763-367-6770
SwyftPAY - Payment Solutions

GDPR Compliance

Last updated: April 9, 2026

SwyftPAY is committed to complying with the General Data Protection Regulation (GDPR) for the protection of personal data of individuals in the European Economic Area (EEA) and the United Kingdom.

Data Controller

SwyftPAY acts as the data controller for personal data collected through our website and services. Our contact information:

  • Company: Hope Benefits LLC (d/b/a SwyftPAY)
  • Address: 7225 Forestview Lane, Maple Grove, MN 55369
  • Phone: 888-256-8917

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent — When you have given clear consent for us to process your data for a specific purpose (e.g., subscribing to communications).
  • Contractual necessity — When processing is necessary to fulfill our obligations under a contract with you (e.g., providing merchant services).
  • Legal obligation — When we are required by law to process your data (e.g., tax reporting, fraud prevention).
  • Legitimate interest — When processing is necessary for our legitimate business interests, provided these do not override your fundamental rights (e.g., improving our services, website security).

Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

  • Right of Access — You may request a copy of the personal data we hold about you.
  • Right to Rectification — You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure — You may request deletion of your personal data ("right to be forgotten"), subject to certain legal exceptions.
  • Right to Restriction — You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability — You may request your personal data in a structured, commonly used, machine-readable format.
  • Right to Object — You may object to processing of your personal data based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent — Where processing is based on consent, you may withdraw that consent at any time.
  • Right to Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority in your country of residence.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the purposes of processing:

  • Transaction data: Retained for a minimum of 7 years as required by financial regulations.
  • Contact form submissions: Retained for 2 years unless you request earlier deletion.
  • Website analytics data: Retained for 26 months.
  • Marketing consent records: Retained for the duration of your subscription plus 1 year.

International Data Transfers

As a US-based company, data transferred from the EEA/UK to the United States is protected through appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, and compliance with applicable data transfer frameworks.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • PCI DSS Level 1 compliance for payment data
  • End-to-end encryption for data in transit
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Employee training on data protection practices

Cookies

Our website uses cookies and similar technologies. For detailed information about the cookies we use and your choices, please refer to our Privacy Policy.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Exercising Your Rights

To exercise any of your rights under GDPR, or if you have questions about our data protection practices, please contact us:

  • Phone: 888-256-8917
  • Address: 7225 Forestview Lane, Maple Grove, MN 55369

We will respond to your request within 30 days. In certain circumstances, we may need to verify your identity before processing your request.