This Data Policy explains how PaySwiift collects, processes, stores, and protects your personal data in accordance with applicable data protection laws.
At PaySwiift, we are committed to protecting your personal data and respecting your privacy. This Data Policy outlines our practices regarding the collection, use, and protection of your data. We comply with applicable data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations.
1.1. Data Controller: PaySwiift acts as the Data Controller for the personal data we collect and process. Our contact details are:
Entity Name: PaySwiift
Address: 123 Banking Street, Financial District
Email: dpo@payquin.com
Phone: +1-800-123-4567
Business Hours: Mon-Fri: 9AM-5PM EST (UTC)
1.2. Data Protection Officer (DPO): We have appointed a Data Protection Officer who can be contacted at:
Email: dpo@payquin.com
Address: FAO: Data Protection Officer, 123 Banking Street, Financial District
1.3. EU Representative: For data subjects in the European Union, our EU representative can be contacted at:
Email: eu-representative@payquin.com
Address: PaySwiift EU, 123 European Financial District, Dublin, Ireland
1.4. UK Representative: For data subjects in the United Kingdom, our UK representative can be contacted at:
Email: uk-representative@payquin.com
Address: PaySwiift UK, 456 London Financial Centre, London, UK
2.1. Identity Data: Includes but is not limited to:
• Full name (first, middle, last);
• Date and place of birth;
• Gender and marital status;
• Nationality and citizenship;
• Government-issued ID numbers (passport, driver's license, national ID);
• Tax identification number (TIN, SSN, etc.);
• Biometric data (fingerprint, facial recognition);
• Signature samples.
2.2. Contact Data: Includes but is not limited to:
• Email addresses (personal and business);
• Phone numbers (mobile, home, work);
• Physical addresses (residential, business);
• Postal addresses;
• Social media handles and profiles.
2.3. Financial Data: Includes but is not limited to:
• Account numbers and balances;
• Transaction history and patterns;
• Card details (PAN, CVV, expiration);
• Income and source of funds;
• Credit history and scores;
• Loan and mortgage information;
• Investment portfolios;
• Beneficiary and payee information.
2.4. Employment Data: Includes but is not limited to:
• Employer name and address;
• Job title and occupation;
• Employment status;
• Income and salary information;
• Employment history;
• W-2 forms and tax documents.
2.5. Technical Data: Includes but is not limited to:
• IP addresses and device identifiers;
• Browser type and version;
• Operating system;
• Time zone and location settings;
• Cookie data and tracking pixels;
• App usage and navigation patterns;
• Device fingerprints;
• Login timestamps and session duration.
2.6. KYC/AML Data: Includes but is not limited to:
• Identity verification documents;
• Proof of address documents;
• Source of wealth documentation;
• Politically Exposed Person (PEP) status;
• Sanctions screening results;
• Risk assessment profiles;
• Due diligence reports;
• Enhanced due diligence documentation.
2.7. Special Categories of Data: In certain circumstances, we may process:
• Biometric data for authentication (with explicit consent);
• Criminal records data for compliance with regulations;
• Health data for disability accommodations (with explicit consent).
3.1. Service Delivery: We process your data to:
• Open and manage your accounts;
• Process transactions and transfers;
• Provide customer support and respond to inquiries;
• Send account notifications and statements;
• Process loan applications and credit decisions;
• Calculate and apply fees and interest;
• Issue and manage payment cards;
• Facilitate wire transfers and international payments.
3.2. Compliance and Legal Obligations: We process your data to:
• Comply with KYC (Know Your Customer) requirements;
• Perform AML (Anti-Money Laundering) checks;
• Screen against sanctions lists and watchlists;
• Report suspicious activities to authorities;
• Respond to court orders and legal requests;
• Maintain records as required by law;
• Verify identity and prevent fraud;
• Comply with tax reporting obligations (FATCA, CRS, etc.).
