Pricacy Policy

SWOOP Analytics® Pty Ltd (“SWOOP”) offers tools and platform commercialised as “SWOOP Analytics®” which provide the means to measure the use of collaboration and communication software. SWOOP understands the importance of protecting individuals’ privacy and their personal information. For this reason, we strive to have business procedures and security safeguards in place to protect personal information under its control.

Application and Scope

This Privacy Policy (“Policy”) is intended to establish responsible and transparent practices for the management of personal information and to satisfy the relevant and applicable legal requirements. This Policy sets out the standards, responsibilities and obligations of SWOOP in respect of any personal information collected, accessed or processed by SWOOP in the course of its business operations and specifies the obligations of SWOOP that arise from SWOOP Terms of Service (available at www.swoopanalytics.com/terms) (the “Terms”) entered into between SWOOP and its corporate customers (each, a “Customer”), whereby SWOOP might handle or have access to personal information (“Service”).

This Policy also governs personal information collected about SWOOP’s website users and explains how SWOOP uses and discloses personal information collected from people who visit its website and otherwise interact with SWOOP through www.swoopanalytics.com (“Website”). It also explains how SWOOP uses cookies and similar technologies.

International Compliance

SWOOP complies with: (i) data protection laws applicable to SWOOP; and (ii) applicable industry standards concerning data protection, confidentiality or information security. SWOOP has global operations and therefore, in some cases, information managed by SWOOP may be transferred, processed and stored to other countries, although at all times, SWOOP will ensure that personal information is protected by confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed by SWOOP itself.

SWOOP complies with this Policy as well as applicable Australian data protection laws, the General Data Protection Regulation (GDPR), being Regulation 2016/679 of the European Parliament and of the Council, and the UK GDPR. SWOOP also complies with other applicable data protection laws in the jurisdictions in which we operate. SWOOP is certified against ISO/IEC 27001:2022. A copy of our certificate can be requested via our Trust Center.

Definition of Personal Information

For the purposes of this Policy:

  • Personal Information means any information relating to an identified or identifiable natural person, as defined under the GDPR, UK GDPR, and Australian Privacy Principles (APPs).

  • Sensitive Personal Information means information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or information about a person’s sex life or sexual orientation (as defined in applicable laws).

Lawful Basis for Processing

SWOOP processes personal information under one or more of the following lawful bases:

  • Performance of a contract – where processing is necessary to deliver the Service to our Customers.

  • Consent – for example, where a website visitor opts in to receive marketing communications or to the use of non-essential cookies.

  • Legitimate interests – such as improving our Service and Website, provided those interests are not overridden by individuals’ rights.

  • Legal obligation – where processing is required to comply with applicable laws.

Collection and Use of Personal Information through the Service

When providing the Service, SWOOP only processes personal information in accordance with the Terms and applicable laws. SWOOP generally uses personal information from or about its Customers and Users (as defined in the Terms), (hereinafter referred to as “Customer’s Personal Information”) for the following purposes:

  • to create, establish and administer Customer’s account, to respond to Customer’s inquiries related to its account and to contact Customer about SWOOP’s services or account-related matters;

  • to provide services, including to provide Customer and its Users with access and use of the SWOOP platform and customer support;

  • to measure and analyze User behavior in order to, among others, monitor, maintain and improve SWOOP’s services or features;

  • to personalise or customise the experience when using the services;

  • to meet legal and regulatory requirements and to allow SWOOP to meet contractual requirements relating to the services provided to Customer;

When the Customer signs up to use the Service, we collects the following data types:

  • User data (such as user ID, join/leave dates, department), which is automatically collected when the SWOOP data miner runs.

  • Collaboration and communication data, which are automatically collected when the User signs in to our Services. This includes meta-data about various activities on the platform SWOOP is analysing.

  • User-interface interactions, which are automatically collected when the User signs in to our Services. This includes mouse interactions (mouse-over and clicks), time spent on the page, browser data, IP address and which SWOOP customer site is being accessed.

For a complete list of the meta-data that we collect, please contact your SWOOP representative or request a copy of the relevant technical overviews via our Trust Center.

All Customer data collected and managed by SWOOP is classified as sensitive and treated as such. Unless required or authorised by law, SWOOP will not use Personal Information for Customer or User for any other or new purpose without obtaining prior consent. SWOOP may use information provided by Customers to create irreversibly anonymised, aggregated datasets for research and benchmarking purposes. Anonymisation is carried out using industry-standard techniques to ensure that re-identification of individuals is not reasonably possible.

Collection and Use of Personal Information through the Website

SWOOP collects and uses personal information from or about visitors to our Website in the following ways:

  1. Information you provide directly

We may collect personal information when you:

  • Submit an inquiry

  • Request a trial or demo

  • Sign up for our newsletter or updates

  • Complete a form on the Website

This may include your name, job title, company, email, phone number, and any other details you choose to provide.

