Privacy Policy

1. Introduction

Last updated: May 17, 2025
SwiftPick (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes:

· What personal data we collect and how we collect it;

· The legal grounds on which we process your data under Bangladeshi law;

· How we use cookies and tracking technologies (including the Common ID cookie);

· With whom and under what circumstances we share your data;

· How we secure and retain your data;

· Your rights as a data subject and how to exercise them;

· Our approach to children’s data; and

· How to contact us with questions or data-protection requests.

2. Legal Framework

2.1 Digital Security Act, 2018

We process personal data in accordance with the Digital Security Act, 2018 (Act No. 46 of 2018), which established definitions and offences regarding digital content and identifies “personal data” or “identity information” as requiring explicit consent for collection and processing followed by ICNL.

2.2 Cyber Security Act, 2023

On September 18, 2023, the Cyber Security Act, 2023 repealed the DSA 2018, retaining its core data-protection provisions while refining offences and penalties for digital misuse Ref world. Section 2(1) of the CSA 2023 broadly defines “identification information” to include any data that can identify an individual, from biometric identifiers to IP addresses followed by Universe PG.

2.3 Personal Data Protection Ordinance, 2025 (forthcoming)

The government is consulting on a comprehensive Personal Data Protection Ordinance, 2025 to establish an independent supervisory authority, detailed data-transfer restrictions, and stricter breach-notification rules followed by Atlantic Council.

3. Categories of Data We Collect

3.1 Information You Provide Directly

1. Account Registration: name, email, chosen password, profile details.

2. Newsletter & Comments: email sign-ups, comment text, ratings, survey responses.

3. Customer Support: correspondence records and any information you submit to resolve issues.

3.2 Transaction & Payment Data

1. Orders & Purchases: product or service details, billing and delivery addresses; excludes full payment card numbers, which are processed by PCI-compliant third parties followed by privacylibrary.ccgnlud.org.

2. Subscription Plans: if or when we introduce paid tiers, we will collect plan selections and payment confirmations.

3.3 Third-Party & Social-Login Data

When you choose social sign-on (e.g., via Facebook or Google), we collect your name, email, profile picture, and any other data you authorize through that platform followed by Jural Acuity.

3.4 Cookies & Tracking Technologies

We use cookies and similar technologies, including:

  • Essential cookies: required for core functionality (session management, login).

  • Performance & Analytics cookies: to measure site usage and improve performance.

  • Marketing & Personalization cookies: to deliver tailored ads, including the Common ID cookie that stores a unique user ID and is shared with our ad partners for measurement and attribution followed by Data Guidance.

     

4. Lawful Bases for Processing

4.1 Consent

We process data based on your explicit consent when you:

  • Sign up for newsletters.

  • Accept non-essential cookies via our Cookie Banner.

  • Participate in marketing campaigns.

     

4.2 Contractual Necessity

Processing is necessary to fulfill our contractual obligations, such as:

  • Creating and managing your account.

  • Providing you with paid or free services you request.

4.3 Legitimate Interests

We process data for our legitimate business interests, provided they do not override your fundamental rights, including:

· Website security and fraud prevention.

· Service improvements through analytics.

· Tailored content and offers (unless you opt out)followed by Jural Acuity.

4.4 Legal Compliance

We may process or disclose your data to comply with legal obligations, court orders, or to respond to lawful requests by public authorities.

5. How We Use Your Information

5.1 Service Delivery & Account Management

  • Create, verify, and maintain your account.

  • Provide customer support, service updates, and administrative messages.

     

5.2 Communications

  • Send transactional emails (e.g., account confirmations, password resets).

  • Respond to inquiries and feedback.

     

5.3 Marketing & Personalization

  • Send newsletters, promotional offers, and event invitations (with your consent).

  • Use behavioral cookies to display ads aligned with your interests on and off SwiftPick followed by Data Guidance.

5.4 Analytics & Site Improvement

  • Analyze site usage patterns to optimize performance and content relevance.

