Privacy Policy

Swap Agency

Last updated: 21 April 2026

1. Introduction

This Privacy Policy (the “Policy”) describes how your personal data is collected, used, shared and protected when you visit the website swap-agency.com, when you order any of our Services, or when you otherwise interact with us.

We take the protection of your personal data seriously and we process it in accordance with the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

This Policy forms an integral part of our Terms and Conditions. By using our website or our Services, you acknowledge that you have read and understood this Policy.

2. Data Controller

The entity responsible for the processing of your personal data (the “data controller”) is:

Qali Sàrl

Sur la Croix 88

1020 Renens

Switzerland

Swiss Commercial Register No.: CH-550.1.256.025-3

Phone: +41 79 739 92 19

Email: hello@swap-agency.com

For any question regarding this Policy or the processing of your personal data, please contact us at hello@swap-agency.com.

3. What Personal Data We Collect

We only collect the personal data that is necessary to provide our Services, to operate our website, and to comply with our legal obligations. Depending on how you interact with us, we may collect the following categories of data:

3.1 Data you provide directly

  • Identification and contact data: first name, last name, company name, email address, phone number, postal address, country;
  • Account data: login credentials, account preferences (if you create an account);
  • Order and billing data: plan ordered, order reference, invoice details, VAT or business number (if applicable);
  • Payment data: transaction reference, amount, currency, date, and the last four digits and card type of the card used. Full card numbers and CVV are never collected or stored by us (see Section 6);
  • Service-related content: website URL to be promoted, texts, images, logos, briefs and any other material you provide for the execution of the Services;
  • Communications: content of emails, messages, support requests, and any other correspondence exchanged with us.

3.2 Data collected automatically

  • Technical data: IP address, browser type and version, operating system, device identifier, language, time zone;
  • Usage data: pages visited, duration of visit, referring URL, clicks, scroll behaviour, approximate location (country/region derived from IP);
  • Cookies and similar technologies: see Section 9 below.

3.3 Data received from third parties

We may also receive data from our payment provider (transaction status), from advertising or analytics platforms (aggregated statistics), or from public sources when relevant to the Services.

4. Purposes of the Processing and Legal Bases

The following table summarises the main purposes for which we process personal data, the categories of data involved, the legal basis (under the GDPR), and the retention periods:

PurposeData categoriesLegal basisRetention
Providing the Services (order processing, campaign delivery, reporting)Identification, contact, billing, website URL, Content, communication dataPerformance of the contract (Art. 6(1)(b) GDPR)Duration of the contract + 10 years (Swiss accounting law)
Payment processingPayment-related data (transaction ID, amount, currency, last 4 digits of card, result)Performance of the contract (Art. 6(1)(b) GDPR)10 years (accounting and tax obligations)
Accounting, invoicing and tax complianceIdentification, billing data, transaction dataLegal obligation (Art. 6(1)(c) GDPR)10 years (Art. 958f Swiss Code of Obligations)
Customer support and communicationContact details, content of the messages exchangedPerformance of the contract / Legitimate interest (Art. 6(1)(b) and (f) GDPR)Up to 3 years after the last contact
Website operation, security and analyticsIP address, device, browser, pages visited, session dataLegitimate interest (Art. 6(1)(f) GDPR) / Consent for non-essential cookies (Art. 6(1)(a) GDPR)Up to 14 months (Google Analytics); 12 months for security logs
Marketing communications (where applicable)Email address, first name, marketing preferencesConsent (Art. 6(1)(a) GDPR) / Legitimate interest for existing clients (Art. 6(1)(f) GDPR)Until withdrawal of consent or opt-out
Fraud prevention and legal claimsTransaction data, IP address, identification dataLegitimate interest (Art. 6(1)(f) GDPR) / Legal obligationUp to 10 years after the relevant event

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of the processing carried out before the withdrawal.

5. Sharing of Your Data with Third Parties

We only share your personal data when strictly necessary to provide the Services, to comply with legal obligations, or to protect our legitimate interests. Your data is never sold.

The main categories of recipients are:

5.1 Payment service provider

Online payments are processed by Worldline (including its relevant group entities), a PCI-DSS compliant payment service provider. Worldline collects and processes your payment data (card details, billing information, transaction data) under its own responsibility as an independent controller, in accordance with its own privacy policy.

More information is available at: https://worldline.com/en/home/privacy-notice.html

5.2 Third-Party Platforms used to deliver the Services

To publish ads, content, links and posts on your behalf, we may transmit the information you provided (such as your website URL, brand name, Content, and campaign parameters) to external platforms such as search engines (e.g. Google, Bing), advertising networks, social networks, forums and other partner websites. Each platform acts as an independent controller for the data it receives, and applies its own privacy policy.

5.3 IT, hosting and communication providers

We rely on trusted providers for website hosting, email, customer support, file storage, analytics and security. These providers act as processors on our behalf and are bound by appropriate contractual obligations to process your data only under our instructions and to implement adequate security measures.

5.4 Analytics provider

We use Google Analytics, a web analytics service provided by Google Ireland Limited (or, where applicable, Google LLC). See Section 9 for more information on cookies and analytics.

5.5 Professional advisors and authorities

Where necessary, we may share data with accountants, auditors, lawyers, insurers, or with competent authorities and courts, to comply with legal obligations, to establish, exercise or defend legal claims, or to prevent fraud.

6. Specific Information on Payment Data

When you complete a purchase on our website, your full card number, expiry date and CVV are entered directly on the secure payment page provided by Worldline. These data are transmitted directly to Worldline and are never stored on our servers.

