Your privacy is important to us. Shift is committed to protecting the rights of individuals in line with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (GDPR), the EU US Data Privacy Framework, as well as other applicable data protection laws and regulations.
For certain uses of the Website, you may be asked to provide personal data. When this occurs, we will indicate what types of personal data are required. You may choose not to submit the requested data, but this may limit your access to the Website services.
1. Data Controller
For the collection and processing of personal data under this Privacy Notice, the data controller is:
Shift Technology, a simplified joint stock company, whose registered office is located at 2-14 rue Gerty Archimède – 75012 Paris, registered with the Paris Trade and Companies Register under number 791 862 618 (Shift).
2. What Personal Data do we collect?
When you use the Website, Shift will collect the personal data you provide us, including personal identification information (e.g. name, email address, location, phone number, etc.).
In addition to the personal data you provide to Shift , Shift may collect, record and process additional data, including personal data, generated as a result of using the Website. This may include the following types of data:
- Data from the used equipment, such as a unique device ID, version of the operating system and settings of the device you use to access a service;
- Information about the use of a service, such as the time at which you use the service and the type of service that is used;
- Location details from your device or derived from your IP address that is provided to us when you use a particular service;
- Data available from external sources. We may receive information about you from public or commercially available sources.
3. How do we collect your data?
You directly provide Shift with most of the data we collect when you use the Website. In particular, we collect data and process data when you:
- Fill in the “Contact Us” form;
- Send us an email;
- Share the webpages of our Website on social media platforms;
- Request to receive information;
- Download files on the Website (such as white papers, reports);
- Register on the Website or request a demo;
- Voluntarily complete a customer survey or provide feedback on any message board or via email; or
- Use or view the Website via your browser’s cookies.
Shift Technology may also receive your data indirectly from publicly accessible sources (e.g. Google, LinkedIn) or non-publicly accessible sources (e.g. Greenhouse, Seamless.AI, HubSpot, Wisepops, WordPress).
4. How will we use your data?
- Website Browsers / Administration. We use your Personal Data for administrative purposes, including to help us better understand how visitors access and use our Website and applications; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.
- To the extent permitted by law and as described under Section 9 (Marketing) below, we may use your Personal Data for marketing and promotional purposes, including communications through email or equivalent electronic means. For example, we use your Personal Data, such as your email address for news and newsletters, research, event updates, product data, and to otherwise contact you about services or information we think will interest you.
- Communication. We use your Personal Data to communicate with you, including responding to requests for assistance, information, newsletter, or career information. We may communicate with you in a variety of ways, including email, via your social media accounts if you have agreed, and/or text message.
- Customer service. We use your Personal Data for customer service purposes, including providing services to you, for technical support or other similar purposes and to establish and maintain customer accounts.
- Research and development. We use your Personal Data for research and development purposes, including improving our Website, applications, services, and customer experience and for other research and analytical purposes dedicated to improving our products, services, businesses, operations and processes.
- Legal compliance. We use your Personal Data to comply with applicable legal regulations, including responding to an authority or court order or discovery request.
- No automated decisions. There is no fully automated decision making by Shift based on your personal data.
- Sale of Personal Information. Our policy is that we do not sell and will not sell your personal information, unless you give us your consent or direct us to do so. In the preceding twelve months we have not sold personal information.
5. What is the basis for processing your Personal Data?
We process your Personal Data in accordance with the provisions set out in the GDPR and other applicable Data Protection laws and regulations. The legal basis for processing your Personal Data are:
- To comply with contractual obligations or to take steps at your request before entering into a contract. When you subscribe to a particular service through the Website, the purposes of processing your Personal Data are primarily determined by that service and we will process your information so that we may provide that service to you, assist you and answer your requests, or evaluate if we can offer you a product or service and under which conditions. In this respect, the purpose of the contact form, is to establish a relationship. The legal basis for this processing is the execution of a contract or pre-contractual measures. If you decide not to provide us with the data necessary to establish contact, we shall be unable to contact you for this purpose.
- As a result of your consent. When you have consented to the processing of your Personal Data by us for certain purposes through the Website, for instance through the Contact Form or the subscription to our newsletter. However, if we need to carry out further processing for purposes other than those for which you provided us with your consent, we will inform you and, where necessary, obtain your consent. You may withdraw your consent at any time. For further information on the right of withdrawal, please see Section 10 (What are your data protection rights?) below.
