Privacy Policy

This Privacy Policy was last revised and shall become effective as of January 10, 2023.


Summary

We hope you read this entire Privacy Policy. However, if you’re in a hurry, here is a brief overview of the most important points:

By accessing the Site or using the Software, you agree to the terms and conditions of this Privacy Policy in its entirety.

Thank you for visiting www.shift.com (the “Site”). The Site is an Internet property of Shift Technologies Inc. and its affiliated companies (“Shift”, “our”, “we” or “us”). Shift is committed to protecting your privacy. We have prepared this privacy policy (“Privacy Policy”) to describe to you and to outline our practices and policies associated with any information (such as the Application Data, Anonymous Data, and Personal Data, each as defined below) that we may collect from you, or that you may share with us when you access or use the Site, use the Shift application (the “Software”), or use any related products and/or services.


Lawful Basis for Processing Data

In certain jurisdictions, the processing of your Personal Data (as defined below) is lawful only if it is permitted under data protection legislation. In this case, we have a lawful basis for each of our processing activities (unless an exemption applies) as outlined below:


How We Collect and Use Personal and Anonymous Data

When you access the Site, purchase, download trial or evaluation versions, register for any associated products and/or services, or use the Software in any way, we may collect Personal Data and Anonymous Data from you. We may also collect Personal Data and Anonymous Data when you send us information or communications.

“Personal Data” means data that allows someone to identify or contact you, including, for example and without limitation:

Personal Data may be used for the purposes of recording the transaction when you access the Site or when you use any of the Software or any associated products and/or services. Shift does not knowingly collect any sensitive personal data or any data defined under special categories of the applicable law(s).

“Anonymous Data” refers to data about you that is not associated with, or linked to your Personal Data. Anonymous Data does not permit the identification of individual persons. When you link third-party Accounts like Google or Outlook to the Software, nothing is collected from these accounts. As such, Personal Data and Anonymous Data expressly exclude any information that could be collected by way of linking your accounts. This data is only stored locally on your computer system and thus does not constitute any part of data that we collect. In most cases, Personal Data collection occurs when you provide such data directly to us, when you use the Software to connect your email address(es) or to access your event data, or if such information and data is required in order for us to provide the Software and related services to you.

To make our website and Software more useful to you, our servers (which may be hosted by a third-party service provider) may collect Personal Data, Anonymous Data, or Application Data from you such as browser type, operating system, Internet Protocol (IP) address, geolocation, domain name, Software usage and statistics, and/or a date/time stamp of your visit. We may also use cookies and navigational data like Uniform Resource Locators (URL) and referring URLs to gather information regarding the date and time of your visit. We may also use Personal Data and Anonymous Data for market research purposes and to improve our products, the Site, and the Software. We may share Anonymous Data with selected third parties and business partners, however, we will not share any Anonymous Data if such information is, contains, or will be linked to your Personal Data, unless we have given you notice, as described in this Privacy Policy, and you have given us authorization to do so. Shift will use Personal Data, IP addresses, and geolocation to identify users of the Site and Software if and when we feel it is necessary to enforce compliance with the Site’s policies, or to protect our products, the Software, the Site, or other users of the Site and/or Software.

We may use Personal Data collected from you for the following general purposes:

  1. to fulfill your requests for our Software and any associated service(s);
  2. to improve the Site, Software, and any associated service(s);
  3. to contact you to resolve problems that you may encounter with the Site, the Software, and any associated service(s);
  4. to send you information about the Software and any associated service(s) including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
  5. to communicate with you about products and services offered by us and our selected partners;
  6. to engage with third-party service providers so that you can access and use the Software and any associated service(s); and
  7. to periodically conduct product and market research regarding your use of the Software and any associated service(s).

If and when we use a third-party payment processing merchant, third-party technical support provider, third-party technology provider, or third-party hosting provider, we ensure that the same privacy criteria, as defined herein, are in place with such third parties. We do not knowingly collect personal information from persons under the age of eighteen (18).