  1. Personalisation - Optional information you provide (such as your title or preferences) may be used to personalise your experience on our Website.

  2. Technical information collected automatically - We automatically collect technical data (such as IP address, browser, device type, screen resolution, and site navigation) via cookies and similar technologies.

  3. Cookies and Tracking Technologies - We use cookies to:

    1. Enable the core functionality of our Website (Necessary Cookies – always on);

    2. Understand how our Website is used so we can improve it (Performance and Analytics Cookies – set only with your consent);

    3. Deliver relevant advertising, where applicable (Advertising Cookies – set only with your consent).

      When you first visit our Website, you can:
      - Accept all cookies
      - Reject all non-essential cookies; or
      - Manage your preferences in detail.
      In jurisdictions where required by law (including the EU and UK), non-essential cookies will only be placed after you have actively consented. You can change your preferences at any time via the “Manage Cookies” option on our Website.

  4. Third-party analytics - We use Google Analytics to measure Website usage. These cookies are only set if you provide consent. Data collected is aggregated and not used to personally identify you. More information is available at: https://policies.google.com/privacy .

  5. Personal information from other sources - We may receive personal information from trusted third parties, with your permission.

  6. Privacy policies of other websites - Our Website may contain links to other sites. We are not responsible for the privacy practices of those sites.

Sharing of Personal Information

SWOOP will not sell, rent or trade personal information to any third party. However, SWOOP may share personal information when authorized and/or required by law or as follows:

  • As permitted or required by law. SWOOP may disclose personal information as required by applicable law or by proper legal or governmental authority. SWOOP may also disclose information to its accountants, auditors, agents and lawyers in connection with the enforcement or protection of its legal rights. SWOOP may also release certain personal information when it has reasonable grounds to believe that such release is reasonably necessary to protect the rights, property and safety of others and itself, in accordance with or as authorized by law. In the event SWOOP receives a governmental or other regulatory request for any Customer’s Personal Information, it agrees to immediately notify Customer in order that Customer shall have the option to defend such action. SWOOP shall reasonably cooperate with Customer in such defence.

  • Business transaction. SWOOP may disclose personal information to a third party in connection with a sale or transfer of business or assets, an amalgamation, re-organization or financing of parts of our business. However, in the event the transaction is completed, personal information will remain protected by applicable data protection laws. In the event the transaction is not completed, SWOOP will require the other party not to use or disclose the personal information received in any manner whatsoever and to delete such information.

  • Subprocessors – SWOOP uses certain subprocessors to deliver its Service. A current list is maintained in our Trust Center at https://trust.swoopanalytics.com

Security of Personal Information for the Service

  • SWOOP will store and process the personal information in a manner consistent with industry security standards. SWOOP has implemented technical, organizational and administrative systems, policies, and procedures to help ensure the security, integrity and confidentiality of personal information and to mitigate the risk of unauthorized access to or use of personal information, including (i) appropriate administrative, technical and physical safeguards and other security measures designed to ensure the security and confidentiality of the personal information it manages; (ii) a security design intended to prevent any compromise of its own information systems, computer networks or data files by unauthorized users, viruses or malicious computer programs; (iii) appropriate internal practices including, but not limited to, encryption of data in transit; using appropriate firewall and antivirus software; maintaining these countermeasures, operating systems and other applications with up-to-date virus definitions and security patches so as to avoid any adverse impact to the personal information that it manages; appropriate logging and alerts to monitor access controls and to assure data integrity and confidentiality; permitting only authorized users access to systems and applications; and (iv) all persons with authorized access to personal information must have a genuine business need-to-know prior to access (“Security Program”).

Training and Supervision

SWOOP maintains adequate training programs to ensure that its employees and any others acting on its behalf are aware of and adhere to its Security Program. SWOOP shall exercise necessary and appropriate supervision over its relevant employees to maintain appropriate confidentiality and security of the personal information it manages.

Data Incidents involving Customer’s Personal Information

SWOOP shall immediately notify Customer of any reasonably suspected or actual loss of data or breach or compromise of its Security Program which has or may result in the loss or unauthorized access, disclosure, use or acquisition of Customer’s Personal Information (including hard copy records) or otherwise presents a potential threat to such information (“Data Incident”). While the initial notice may be in summary form, a comprehensive written notice shall be given within 24 hours to Customer. The notice shall summarise in reasonable detail the nature and scope of the Data Incident (including each data element type) and the corrective action already taken or to be taken by SWOOP. SWOOP shall promptly take all necessary and advisable corrective actions, and shall cooperate fully with Customer in all reasonable efforts to mitigate the adverse effects of Data Incident and to prevent its recurrence.

European Union

The following sections relate specifically to GDPR for the purpose of delivering the Service to the Customer.

