Privacy policy

This Privacy Policy is intended to inform Users about how their personal information may be collected and processed.

Respect for privacy and personal data is a priority for Swile, which is why we are committed to processing them in strict compliance with the applicable regulations on the protection of personal data (hereinafter the "Applicable Regulations"), in particular the French Data Protection Act of 6 January 1978 (hereinafter the "LIL") as amended and the General Data Protection Regulation (EU) of 27 April 2016 (hereinafter the "GDPR").

As such, Swile ensures:
- To respect privacy by default and by design of its applications;
- To process data lawfully, fairly and transparently for legitimate and specified purposes;
- To allow, at any time, the exercise of Users' rights.

In addition, Swile undertakes to :
- Under all circumstances, not to sell your personal data;
- Apply a demanding process for the selection of its processors and ensure that they have an adequate level of personal data protection through appropriate organisational and technical measures;
- Host data securely, in accordance with the recommendations of the protection authorities.

Affiliate : means the Swile merchant partner who can accept the use of the Swile Card as a means of payment in its point(s) of sale, website(s), online platform(s) and/or application(s), in accordance with the eligibility conditions defined by Swile.

Beneficiary : means the person benefiting from Swile's services, who is an employee of a company belonging to the Client's group.

Swile Card : means the nominative smart card offered by Swile to the Beneficiaries allowing them to pay at eligible merchants in accordance with the regulations applicable to the Services.

Client : refers to the company or the Social and Economic Committee (the "CSE") having subscribed to one of the offers proposed by Swile with a view to using the Services and making them available to the Beneficiaries.

"EME": Depending on the settings made by Swile and according to the Services, means :
(i)or the company Treezor SAS, an electronic money institution, approved by the Autorité de Contrôle Prudentiel et de Résolution, 4 Place de Budapest 75436 PARIS CEDEX 09, available at www.regafi.fr under number 16798.
(ii)or the company Swile Payment, an electronic money institution, approved by the Autorité de Contrôle Prudentiel et de Résolution, 561 rue Georges Melies 34000 Montpellier, which can be consulted on www.regafi.fr,under number 17508.

Beneficiaries' Space : means the configuration interface made available to the Beneficiary by Swile.

Customer Space : means the administration interface made available to the Customer by Swile.

Identifier : means both the e-mail address and the password chosen by the Beneficiary or the Client when registering on the Platform and which must be entered in order to connect to the Beneficiary's Space.

Platform : means the website accessible at www.swile.co and the mobile application "Swile", published by Swile, as well as all their graphic, sound, visual, software and textual components. The Platform is the exclusive property of Swile.

Third-party service platforms : refers to all intermediaries providing all types of Services and to which the Beneficiary may have recourse (meal delivery platform, etc.).

Services : means the services offered by Swile, in particular via the Platform. The Services are detailed in the applicable conditions.

Swile : refers to the company Swile, a simplified joint stock company with a capital of 61,233.30 euros, whose registered office is located at @7Center, Immeuble L'Altis, Bâtiment A, 561 rue Georges Meliès -34000 Montpellier, registered in the Montpellier Trade and Companies Register under the number 824 012 173, represented by Mr Loïc Soubeyrand.

Users : refers to all categories of users of the Platform. The following are thus considered as Users :
- The Beneficiaries ;
- The Clients ;
- The Affiliates.

"Wallet(s)": means an electronic money account opened by a Beneficiary in the EME's books for the purposes of the Wallet Service. It may be personal ("Personal Wallet") and/or associated with a pot ("Pot Wallet") for a particular corporate event.

The required or optional personal data collected and the possible consequences of failure to reply are indicated at the time of collection on the associated forms.

You can consult the details of the personal data that we may process below.

In the course of providing the Services, Swile directly or indirectly collects personal data about Users for the purposes mentioned below.

Depending on the degree of determination of Swile in the purposes and means of data processing, Swile will alternatively have the status of data controller or data processor of the Client or the EME.

As data controller, Swile processes data for the above purposes on the following legal bases:

- Execution of contractual and pre-contractual measures : operating in a B to B to C environment, Swile is contractually bound with Clients and Affiliates to provide, in particular, a service to the Beneficiary. Thus, the obligations arising from the provision of the various services are detailed in the contracts concluded between Swile and the Client, and the conditions applicable to each Service.

- Legal obligations : Swile is subject to specific legal obligations due to its specific regulated commercial activity, such as the fight against money laundering, the financing of terrorism and the fight against fraud, but also its accounting obligations.

- Legitimate interest : Beneficiaries' personal data may be processed in order to improve the service provided, in particular by the customer service. Clients' personal data may be processed in order to offer additional services and for commercial prospecting purposes.

- Consent : in certain cases, Swile may process Users' personal data subject to their prior express consent, in particular for the deposit of certain cookies, the reception of promotional offers or the activation of geolocation.

Swile may transmit your data to its processors for the exclusive purpose of performing part of the Services.

Swile audits and documents all organisational and technical measures implemented by its processors.