We offer you choices regarding the collection, use, and sharing of your Personal Data. We will periodically send you newsletters and emails that directly promote the use of the Site or the purchase of our Software. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive, or by contacting us directly (please see contact information below). Should you decide to opt-out of receiving future mailings from us, you may continue to receive future mailings from third parties that you have requested to receive information from. If you do not wish to receive future communications from third-party providers, you should notify them directly of your choice regarding their use of your Personal Data. To opt-out of having future third-party marketing communications sent to you, you will be required to unsubscribe with the applicable third-party providers. Despite your request to no longer receive future newsletters or promotional and marketing communications from us, we reserve the right to continue to send you notices of any updates to the Software, any associated service(s), our Terms of Software, and our Privacy Policy.


How We Collect and Use Application Data

“Application Data” refers to data about how you use the Software. The Software may collect certain information from you including, but not limited to: User IP addresses, geolocation, OS version, OS localization, version of the application, localization of the application, device, bug reports, etc. The Software obtains this information as a result of data being sent to our servers from our software “agent” embedded in the Software or on the website that you are accessing. The Software generates a globally unique identifier (“GUID”) that is stored on your computer to uniquely identify it. The GUID is a randomly generated number; it does not contain any Personal Data. The GUID is stored on your computer and sent with every report generated by the Software. The Software does not, and will not, collect any other Personal Data from your computer(s) without your prior approval. Application Data we collect is primarily used to report application usage and statistics, improve the Software, and track the performance of various marketing initiatives. Application Data may also be used by Shift to answer questions that customers have about their use of the Software and any associated service(s).


Sharing of Personal Data

We will never sell, trade, or rent any Personal Data, or any Anonymous Data that may contain Personal Data, to any third-party without your explicit prior consent.

In certain special cases, we may disclose Personal Data when we have reason to believe that disclosing such information is necessary to identify, contact, or bring legal action against someone who may be causing injury to you, or is otherwise injuring or interfering with our rights, property or operations, other users of the Software, or anyone who could be harmed by such activities. We may also disclose your Personal Data and any Application Data when we believe the law requires it, or in response to any demand by law enforcement authorities in connection with criminal investigation, or civil or administrative authorities in connection with a pending civil case or administrative investigation.

If we determine, in our sole discretion, that you have engaged in conduct that might be considered unlawful, fraudulent, or might harm or damage the reputation or standing of Shift with either the general public or with a business partner or potential business partner of Shift, we reserve the right to release your Personal Data to such persons or third parties, as we consider necessary, to prevent you from causing injury to, or otherwise injuring or interfering, now or in the future, with our rights, property or operations or otherwise the rights, property or operations of anyone which could be harmed by such conduct.

Your Rights With Respect to Your Personal Data

For the purposes of this Privacy Policy, the term “Applicable Data Law” shall mean all data protection and privacy laws, regulations and self-regulatory codes applicable to the personal data in question, including, where applicable and without limitation, the CCPA, the CPA, the CTDPA, the UCPA, the VCDPA, European Data Law, the LGPD, and all FTC guidelines and any other applicable laws, rules and regulations with respect to data privacy.

“CCPA” as used herein means the California Consumer Privacy Act, as amended, including without limitation any and all applicable implementing regulations (CCPA). “CPA” as used herein means the Colorado Privacy Act, as amended, including without limitation any and all applicable implementing regulations (CPA). “CTPDA” as used herein means the Connecticut Data Protection Act, as amended, including without limitation any and all applicable implementing regulations (CTDPA). “UCPA” as used herein means the Utah Consumer Privacy Act, as amended, including without limitation any and all applicable implementing regulations. “VCDPA” as used herein means the Virginia Consumer Data Protection Act, as amended, including without limitation any and all applicable implementing regulations. “European Data Law” as used herein shall mean, without limitation, (i) the EU General Data Protection Regulation (“EU GDPR”); (ii) the EU e-Privacy Directive; (iii) the United Kingdom’s European Union (Withdrawal) Act (“UK GDPR”); (iv) the Swiss Federal Act on Data Protection (“Swiss DPA”); and (v) any and all applicable national laws made under or pursuant to (i), (ii), (iii) and (iv); in each case as may be amended or superseded from time to time. “LGPD” as used herein means the Lei Geral de Proteção de Dados, as amended, including without limitation any and all applicable implementing regulations.

