GDPR Policy

Summary

The General Data Protection Regulation (“GDPR”) is an extensive data protection law that establishes a single set of regulations to protect the personal information of all European Union citizens. GDPR grants EU citizens more control over their personal data including the right to be forgotten and the right to request a copy of any stored personal data. GDPR applies to every organization that collects, stores, transfers or uses personal information of EU citizens, even if it’s located outside of the EU. While GDPR was adopted on April 14, 2016, it became enforceable on May 25, 2018.

What does GDPR mean to Shiftboard?

As a global solution, we are excited to announce that Shiftboard is fully compliant with the GDPR standards for handling customer and employee personal data. Shiftboard proudly serves thousands of workforces around the world with best-in-class scheduling, storing each of our customers’ employee information within our platform. The success of our solution comes with a great responsibility to hold ourselves accountable for the privacy and security of our users. Becoming GDPR compliant strengthened our existing commitment to work with all of our customers to provide a platform that further protects personal information and serves the needs of our users.

What is GDPR’s impact to Shiftboard customers?

GDPR strengthens the data privacy rights for all EU citizens. Shiftboard is fully compliant with the processes required by GDPR; this means we must deliver the following:

  • Allow users the right to be forgotten
  • Allow users to get a copy of any stored personal data
  • Ensure data protection across all vendors
  • Maintain appropriate security policies and records on data activities
  • Meet additional requirements for profiling or monitoring behavior
  • Notify the proper authorities and affected data subjects of specific data breaches
  • Work with the correct GDPR authority to resolve data protection issues

What’s considered “personal data”?

GDPR defines personal data as any information related to an identified or identifiable natural person. This means that information pertaining to location, biometrics, genetics or online identifiers are understood as personal data.

How does Shiftboard use personal data?

In alignment with best practices, we use personal data to better deliver targeted information and improve the users’ experience. Shiftboard does not share, sell, rent, or trade any information with third parties for their promotional purposes. Shiftboard uses personal data to accomplish the following:

  • Quickly diagnose issues and provide best-in-breed customer support
  • Deliver targeted product updates, new offers, and urgent information
  • Track the efficiency of our platform
  • Monitor key metrics to help troubleshoot and improve our technology
  • Offer updates to device applications

How does Shiftboard store personal data?

Shiftboard collects and stores personal data as provided by the user or the user’s employer. We may collect and store the following personal information- name, address, contact numbers, email address, physical contact information, photographs, and sometimes financial information (depending on the service used). For more information on how we store and collect personal information, please review our privacy policy.

Does GDPR restrict personal data to stay within the EU?

No, GDPR does not restrict where personal data is stored or where it is transferred to within the EU. For more information on Shiftboard’s data usage, compliance with Privacy Shield and third-party data sharing, please review our current privacy policy. In addition to our privacy policy, we’ve added a Data Processing Addendum to our terms of service.

Need more GDPR/privacy information?

Questions regarding our privacy policy or requests for more information should be directed to Shiftboard Privacy by emailing us at privacy@shiftboard.com or by mailing us at: Shiftboard, Inc. P.O. Box 21329, Seattle, WA 98111