This Privacy Policy was last revised and shall become effective as of December 7, 2023.
This website (the “Site”) is an Internet property of Shift Technologies Inc., and its affiliated companies ("Shift", “our”, "we" or "us"). Shift is committed to protecting your privacy. We have prepared this privacy policy ("Privacy Policy") to describe to you and to outline our practices and policies associated with any information that we may collect from you, or that you may share with us when you access and use the Site, and through your use of the Shift software application(s) (the “Software”), or use any related products, content, and/or services being made available to you through the Site and/or the Software (the “Related Materials”).
We hope you read this entire Privacy Policy. However, if you’re in a hurry, here is a brief overview of the most important points:
BY ACCESSING THE SITE OR USING THE SHIFT SOFTWARE APPLICATION(S), YOU AGREE TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY IN ITS ENTIRETY.
In certain jurisdictions, the processing of your Personal Data (as defined below) is lawful only if it is permitted under data protection legislation. In this case, we have a lawful basis for each of our processing activities (unless an exemption applies) as outlined below:
When you access the Site, install the Software on your computer system, register for any associated products and/or services, or use the Software and/or Related Materials in any way, we may collect Personal Data and Anonymous Data from you. We may also collect Personal Data and Anonymous Data when you send us information or communications.
“Personal Data” means data that allows someone to identify or contact you including, for example, and without limitation:
Personal Data may be used for when you (i) access the Site; (ii) install the Software; (iii) use any of the Software or any associated products and/or services; or (iv) when you use any of the Related Materials. Shift does not knowingly collect any sensitive personal data or any data defined under special categories under Applicable Data Law (as defined below).
We may also use Personal Data for the following purposes:
If and when we use a third-party payment processing merchant, third-party technical support provider, third-party technology provider, or third-party hosting provider, we ensure that the same privacy criteria, as defined herein with respect to Personal Data, are in place with such third parties. We do not (knowingly) collect personal information from minors or children. “Minors” or “children” are individuals under the age of thirteen (13), or under such age as defined under Applicable Data Law.
“Anonymous Data” refers to data about you that is not associated with or linked to your Personal Data. Anonymous Data does not permit the identification of individual persons. If and when we use a third-party technical support provider or third-party hosting provider, we ensure that the same privacy criteria as defined herein with respect to Anonymous Data are in place with such merchant.
To make the Site, the Software, and any Related Materials more useful to you, our servers (which may be hosted by a third-party service provider) may collect Anonymous Data from you such as web browser type, operating system type and version, domain name, Software version, Software usage and statistics, and/or a date/time stamp of your visit. We may use cookies and navigational data like Uniform Resource Locators (URL) and referring URLs to gather information regarding the date and time of your visit or the domain from which you downloaded the Software. We may use Anonymous Data for market research purposes and to improve our products and services, the Site, the Software, and any Related Materials.
We may share Anonymous Data with our affiliated companies, selected third parties, and business partners, however, we will not share any Anonymous Data if such information is, contains, or will be linked to your Personal Data, unless we have given you notice, as described in this Privacy Policy, and you have given us authorization to do so. Shift will use Personal Data, including IP addresses, to identify users of the Site, the Software, and Related Materials if and when we feel it is necessary to enforce compliance with the Site’s policies, or to protect our products and services, the Software, the Related Materials, the Site, or other users of the Site, Software, and/or Related Materials.
We reserve the right to send you notices of any updates to the Site, the Software, the Related Materials, our Software End User License Agreement, and our Privacy Policy.
“Application Data” refers to data about how you use the Software and/or Related Materials. The Software and Related Materials may collect certain information from you including, but not limited to user IP addresses, geolocation, OS version, OS localization, version of the Software, localization of the Software, device, bug reports, etc. The Software obtains this information as a result of data being sent to our servers from our software “agent” embedded in the Software, the Related Materials, or on the website that you are accessing. The Software may collect certain Application Data from your computer(s) that may be deemed Personal Data under applicable law. Application Data we collect is primarily used to report application usage and statistics, improve the Software, the Related Materials, and track the performance of various marketing initiatives. Application Data may also be used by Shift to answer questions that customers have about their use of the Software and/or Related Materials. We will only use Personal Data in accordance with this Privacy Policy. We will not use any Application Data that may be deemed as Personal Data for any other purposes unless you authorize such use with your affirmative consent.
We will never sell, trade, or rent any Personal Data, or any Anonymous Data that may contain Personal Data, to any third party.
