a legitimate interest to Process Personal Data that you submit on our websites or during your interactions with us (for example, subscription to an event, purchase or use of our products), to provide you with commercial communications related to SWIFT products and services. In this respect, if you or your company are a SWIFT Customer, we might send you communications related to the SWIFT products or services that you use or purchased (including events to which you registered) or similar ones.
In addition, you can consent to receiving commercial communications pertaining to SWIFT activities in general, tailored to your profile (“Advanced Matching”) or related to specific topics or domains of interest which you can select and manage through your online Preference Centre. If you choose to use “Advanced Matching”, you leave us in charge of identifying your topics or domains of interest based on your online engagement with us (for example, downloading factsheets), so that we can provide you with curated content and ensure you only receive information that is relevant to you.
You have the right to opt out of this type of tailored communication, to unselect specific domains of interests or to opt out from any type of commercial communication from SWIFT, at any moment, without motivation. You can do so by accessing the Preference Centre, on swift.com or through a link provided in each commercial e-mail from us. For swift.com registered users, the Preference Centre is also accessible through the secured area of “mySWIFT”.
Please note that if you are a swift.com registered user, you can subscribe to specific newsletters, which you can manage through the secured area of “mySWIFT”. When you choose to opt out from all communications from us in your Preference Centre, we will stop your subscription to these specific newsletters.
Through the Preference Centre, you will be able to:
- manage your commercial communication preferences, such as what content we send you, by adjusting your domains of interest, subscribing to or opting out of general communications from SWIFT and/or Advanced Matching;
- update and edit your personal data, or request that your details be deleted.
- manage your preferences with regards to surveys.
Indeed, from time to time, we may send you invitations to participate in surveys or market researches in order to seek community feedback on existing products and services or on future product developments. It is both SWIFT’s and its customers’ legitimate interest to identify how to improve the quality of SWIFT services and products through surveys, in compliance with the recipients’ commercial communications preferences. If you do not wish to receive surveys or market researches, you may choose to opt out from all types of surveys through the Preference Centre.
To monitor the effectiveness of our e-mail campaigns and facilitate further interactions between us, SWIFT measures specific actions related to e-mails (e.g. clicks, bounce, open). It is SWIFT’s legitimate interest to maintain accurate, effective and quality interactions with its current and prospective customers. If you opt out from any type of commercial communications from SWIFT on your Preference Centre, your personal data will no longer be used for that purpose.
Finally, we may ask you to provide your feedback on our websites, so we can improve their content and navigation. The participation is voluntary and you will be free to choose whether or not to provide your email address.
Your personal data will be kept until the information is no longer necessary for the purposes for which we process it. This typically means no longer than two years after the last interaction between SWIFT and you for your contact details and marketing activities, three years for your responses to surveys and five years for support cases. SWIFT may however keep the information for a longer period of time if we are required by law or to defend our rights.
Operation of our Websites
SWIFT has a legitimate interest to Process your Personal Data for the operation of its websites and as detailed below:
For our internal purposes, we may use IP addresses (the Internet address of your computer) stored in web logs to generate aggregate statistics on the usage of our websites, such as volume, traffic patterns, and time spent on a page.
The information stored in cookies include your name, first name, registration number on https://www.swift.com/, language preference, navigation settings, login ID, and IP addresses.
In addition, our websites use Google Analytics, a service which transfers traffic data to Google servers in the United States. For more information about this feature, you can read Google’s dedicated page available here.
SWIFT websites and applications make use of user tracking and usage analytics (profile and actions performed, like key words searched and results selected) to provide an increase in the relevance of web content for the user. We use the services of a supplier to accomplish this goal so that we can improve the web experience for the end-user.
This supplier only processes data upon our instructions for search optimization and provides sufficient guarantees in respect of technical and organizational data security measures. This supplier also commits to notify us in case of a security breach compromising your Personal Data (see also ‘Sharing Data’ section below).
Web Acceleration Services
For purposes of accelerating the consultation of our websites, we use the services of a supplier specialised in web acceleration services. This requires caching the content of our websites on a substantial number of servers worldwide.
This supplier only processes data upon our instructions for web acceleration services and provides sufficient guarantees in respect of technical and organisational data security measures. This supplier also commits to notify us in case of a security breach compromising your Personal Data (see also ‘Sharing Data’ section below).
Hyperlinks to other websites
Our websites may contain links to other websites not owned or operated by SWIFT. SWIFT is not responsible for the privacy practices of these websites.
Tracking of URL activation
Upon registration to certain services (such as SWIFT Index), we will send you, by e-mail, a dedicated URL from where you can download relevant material. For purposes of measuring and following up on the use of these services, we will track the identity of the persons who activated such URLs, as well as the moment of download.
