SwissFlowIt SwissFlowIt

Importmate Privacy Policy

This Privacy Policy applies to the application Importmate (“Application”), developed and provided by SwissFlowIt, S.L. (“SwissFlowIt”). The Application operates within your ServiceNow instance and connects to a cloud processing service operated by SwissFlowIt to convert source documents (PDF, Word, Excel, and PowerPoint) into structured knowledge articles. The Application is designed to minimise the data it handles. It processes Service Usage Data necessary to monitor performance, facilitate support, and manage licensing, and it temporarily processes the Documents Submitted by the Customer for the sole purpose of conversion.

Applicability of this Privacy Policy

This Privacy Policy applies to Importmate, a ServiceNow application developed and provided by SwissFlowIt. It covers the collection and use of Service Usage Data generated when users access the Application, and the processing of Documents Submitted by the Customer through the Application for conversion into knowledge articles.

This Privacy Policy does not apply to:

  • The SwissFlowIt website (www.swissflowit.com), which has its own privacy policy.
  • The ServiceNow platform itself, which is governed by ServiceNow’s privacy policy.
  • Any third-party applications or services that may integrate with Importmate.
  • Any other SwissFlowIt products or services not specifically mentioned herein.

Information we collect

Importmate processes two distinct categories of information when users access and interact with the Application:

1. Service Usage Data

We collect the following Service Usage Data:

  • User sys_id: A 32-character unique identifier automatically generated by ServiceNow for the user record. On our side, it functions as a pseudonymous reference and is not combined with names, email addresses, or customer content. Within your organisation’s ServiceNow instance, the sys_id may be linkable to an individual via the user record.
  • Instance identifier: The ServiceNow instance in which Importmate is being used.
  • Conversion metadata: Technical metadata generated during the conversion of a document, such as file name, file size, file type, processing duration, and conversion status. This metadata is used to operate, troubleshoot, and meter the service.

2. Documents Submitted

When a user uploads a source document for conversion, the file content is transmitted to SwissFlowIt’s cloud processing service for the sole purpose of producing the corresponding knowledge article. SwissFlowIt acts as a processor of this content on behalf of the Customer (see “Identifying the Controller and Processor Roles” below). Documents submitted may contain personal data or confidential business information, depending on what the Customer chooses to upload. SwissFlowIt does not inspect, mine, or use the content of Documents Submitted for any purpose other than performing the requested conversion.

How we process your information and our legal bases for doing so

SwissFlowIt uses Service Usage Data and processes Documents Submitted to operate Importmate and our business. To the extent any of this information is considered personal data under applicable law, we process it under the lawful bases below.

  • Provide and maintain the Service. We process Service Usage Data and Documents Submitted to perform the document conversions requested by users, ensure availability, and troubleshoot issues. Legal bases: performance of a contract (with the Customer) and our legitimate interests in operating and improving the Service.
  • Security, integrity, and abuse prevention. We use Service Usage Data and limited technical signals from the conversion pipeline to monitor service health, detect anomalous or abusive activity, prevent fraud, and protect the Service and our Customers. Legal bases: our legitimate interests in securing the Service and, where applicable, compliance with legal obligations.
  • License and subscription administration. We process instance identifiers, conversion counts, and entitlement signals to verify license scope, meter usage, and support renewals or changes. Legal bases: performance of a contract (with the Customer) and our legitimate interests in administering subscriptions.
  • Service analytics and improvement. We use aggregated and de-identified usage indicators to understand adoption and reliability, prioritise improvements, and plan capacity. We do not use the content of Documents Submitted to train, fine-tune, or improve any artificial intelligence or machine learning model. Legal basis: our legitimate interests in developing and improving the Service in a manner that does not override individuals’ rights and freedoms.
  • Compliance and legal. We may process limited Service Usage Data to comply with applicable laws, enforce our agreements, and respond to lawful requests. Legal basis: compliance with legal obligations and our legitimate interests in protecting our rights.

Data retention

Documents Submitted. The content of Documents Submitted, including the original file and any intermediate artefacts produced during conversion, is processed on an ephemeral basis. Files are retained on the cloud processing service only for as long as is strictly necessary to perform the conversion and deliver the resulting knowledge article back to the Customer’s ServiceNow instance, after which they are deleted from the processing environment. SwissFlowIt does not maintain a persistent copy of Documents Submitted.

Service Usage Data. We retain Service Usage Data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including operating and securing the Service, administering the Customer’s subscription, and complying with legal obligations (if applicable). Because the Service Usage Data we control does not identify individual users and is limited to instance-level identifiers, conversion metadata, and pseudonymous references, we generally retain it for the duration of the Customer’s subscription and for a limited period thereafter to support deprovisioning, audit, and dispute resolution.

When retention is no longer necessary, we delete or de-identify Service Usage Data (if any remaining linkability exists). Individuals may request deletion of Service Usage Data that we control. We will honour such requests unless retention is required by law or necessary to establish, exercise, or defend legal claims.

Security

We take the security of data very seriously. Documents submitted are transmitted to the cloud processing service over encrypted connections (TLS), processed in isolated execution environments, and deleted after conversion. We use industry-standard safeguards and reputable cloud infrastructure providers under written agreements. While no system can be guaranteed 100% secure, we continually work to protect the information we process for Importmate against unauthorised access, loss, misuse, or disclosure.

