Swetrix

Audited

Designated DPO or GDPR correspondent

Compliant
Partially Compliant
Not Compliant

Swetrix doesn't mention having a DPO or GDPR correspondent but has a privacy dedicated email contact available on its website: contact@swetrix.com.

Privacy Policy

Compliant
Partially Compliant
Not Compliant

Regarding website and cloud: https://swetrix.com/privacy

Country & Type of Data storage

Compliant
Partially Compliant
Not Compliant

Company Headquarters:

Ukraine

Storage Facilities:

Analytics data is stored in German by US cloud provider Cloudflare.

Data transfers outside the EU

Compliant
Partially Compliant
Not Compliant

Data is deemed not transferred outside the EU.

If ever, Swetrix commits only to transferring personal data outside the EU if adequate security controls are in place.

Legal tools for Subcontractors

Compliant
Partially Compliant
Not Compliant

Subcontractors are subjects to the same protection level as set out in Swetrix’s Privacy Policy: https://swetrix.com/privacy 

Swetrix has made public its list of subprocessors: https://swetrix.com/privacy 

Swetrix doesn’t specify if written contracts are signed with subcontractors, nor if they inform controllers about adding a new subcontractor to the analytics service.

Data Breach Notification

Compliant
Partially Compliant
Not Compliant

Swetrix doesn’t mention directly notifying controllers of a data breach in a determined delay, nor providing assistance to controllers to notify the breach to the Supervisory authority.

Right Requests Process

Compliant
Partially Compliant
Not Compliant

Swetrix doesn’t mention providing assistance to controllers in case of a data subject's right request.

Data Privacy Impact Assessment

Compliant
Partially Compliant
Not Compliant

Swetrix doesn’t specify having conducted DPIAs or providing assistance to controllers if needed.

Employee Trainings

Compliant
Partially Compliant
Not Compliant

Swetrix doesn't mention employee training or submission to NDAs.

Security Policy

Compliant
Partially Compliant
Not Compliant

Swetrix doesn’t mention having a security policy.

Organizational and Technical Security Measures

Compliant
Partially Compliant
Not Compliant

Server security:

Cloud security relying on Cloudflare.

Other measures:

Data pseudonymisation (salted hash), data backups, data encryption.

Data Encryption

Compliant
Partially Compliant
Not Compliant

Data is encrypted in transit (HTTPS).

Restriction of access

Compliant
Partially Compliant
Not Compliant

Swetrix doesn’t mention any specific restrictions of access to personal data.

Reuse of data

Compliant
Partially Compliant
Not Compliant

Swetrix doesn’t reuse personal data, nor sell it.

Exemption of cookie consent

Compliant
Partially Compliant
Not Compliant

YES, Swetrix analytics script is fully cookieless.

Submission to Cloud Act/FISA

Compliant
Partially Compliant
Not Compliant

NO, data is hashed and not stored on servers more than 30min.