In accordance with Applicable Data Law, you have the following rights in respect of your personal information that we collect and hold:

If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy. You also have the right to lodge a complaint to your local data protection authority.

In accordance with Applicable Data Law, you have certain rights with respect to the processing of your personal information. Under Applicable Data Law, you have a right to request that we provide you with the following:

Throughout this Privacy Policy, we outline in detail the specific pieces of personal information we collect from and about users, the sources of that information, and how we share it. For the categories of personal information we collect, please see the section titled How We Collect and Use Personal and Anonymous Data. For more details about how we and our service providers use these categories of personal information, we collect from and about you consistent with the various business and commercial purposes, please see the section titled Sharing of Personal Data. Finally, for information about the third parties with whom we share your information, see the section titled Third-Party Relationships or click here.

You also have certain rights under Applicable Data Law that may permit you to:

If you wish to exercise any of the rights identified above, please contact us using the contact details at the end of this Privacy Policy.


Cookies and Similar Technologies

A cookie is a small piece of text that is sent to your web browser by the Site. The cookie helps the Site remember information about your visit, which makes your next visit to the Site easier and the Site more useful to you. We also use cookies for tracking and reporting purposes, to make the ads that you may see more relevant to you, and to count how many visitors we receive to a page on the Site. The information collected by cookies is used to enhance your experience on the Site, for marketing analysis, for targeted and display advertising, and for quality improvement of the Site and the Software. No personally identifiable information is collected or stored by Shift during this process. We may use your IP address or geolocation to identify your general location for traffic monitoring purposes. If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. You are not required to accept cookies, however, if your browser rejects our cookies you may not be able to use all of the Site functionality.

If you opt-out of having your information collected through cookies and other web technologies, your existing display advertising cookie(s) will be deleted and a new cookie will attempt to be placed that instructs third party service providers not to track your future activities when that cookie is detected (a “do-not-track” cookie). If your browsers are configured to reject cookies when you visit our opt-out page, a “do-not-track” cookie cannot be set on your computer. Also, if you subsequently erase “do-not-track” cookies, use a different computer or change web browsers, you will need to opt-out again. We currently do not respond to browser “do-not-track” signals.


Third-party Relationships

Third-party Links. The Site and the Software may contain links to other third-party owned and/or operated websites and, where you request information from third-party providers, we may transfer you directly to the websites of such third-party providers. Shift is not responsible for the privacy practices or the content of such third-party websites. In some cases, you may be required to provide certain information to register or complete a transaction at such website. These third-party websites have separate privacy and data collection practices and Shift has no responsibility or liability relating to them. We do not endorse, nor are we responsible for the accuracy of, the privacy policies and/or terms and conditions of such third-party website. These third-party entities are independent third parties and are not affiliated with Shift.

Third-party Offers. Shift may provide you with the opportunity to receive special offers, products and/or services from third parties. Where you indicate the desire to receive certain offers, products or services from a third-party during the applicable information collection process, your Personal Data that was provided during that information collection process will be shared with the applicable third-party so that such third-party may provide their products and/or services to you so that you do not have to complete another information collection form to purchase or receive that product or service. Clicking on any third-party offers may add and place cookies on your computer prior to directing you to the applicable advertiser’s site. These third-parties have separate cookie polices and Shift has no responsibility or liability relating to them. If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. You are not required to accept cookies, however, if your browser rejects our cookies you may not be able to use all of the Site functionality.

Third-party Cookies. Clicking on any third-party offers may add and place cookies on your computer prior to directing you to the applicable advertiser’s site. These third parties have separate cookie polices and Shift has no responsibility or liability relating to them. If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. You are not required to accept cookies, however, if your browser rejects our cookies you may not be able to use all of the Site functionality.

