Summary
The General Data Protection Regulation (“GDPR”) is an extensive data protection law that establishes a single set of regulations to protect the personal information of all individuals in the European Union (“EU”). GDPR grants EU individuals more control over their personal data including the right to be forgotten and the right to request a copy of any stored personal data. GDPR applies to every organization that collects, stores, transfers or uses personal information of individuals in the EU, even if it’s located outside of the EU. While GDPR was adopted on April 14, 2016, it became enforceable on May 25, 2018. The UK GDPR is the United Kingdom’s version of the EU GDPR, which came into force on January 1, 2021, following Brexit and applies to organisations collecting, transferring or using personal information of individuals in the UK.
What does GDPR mean to Shiftboard?
As a global solution, we have implemented a robust privacy compliance program aligned with GDPR standards for handling customer and employee personal data. This reflects our ongoing commitment to data protection and regulatory best practices. Shiftboard proudly serves thousands of workforces around the world with best-in-class scheduling, storing each of our customers’ employee information within our platform. The success of our solution comes with a great responsibility to hold ourselves accountable for the privacy and security of our users. Implementing our GDPR compliance program has reinforced our commitment to working closely with customers to provide a platform that prioritizes personal data protection and supports the needs of our users.
What is GDPR’s impact to Shiftboard customers?
GDPR strengthens the data privacy rights for all EU citizens. Shiftboard has implemented internal processes as required by the GDPR, such as:
- Allow users the right to be forgotten
- Allow users to get a copy of any stored personal data
- Ensure data protection across all vendors
- Maintain appropriate security policies and records on data activities
- Meet additional requirements for profiling or monitoring behavior
- Notify the proper authorities and affected data subjects of specific data breaches
- Work with the correct GDPR authority to resolve data protection issues
What’s considered “personal data”?
GDPR defines personal data as any information related to an identified or identifiable natural person. This means that information pertaining to location, biometrics, genetics or online identifiers is understood as personal data.
How does Shiftboard use personal data?
In alignment with GDPR and best practices, we use personal data to better deliver targeted information and improve the users’ experience. Shiftboard does not share, sell, rent, or trade any information with third parties for their promotional purposes. Shiftboard uses personal data to accomplish the following:
- Quickly diagnose issues and provide best-in-breed customer support
- Deliver targeted product updates, new offers, and urgent information
- Track the efficiency of our platform
- Monitor key metrics to help troubleshoot and improve our technology
- Offer updates to device applications
How does Shiftboard store personal data?
Shiftboard collects and stores personal data as provided by the user or the user’s employer. We may collect and store the following personal information- name, address, contact numbers, email address, physical contact information, photographs, and sometimes financial information (depending on the service used). For more information on how we store and collect personal information, please review our privacy policy.
Does GDPR restrict personal data to stay within the EU?
No, GDPR does not restrict where personal data is stored or where it is transferred to within the EU. For more information on Shiftboard’s data usage and third-party data sharing, please review our current privacy policy. In addition to our privacy policy, we’ve added a Data Processing Addendum to our terms of service.
Need more GDPR or Privacy Policy information?
The above referenced Shiftboard shall be the legal entity Shiftboard Inc. located in the United States. Subsidiaries of Shiftboard Inc. not located in the United States will have separate documents appropriate for that jurisdiction and are not included here.
Questions regarding our privacy policy or requests for more information should be directed to Shiftboard Privacy by emailing us at privacy@shiftboard.com or by mailing us at: Shiftboard, Inc. P.O. Box 21329, Seattle, WA 98111