We are hiring! Read more and see available positions ->
ShiftX is a company established and registered in Norway with organization number 920 936 628, and business address at
Martin Linges vei 25,
v/Simula Research Laboratory AS,
Postboks 134 Lysaker,
Internally responsible for following up personal data protection is Eigil Sagafos.
ShiftX provides Software as a Service (SaaS) helping companies to draw, structure and work efficiently with improving business processes (the Services).
Data privacy is important to ShiftX. This means that ShiftX processes data about identified or identifiable individuals, which is called personal data, with due care and in accordance with applicable data protection law.
In addition, ShiftX processes personal data that the Customers transmits to the solutions when using the Services. In legal terms, ShiftX is the data processor of such personal data and the Customers are the data controllers. The processing of personal data on behalf of the Customer is based on a data processor agreement between ShiftX and the Customer.
ShiftX collects personal data from individuals using the Services (Users). The personal data mostly consists of user data, such as name, business function, business address, telephone number, email address and other personal data Users or Customer provide to us. This is mostly information in relation to an individual’s role at his/her company and does not concern him/her as a private person or as an individual consumer.
ShiftX may also collect technical data in relation to Users, such as IP address, browser type and version, preferred language, geographic location, operating system and computer platform, the full URL clickstream to, through, and from our Services, including date and time, which parts of the Services that Users have visited, how often the User have used the Services and how the Services are used.
Personal data is used for delivering ShiftX’s Service to the Customer and to perform the contract with ShiftX’s customers, suppliers or partners.
Furthermore, the personal data is used to
ShiftX primarily process personal data which are necessary to perform its obligations under an agreement with the customer pursuant to Norwegian Privacy Act and the GDPR art. 6 (1b), or is based on legitimate interests (GDPR art. 6 (1f)).
If there is no other statutory basis for processing, ShiftX’s processing of personal data must be based on a freely-given, specific consent pursuant to Norwegian Privacy Act and the GDPR art. 6 (1a). A consent may be withdrawn at any time. If the consent is withdrawn, the processing will be stopped and further storage of the data in question is conditional on explicit consent.
The personal data is collected from the customer in connection with purchase and/or use of the Service. ShiftX may disclose personal data to sub-contractors as mentioned below, or to others based on requirements in law or legal obligations or decision from the authorities.
Personal data shall not be kept longer than necessary for that purpose. The storage period depends on the type of personal data, the purposes and the applicable law and therefore varies per use.
ShiftX will retain personal data collected through the Service as follows:
ShiftX will delete or anonymize personal data as soon as the purpose of the processing is fulfilled. Typically, the User’s personal data is stored for as long as the User is using the Services or for as long as there is another purpose to do so and, thereafter, for no longer than required or permitted by law or necessary for internal reporting and reconciliation purposes. ShiftX also erases personal data when the User requests to erase his/her personal data.
For documents where the user opts-in for storing, ShiftX may retain the documents until the consent is withdrawn or the Customer decides to delete the information. The Customer is, as a data controller, responsible for fulfilling the obligations regarding the deletion of personal data under the personal data regulations.
Personal data is hosted on Amazon Web Services, a cloud service provider with servers located in EU and the US. Furthermore, ShiftX uses Google Cloud as a cloud service provider. The legal basis for the transfer to the EU-US Privacy Shield, under which the sub-processor is certified.
ShiftX uses the following Sub-contractors:
This list may be updated from time to time.
Data subjects may request access to data, rectification and erasure of data. For questions relating to ShiftX’s processing of personal data, or requests to use any of the data subject’s rights according to applicable personal data legislation, please contact ShiftX at email@example.com.
Data subjects may also request restriction of the processing, opposite on the processing and data portability.
ShiftX has implemented appropriate technical and organizational measures to safeguard the personal data which it processes against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and other unlawful forms of processing. ShiftX uses administrative, technical, and physical measures to safeguard data against loss, theft and unauthorized uses, access or modifications. In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customers personal data, ShiftX will inform the Customer of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.
Subcontractors, such as IT-service providers processing data on ShiftX’s behalf, are held by legally binding confidentiality and security requirements. ShiftX have entered into data processing agreements with the data processors. The security measures applicable for the processing done by Amazon and Google is described here and here.
ShiftX uses the following cookies:
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with other data held by Google.
ShiftX uses Google Analytics to analyze the use of ShiftX's websites. We receive information about which pages are most visited, where the users come from, at which times the pages are most visited, etc.
We obtain your consent to the processing of personal data on the behalf of Albacross Nordic AB (“Albacross”).
Information collected from cookies set in your device that qualify as personal data will be processed by Albacross, a company offering lead identification and ad targeting services with offices in Stockholm and Krakow. Please see below for full contact details.
The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Lead Generation” service), by adding data to their database about companies.
The data that is collected and used by Albacross to achieve this purpose is information about the IP-address from which you visited our website, and technical information that enables Albacross to tell apart different visitors from the same IP-address. Albacross stores the domain from form input in order to correlate the IP-address with your employer.
You may at any time withdraw your consent to this processing. Such withdrawal may be made either by contacting us, or by contacting Albacross directly.
ShiftX uses intercom for help and support. Read more about the cookies set by Intercom here https://www.intercom.com/help/pricing-privacy-and-terms/intercom-messenger-cookies.
Data subjects may lodge a complaint on the data processing with their Data Protection Authority. For any questions regarding personal data protection in ShiftX, please use the following contact information:
Nedre Vollgate 5,