3.3. Security and Fraud Prevention: We process your data to:
• Monitor for unauthorized access;
• Detect and prevent fraudulent transactions;
• Authenticate your identity during login (30 minute session timeout);
• Protect against cyber threats and attacks;
• Maintain audit logs and security records;
• Investigate security incidents.
3.4. Improvement and Development: We process your data to:
• Analyze usage patterns and improve services;
• Develop new features and products;
• Personalize your experience;
• Conduct research and analytics;
• Test and optimize system performance.
3.5. Marketing and Communications: With your consent, we process your data to:
• Send promotional offers and product recommendations;
• Notify you about new features;
• Conduct customer satisfaction surveys;
• Provide personalized financial insights;
• Share information about partners and affiliates.
3.6. Risk Management: We process your data to:
• Assess creditworthiness and risk profiles;
• Monitor for unusual activity;
• Manage operational and financial risks;
• Calculate capital requirements and reserves.
4.1. Contractual Necessity: We process your data where necessary for the performance of a contract with you, including:
• Opening and operating your account;
• Processing transactions and transfers;
• Providing customer support;
• Issuing and managing cards;
• Processing loan applications and payments.
4.2. Legal Obligation: We process your data to comply with legal obligations, including:
• KYC and AML requirements (KYC is required);
• Tax reporting (FATCA, CRS, etc.);
• Record-keeping requirements (7 years retention);
• Responding to legal requests and court orders;
• Reporting suspicious activities to authorities.
4.3. Legitimate Interests: We process your data for our legitimate interests, provided your rights do not override these interests:
• Fraud prevention and security monitoring;
• Risk management and internal reporting;
• Service improvement and development;
• Business analytics and trend analysis;
• Network and information security;
• Internal administrative purposes.
4.4. Consent: We process your data based on your consent for:
• Marketing communications and promotional offers;
• Biometric authentication (fingerprint, facial recognition);
• Sharing data with third parties for specific purposes;
• Processing special categories of data (health, etc.);
• Cookies and tracking technologies (where consent is required).
4.5. Vital Interests: In rare circumstances, we may process data to protect your vital interests or those of another person.
4.6. Public Interest: We may process data for tasks carried out in the public interest, such as:
• Preventing and detecting crime;
• Protecting public security;
• Complying with regulatory investigations.
Important: We do not sell your personal data to third parties. We only share data as necessary to provide our services and comply with legal obligations.
5.1. Service Providers and Processors: We share data with:
• Payment processors and card networks;
• Banking partners and correspondent banks;
• Identity verification services;
• Cloud storage providers;
• Customer support platforms;
• Analytics and business intelligence tools;
• Email and communication services;
• IT security and monitoring services.
5.2. Regulatory and Government Authorities: We may disclose data to:
• Financial intelligence units (FIUs);
• Anti-money laundering authorities;
• Tax authorities (IRS, HMRC, etc.);
• Banking regulators and supervisors;
• Law enforcement agencies;
• Courts and tribunals;
• Consumer protection agencies.
5.3. Affiliates and Subsidiaries: We may share data with:
• Parent companies and subsidiaries;
• Affiliated financial institutions;
• Joint venture partners;
• For internal business purposes and consolidated reporting.
5.4. Business Transfers: In the event of:
• Merger or acquisition;
• Sale of assets or business units;
• Bankruptcy or insolvency;
• Your data may be transferred to the successor entity.
5.5. With Your Consent: We may share data with:
• Third-party financial advisors (with your explicit consent);
• Credit reference agencies (for credit checks);
• Other financial institutions (at your request);
• Marketing partners (with your opt-in consent).
5.6. Credit Reference Agencies: We may share data with credit reference agencies for:
• Credit assessments and scoring;
• Fraud prevention;
• Tracing debtors;
• Statistical analysis.
6.1. Transfer Locations: Your data may be transferred to and processed in countries outside your jurisdiction, including:
• United States (where our primary servers are located);
• European Union (for backup and disaster recovery);
• United Kingdom;
• Singapore;
• Other countries where our service providers operate.