Data Processor and Data Controller

The Customer is the data controller and SWOOP is the data processor.

Responsibilities

All SWOOP employees and contractors have a responsibility for ensuring that Customer data we collect is stored and handled appropriately.

In particular:

  • The SWOOP Executive Committee has ultimate responsibility for ensuring that SWOOP Analytics meets its legal obligations.

  • The Data Protection Officer / Senior Responsible Officer for Security is responsible for:

    • Ensuring that information security and privacy requirements are adequately addressed.

    • Keeping the SWOOP Executive Committee updated about data protection responsibilities, risks and issues.

    • Reviewing all data protection policies, standards and procedures as per the Information Security Management System (ISMS).

    • Arranging data protection training for all SWOOP employees and contractors.

    • Addressing data protection questions from staff, customers or individuals e.g. data subject access requests.

    • Approving any contracts or agreements with third parties that may handle sensitive data.

    • Approving any data protection statements attached to communications.

    • Ensuring marketing initiatives are compliant with data protection principles.

  • The Chief Technology Officer is responsible for:

    • Ensuring all systems, software, services and equipment used for storing data meet acceptable security standards.

    • Performing regular checks and scans to ensure security systems are functioning properly.

    • Evaluating the on-going effectiveness of third-party services used by SWOOP Analytics.

Our Customers also have certain obligations. These include:

  • Ensuring consent from data subjects for SWOOP to process data

  • Nominating a point of contact for data subject requests

  • Validating data subject requests

  • Where relevant, correcting any personal information for users that has been provided to SWOOP

Data Storage

SWOOP runs its systems on state-of-the-art Microsoft data centres located in a region agreed to by the Customer. These state-of-the-art, highly secure and universally trusted data centres provide protection of hardware, software, networks, data and facilities utilising a range of verified controls in compliance with a comprehensive set of international protective security standards.

If a SWOOP customer has opted in for sentiment analysis, then SWOOP makes use of Microsoft Cognitive Services. Microsoft Cognitive Services are located in state-of-the-art, highly secure and universally trusted Microsoft Azure data centres in a region nominated by the Customer.

Data Security

SWOOP has implemented a range of comprehensive security controls to protect customer data. These include:

  • Encryption of all data at rest and in transit.

  • Role-based access controls ensuring limited access to personal data.

  • Connections secured via SSL/TLS.

  • Secure application development practices that incorporate privacy by-design principles and integrated security reviews throughout design, coding and deployment.

  • Annual penetration test and automated monthly perimeter scans

SWOOP is ISO27001 certified and engages external specialists to perform independent penetration testing. Visit our Trust Centre for more information (https://trust.swoopanalytics.com)

Data Quality and Accuracy

All SWOOP data is sourced from the customer’s communication and collaboration platforms. Customers can choose to add or remove additional user attribute data to SWOOP.

Data subject access requests for accessing, changing or removing personal information must be handled by the Customer. Any requests received by SWOOP will be referred to the Customer

It is the responsibility of the Customer to update any data inaccuracies in the source platform to update any user attribute data provided to SWOOP.

Data Retention

SWOOP retains a maximum of two years of interaction data for each customer. Data that has a date stamp in excess of two years is deleted. Upon the expiry of the subscription agreement between SWOOP and the customer, all raw data will be deleted. SWOOP maintains a benchmarking database of aggregated anonymous results of certain calculations (e.g. total number of replies per post) which is used for anonymous cross-company benchmarking. This limited aggregated dataset is owned by SWOOP and will be kept after the expiry of the subscription period.

Other data retention periods:

  • Website form submissions – retained for up to 2 years unless consent is withdrawn sooner;

  • Support tickets – retained until consent is withdrawn;

  • Marketing contact data – retained until consent is withdrawn.

International transfers of personal information

Personal information held in SWOOP will be stored in one of SWOOP’s regional data centres as nominated by the customer. For support and troubleshooting purposes, some customer data may be accessed by SWOOP support staff in Australia. SWOOP has implemented a range of appropriate safeguards via various controls and mechanisms (some described above) to ensure the protection of personal information.

Submitting requests for support

Any requests for support to respond to data subject requests must be emailed to support@swoopanalytics.com by the customer’s nominated point of contact. If SWOOP receives requests from a user directly we will refer the user to the Customer. Any data subject requests received which are not received from the customer’s nominated point of contact will be forwarded to the nominated point of contact for validation.

How to Contact Us

Any questions or complaints regarding this Policy, GDPR or SWOOP handling of personal information can be addressed by sending an email to support@swoopanalytics.com.

Change of Privacy Policy

SWOOP will review and update its policies and procedures as required to keep current with rules and regulations, new technologies, standards and customer concerns. This Policy may therefore change from time to time.

This Policy was last updated or reviewed on August 12, 2025