Effective Date: October 9, 2025
Last Updated: October 9, 2025
At SwiftBuyHub.com we respect your privacy and are committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your data when you visit swiftbuyhub.com, subscribe to newsletters, engage with travel blogs, or interact with affiliate links.
By using the Site, you consent to the practices described here. If you disagree, please do not use the Site. We may update this Policy; the date above shows the current version. Continued use after changes means acceptance.
1. Scope and Compliance
This Policy applies to all visitors, users, and subscribers, including those in the European Economic Area (EEA), United Kingdom (UK), California, and other U.S. jurisdictions.
We comply with:
GDPR and UK GDPR (EU/UK data protection).
CCPA/CPRA (California Privacy Rights Act, including 2025 updates on sensitive data and opt-outs).
CAN-SPAM Act (U.S. email marketing).
Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar state laws.
Other applicable laws (e.g., FTC guidelines for affiliates).
We act as the data controller for data we collect directly.
2. Information We Collect
Personal Information You Provide
Email and Name: For newsletter subscriptions or contact forms.
Preferences/Interests: Travel details shared voluntarily (e.g., via comments, surveys).
We do not collect sensitive personal information (e.g., health, racial origin, biometric data) unless you explicitly consent for specific purposes (e.g., accessibility accommodations).
Automatically Collected Information
Device/Usage Data: IP address, browser type, OS, pages viewed, referral sources, session duration.
Approximate Location: From IP for content personalization (no precise geolocation without consent).
From Third Parties
Affiliate Partners: Anonymized click/conversion data only.
Analytics Tools: Aggregated insights (e.g., Google Analytics).
Social Media: Limited profile data if you log in/share (per your platform settings).
3. How We Use Your Information
We use data to:
Deliver blog content, personalized travel recommendations, and newsletters (with consent).
Track affiliate performance (anonymized).
Analyze and improve Site functionality/security.
Send promotional emails (opt-in only; see CAN-SPAM below).
Comply with laws and protect our rights.
We do not sell personal data. Aggregated/de-identified data may be used for research. No automated decision-making or profiling occurs (per GDPR Article 22).
4. Legal Bases for Processing (GDPR/UK GDPR)
Consent: Marketing emails, cookies, non-essential tracking.
Contract: Fulfilling subscriptions.
Legitimate Interests: Analytics, fraud prevention, Site security (balanced against your rights).
Legal Obligation: Record-keeping/reporting.
5. Sharing Your Information
We share only as needed:
Service Providers: Email (e.g., Mailchimp), analytics, hosting—bound by confidentiality and data processing agreements (DPAs).
Affiliate Partners: Anonymized data for commissions; their policies apply post-click.
Legal Requirements: Court orders, subpoenas, or authority requests.
Business Transfers: Mergers/acquisitions (with notice).
We do not “sell” or “share” data for cross-context behavioral advertising under CCPA. Opt out via our footer link (“Do Not Sell or Share My Personal Information”) or Global Privacy Control (GPC) signal.
CAN-SPAM Compliance: Commercial emails include our physical address, clear “unsubscribe” links (processed within 10 days), and accurate headers. No deceptive subject lines.
6. Cookies and Tracking
See our Cookie Policy for details on cookies, pixels, and controls. We obtain explicit consent for non-essential uses and honor DNT/GPC signals.
7. Your Privacy Rights
Rights vary by location but include:
Access, Correction, Deletion: Request your data or erasure (“Right to Be Forgotten,” subject to exceptions).
Restriction/Objection: Limit processing or object (e.g., to marketing).
Portability: Receive data in a structured format.
Withdraw Consent: Anytime (e.g., unsubscribe, cookie settings).
GDPR/UK GDPR Specifics: Object to automated decisions (none used); complain to your authority (e.g., ICO, CNIL).
California (CCPA/CPRA): Know categories of data collected/sold/shared; request deletion; non-discrimination for rights exercise. Confirm no sales/sharing.
Other States: Similar rights under VCDPA/CPA (e.g., opt-out of targeted ads).
Submit requests to privacy@swiftbuyhub.com with verification (e.g., email match). We’ll respond in 30–45 days (extensions possible). Agents need proof of authority.
8. Data Retention
Emails/Preferences: Until unsubscribe or 12 months after last interaction (2025 CCPA default).
Analytics: Up to 26 months (anonymized).
Compliance Records: Up to 7 years (legal minimum).
Data is securely deleted/anonymized beyond these periods.
9. Data Security
We use SSL encryption, access controls, firewalls, and audits. No system is foolproof—use at your risk. Breaches trigger notifications (e.g., GDPR 72 hours to authorities; 60 days to CA users).
10. International Data Transfers
Data may be processed/stored in the U.S. or EEA. For EEA/UK: Standard Contractual Clauses (SCCs) or adequacy decisions. Request safeguards via email.
11. Children’s Privacy
Not for under-13s (COPPA) or 16s (GDPR). No knowing collection from minors—delete if discovered. Parents: Contact us for removal.
12. Third-Party Links/Affiliates
Links to external sites (e.g., booking platforms) are not our responsibility. Review their policies.
13. Updates
Posted here; material changes emailed to subscribers.