6.2. Safeguards: We ensure appropriate safeguards for international transfers through:
• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Binding Corporate Rules (BCRs);
• Adequacy decisions by the European Commission;
• Data Processing Agreements with all service providers;
• Regular audits and compliance reviews.
6.3. EU-US Data Privacy Framework: For transfers to the United States, we comply with the EU-US Data Privacy Framework as applicable.
6.4. UK International Data Transfer Agreement: For transfers to countries outside the UK, we use the UK International Data Transfer Agreement (IDTA) where required.
6.5. Risk Assessment: We conduct Transfer Impact Assessments (TIAs) for all significant international transfers to ensure adequate protection.
7.1. Retention Periods: We retain your data for the following periods:
| Data Category | Retention Period |
|---|---|
| Active account data | 7 years after account closure |
| Inactive account data | 5 years after inactivity |
| KYC/AML documents | 5 years after account closure |
| Transaction records | 7 years |
| Communications | 3 years |
| Marketing data | 2 years or until consent withdrawn |
| Login logs | 2 years |
| Cookie data | As specified in Cookie Policy |
7.2. Account Closure: When you close your account:
• Transactional capabilities are immediately suspended;
• Remaining balance is returned (less fees);
• Your data is flagged for deletion after the retention period;
• Legal and regulatory holds may apply;
• Some data may be retained for fraud prevention purposes.
7.3. Data Deletion: After retention periods expire:
• Personal data is securely deleted or anonymized;
• Backups are purged or anonymized;
• Deletion certificates are available upon request;
• Aggregated, anonymized data may be retained for analytics.
7.4. Legal Holds: We may retain data beyond standard periods:
• During active litigation or investigations;
• To comply with court orders or legal obligations;
• For unresolved disputes or claims;
• As required by bankruptcy or insolvency proceedings.
7.5. Anonymization: Where possible, we anonymize data for:
• Statistical analysis and reporting;
• Business intelligence and trend analysis;
• Product development and testing;
• Historical research.
8.1. Technical Security Measures:
• 256-bit AES encryption for data at rest;
• TLS 1.3 encryption for data in transit;
• Multi-factor authentication (MFA);
• Biometric authentication options;
• Session timeout after 30 minutes;
• Rate limiting (max 5 login attempts);
• Account lockout (30 minutes);
• Password expiry (90 days);
• Minimum password length (8 characters);
• Regular security patches and updates.
8.2. Organizational Security Measures:
• Strict access controls and role-based permissions;
• Regular security training for employees;
• Background checks for personnel;
• Confidentiality agreements;
• Regular security audits and penetration testing;
• Incident response procedures;
• Data Protection Impact Assessments (DPIAs);
• Vendor risk management program.
8.3. Physical Security Measures:
• Secure data centers with 24/7 monitoring;
• Biometric access controls;
• CCTV surveillance;
• Environmental controls (fire, flood, temperature);
• Backup power and redundant systems;
• Secure disposal of physical records.
8.4. Incident Response: In case of a data breach:
• We will notify affected individuals within 72 hours where required;
• We will notify relevant supervisory authorities;
• We will take immediate steps to contain and mitigate the breach;
• We will conduct a thorough investigation;
• We will implement measures to prevent recurrence.
8.5. Certifications and Compliance: We maintain:
• ISO 27001 certification;
• PCI DSS Level 1 compliance;
• SOC 2 Type II audits;
• GDPR and CCPA compliance programs.
9.1. Right to Access: You have the right to request:
• Confirmation of whether we process your data;
• A copy of your personal data;
• Information about how we process your data;
• Information about data sharing and transfers;
• Information about retention periods.
9.2. Right to Rectification: You have the right to request:
• Correction of inaccurate data;
• Completion of incomplete data;
• Updates to outdated information.
9.3. Right to Erasure (Right to be Forgotten): You have the right to request deletion of your data where:
• Data is no longer necessary for the purpose collected;
• You withdraw consent (and no other legal basis applies);
• You object to processing and there are no overriding legitimate grounds;
• Data has been unlawfully processed;
• Data must be erased to comply with legal obligation.
