Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

Who we are

WingSIM is a product of Swiftwing Technology Ltd. Where we use the words “We” or “Our” we mean Swiftwing Technology Ltd.

We are an English company with registered company number: 15259643 and our registered office is at Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, England, BH16 6FA.

We are the data controller responsible for your personal information and we are registered at the UK Information Commissioner’s Office with registration number ZB756864.

WingSIM is intended for and marketed to residents of the United Kingdom, and as such data protection is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For privacy-related enquiries, please contact privacy@swiftwing.io.

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

• Names and contact details
• Addresses
• Purchase or account history
• Payment details (including card or bank information for transfers and direct debits)

We collect or use the following information for the operation of customer accounts and guarantees:

• Names and contact details
• Addresses
• Purchase history
• Account information, including registration details
• Marketing preferences

We collect or use the following information for service updates or marketing purposes:

• Names and contact details

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details
• Payment details
• Account details
• Customer or client accounts and records
• Purchase or service history
• Correspondence

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
• Your right to erasure - You have the right to ask us to delete your personal information.
• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.
• Your right to object to processing - You have the right to object to the processing of your personal data.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • Ensuring that any complaints are handled appropriately, and to improve the service for other users based on customer feedback.

Where we get personal information from

We collect data when you:

• Create an account
• Place an order
• Sign up for newsletters, or marketing or service update emails
• Contact customer support

Web analytics

For web analytics, we use Pirsch Analytics. Pirsch Analytics is a cookie-free web analytics software that was developed according to the Privacy by Design principle. To analyze visitor flows, Pirsch Analytics uses a hashing algorithm to generate a 16-digit number as the visitor ID when the page request is received. The input values are the IP address, the user agent, the date and a salt.

The visitor’s IP address is not persisted in whole or in part, and is anonymized completely and non-reversibly by the hash. The inclusion of the date and the use of one salt per website ensures that website visitors cannot be recognized for more than 24 hours and cannot be tracked across multiple websites. A rough localization (country/city) is performed via a locally integrated database.

See Pirsch analytics for more details.

How long we keep information

Account data is retained for as long as your account is active. Inactive accounts are deleted after 5 years.

Transaction data is kept for 7 years to comply with tax laws. Transaction data may be held longer if required by tax authorities.

Marketing data is retained until you withdraw consent.

Who we share information with

Data processors

Stripe, Inc.

We use Stripe to securely process payments. Stripe acts as a data processor and handles data such as your name, email address, and payment information. This is goverened by Stripe’s Data Processing Agreement.

If you are directed to Stripe’s website for payments or use Stripe’s ‘Link’ service, Stripe may collect data from you. For more information, see Stripe’s Privacy Policy.

Snipcart Inc.

We use Snipcart to manage shopping carts, initiate payments and track purchase history. Snipcart acts as a data processor and handles data such as your name, address and purchase details. This is governed by Snipcart’s Data Processing Agreement.

For more information, see Snipcart’s GDPR compliance FAQ and Terms of Service.

PlanetScale, Inc.

We use PlanetScale for data storage. All data is stored in the UK (AWS eu-west-2).

In this case PlanetScale acts as a subprocessor. PlanetScale is GDPR compliant and their storage of our data is governed by their Data Porcessing Addendum. For more information, see Security and compliance - PlanetScale.

Do we process children’s data?

In order to shop with us, you must be over 18 years old and we do not knowingly collect personal data from children under 18. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this notice by instructing children never to provide personal data to us.

Parents and guardians may purchase products from us for their children, without providing personal information.

Sharing information outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Snipcart

Organisation name: Snipcart, Inc.
Category of recipient: Data processor
Country the personal information is sent to: Canada

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)

Stripe

Organisation name: Stripe , Inc.
Category of recipient: Data processor
Country the personal information is sent to: USA

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)

Databricks

Organisation name: Databricks, Inc.
Category of recipient: Data subprocessor
Country the personal information is sent to: Germany

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

March 09, 2026