Last updated: February 25, 2019
We understand the importance of protecting personal information. For this reason, we strive to have business procedures and safeguards in place to protect personal information under our control.
This Policy also governs personal information collected about Users (“you” or “your“) during the use of the Shift website(s), Shift Tools Platform, and/or other related applications or services (collectively the “Service“). This Policy explains how we use and disclose personal information collected from people who use the Service.
By accessing or using the Service, by completing the registration form, by clicking or tapping on a button indicating your acceptance of this Policy, and/or by executing a document that references this Policy, you are providing your consent for the collection and use of your personal information as laid out in this Policy. You have the right to withdraw your consent at any time by contacting firstname.lastname@example.org
In compliance with the Privacy Shield Principles, SHIFT commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SHIFT email@example.com.
SHIFT has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
We collect information relating to you and your use of the Service from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with the Service, or from third-parties.
Shift may also use information provided by Users to create de-identified data aggregated for benchmarking or to improve our Service.
Unless required or authorized by law, Shift will not use User’s personal information for any other or new purpose without obtaining prior consent.
Your information will never be sold. Ever.
To provide you with our Service, we work with third-party providers to help improve the Service. There will be instances where we process your information using these third-party services and tools in order for us to offer our Service to you. We will only provide these third-parties the minimal amount of information required to operate our business and provide our Service to you, and only in the ways that are described in this Policy. Examples of our service providers include: hosting services; project management software; email service providers; system monitoring services; customer support services; and website analytics. These companies are only authorized to use your personal information as necessary for us to provide our Service to you.
We will notify individuals when their personal information may be disclosed to third parties, if practicable. We will not disclose personal information to third parties except when required by law or when the individual has given his or her consent for such disclosure, or when reasonable assurances are given that the personal information will be legitimately processed and appropriately protected in accordance with the Privacy Shield Principles.
In most cases, the information that we disclose to our staff or service providers will be directly necessary to provide our Service to you. However, there may be occasions where we need to disclose your personal information to other third-parties or for other purposes, including to:
When we disclose your personal information to third-parties such as our suppliers, we sign confidentiality and data processing agreements with them to ensure they maintain confidentiality and have privacy and security standards to protect your personal information. We require third party controllers and agents to at least comply to the same level of privacy protection as is required by Privacy Shield Principles.
We may share aggregated de-identified data for any purpose. For example, we may share aggregated de-identified data with customers, prospects, partners for business or research purposes, such as our survey benchmarks.
No method of electronic transmission or storage is 100% secure, and we cannot ensure or warrant the absolute security of any information you transmit or store in the Service. But the security of your information is of paramount important to us. Shift uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information, once we receive it. We continuously and regularly back up your data to help prevent data loss and aid in data recovery. We strive to protect your data by encrypting it in transmission using industry standard protocols, and implementing access restrictions on our services to secure our network and servers. We protect your password by one-way encrypting it with salt so even we don’t know it.
In the event that personally identifiable information is compromised as a result of a breach of security, Shift will promptly notify those persons whose personally identifiable information has been compromised or as otherwise required by applicable law.
We will retain your personal information for as long as is necessary to provide the Service to you, or to comply with our legal obligations, resolve disputes, and enforce our legal rights.
If you would like to access or rectify your information and/or request deletion of information we collect about you, or restrict or object to the processing of your information, please contact us using the contact information below.
Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. You may of course decline to submit personal information through the Service, in which case Shift may not be able to provide certain services to you.
If you are dissatisfied with the way we process your information, you may lodge a complaint with the data protection authority (“DPA”) in your jurisdiction, and you have the possibility, under certain conditions, to invoke binding arbitration.
We are committed to ensuring that all transfers of your personal information are and will be in compliance with the required international data transfer standards. Information we collect is transferred and stored in our servers in the United States. Shift engineers may access this data for support, product development, and quality assurance. Whenever we transfer your information, we take steps to protect it.
Protecting the privacy of young children is especially important. Our Service is not directed to persons under the age of 16. Shift does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register with the Service. If we become aware that we have collected personal information from a child under the age of 16 without verification of parental consent, we take steps to remove that information. If you believe that we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org