We are committed to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, and unauthorised disclosure or access. Therefore, we monitor and record the data exchange (IP address, timestamp, volumes), both incoming and outgoing, in order to preserve the security, integrity, and availability of our infrastructure and information/data. In addition, in case of suspicious activity, SWIFT might collect data (including Personal Data) from various sources (for example, public sources, threat intelligence providers) in order to start and manage its own investigation.
This data is kept for up to one year. Data can be kept longer when a security issue has been encountered and evidences need to be kept for SWIFT to exercise its rights and remedies.
Any Personal Data collected during this process may be shared by SWIFT with the relevant authorities.
Please be aware that we cannot ensure the security of your data on your computer or during transmission over the Internet. In this regard, we advise you to take every possible precaution to protect Personal Data stored on your computer and transiting on the Internet.
Data anonymisation for reporting and statistics
SWIFT has a legitimate interest to produce reports and statistics about the usage of its websites (for example, visitors per day, geographical reach).
These reports will be fully anonymised.
Analysis of End Users’ Usage Data for Customer Retention
SWIFT has a legitimate interest to analyse and produce reports about the usage of its products and services, as made available through swift.com (such as the Knowledge Center, Watch, Compliance Analytics, or SWIFT gpi Observer) by their related end users and administrators for the following purposes:
- Create internal reporting about the individual or aggregated usage of the product or service, and use it to improve the quality of our products or services.
- Provide specific training, and more generally awareness communication, to the customers.
- Provide ad hoc reporting to customers on their usage of the product or service.
This Personal Data is kept for twelve (12) months, after which it is purged from the systems.
Improvement and Preservation of Our WebSites and Infrastructures
When you submit your data through the Responsible Disclosure Policy, SWIFT has a legitimate interest to process your Personal Data (for example, your personal identification data) to get in contact with you in order to obtain additional information about, or to undertake actions with regard to, your reported vulnerability.
SWIFT will not share your Personal Data with third parties without your permission, unless we are required to do so by law (for example, sharing with the relevant authorities) or in order to exercise our rights and remedies, for instance in case of malicious activity (for example, sharing with external lawyers).
Your Personal Data collected for the purposes under this section will be kept for ten (10) years, unless we are required by law to keep the information for a longer period of time.
Data Submitted on Behalf of Someone Else
If you provide Personal Data of another person to SWIFT for the purposes mentioned above, you shall ensure that (i) this person has been duly informed about SWIFT's right to process such Personal Data as set out herein, and has been provided with the present Privacy Statement, (ii) such Personal Data is collected and supplied in accordance with applicable legislation and without infringing such person's or any third party’s rights and (iii) you have obtained his or her prior consent where needed.
As a rule, your data will be accessed only by authorized persons having a legitimate business need to process these data.
SWIFT may share your personal data (merely your identification and contact details, as well as your function and role profile) to people within your own organization, on a need-to-know basis, and where this sharing is required for the mere administration of the SWIFT membership or for the performance of the contract between SWIFT and your organization.
When required for the SWIFT Purposes, we may share your data within the SWIFT group in countries where the SWIFT Offices are located, carefully selected suppliers (for example, security specialists, maintenance suppliers, marketing/events organisation suppliers), or other selected third parties (typically SWIFT partners or sub-contractors).
Before sharing your data, we require such third parties to only process your Personal Data upon our instructions and to provide sufficient guarantees in respect of the technical and organisational security measures protecting the data processing activities.
Such entities from the SWIFT group or third parties may be located in or outside the European Economic Area (EEA), including in countries that do not offer a level of data protection considered as adequate under an EU Commission adequacy decision.
In the latter case, we ensure the lawfulness of such transfers by:
- agreeing with other entities from the SWIFT group on the standard contractual clauses approved by the European Commission
- agreeing with third parties on the most appropriate statutory, contractual, or self-regulatory basis to allow such transfers and additional contractual, technical and/or organizational safeguards as appropriate.
You have a right to obtain more information about these safeguards used to transfer data outside of the EEA, by contacting our Data Protection Officer (see below).
Your Personal Data will not be kept by SWIFT for longer than necessary, after which your Personal Data will be deleted. As general rule, and unless specified differently in this Privacy Statement, SWIFT will keep your data for the duration of the statute of limitation applicable to our relationship with you.
During this period, you have the right to access, correct, restrict, receive a copy, and even erase your own Personal Data in accordance with the Data Protection Laws, and you can object to the processing of your Personal Data for direct marketing purposes.
