Privacy Policy

1 Scope of This Policy

This Privacy Policy applies to all visitors of swiftsurge.autos, prospective and current clients, partners, and any individual whose personal data we may process in the course of our business operations. It covers data collected through our website, email communications, service delivery platforms, and any other touchpoints where we interact with you. Where our services involve processing data on behalf of a client, that client remains the data controller and their own privacy policy governs that processing.

2 Information We Collect

We collect information that you voluntarily provide to us and information that is automatically generated when you access our website or use our services.

Information you provide: When you contact us through our website, email, or phone, you may provide your name, email address, phone number, company name, job title, and details about your project or inquiry. If you enter into a service agreement with us, we may collect billing information, tax identifiers, and authorised representative details necessary for contract performance.

Information collected automatically: When you visit swiftsurge.autos, our servers log standard technical data including your IP address, browser type and version, operating system, referring URL, pages viewed, and the date and time of each request. We use this data for system administration, security monitoring, and to understand how our website is used so we can improve it.

3 How We Use Your Information

We use the information we collect for the following purposes:

• To respond to your inquiries, provide quotations, and communicate with you about our services
• To perform our contractual obligations under service agreements, including system design, integration, and managed operations
• To send administrative communications such as service updates, security notices, and billing information
• To improve and maintain our website, ensure its security, and prevent fraudulent access
• To comply with legal obligations, including record-keeping requirements and lawful requests from regulatory authorities
• To analyse usage patterns and improve our service offerings, using aggregated or anonymised data where possible

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you. Where we use your data for a purpose not listed here, we will obtain your consent in advance where required by applicable law.

4 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our processing of your personal data is based on the following lawful grounds:

• Consent: Where you have given clear consent for us to process your data for a specific purpose, such as receiving marketing communications. You have the right to withdraw this consent at any time.
• Contractual necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes handling service inquiries and delivering our systems integration services.
• Legitimate interests: Where processing is necessary for our legitimate business interests, such as improving our services, ensuring network security, and managing our business operations. We balance these interests against your privacy rights and do not process data where your interests override ours.
• Legal obligation: Where processing is necessary to comply with a legal or regulatory obligation to which we are subject.

5 Data Sharing and Disclosure

We do not sell your personal data to third parties. We share your information only in the following circumstances:

• Service providers: We engage trusted third-party service providers who process data on our behalf for purposes such as cloud hosting, email delivery, payment processing, and analytics. These providers are contractually bound to process data only in accordance with our instructions and to implement appropriate security measures.
• Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or where such disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will notify you of such a change and any choices you may have regarding your data.

Where we transfer data to service providers located outside the European Economic Area, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

6 Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our security monitoring. Cookies are small text files stored on your device by your web browser.

Types of cookies we use:

• Strictly necessary cookies: These are essential for the operation of our website and enable core functionality such as security and network management. They do not require your consent.
• Analytics cookies: We use these to understand how visitors interact with our website, which pages are most frequently visited, and how users navigate between pages. This data is collected in aggregate form and is used solely to improve our website.
• Functional cookies: These enable enhanced functionality and personalisation, such as remembering your preferences. They are set only with your consent.

You can control cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our website. We do not use cookies for advertising or tracking across third-party websites.

7 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

• Inquiry and prospect data: Retained for the duration of our engagement and up to 24 months after our last communication, unless you request earlier deletion.
• Client data: Retained for the duration of the contractual relationship and for a period of up to 7 years after the termination of the agreement to comply with legal and tax record-keeping obligations.
• Website logs: Retained for up to 12 months for security analysis and system administration purposes.

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

8 Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher for all web traffic
• Encryption of data at rest using industry-standard algorithms
• Access controls based on the principle of least privilege, with multi-factor authentication for administrative access
• Regular security assessments, vulnerability scanning, and penetration testing of our systems
• Employee training on data protection and privacy practices
• Incident response procedures to address and report data breaches in accordance with applicable legal requirements

While we strive to protect your data, no method of transmission or storage is completely secure. We encourage you to use appropriate security measures when communicating with us.

9 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under the General Data Protection Regulation (GDPR) for individuals in the European Economic Area:

• The right to access your personal data and obtain a copy of the information we hold about you
• The right to rectify inaccurate or incomplete data
• The right to erasure (the right to be forgotten) in certain circumstances
• The right to restrict processing of your data
• The right to data portability, allowing you to receive your data in a structured, commonly used format
• The right to object to processing based on legitimate interests or for direct marketing
• The right not to be subject to automated decision-making that produces legal effects

Under the California Consumer Privacy Act (CCPA) for California residents:

• The right to know what personal information we collect, use, share, and sell. We do not sell your personal information.
• The right to delete personal information we have collected from you, subject to certain exceptions
• The right to opt out of the sale of personal information. We do not sell personal information.
• The right to non-discrimination for exercising any of your CCPA rights

To exercise any of these rights, please contact us at vas-us@swiftsurge.autos. We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request.

10 Children’s Privacy

Our services are directed at businesses and professional organisations. We do not knowingly collect personal information from individuals under the age of 16. If you believe that a child has provided us with personal data, please contact us immediately so that we can take steps to delete that information. If we become aware that we have collected personal data from a child without verification of parental consent, we will delete that data promptly.

11 International Data Transfers

As a global company serving clients across multiple jurisdictions, we may transfer your personal data to countries outside the country where you are located, including to our headquarters in China and to our service providers in other jurisdictions. Where such transfers involve data subjects in the European Economic Area, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses adopted by the European Commission, or equivalent transfer mechanisms recognised under applicable law.

Our website is hosted on infrastructure that may be distributed across multiple regions. By submitting your personal data to us, you acknowledge that your data may be transferred, stored, and processed in locations outside your country of residence.

12 Third-Party Links

Our website may contain links to third-party websites, plug-ins, and services that are not operated by us. This includes links to client websites, technology partners, and industry resources. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational circumstances. When we make material changes, we will update the date at the top of this page and may notify you through our website or by email if we have your contact information. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

14 Governing Law and Disputes

This Privacy Policy is governed by and construed in accordance with the laws of the People’s Republic of China, without regard to its conflict of laws principles. For data subjects in the European Union, additional protections under the GDPR shall apply where they afford greater rights. Any disputes arising out of or relating to this Privacy Policy shall be resolved through good faith negotiation. If a resolution cannot be reached, the dispute shall be submitted to the competent courts of Xi’an, Shaanxi Province, China.

15 Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Swift Surge
c/o Shaanxi Chuangchaoyangfeng Network Technology Co., Ltd.
No. 621, Xinhua Bookstore, Yongfeng Village, Yongle Town
Jinghe New City, Xixian New District
Xi’an City, Shaanxi Province, 710000
China

Email: vas-us@swiftsurge.autos
Phone: +1 (934) 949-5283

If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates applicable law.