Table of Contents

Privacy policy and GDPR

Ingo Updated by Ingo

The European Union's basic data protection regulation (DSGVO) has been in force since 25 May 2018. This new legislation has major implications for anyone whose business involves the handling of personal data relating to individuals resident in the EU or within the EU. As the processing of personal data is central to digital event management with Sweap, absolute compliance with the DSGVO has top priority.

This article provides an overview of the data-related roles and responsibilities, in relation to the use of Sweap and explains Sweap's efforts to live and meet the values and requirements of the DSGVO.

Sweap as data processor

People you store in Sweap as guests of events are the data subjects. You are the data controller for these personal data. In our General Terms and Conditions including the Order Processing Agreement and the Privacy Policy we refer to this data as customer data.

If you use Sweap to manage your events, this specifically means that you have engaged Sweap as a data processor to perform certain processing activities on your behalf.

According to Article 28 of the DSVGO, the relationship between the controller and the processor must be in writing (electronic form is allowed under paragraph (9) of the same article). Our General Terms and Conditions, the Order Processing Agreement and the Privacy Policy apply. These documents set out the instructions you give to Sweap regarding the processing of personal data under your control. They define the rights and obligations of both parties. Sweap will only process your client data in accordance with your instructions as data controller.
Data transfers

An important issue is data transmission and the location of data processing. Sweap processes customer data exclusively within the EU and, if reasonably possible, also within Germany. The location of the computer centre for the Sweap application is Frankfurt/Main.

In addition, Sweap maintains an up-to-date list of subcontractors in our data protection policy in order to provide complete transparency with regard to transfers and processing. This list explains what data is actually involved. In addition, we make sure that all our third party providers are also DSGVO compatible.

If you have any questions - regarding the above-mentioned points - please feel free to contact us at privacy@sweap.io.

Sweap as data controller

Sweap also acts as a data controller for the personal information we collect about you in our web app, mobile app and website.

First and foremost, we process data that is necessary for us to fulfil the contractual relationship with you (DSGVO Article 6 (1) (b)).

Secondly, we process data in order to comply with our legal obligations (DSGVO Article 6 (1) (c)) - this mainly concerns financial data and information that we need in order to fulfil our accountability in accordance with the DSGVO.

Thirdly, we process your personal data in accordance with the basic data protection regulation Article 6(1)(f) for our legitimate interests.

What "legitimate interests" are we talking about?

  • Improvements to the App to help you become more efficient.
  • Ensuring that your data and the Sweap systems are secure.
  • Marketing our product and its features responsibly.

As the person responsible for your personal data, Sweap is committed to respecting all your rights under the DSGVO. If you have any questions or feedback, please contact us by e-mail at privacy@sweap.io.

Sweap and the DSGVO

As a German company with many customers in the enterprise and public sectors, Sweap is very familiar with the effects of the EU data protection basic regulation. 

We appreciate the data protection requirements of Sweap users and their customers and have implemented - and will continue to implement - technical and organisational measures in accordance with the basic data protection regulation to protect the personal data processed by Sweap. To this end, we have also created a corresponding data protection concept for the entire company.

Internal processes, security and data transfer

To ensure compliance with the DSGVO, procedures must be in place that map data processes and are therefore verifiable. For this reason, Sweap documents its data processing processes in a DSGVO compliant manner.

Our approach to application development was already previously based on Privacy by Design. We have further adapted it to implement functions according to the principles of Privacy by Design. Any access to customer data that we process on your behalf is strictly limited. Our internal procedures and protocols ensure that we comply with the relevant requirements of the DSGVO.

In addition, we have established a process for the introduction and use of third party providers and tools to ensure that the third party providers meet the high expectations that Sweap and its clients have of privacy and security.

In addition, we use a data centre in Germany (Frankfurt/Main) to store and process customer data that meets the latest security requirements to achieve the level of protection provided for in the basic data protection regulation.

Request for information about personal data

The ownership of the data subjects' personal data is the core of the DSGVO. We have created the willingness to respond to requests from data subjects to delete, modify or transfer their data. This means that our customer support specialists, together with the developers, are well prepared to support you in all matters concerning your personal data. We have set up privacy@sweap.io as a central contact point for you.

Documentation

Our General Terms and Conditions of Business, including the Order Processing Agreement and the Data Protection Policy, are regularly revised to increase transparency and ensure that the documents meet the DSGVO requirements. As this is the basis of our relationship with you, it is very important for us to explain our obligations as well as your rights in these documents in a comprehensive and open manner. In addition, we constantly record all our data processing activities in order to be able to meet the DSGVO requirements.

Training

All these measures are supported by extensive training measures within the company to ensure that the DSGVO-compliant processes are adhered to once they have been introduced. Data protection and security meetings are an essential part of our employee onboarding, and each department receives training tailored to its work with personal data. These training courses are documented in accordance with DSGVO.

Sweap firmly believes that meeting the DSGVO requirements is much more than just ticking off checkboxes in a list. For us, the DSGVO represents an exemplary system of values that respects the privacy and responsibility of the individual when handling personal data.

How did we do?

Data tracking with Sweap

Questions about security & data protection

Contact