On our side, we only receive and store limited transaction data such as the transaction reference, the amount, the currency, the date, the result of the transaction, the last four digits and the type of card used. These data are kept for accounting, tax, and fraud-prevention purposes.

7. International Data Transfers

Your personal data is primarily processed in Switzerland and within the European Economic Area (EEA). However, some of our providers (including Worldline, Google and other technical providers) may process data in other countries, including the United States.

When personal data is transferred outside Switzerland or the EEA to a country that does not offer an equivalent level of data protection, we ensure that appropriate safeguards are in place, such as:

  • European Commission adequacy decisions (including, where applicable, the EU-US Data Privacy Framework);
  • Standard Contractual Clauses approved by the European Commission and recognised by the Swiss authorities;
  • Additional technical and organisational measures where required.

You may request a copy of the safeguards applied to a specific transfer by contacting us at hello@swap-agency.com.

8. Retention of Your Data

We keep your personal data only for as long as necessary to achieve the purposes described in this Policy or to comply with our legal obligations. The main retention periods are indicated in the table in Section 4.

In particular, in accordance with Article 958f of the Swiss Code of Obligations, accounting records, invoices and related supporting documents are kept for a period of ten (10) years.

When personal data is no longer necessary, it is securely deleted or anonymised.

9. Cookies and Analytics

Our website uses cookies and similar technologies to ensure the proper functioning of the website, to improve your experience and to analyse how the website is used.

9.1 Categories of cookies

  • Strictly necessary cookies: required for the basic functioning of the website (security, session management, cookie consent). They cannot be disabled.
  • Analytics cookies: used to understand how visitors interact with the website (pages visited, duration, navigation paths) in order to improve the service.
  • Functional cookies: remember your preferences (language, display) to personalise your experience.
  • Marketing cookies (where applicable): used to measure the effectiveness of advertising campaigns and to display relevant content.

9.2 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies to collect information about how visitors use our website, including the number of visitors, the pages they visit and the sources they come from.

We have configured Google Analytics with the following privacy settings where available:

  • IP anonymisation, so that the last octet of your IP address is removed before storage;
  • No sharing of your data with other Google services for advertising purposes without your consent;
  • Appropriate retention periods for user-level data (up to 14 months).

Google may transfer this information to servers located in countries outside the EEA, including the United States. More information is available in Google’s privacy policy at: https://policies.google.com/privacy. You can also install the Google Analytics opt-out browser add-on available at: https://tools.google.com/dlpage/gaoptout.

9.3 Managing your cookie preferences

When you first visit our website, a cookie banner allows you to accept or refuse non-essential cookies. You can change your preferences at any time via the cookie settings link available on the website, or by adjusting the settings of your browser to block or delete cookies.

Refusing non-essential cookies does not prevent you from accessing the website, but some features may be limited.

10. Security of Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, disclosure or destruction. These measures include, in particular:

  • Encryption of communications (HTTPS/TLS) between your browser and our website;
  • Secure hosting and regular software updates;
  • Access controls limiting data access to authorised personnel only;
  • Use of reputable, PCI-DSS compliant providers for payment processing;
  • Regular reviews of our security practices.

Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work continuously to maintain a high level of protection.

11. Your Rights

Under the Swiss nFADP and, where applicable, the GDPR, you have the following rights regarding your personal data:

  • Right of access: obtain confirmation of whether we process your data and receive a copy of it;
  • Right to rectification: request the correction of inaccurate or incomplete data;
  • Right to erasure (“right to be forgotten”): request the deletion of your data, subject to legal retention obligations;
  • Right to restriction: request the limitation of the processing in certain circumstances;
  • Right to data portability: receive your data in a structured, commonly used and machine-readable format, or request its transfer to another controller, where technically feasible;
  • Right to object: object at any time to processing based on our legitimate interests, and at any time to processing for direct marketing purposes;
  • Right to withdraw consent: where processing is based on your consent, you can withdraw it at any time, without affecting the lawfulness of past processing;
  • Right to lodge a complaint: with a competent data protection authority (see Section 12).

To exercise your rights, please send your request to hello@swap-agency.com. We may ask you to verify your identity before processing the request. We will respond within one month, which may be extended by up to two additional months in case of complex or numerous requests.

12. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes applicable data protection laws, you have the right to lodge a complaint with a competent supervisory authority, in particular:

  • In Switzerland: the Federal Data Protection and Information Commissioner (FDPIC) – https://www.edoeb.admin.ch;
  • In the EU/EEA: the data protection authority of your country of residence, place of work, or place of the alleged infringement.

Before contacting the authority, you are welcome to contact us directly at hello@swap-agency.com; we will do our best to address your concerns.

13. Children’s Data

Our Services are intended for business use (freelancers, companies and start-ups) and are not directed at children. We do not knowingly collect personal data from children under the age of 16. If you believe that a child has provided us with personal data without appropriate consent, please contact us so that we can delete it.

14. Automated Decision-Making

We do not use your personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you.

15. Links to Other Websites

Our website may contain links to third-party websites. This Policy does not apply to those websites. We encourage you to read the privacy policy of any website you visit.

16. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, our Services, or applicable laws. The updated version will be published on the website with a new “Last updated” date. Material changes will be brought to your attention by appropriate means (e.g. notice on the website or email).

17. Contact

For any question, request or complaint regarding this Privacy Policy or the processing of your personal data, please contact us:

Qali Sàrl – Swap Agency

Sur la Croix 88

1020 Renens

Switzerland

Phone: +41 79 739 92 19

Email: hello@swap-agency.com