In certain special cases, we may use, retain, or disclose your Personal Data when we have reason to believe that using, retaining, or disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury to you, or otherwise injuring or interfering with Shift's rights, property or operations, other Shift users, or anyone else who could be harmed by such activities. We may also use, retain, or disclose your Personal Data when we believe the law requires it, or in response to any demand by law enforcement authorities in connection with a criminal investigation, or civil or administrative authorities in connection with a pending civil case or administrative investigation.
If we determine, in our sole discretion, that you have engaged in conduct which might be considered, unlawful, fraudulent, or which might harm or damage the reputation or standing of Shift with either the general public or with a business partner or potential business partner of Shift, we reserve the right to release your Personal Data to such persons or third parties as we consider necessary in order to prevent you from causing injury to, or otherwise injuring or interfering, now or in the future, with Shift's rights, property or operations or otherwise the rights, property or operations of anyone else who could be harmed by such conduct.
We offer you choices regarding the collection, use, and sharing of your Personal Data. If you opt in to receive Shift newsletters, we will periodically send you such newsletters and emails that directly promote the use of the Site, the Software, the Related Materials, and/or other products, goods, services, software applications, and/or software extensions that may be of interest to you. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive, or by contacting us directly (please see contact information below). Should you decide to opt-out of receiving future mailings from us, you may continue to receive future mailings from third parties that you have requested to receive information from. If you do not wish to receive future communications from third-party providers, you should notify them directly of your choice regarding their use of your Personal Data. To opt-out of having future third-party marketing communications sent to you, you will be required to unsubscribe with the applicable third-party providers. Despite your request to no longer receive future newsletters or promotional and marketing communications from us, we reserve the right to continue to send you notices of any updates to the Site, the Software, the Related Materials, the Software End User License Agreement, and this Privacy Policy.
We may also share Personal Data with our affiliated companies for customer support, marketing, and technical operations purposes.
For the purposes of this Privacy Policy, the term “Applicable Data Law” shall mean all data protection and privacy laws, regulations and self-regulatory codes applicable to the personal data in question, including, where applicable and without limitation, the CPRA, the CPA, the CTDPA, the UCPA, the VCDPA, European Data Law, the LGPD, and all FTC guidelines and any other applicable laws, rules and regulations with respect to data privacy.
“CPRA” as used herein means the California Privacy Rights Act (formerly, CCPA (California Consumer Privacy Act)), as amended, including without limitation any and all applicable implementing regulations. “CPA” as used herein means the Colorado Privacy Act, as amended, including without limitation any and all applicable implementing regulations. “CTPDA” as used herein means the Connecticut Data Protection Act, as amended, including without limitation any and all applicable implementing regulations. “UCPA” as used herein means the Utah Consumer Privacy Act, as amended, including without limitation any and all applicable implementing regulations. “VCDPA” as used herein means the Virginia Consumer Data Protection Act, as amended, including without limitation any and all applicable implementing regulations. “European Data Law” as used herein shall mean, without limitation, (i) the EU General Data Protection Regulation (“EU GDPR”); (ii) the EU e-Privacy Directive; (iii) the United Kingdom’s European Union (Withdrawal) Act (“UK GDPR”); (iv) the Swiss Federal Act on Data Protection (“Swiss DPA”); and (v) any and all applicable national laws made under or pursuant to (i), (ii), (iii) and (iv); in each case as may be amended or superseded from time to time. “LGPD” as used herein means the Lei Geral de Proteção de Dados, as amended, including without limitation any and all applicable implementing regulations as may be amended or superseded from time to time. “Israeli Law” means Israeli Privacy Protection Law, the regulations promulgated pursuant thereto, including the Israeli Privacy Protection Regulations (Data Security), and other related privacy regulations, as may be amended or superseded from time to time.
In accordance with Applicable Data Law, you have the following rights in respect of your personal information that we collect and hold:
If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy. You also have the right to lodge a complaint to your local data protection authority.
In accordance with Applicable Data Law, you have certain rights with respect to the processing of your personal information. Under Applicable Data Law, you have a right to request that we provide you with the following:
You also have a right to request that we update or delete personal information under certain circumstances, subject to certain exceptions and requirements. If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy.
We reserve the right to limit or deny your request to view, update, or remove your Personal Data if you have failed to provide us with sufficient information to verify your identity.
A cookie is a small piece of text that is sent to your web browser by the Site. The cookie helps the Site remember information about your visit, which makes your next visit to the Site easier and the Site more useful to you. We also use cookies to count how many visitors we receive to a page on the Site. No personally identifiable information is collected or stored by Shift during this process. We may use your IP address to identify your general location for traffic monitoring purposes. If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. You are not required to accept cookies, however, if your browser rejects our cookies you may not be able to use all of the Site functionality.