In addition, where relevant, you can withdraw your consent, at any time and without motivation, for those types of data Processing to which you consented. Note however that this does not affect the lawfulness of the data Processing based on your consent before the withdrawal.
Finally, in some circumstances, you also have the right to object to the Processing of your Personal Data mentioned above.
You can update your own privacy settings, and review and update your Personal Data, at any time, through your preference centre (see above section “Marketing Communication and Surveys”) and your profile page. In addition, you may exercise your data protection rights by sending your request, together with a proof of your identity, to SWIFT's Privacy Officer (see below).
For accountability reasons, SWIFT keeps track of requests received from individuals and related actions taken.
If you have any other questions or any complaints regarding the Processing of your Personal Data, you can contact the SWIFT Privacy Officer or lodge a complaint with the supervisory data protection authority in your country of residence, place of work, or where an incident took place. In Belgium, the data protection authority is:
Belgian Data Protection Authority
Rue de la Presse 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
The SWIFT Privacy Officer carries out internal supervision in connection with our responsibilities under this Privacy Statement.
You may exercise your rights and address any questions to the Privacy Officer:
- by letter to S.W.I.F.T. SCRL, attention of Privacy Officer, Avenue Adèle 1, 1310 La Hulpe, Belgium
- by e-mail to email@example.com
- by calling SWIFT at the number indicated below
In addition to SWIFT Privacy Statement (“Statement”), the following terms in this China Addendum (“China Addendum”) apply to (1) processing of Personal Data that is collected and processed by SWIFT China and SWIFT S.C. (“SWIFT” or “we”) in China and (2) processing of Personal Data of Chinese individuals by SWIFT overseas. We collect, use and otherwise process your Personal Data in compliance with applicable Chinese laws.
This China Addendum supplements the Statement. In case of any inconsistencies between this China Addendum and the Statement, this China Addendum prevails.
For the purpose of this China Addendum, “Personal Data” means any electronic or otherwise recorded information related to identified or identifiable natural persons, excluding anonymized data.
Collection and Use of Sensitive Personal Data
Your financial information may be regarded sensitive Personal Data under Chinese laws. We only collect and use your sensitive Personal Data for purposes , such as for billing purposes after subscription to SWIFT events and invoicing history or any other relevant purposes. We will adopt strict security measures when processing your sensitive Personal Data.
Sharing of your Personal Data with Third Parties
SWIFT may share your Personal Data collected for purposes with parties described in the “Sharing Data” section of the Statement.
If it is necessary for SWIFT to transfer Personal Data in case of a merger, division, dissolution, declaration of bankruptcy, or other reasons, SWIFT will notify you of the name and contact information of the recipient. The recipient shall comply with the Statement and this China Addendum when processing Personal Data.
Cross-border Transfer of Your Personal Data
In order to fulfill purposes described in the Statement, we may transfer your Personal Data to our global entities or other third parties outside of China.
You agree that we can transfer your Personal Data overseas forpurposes as specified in the Statement. If applicable Chinese laws require us to provide you with further notice and obtain your separate consent for the cross-border transfer, we will further provide such notice and obtain your separate consent.
We will use lawful cross-border transfer mechanism to transfer your Personal Data overseas and adopt necessary measures to ensure the overseas recipients can provide the same level of protection as required under applicable Chinese laws.
Data Retention and Personal Data Breach Notification
SWIFT will store your Personal Data for a period as described in the “Data Security” section of the Statement.
In case a security incident occurs, we will take remediation actions without undue delay and notify relevant government authorities, SWIFT users and affected individuals, when required by applicable Chinese laws.
Data Subject Rights
As described under the “Your Rights” section of the Statement, you have the right to access,correct, restrict, receive a copy, object and withdraw your consent with respect to your Personal Data collected by SWIFT. Additionally, you enjoy the following rights subject to restrictions provided by applicable Chinese laws:
- Under the following circumstances, if SWIFT has not deleted your Personal Data, you have the right to request us to delete your Personal Data:
o The purpose of processing has been achieved, is impossible to be achieved, or it is no longer necessary to achieve the purpose of processing;
o SWIFT ceases the provision of products or services to you or the retention period for the Personal Data ends;
o You have withdrawn your consent (if consent is the basis for processing);
o SWIFT processes your Personal Data in violation of applicable Chinese laws or the agreement with you.
- You may also have the right to request us to provide you with means to transfer your Personal Data to a specific entity designated by you, to the extent that your request is allowed under applicable Chinese laws.
If you hope to exercise your rights, please submit your request by e-mail to firstname.lastname@example.org. We will respond your request in a timely manner after verifying your identity.
If you have any questions or comments about our privacy practices or this China Addendum, please contact SWIFT Privacy Officer by e-mail to email@example.com.