We are hiring! Read more and see available positions ->

  • Product
    • Why ShiftX
      Our product and ideology
    • Use cases
      See best practice examples
    • Changelog
      Keep up with the development
  • Pricing
  • Company
    • About us
      The people building ShiftX
    • Careers
      See our open positions
    • Contact
      Get in touch!
  • Blog
Privacy Policy

1. Intro - Data Controller and Data Processor

ShiftX is a company established and registered in Norway with organization number 920 936 628, and business address at

Nedre Vollgate 5,

0158, Oslo, Norway

email: privacy@shiftx.com.

Internally responsible for following up personal data protection is Eigil Sagafos.

ShiftX provides Software as a Service (SaaS) helping companies to draw, structure and work efficiently with improving business processes (the Services).

Data privacy is important to ShiftX. This means that ShiftX processes data about identified or identifiable individuals, which is called personal data, with due care and in accordance with applicable data protection law.

This Privacy Policy describes how ShiftX process personal data collected from individuals in relation to their use of our websites, ordering and use of ShiftX’s services. In legal terms, ShiftX is the data controller of such personal data, as ShiftX determines the means and/or purposes of the processing.

In addition, ShiftX processes personal data that the Customers transmits to the solutions when using the Services. In legal terms, ShiftX is the data processor of such personal data and the Customers are the data controllers. The processing of personal data on behalf of the Customer is based on a data processor agreement between ShiftX and the Customer.

2. Information about ShiftX’s processing of personal data

ShiftX collects personal data from individuals using the Services (Users). The personal data mostly consists of user data, such as name, business function, business address, telephone number, email address and other personal data Users or Customer provide to us. This is mostly information in relation to an individual’s role at his/her company and does not concern him/her as a private person or as an individual consumer.

ShiftX may also collect technical data in relation to Users, such as IP address, browser type and version, preferred language, geographic location, operating system and computer platform, the full URL clickstream to, through, and from our Services, including date and time, which parts of the Services that Users have visited, how often the User have used the Services and how the Services are used.

Purpose for which personal data is used

Personal data is used for delivering ShiftX’s Service to the Customer and to perform the contract with ShiftX’s customers, suppliers or partners.

Furthermore, the personal data is used to

  • improve and develop the Services
  • to conduct information and marketing campaigns related to the Services, keeping Users informed about the Services
  • perform customer service management, e.g. support,
  • enhance the Services and the use thereof, including by performing research and analysis relating to the Services, and tracking of the use of the Services,
  • conduct market surveys and/or
  • detect fraud, e.g. breaches of intellectual property rights.

Lawful basis for processing

ShiftX primarily process personal data which are necessary to perform its obligations under an agreement with the customer pursuant to Norwegian Privacy Act and the GDPR art. 6 (1b), or is based on legitimate interests (GDPR art. 6 (1f)).

If there is no other statutory basis for processing, ShiftX’s processing of personal data must be based on a freely-given, specific consent pursuant to Norwegian Privacy Act and the GDPR art. 6 (1a). A consent may be withdrawn at any time. If the consent is withdrawn, the processing will be stopped and further storage of the data in question is conditional on explicit consent.

Collection and disclosure of personal data to third parties

The personal data is collected from the customer in connection with purchase and/or use of the Service. ShiftX may disclose personal data to sub-contractors as mentioned below, or to others based on requirements in law or legal obligations or decision from the authorities.

3. Storage, retention and deletion of personal data

Personal data shall not be kept longer than necessary for that purpose. The storage period depends on the type of personal data, the purposes and the applicable law and therefore varies per use.

ShiftX will retain personal data collected through the Service as follows:

ShiftX will delete or anonymize personal data as soon as the purpose of the processing is fulfilled. Typically, the User’s personal data is stored for as long as the User is using the Services or for as long as there is another purpose to do so and, thereafter, for no longer than required or permitted by law or necessary for internal reporting and reconciliation purposes. ShiftX also erases personal data when the User requests to erase his/her personal data.

For documents where the user opts-in for storing, ShiftX may retain the documents until the consent is withdrawn or the Customer decides to delete the information. The Customer is, as a data controller, responsible for fulfilling the obligations regarding the deletion of personal data under the personal data regulations.

Storage and sub-contractors

Personal data is hosted on Amazon Web Services, a cloud service provider with servers located in EU and the US. Furthermore, ShiftX uses Google Cloud as a cloud service provider. The legal basis for the transfer to the EU-US Privacy Shield, under which the sub-processor is certified.