Swile systematically verifies that sufficient security measures are in place to maintain an adequate level of security throughout the data life cycle.

Consequently, Swile ensures that the personal data processed are not readable in clear text and are systematically encrypted. Therefore, in the absence of the encryption key, the data is inaccessible, even by a foreign judicial or administrative authority.

Swile also ensures that robust contractual safeguards are in place by imposing a Data Processing Agreement (DPA) tailored to its industry.

You may request access to documents ensuring appropriate contractual safeguards by making a request to our Data Protection Officer by email to dpo@swile.co, or by post to Swile -Service DPO, 39 rue du Caire, 75002 Paris.

Within the limits of their respective responsibilities and for the purposes for which they are responsible, the persons who may have access to your data are the following :

- Authorised personnel from our research and development, marketing, sales, administrative, logistics, legal and IT departments, responsible for improving our services, customer relations and prospecting and quality control;

- Authorised personnel from our processors.

It should be noted that all these persons are subject to an obligation of competence and confidentiality and may be subject to disciplinary, judicial and/or administrative sanctions if they use the said data for purposes contrary to those set out above.

In addition, we have strong contractual safeguards regarding the processing of personal data by our processors and that access must be justified and authorised in advance by Swile.

Swile takes to heart the preservation of the security of its information systems and the personal data it processes. Swile implements all technical and organisational measures necessary to ensure the security of our personal data processing and the confidentiality of the data we collect. This includes the implementation of the measures detailed below.

♻️ Data life cycle at Swile for a Beneficiary :

1) Onboarding : creation and administration of the Beneficiary account: data is processed and collected for the life of the account, until it is closed. 

2) Use of the Services : the data are collected and processed to ensure the performance of the Services kept, at least, for the duration of the use of the Services.

3) Off-boarding : Closing of the Beneficiary's account: archiving in an intermediate database until the limitation period in terms of the fight against fraud and/or money laundering has expired (5 years from the closing of the account).

4) Final data purge : Swile's internal purge mechanism for deletion from all databases.

The archived data are only accessible by the legal, compliance and IT departments in order to investigate fraudulent use of the Services.

🕔 Details of retention periods by category of data

Swile has appointed a Data Protection Officer who will be able to respond to all your requests, including the exercise of your rights, relating to your personal data.
You can reach him at :
- 📧 By email to the following address: dpo@swile.co ;
- 💌 By post: Swile -Service DPO, 39 rue du Caire, 75002 Paris.

In accordance with the Applicable Regulations, you have the following rights (read more):

- right of access(article 15 RGPD), rectification (article 16 RGPD), update, completeness of your data;
- right to erasure(or "right to b e forgotten") of your personal data (Article 17 GDPR), where it is inaccurate, incomplete, equivocal, out of date, or where its collection, use, disclosure or retention is prohibited. The exercise of this right may be limited by a legal obligation to retain data for the purposes of combating fraud and/or money laundering;
- right to withdraw your consent at any time (Article 7 GDPR);
- right to restrict the processing of your data (Article 18 GDPR) in case of dispute;
- right to object to the processing of your data (Article 21 RGPD) systematically in the case of canvassing and subject to the justification of compelling legitimate reasons in other cases;
- right to portability of the data you have provided to us, where your data is subject to automated processing based on your consent or on a contractual commitment (Article 20 GDPR).

You can exercise your rights, provided you can prove your identity, by contacting our Protection Officer at the above addresses.

If you wish to close your Swile account and you are still an employee of the company that subscribed to a Swile offer, we invite you to contact your employer so that you can no longer benefit from the services subscribed to with Swile.

Finally, you may also lodge a complaint with the supervisory authorities, in particular the CNIL or any other competent authority.

Swile has legal and regulatory obligations to prevent :
- Tax fraud (required by Article 1649 AC of the General Tax Code);
- Money laundering and terrorist financing (LCB-FT) (required by Article L561-12 of the Monetary and Financial Code).

Thus, some of your data cannot be permanently deleted after the closure of your account and will be archived for a period of 5 years after the closure of your account.

As part of these obligations, Swile retains the following personal data, where applicable:
- Personal data that you have communicated to us, such as your identification data, your professional situation (status of employee or ex-employee of a Swile client company), your economic or banking information;
- The data collected in the context of the subscription and use of your accounts and products subscribed to, such as banking operations and transaction data, type of product subscribed to, method of payment, etc;
- The data collected when browsing our sites or applications;
- Data from correspondence and communications.

For the proper functioning of the Platform and Services, we use connection data (date, time, Internet address, visitor's computer protocol, page consulted) and cookies (small files saved on your computer) to identify you, to remember your visits, and to benefit from audience measurements and statistics, particularly relating to the pages consulted.

Some cookies are "unnecessary" and allow us to improve the quality of our Service and to offer you solutions in line with your needs and habits.

For the latter, Swile obtains your consent prior to their deposit through a dedicated banner when you first connect to the Platform.
For more information you can consult our Cookie Management Policy.