Swyp

Privacy Policy

Last updated: May 2025

1. Overview

This Privacy Policy explains how Swyp BV ("Swyp", "we", "us", "our") collects, uses, shares, and protects your personal data when you use our website and platform ("Services"). Swyp is committed to safeguarding your privacy and complying with the General Data Protection Regulation (GDPR).

By using Swyp, you acknowledge and agree to the practices described in this Privacy Policy.

2. Who We Are

Swyp BV is a company registered in Belgium, offering a platform that enables dental practices to easily purchase dental supplies from multiple vendors.

Swyp acts as a data controller when handling your personal data to provide our Services. In some cases, we may act as a data processor, such as when retrieving and managing supplier data on your behalf.

3. What Data We Collect

We collect and process the following types of data:

a) Information You Provide

  • Account details (e.g. name, email address, clinic name, location)
  • Communication preferences
  • Connected third-party supplier accounts (e.g. encrypted login tokens)
  • Billing information (processed and stored by our payment processor Stripe; we do not store full payment card details)

b) Activity and Usage Data

  • Search queries, cart actions, and product views
  • Purchase history from authorized third-party suppliers
  • Interaction logs (e.g. time of actions, frequency of features used)

c) Device and Connection Data

  • Browser type, IP address, device information
  • Time zone and approximate geolocation (via IP or optional GPS, WiFi)

4. Why We Process Your Data

We use your personal data for the following purposes:

  • To provide and personalize our Services
  • To retrieve product information and submit actions to supplier platforms on your behalf
  • To communicate with you, including support and account updates
  • To improve and develop our platform
  • To ensure security, prevent fraud, and detect abuse
  • To comply with legal obligations

Where legally required, we will obtain your explicit consent (e.g. for marketing communications or non-essential cookies).

5. Legal Bases for Processing

Under the GDPR, we rely on the following legal bases:

  • Contractual necessity: to provide and manage your Swyp account
  • Consent: for optional features like marketing emails
  • Legitimate interests: for analytics, platform improvement, and fraud prevention
  • Legal obligation: for compliance with applicable laws

6. How We Share Your Data

We may share your data in the following ways:

  • With third-party supplier platforms you explicitly authorize us to connect with (e.g. cart updates, price lookups)
  • With service providers who help us run our platform (e.g. cloud hosting, analytics, customer support)—under strict data protection agreements
  • With new representatives of your clinic if authorized and required for continuity
  • In the event of a business transfer, such as a merger or acquisition

We do not sell your personal data. Any data shared with third parties for analytics or research will be aggregated or anonymized.

7. Data Transfers

Swyp is based in the European Union (Belgium), and all our core infrastructure is hosted within the EU. Your data is stored on servers operated by Hetzner Online GmbH in their data centers located in Germany and Finland, ensuring your data remains within the European Economic Area.

Some of our service providers may process data outside the EEA. When this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection in the destination country
  • The provider's certification under recognized data protection frameworks

For payment processing, Stripe operates from Ireland (within the EU) and maintains GDPR compliance for all European customers.

8. Data Retention

We retain personal data only for as long as necessary to:

  • Provide our Services
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

You may delete your account at any time by contacting us at support@swyp.be. Upon deletion, your personal data will be erased unless retention is required by law.

9. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict certain processing activities
  • Data portability (receive your data in a usable format)
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with a supervisory authority (e.g. Gegevensbeschermingsautoriteit in Belgium)

10. Cookies and Tracking

Swyp uses cookies and similar technologies to provide essential functionality, analyze usage, and improve our Services. Where required, we will ask for your consent for non-essential cookies.

You can manage your cookie preferences through your browser settings or our cookie banner.

11. Security

We implement appropriate technical and organizational measures to protect your data against loss, misuse, unauthorized access, and alteration. While we strive to protect your information, no method of transmission over the Internet is 100% secure.

In the event of a data breach, we will notify affected users and regulators in accordance with legal requirements.

12. Legal Requests

We may disclose your data if required to do so by law, court order, or governmental request. We review all such requests carefully to ensure they comply with applicable laws and respect your rights.

13. Third-Party Links

Swyp may contain links to third-party websites. This Privacy Policy does not apply to those sites. We are not responsible for the privacy practices or content of third-party websites.

14. Children's Privacy

Swyp is intended for use by dental professionals and practice administrators who are at least 18 years of age. We do not knowingly collect personal data from individuals under 18. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

15. Automated Decision-Making

Swyp does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any data analysis we perform is for service improvement and personalization purposes only, and you always have the option to adjust your preferences or contact us with concerns.

16. Specific Retention Periods

We retain different types of data for different periods:

  • Account data: Retained for as long as your account is active, plus 30 days after account deletion (to allow for recovery)
  • Usage logs: Retained for up to 12 months for analytics and security purposes
  • Financial records: Retained for 7 years to comply with Belgian accounting laws
  • Marketing communications: Retained until you withdraw consent or 3 years of inactivity
  • Support tickets: Retained for 3 years after case closure

After these periods, data is either deleted or anonymized so it can no longer be associated with you.

17. Service Providers and Data Processors

We work with trusted third-party service providers to deliver our Services. These providers act as data processors and only process your data on our instructions. All service providers are contractually bound to protect your data and use it only for the purposes we specify.

Key Data Processors

  • Hetzner Online GmbH (Germany) - Cloud hosting and infrastructure. Hetzner provides the servers where our application and your data are stored. All data is hosted within the European Union (Germany and Finland data centers). Learn more: Hetzner Privacy Policy
  • Stripe, Inc. (Ireland) - Payment processing for subscriptions. Stripe handles all payment card data and billing information. Stripe is PCI-DSS Level 1 certified and processes payments securely. Swyp never stores your full payment card details. Learn more: Stripe Privacy Policy

Other Service Categories

We may also use processors in the following categories:

  • Analytics services (for understanding platform usage and improving our product)
  • Customer support platforms (for managing support requests and communications)
  • Email service providers (for transactional and marketing emails)
  • Monitoring and error tracking tools (for maintaining service quality and security)

We conduct regular reviews of our processors to ensure they maintain adequate security standards and comply with GDPR requirements. A complete list of our current data processors is available upon request by contacting privacy@swyp.be.

18. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority (Gegevensbeschermingsautoriteit) without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

Our notification will include the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address it.

19. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll notify you via our website or other communication methods. Material changes will be announced at least 30 days in advance where legally required.

Please review this policy periodically for updates.

20. Contact & Data Protection Officer

For any questions, concerns, or requests regarding your data or this policy, you can contact us:

General inquiries:

Email: team@swyp.be

Data protection matters:

If you have specific questions about how we handle your personal data or wish to exercise your GDPR rights, you can contact our data protection team at: privacy@swyp.be