To learn more about our current security practices for Importmate, please contact us at info@swissflowit.com.

When you connect to third-party services or follow links, you may be interacting with services we do not control. Those services are governed by their own terms and privacy policies.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the features of Importmate. When we make changes, we will post the updated Policy with a new effective date and encourage Customers to review it periodically to stay informed.

If a change materially affects privacy rights or how the Application processes information, we will provide additional notice through email to the Customer’s designated contact, before the changes take effect, unless immediate changes are required to meet legal or security obligations.

Your organisation’s continued use of Importmate after the effective date of an update constitutes acceptance of the updated Policy to the extent permitted by law. If you do not agree to the updated Policy, you may stop using Importmate and request uninstallation, and you may contact us with any questions.

We maintain prior versions of this Policy and will provide them upon request.

Data transfers

We host and process Service Usage Data and Documents Submitted with trusted cloud infrastructure providers under written agreements. The cloud processing service used to perform document conversions is provided by Modal Labs, Inc., which operates compute infrastructure in multiple regions. SwissFlowIt configures the processing environment to favour regions located in the European Economic Area (EEA) where technically feasible. We also operate an internal analytics environment under our control in Switzerland to visualise Service Usage Data for support and operational purposes.

Access to Service Usage Data and to the processing environment is restricted to authorised personnel in Spain and Switzerland and is logged, role-based, and limited to the purposes described in this Policy. We do not sell data or share it with third parties for their independent advertising or marketing purposes.

Where a transfer of Service Usage Data or Documents Submitted to a country outside the EEA, the United Kingdom, or Switzerland that is not covered by an adequacy decision is necessary for the conversion or operation of the Service, we rely on Standard Contractual Clauses or another approved transfer mechanism, apply appropriate supplementary safeguards, and update this Policy accordingly.

Who may access Service Usage Data and Documents Submitted

  • Our personnel: Access is limited to authorised employees and contractors who need it to operate the service and are bound by confidentiality obligations. Access to Documents Submitted is restricted to incident response and support situations and is performed only with the Customer’s prior consent or instruction.
  • Service providers (sub-processors): We use vetted cloud infrastructure and operational vendors to host and process Service Usage Data and Documents Submitted on our behalf under written agreements. The current sub-processor used to perform document conversions is Modal Labs, Inc. A current list of sub-processors is available on request and will be updated from time to time.
  • Legal and safety: We may disclose Service Usage Data if required by law or to protect the rights, property, or safety of our users, customers, or the public. Documents submitted will not be disclosed except where strictly required by a binding legal order, in which case we will, where lawful, notify the Customer in advance.
  • Business transfers: If we undergo a corporate transaction (e.g., merger, acquisition, or reorganisation), Service Usage Data may be transferred as part of that transaction, subject to this Policy.

We do not share Service Usage Data or Documents Submitted with third parties for their independent marketing purposes, and we do not use Documents Submitted to train artificial intelligence or machine learning models.

Identifying the Controller and Processor Roles

  • Customer Content in Your ServiceNow Instance. Your organisation is the data controller of the business content stored in its own ServiceNow instance, including the knowledge articles produced by Importmate after conversion. SwissFlowIt does not access this content in the ordinary operation of the Application. Any exceptional access for support or security would occur only upon the Customer’s request, under confidentiality obligations, and within the Customer’s environment, without extracting content. Accountability for any externally embedded content loaded in ServiceNow lies with the Customer.
  • Documents Submitted for Conversion. The Customer is the data controller of the Documents Submitted through Importmate for conversion. SwissFlowIt acts as a processor of the Documents Submitted, processing them solely on the documented instructions of the Customer for the purpose of producing the requested knowledge article and the related operational metadata. SwissFlowIt does not determine the purposes of this processing and does not use Documents Submitted for any independent purpose.
  • Service Usage Data for Importmate. SwissFlowIt is the data controller of the Service Usage Data described in this Policy. We engage contracted service providers as processors to host and process that data on our behalf under written agreements that include confidentiality and security obligations.

Your rights

Individuals in the EEA, the United Kingdom, Switzerland, Brazil, and other jurisdictions may have statutory rights in relation to their Personal Data. Importmate processes Service Usage Data and, on the Customer’s behalf, Documents Submitted that may contain personal data.

For Documents Submitted, requests to exercise data-subject rights (such as access, correction, deletion, restriction, or portability) should be addressed to the Customer that uploaded the document, as the Customer is the controller of that content. SwissFlowIt will assist the Customer in responding to such requests as required by applicable data protection law.

For Service Usage Data, and to the extent it is considered Personal Data in your jurisdiction, you (or your organisation) may have the right to request access, correction, deletion, restriction, or portability of that information, and to object to processing based on legitimate interests, subject to any exemptions provided by law.

Contacting SwissFlowIt

Please feel free to contact SwissFlowIt if you have any questions about this Privacy Policy or SwissFlowIt’s practices, or if you are seeking to exercise any of your statutory rights. We will respond within a reasonable timeframe. You can contact us at info@swissflowit.com or at our postal office at:

SwissFlowIt, S.L.
Calle Gutiérrez Herrero 52
33402, Avilés (Asturias)
Spain