- Within the scope of a legitimate interest. On occasion, where we have a legitimate interest to process your data, we may not need your consent to do so, however, we must inform you that we do this; examples of this are for:
- The analysis and optimisation of the Website;
- Ensuring IT security and the operation of Shift Technology’s IT;
- Prevention and investigation of criminal acts.
- On the basis of Shift Technology’ legal obligations or in the public interest. In some cases the processing of your Personal Data will be necessary for Shift Technology to fulfil legal or public interest obligations.
6. How do we store your data?
For transfers to non-EEA countries whose level of protection has not been recognized by the European Commission as adequate, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you, such as when making an international payment) or implement the Standard Contractual Clauses implemented by the European Commission.
7. Who will receive your data?
We communicate your Personal Data only to identified and duly authorized recipients. These include:
- Affiliates and subsidiaries of the Shift Technology group of companies (Shift Group);
- Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
External providers performing services on Shift Technology’s behalf.
8. For how long will your Personal Data be stored?
Your data will be kept for the duration of our relationship (for example until you unsubscribe to a newsletter) and kept for a maximum of two years after the end of this relationship. For prospects and personal Data sent through online forms, information is kept for two years. For any other data and/or purposes, your personal data are retained only for the time necessary to achieve the purpose for which such personal data were collected and for any required or permitted period under applicable laws. Once the applicable time period has expired, we will delete your data by including it in batches of data to be flagged for deletion after the relevant time period.
9. Marketing – Commercial prospection
For sending commercial solicitations by email on products similar to those ordered by customers: the legal basis of the processing is the legitimate interest of Shift Technology (Cf. article 6.1.f) of the GDPR), namely to promote our products to our customers.
For sending commercial solicitations by e-mail on other products offered by Shift Technology: the legal basis of the processing is the consent (Cf. article 6.1.a) of the GDPR), as required by article L. 34-5 of the French Post and Electronic Communications Code.
If we use electronic prospecting, your consent will be required, except if you are already a customer and the commercial prospecting deals with products similar to those we already provide you with.
If you have agreed to receive marketing communications, you may always opt out at a later date. You have the right at any time to stop Shift from contacting you for marketing purposes or giving your data to other members of the Shift Group. If you no longer wish to be contacted for marketing purposes, please contact us at: email@example.com.
10. What are your data protection rights?
Shift would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access– You have the right to request copies of your personal data that Shift holds.
- The right to rectification– You have the right to request that Shift correct any information you believe is inaccurate. You also have the right to request Shift to complete any information you believe is incomplete.
- The right to erasure– You have the right to request that Shift erase your personal data, under certain conditions.
- The right to restrict processing– You have the right to request that Shift restrict the processing of your personal data, under certain conditions.
- The right to object to processing– You have the right to object to Shift processing your personal data, under certain conditions.
- The right to data portability– You have the right to request that Shift transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to decide what happens to your personal data after your death.You have the right to give instructions regarding the storage, deletion and disclosure of your personal data after your death.
(Collectively a Data Subject Access Request or DSAR)
If you make a DSAR, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at: firstname.lastname@example.org
Or write to us: Shift Technology – Attn. Data Protection Officer. 2-14, rue Gerty Archimède, 75012 Paris, France.
12. Third Party Privacy Notices
Shift keeps its Privacy Notice under regular review and places any updates on this Website. This Privacy Notice was last updated on July 26, 2023.
14. How to contact us
If you have any questions about Shift’s Privacy Notice, your personal data that we hold, or you would like to exercise one of your DSAR rights, please contact our Data Protection Officer:
- By email at: email@example.com, or
- By mail: Shift Technology – Attn: Data Protection Officer. 2-14, rue Gerty Archimède, 75012 Paris, France.
15. Contact the appropriate authority
Should you wish to report a complaint or if you feel that Shift has not addressed your concern in a satisfactory manner, you may contact the Commission Nationale de l’Informatique et des Libertés (“CNIL”) the French data protection supervisory authority or another competent data protection supervisory authority. The CNIL may be contacted at the following address:
A l’attention du service des plaintes
3 Place de Fontenoy
75334 PARIS CEDEX 07