1. Introduction
Shift is committed to protecting your personal data and complying with the Regulation (EU) 2016/679, i.e., General Data Protection Regulation ("GDPR"). This Privacy Policy explains how we collect, use, and safeguard your information. By using our app, you agree to the terms outlined in this policy.
2. Data Controller
The Data Controller for Shift mobile app is:
3. What Data We Collect
- Personal Data: Name, email address, phone number, and other account details.
- Technical Data: Device type, operating system, app version, IP address, and browser type.
- Usage Data: App usage patterns, interaction history, and feature engagement.
- Location Data: GPS location to provide personalized services (only with your consent).
- Communication Data: Messages or inquiries sent through the app or via customer support.
- Data from Other Sources: Information from public sources, security partners, and marketing vendors.
4. Legal Bases for Processing Data
- Consent: When you explicitly agree to specific processing activities.
- Contractual Obligation: To fulfill our contract with you.
- Legitimate Interests: For app improvements, fraud prevention, and security enhancements.
- Legal Obligation: To comply with applicable laws and regulations.
5. How We Use Your Data
- To operate, maintain, and improve our app.
- To process transactions and manage your account.
- To send notifications, updates, and relevant communications.
- To comply with legal and regulatory requirements.
- To analyze user behavior for app improvements (aggregated and anonymized where possible).
6. Sharing Your Data
- Service Providers: Trusted third parties that assist in providing services.
- Legal Compliance: To comply with laws, court orders, or requests from government authorities.
- Business Transfers: In the event of a merger, acquisition, or sale of assets.
7. Data Retention
We retain your data only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Upon expiration, data will be securely deleted or anonymized.
8. Your Rights Under GDPR
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data when no longer necessary.
- Restriction of Processing: Request to limit the processing of your data.
- Data Portability: Request your data in a machine-readable format.
- Objection: Object to data processing based on legitimate interests or direct marketing.
- Withdraw Consent: Withdraw your consent for processing activities at any time.
9. Data Security
We take appropriate technical and organizational measures to protect your data against unauthorized access, loss, or alteration. However, no system is entirely secure, and we encourage you to use the app responsibly.
10. International Data Transfers
If your data is transferred outside the EU/EEA, we ensure it is protected using appropriate safeguards, such as:
- Standard contractual clauses approved by the European Commission.
- Adequacy decisions for specific countries.
11. Automated Decision-Making
We do not engage in automated decision-making or profiling that significantly affects your rights.
12. Third-Party Links
Our app may include links to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their policies.
13. Changes to This Privacy Policy
We may update this policy periodically. Changes will be communicated through the app, and the updated policy will indicate the effective date.
14. Contact Information
If you have questions, concerns, or wish to exercise your rights, please contact us using the following details:
15. Authorities
The supervisory authority responsible for overseeing our compliance with data protection obligations is the Data Protection Inspectorate of the Republic of Estonia (Andmekaitseinspektsioon).