The General Data Protection Regulation (“GDPR”) is an extensive data protection law that establishes a single set of regulations to protect the personal information of all European Union citizens. GDPR grants EU citizens more control over their personal data including the right to be forgotten and the right to request a copy of any stored personal data. GDPR applies to every organization that collects, stores, transfers or uses personal information of EU citizens, even if it’s located outside of the EU. While GDPR was adopted on April 14, 2016, it became enforceable on May 25, 2018.
What does GDPR mean to Shiftboard?
As a global solution, we are excited to announce that Shiftboard is fully compliant with the GDPR standards for handling customer and employee personal data. Shiftboard proudly serves thousands of workforces around the world with best-in-class scheduling, storing each of our customers’ employee information within our platform. The success of our solution comes with a great responsibility to hold ourselves accountable for the privacy and security of our users. Becoming GDPR compliant strengthened our existing commitment to work with all of our customers to provide a platform that further protects personal information and serves the needs of our users.
What is GDPR’s impact to Shiftboard customers?
GDPR strengthens the data privacy rights for all EU citizens. Shiftboard is fully compliant with the processes required by GDPR; this means we must deliver the following:
- Allow users the right to be forgotten
- Allow users to get a copy of any stored personal data
- Ensure data protection across all vendors
- Maintain appropriate security policies and records on data activities
- Meet additional requirements for profiling or monitoring behavior
- Notify the proper authorities and affected data subjects of specific data breaches
- Work with the correct GDPR authority to resolve data protection issues
What’s considered “personal data”?
GDPR defines personal data as any information related to an identified or identifiable natural person. This means that information pertaining to location, biometrics, genetics or online identifiers is understood as personal data.
How does Shiftboard use personal data?
In alignment with best practices, we use personal data to better deliver targeted information and improve the users’ experience. Shiftboard does not share, sell, rent, or trade any information with third parties for their promotional purposes. Shiftboard uses personal data to accomplish the following:
- Quickly diagnose issues and provide best-in-breed customer support
- Deliver targeted product updates, new offers, and urgent information
- Track the efficiency of our platform
- Monitor key metrics to help troubleshoot and improve our technology
- Offer updates to device applications
How does Shiftboard store personal data?
Does GDPR restrict personal data to stay within the EU?
The above referenced Shiftboard shall be the legal entity Shiftboard Inc. located in the United States. Subsidiaries of Shiftboard Inc. not located in the United States will have separate documents appropriate for that jurisdiction and are not included here.