If you opt-out of having your information collected through cookies and other web technologies, your existing display advertising cookie(s) will be deleted and a new cookie will attempt to be placed that instructs third-party service providers not to track your future activities when that cookie is detected (a “do-not-track” cookie). If your browsers are configured to reject cookies when you visit our opt-out page, a “do-not-track” cookie cannot be set on your computer. Also, if you subsequently erase “do-not-track” cookies, use a different computer or change web browsers, you will need to opt-out again. We currently do not respond to browser "do-not-track" signals.
Third-party Links - The Site, the Software, and Related Materials may contain links to other third-party owned and/or operated websites and, where you request information from third-party providers, Shift may transfer you directly to the websites of such third-party providers. Shift is not responsible for the privacy practices or the content of such websites. In some cases, you may be required to provide certain information to register or complete a transaction at such website. These third-party websites have separate privacy and data collection practices and Shift has no responsibility or liability relating to them. We do not endorse, nor are we responsible for the accuracy of, the privacy policies and/or terms and conditions of such website. These third-party entities are independent third parties and are not affiliated with Shift.
Third-party Offers - Shift may provide you with the opportunity to receive special offers, products, goods, software applications, and/or services from third parties. Where you indicate the desire to receive certain offers, products or services from a third party during the applicable information collection process, your Personal Data that was provided during that information collection process will be shared with the applicable third party so that such third party may provide their products and/or services to you so that you do not have to complete another information collection form to purchase or receive that product or service.
Third-party Cookies - Clicking on any third-party offers may add and place cookies on your computer prior to directing you to the applicable advertiser’s site. These third parties have separate cookie policies and Shift has no responsibility or liability relating to them. If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. You are not required to accept cookies, however, if your browser rejects our cookies you may not be able to use all of the Site functionality.
Third-party Technology/Software/Service/Solutions Providers - The Site, the Software, and Related Materials may contain certain software technologies and services licensed from third-party providers. Shift may engage with certain third-party services and solutions providers such as data hosting service providers, traffic monitoring service providers, and advertising service providers. These third-party providers have separate privacy and data collection practices and policies, and Shift has no responsibility or liability relating to them. We do not endorse, nor are we responsible for the accuracy of the terms and conditions of any third-party privacy policies. These third-party entities are independent third parties and are not affiliated with Shift.
Shift may be using or sharing your Personal Data for Legitimate Interest purposes with third-party technology and service providers. For more information about these third-party service providers, please CLICK HERE.
Shift is committed to protecting the security of any Personal Data that is collected by us. We use a variety of industry-standard security technologies and procedures to help protect any Personal Data from unauthorized access, use, or disclosure. Despite these measures, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Shift cannot fully eliminate security risks associated with the collection and storage of any Personal Data, including without limitation, any mistakes and security breaches that may happen. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. In the unlikely event of a data breach where your Personal Data has been compromised, Shift will promptly notify you, the applicable authorities and supervisory authorities or data protection authorities.
If you are located in the EU/EEA where European Data Law applies and Shift is required to transfer your Personal Data in accordance with this Privacy Policy, we exert commercially reasonable efforts to ensure that any transfer of your Personal Data outside of the EU/EEA is protected under industry standard contractual clauses, and any subsequent data protection safeguards. Where European Data Law applies, Shift shall not process its collected Personal Data (nor permit its collected Personal Data to be processed) in a territory outside of the EU/EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with European Data Law. Such measures may include (without limitation) transferring its collected Personal Data to a recipient in a country that the European Commission has decided provides adequate protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
Any Personal Data that is collected and stored by Shift will be retained only for as long as required in order to provide certain products and/or services to you, or as required by applicable law and/or Applicable Data Law. Any Personal Data that is no longer required by Shift will be destroyed.
If you have any questions regarding this Privacy Policy, or would like more information on our data collection, usage, and privacy practices, please contact us:
Shift Technologies Inc.We reserve the right to limit or deny your request to view, update, or remove your Personal Data if you have failed to provide us with sufficient information to verify your identity.
We reserve the right, in our sole discretion, to modify, update and change this Privacy Policy from time to time without prior notice to you. Notice regarding any material changes to this Privacy Policy and how Shift will collect and use Personal Data will be placed in a prominent location on the Site or within the Software and will take effect immediately upon posting on the Site or within the Software. Furthermore, Shift reserves the right to update, add, and/or remove third-party service providers with whom Shift may be using or sharing Personal Data for legitimate and lawful purposes without prior notice to you. Please check the Site and this Privacy Policy periodically for any changes. Your continued use of the Site and/or Software following the posting of changes to this Privacy Policy, or any changes to the third-party service providers with whom Shift may be using or sharing Personal Data for legitimate and lawful purposes, will constitute your acknowledgment and acceptance of any and all changes.