Swenta Privacy Policy

Introduction

Swenta Limited (“Swenta,” “we,” “us,” or “our”) is a UK-based company dedicated to providing innovative solutions and services to our clients. Swenta is committed to protecting the confidentiality and privacy of information entrusted to us in accordance with the UK Data Protection Act 2018, including its applied GDPR provisions (DPA 2018). This Privacy Policy outlines your rights, the types of information we collect, how we use and protect it, and the measures we take to ensure compliance with data protection laws.

Please read this Privacy Policy carefully to understand how we handle your personal data. By engaging with Swenta, you agree to the practices described in this policy.

1. Who Are We?

This Privacy Policy applies to Swenta Limited which operates under a shared commitment to data protection and privacy.

2. How Do We Collect Personal Data?

We collect personal data through direct and indirect means, as outlined below:

Directly:
We obtain personal data directly from individuals in various ways, including:

• When you provide us with your contact details (e.g., business cards, online forms, or email communications).
• When you subscribe to our newsletters, register for webinars, or attend events hosted by Swenta.
• When you visit our offices or engage with us for recruitment purposes.
• When you establish a business relationship with us or engage us to provide professional services.

Indirectly:
We may also obtain personal data indirectly from the following sources:

• Public sources: Information from public registers (e.g., Companies House), news articles, sanctions lists, and government agencies.
• Social and professional networking sites: If you register or log in to our websites using social media platforms (e.g., LinkedIn, Instagram), we may collect information permitted by your privacy settings, such as your name and email address.
• Business clients: We may process personal data on behalf of our clients as part of our professional services. For example, we may review payroll data for auditing purposes or handle personal data for global mobility services.
• Recruitment services: We may receive personal data about job candidates from employment agencies, former employers, or credit reference agencies.
• Data subscription services: We may obtain business-related personal data from external providers to reach out to prospective clients.

3. What Categories of Personal Data Do We Collect?

We collect the following categories of personal data to conduct our business activities:

Personal Data:

• Contact details (e.g., name, company name, job title, phone numbers, email and postal addresses).
• Professional details (e.g., employment history, educational background, and professional affiliations).
• Financial information (e.g., payroll data, tax information, bank details, and investment interests).
• Family and beneficiary details (e.g., names and dates of birth) for insurance or pension-related services.
• CCTV footage may be collected at our sites for security purposes. This footage is automatically overwritten within 30 days.

Special Categories of Personal Data:
We typically do not collect special categories of personal data unless necessary for specific purposes, such as:

• Diversity and equal opportunity information volunteered during recruitment processes or professional programs.
• Health data to ensure a safe environment for employees, clients, and visitors, particularly in relation to infectious disease control.
• Personal identification documents that may reveal race, religion, or ethnic origin, where required for legal or compliance purposes.
• Adverse information about clients or applicants that may reveal criminal convictions or offences, where legally permissible.

Child Data:
Our services and websites are not directed at children under the age of 13. We do not knowingly collect or maintain information about individuals under this age unless required as part of a professional engagement.

Location-Based Data:
We may process geographical locations you provide when searching for a Swenta office or service near you.

4. What Lawful Reasons Do We Have for Processing Personal Data?

We rely on the following lawful bases to process personal data:

• Contract: To fulfil our contractual obligations or to enter into a contract with you.
• Consent: When you have provided explicit consent for specific processing activities.
• Legitimate Interests: When processing is necessary for our legitimate business interests, such as delivering services, conducting marketing, or ensuring IT security.
• Legal Obligations: To comply with applicable laws, regulations, or legal processes.
• Public Interest: To perform tasks in the public interest or exercise official authority.
• Vital Interests: To protect the life or safety of an individual.

5. Why Do We Need Personal Data?

We collect and use personal data for the following purposes:

• Providing professional services, including advisory, consulting, and technical solutions.
• Promoting our services, products, and capabilities to existing and prospective clients.
• Hosting events, webinars, and other engagements.
• Personalizing communications and online experiences based on your interactions with Swenta.
• Administering and securing our information systems and websites.
• Recruiting and evaluating job candidates.
• Complying with legal and regulatory obligations, such as anti-money laundering and fraud prevention.
• Monitoring and controlling the spread of infectious diseases to ensure a safe environment.

6. Do We Share Personal Data with Third Parties?

We may share personal data with trusted third parties to deliver efficient and quality services. These parties are contractually bound to protect your data. Recipients may include:

• Swenta Group entities for administrative and service delivery purposes.
• Service providers (e.g., IT support, cloud-based software providers, and document production services).
• Professional advisers, including lawyers, auditors, and insurers.
• Law enforcement or government agencies, where required by law.
• Potential buyers or merger partners in the event of a business transfer or merger.

Swenta does not transfer personal data to third parties for their direct marketing purposes.

7. Do We Transfer Personal Data Outside the UK?

We store personal data on servers located in the UK. However, we may transfer data to Swenta Group entities or third-party service providers outside the UK when necessary. Such transfers are conducted in compliance with data protection laws and contractual safeguards.

8. Do We Use Cookies?

Our websites may use cookies to enhance your browsing experience.

9. What Are Your Data Protection Rights?

You have the following rights under data protection laws:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request corrections to inaccurate or incomplete data.
• Erasure: Request deletion of your data under certain circumstances.
• Restriction: Request temporary restrictions on processing.
• Data Portability: Request transfer of your data to another organization.
• Objection: Object to direct marketing or profiling.
• Withdraw Consent: Withdraw consent for processing, where applicable.

To exercise these rights, contact us at info@swenta.com We may request additional information to verify your identity before processing your request.

10. How Do We Protect Personal Data?

We implement technical and organizational measures to safeguard personal data against loss, misuse, or unauthorized access. These measures include encryption, access controls, and regular security assessments. While we strive to protect your data, no transmission over the internet is entirely secure, and we cannot guarantee absolute security.

11. How Long Do We Retain Personal Data?

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, or resolve disputes. Unless otherwise required, we typically retain personal data for seven years.

12. Links to Other Websites

Our websites may contain links to third-party sites, including those of Swenta Group entities. These sites are not governed by this Privacy Policy. We encourage you to review the privacy policies of any external sites before providing personal data.

13. Who can you contact for privacy questions or concerns?

If you have questions or comments about this Privacy Notice or how we handle personal data, please direct your correspondence to: 167-169 Great Portland Street, 5th Floor, London, United Kingdom, W1W 5PF or email info@swenta.com. We aim to respond within 30 days from the date we receive privacy-related communications.

14. Do we change this Privacy Notice?

We regularly review this Privacy Notice and will post any updates to it on this webpage. This Privacy Notice was last updated on 12 February 2025.