9.4. Right to Restrict Processing: You have the right to restrict processing where:
• You contest the accuracy of the data (until verified);
• Processing is unlawful and you oppose erasure;
• We no longer need the data but you need it for legal claims;
• You have objected to processing (pending verification).
9.5. Right to Data Portability: You have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where:
• Processing is based on consent or contract;
• Processing is carried out by automated means.
9.6. Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
9.7. Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
9.8. How to Exercise Your Rights: To exercise your data protection rights:
Email: dpo@payquin.com
Phone: +1-800-123-4567
Mail: FAO: Data Protection Officer, 123 Banking Street, Financial District
Online: Through your account settings (Privacy Center)
Response Time: We will respond within 30 days (as required by law).
9.9. Verification Process: To protect your privacy:
• We may require identity verification before processing requests;
• We may request additional information to confirm your identity;
• Authorized agents may act on your behalf with proper documentation;
• We will notify you of any extensions or limitations.
9.10. Fees: Most rights are exercised free of charge. We may charge a reasonable fee for:
• Manifestly unfounded or excessive requests;
• Additional copies of data (administrative fee may apply).
10.1. Cookie Categories:
Essential Cookies: Required for website functionality, authentication, and security. Cannot be disabled.
Functional Cookies: Remember your preferences and settings.
Analytics Cookies: Help us understand how visitors use our site.
Marketing Cookies: Track browsing habits for relevant advertising.
10.2. Cookie Duration:
• Session cookies (expire when you close your browser);
• Persistent cookies (remain for up to 2 years);
• First-party cookies (set by our domain);
• Third-party cookies (set by our partners).
10.3. Managing Cookies: You can control cookies through:
• Browser settings (block, delete, or disable cookies);
• Our cookie consent manager (available on first visit);
• Opt-out tools (YourOnlineChoices, NAI, etc.).
10.4. Tracking Technologies: We also use:
• Web beacons, pixels, and tags;
• Local storage and session storage;
• Device fingerprinting;
• SDKs in mobile applications.
10.5. Do Not Track: Our systems do not currently respond to "Do Not Track" signals. We await industry standards for such signals.
11.1. Policy Changes: We may update this Data Policy to reflect:
• Changes in our data practices;
• New legal or regulatory requirements;
• Industry standards and best practices;
• Feedback from customers and regulators.
11.2. Notification of Changes: We will notify you of material changes through:
• Email to your registered address (from no-reply@payswiift.com);
• Notice in your account dashboard;
• Pop-up notification on our website/app;
• Push notifications (with your consent).
11.3. Version History:
• Version 1.0.0 - January 1, 2024 (Current)
• Version 4.1 - October 15, 2023
• Version 4.0 - July 1, 2023
• Version 3.0 - January 1, 2023
11.4. Continued Use: Your continued use of our services after changes constitutes acceptance of the updated policy. If you do not agree, you may close your account.
12.1. Internal Complaint Process: If you believe we have violated your data protection rights:
1. Contact our Data Protection Officer at dpo@payquin.com;
2. We will acknowledge receipt within 3 business days;
3. We will investigate and respond within 30 days;
4. If unsatisfied, you may escalate to supervisory authorities.
12.2. Supervisory Authorities:
For EU Residents:
Your local Data Protection Authority (DPA)
Contact details: https://edpb.europa.eu/about-edpb/about-edpb/members_en
For UK Residents:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: +44 303 123 1113
Website: www.ico.org.uk
For California Residents:
California Attorney General
1300 I Street, Sacramento, CA 95814
Tel: +1 (916) 210-6276
Website: https://oag.ca.gov/privacy
At PaySwiift, we are committed to protecting your personal data and respecting your privacy. We regularly review and update our data protection practices to ensure compliance with evolving regulations and industry standards.
Our Data Protection Officer is available to address any concerns.
Version 1.0.0 | Last Updated: March 21, 2026 | PaySwiift is a registered financial institution