  • Detect and prevent fraudulent or malicious activity.

5.5 Legal & Safety

  • Monitor compliance with our Terms & Conditions.

  • Investigate suspected wrongdoing or disputes.

     

6. Cookies & Tracking Details

6.1 Managing Cookies

You can manage or disable cookies via our Cookie Banner at first visit or adjust settings in your browser. Disabling non-essential cookies may affect site functionality or personalization features.

7. Data Sharing & International Transfers

7.1 Service Providers

We share your data with trusted vendors who support hosting, analytics, email delivery, payment processing, and customer support. All vendors are contractually bound to process data in line with this Policy.

7.2 Advertising & Affiliates

We provide aggregate, non-identifiable reports to advertisers and affiliates to measure campaign performance and website traffic.

7.3 Legal & Safety Disclosures

We may disclose personal data:

  • To comply with legal processes, court orders, or regulatory requests.

  • To protect our or others’ rights, property, or safety.

     

7.4 Change of Control

In the event of a merger, acquisition, or sale of assets, your data may transfer to the new owner under the same privacy protections.

7.5 Cross-Border Transfers

We do not routinely transfer personal data outside Bangladesh except under binding corporate rules or standard contractual clauses that ensure an adequate level of protection followed by Atlantic Council.

8. Data Security & Retention

8.1 Security Measures

We implement industry-standard safeguards—encryption, access controls, intrusion detection—to protect your data from unauthorized access, alteration, or destruction followed by Amnesty International Australia.

8.2 Breach Notification

Although Bangladeshi law currently lacks a statutory breach-notification requirement, we commit to notifying affected users and relevant authorities without undue delay upon discovering a data breach followed by Jural Acuity.

In the event of a personal-data breach, we will:

1. Notify the Bangladesh Information Commission or MoPTIT (once the supervisory body is established) within 72 hours of discovery;

2. Describe the nature of the breach, affected data categories, likely consequences, and remedial steps taken;

3. Inform affected users “without undue delay” if a high risk to rights and freedoms exists.

8.3 Retention Periods

We retain personal data only as long as necessary for its processing purposes or as required by law, typically:

  • Account and transactional data: up to 7 years for auditing and fraud prevention.

  • Marketing consents: until you withdraw consent.

  • Cookies and analytics: up to 24 months unless you delete them sooner.

     

9. Your Rights as a Data Subject

Under Bangladeshi law—aligned with international best practices—you have the right to:

1. Access: Request a copy of your personal data.

2. Rectification: Correct inaccurate or incomplete data.

3. Deletion: Erase data when it’s no longer needed or you withdraw consent (subject to legal retention obligations).

4. Restriction: Limit processing in certain circumstances.

5. Data Portability: Receive data in a structured, machine-readable format.

6. Objection: Object to processing based on legitimate interests or direct marketing.

7. Withdraw Consent: At any time for consent-based processing.

8. Complain: Lodge a grievance with the Bangladesh Information Commission once established, or via the Ministry of Posts, Telecommunications & Information Technology followed by Data Guidance.

Requests will be handled free of charge within 30 calendar days of receipt, unless we lawfully extend this period by up to two additional months for complex requests followed by Tech Global Institute.

10. Children & Young People

10.1 Under-13 Policy

Our services are not directed at children under 13. We do not knowingly collect personal data from children under 13; if we learn that we have inadvertently done so, we will delete it promptly followed by Jural Acuity.

10.2 Ages 13–15

Users aged 13–15 should obtain parental or guardian consent before submitting any personal data to us. We may retain minimal data for anti-circumvention purposes.

10.3 Parental Requests

Parents or guardians can request deletion of their child’s data by contacting us at swiftpickofficial@gmail.com. We will act on such requests within 30 days.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the revised policy here with a new “Last updated” date. Notifying you via email or site banner for material changes.

12. Contact Us

For any questions, to exercise your rights, or to lodge complaints, please contact:
SwiftPick Legal Team
Email: swiftpickofficial@gmail.com