Third-party Technology/Software/Service/Solutions Providers. The Site or the Software may contain certain software technologies and services licensed from third-party providers. Shift may engage with certain third-party services and solutions providers such as data hosting service providers, payment processing service providers, and email marketing service providers. These third-party providers have separate privacy and data collection practices and policies, and Shift has no responsibility or liability relating to them. We do not endorse, nor are we responsible for the accuracy of the terms and conditions of any third-party privacy policies. These third-party entities are independent third parties and are not affiliated with Shift. Shift may be using or sharing your Personal Data for Legitimate Interest purposes with third-party service providers. For more information about these third-party service providers, please visit this link.


Account Authentication

Accounts are added to the Software using Oauth authentication. Oauth is a secure mechanism which gives the Software access to your Google or Microsoft account data without letting us know your password. This token is valid during your use of the Software. If you remove an account, or uninstall the Software, you’ll be prompted to re-authorize the Software for each Google or Microsoft Account using Oauth.

We only use the authorization to support certain Software features like unread email count for each account, and to support push desktop notifications if requested. This information is local, and not stored on, or transmitted to, our servers.

The Software will require access to your Google/Microsoft account(s) and user data for the following purposes:


Security of Data

Shift is committed to protecting the security of any Application Data and Personal Data that is collected by Shift. We use a variety of industry-standard and advanced security technologies and procedures to help protect any Application Data, Personal Data, and other information and data that you may submit to Shift through the Software from unauthorized access, use, or disclosure. Despite these measures, no method of transmission over the Internet, or method of electronic storage is 100% secure. Shift cannot fully eliminate security risks associated with the collection and storage of any Application Data and Personal Data, including without limitation, any mistakes and security breaches that may happen. While we strive to use commercially acceptable means to protect the Application Data and Personal Data, we cannot guarantee its absolute security. In the unlikely event of a data breach where your Personal Data has been compromised, Shift will promptly notify you, the applicable authorities and supervisory authorities or data protection authorities.

If you are located in the EU/EEA where European Data Law applies and Shift is required to transfer your Personal Data in accordance with this Privacy Policy, we exert commercially reasonable efforts to ensure that any transfer of your Personal Data outside of the EU/EEA is protected under industry standard contractual clauses, and any subsequent data protection safeguards. Where European Data Law applies, Shift shall not process its collected Personal Data (nor permit its collected Personal Data to be processed) in a territory outside of the EU/EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with European Data Law. Such measures may include (without limitation) transferring its collected Personal Data to a recipient in a country that the European Commission has decided provides adequate protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.


Data Retention Period

Any Personal Data that is collected and stored by Shift will be retained only for as long as required in order to provide certain products and/or services to you, or as required by applicable law. Any Personal Data that is no longer required by Shift will be destroyed.


Questions, Requests & Contact Information

If you have any questions regarding this Privacy Policy, would like to review, update or remove your Personal Data, or would like more information on our data collection, usage, and privacy practices, please contact us at:

Shift Technologies Inc.
#520 - 1515 Douglas St.
Victoria, BC V8W 2G4, Canada
privacy@shift.com

We reserve the right to limit or deny your request to view, update, or remove your Personal Data if you have failed to provide us with sufficient information to verify your identity.


Changes to This Privacy Policy

We reserve the right, in our sole discretion, to modify, update and change this Privacy Policy from time to time without prior notice to you. Notice regarding any material changes to this Privacy Policy and how Shift will collect and use Personal Data will be placed in a prominent location on the Site or within the Software and will take effect immediately upon posting on the Site or within the Software. Furthermore, Shift reserves the right to update, add, and/or remove third-party service providers with whom Shift may be using or sharing Personal Data for legitimate and lawful purposes without prior notice to you. Please check the Site and this Privacy Policy periodically for any changes. Your continued use of the Site and/or Software following the posting of changes to this Privacy Policy, or any changes to the third-party service providers with whom Shift may be using or sharing Personal Data for legitimate and lawful purposes, will constitute your acknowledgment and acceptance of any and all changes.