ShiftX uses the following Sub-contractors:

  • FaunaDB - Database provider.
  • Copper - CRM-system
  • Fiken - ERP
  • Mailchimp – Newsletters
  • Stripe – License management
  • LogDNA - Logging
  • Sentry – Bug Tracking
  • Intercom - Chat and communication
  • Albacross - Lead generation
  • Google BigQuery - Analytics
  • Fullstory - Analytics
  • Mode - Analytics
  • Google Analytics - Analytics
  • Segment - Analytics

This list may be updated from time to time.

4. Data subject’s rights

Data subjects may request access to data, rectification and erasure of data. For questions relating to ShiftX’s processing of personal data, or requests to use any of the data subject’s rights according to applicable personal data legislation, please contact ShiftX at privacy@shiftx.com.

Data subjects may also request restriction of the processing, opposite on the processing and data portability.

5. Security

ShiftX has implemented appropriate technical and organizational measures to safeguard the personal data which it processes against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and other unlawful forms of processing. ShiftX uses administrative, technical, and physical measures to safeguard data against loss, theft and unauthorized uses, access or modifications. In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customers personal data, ShiftX will inform the Customer of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.

Subcontractors, such as IT-service providers processing data on ShiftX’s behalf, are held by legally binding confidentiality and security requirements. ShiftX have entered into data processing agreements with the data processors. The security measures applicable for the processing done by Amazon and Google is described here and here.

6. Changes to the Privacy Policy

This Privacy Policy will be modified to reflect changes in applicable laws or regulations, or changes in our practices or procedures.

7. Cookie Policy

ShiftX uses various technologies to collect and process technical data in relation to Users, including cookies. Cookies are small text files stored on Users’ computer by the internet browser. Cookies makes it possible to calculate the aggregate number of people using the Services and monitor the use of the Services. This information is used to improve the Services and to serve our Users. ShiftX may also use cookies that make the use of the Services easier, for example by remembering authentication state and preferences. Further, ShiftX uses tracking and analytics cookies to see how well the Services are being received by the Users or to inform whether our Services are functioning properly. ShiftX also uses advertising cookies to deliver targeted advertising to people who visit the websites (online behavioural advertising OBA).

Users may choose to set their web browser to refuse cookies, or to alert when cookies are being sent. This can usually be done through internet browser’s settings. Information about how to manage cookies can be found online. Some parts of the Services may not function properly if Users prefer not to accept the use of cookies.

ShiftX uses the following cookies:

Google Analytics

Google Analytics is a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to analyze how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. We use anonymizeIP, which is a feature that ensures that single users cannot be identified. Google uses this information to evaluate the use of the website, compile reports on activities on the website for the owner of the website, and provide other services relating to activities on the website and Internet use.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with other data held by Google.

ShiftX uses Google Analytics to analyze the use of ShiftX's websites. We receive information about which pages are most visited, where the users come from, at which times the pages are most visited, etc.

Albacross

We obtain your consent to the processing of personal data on the behalf of Albacross Nordic AB (“Albacross”).

Information collected from cookies set in your device that qualify as personal data will be processed by Albacross, a company offering lead identification and ad targeting services with offices in Stockholm and Krakow. Please see below for full contact details.

The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Lead Generation” service), by adding data to their database about companies.

The data that is collected and used by Albacross to achieve this purpose is information about the IP-address from which you visited our website, and technical information that enables Albacross to tell apart different visitors from the same IP-address. Albacross stores the domain from form input in order to correlate the IP-address with your employer.

For the full information about our processing of personal information, please see our full Privacy Policy here https://albacross.com/privacy-policy/.

You may at any time withdraw your consent to this processing. Such withdrawal may be made either by contacting us, or by contacting Albacross directly.

Intercom

ShiftX uses intercom for help and support. Read more about the cookies set by Intercom here https://www.intercom.com/help/pricing-privacy-and-terms/intercom-messenger-cookies.

Internal Cookies

ShiftX uses cookies to handle versioning, security and authentication for logged in users.

8. Contact information and complaints

Data subjects may lodge a complaint on the data processing with their Data Protection Authority. For any questions regarding personal data protection in ShiftX, please use the following contact information:

ShiftX AS,
Nedre Vollgate 5,
0158, Oslo,
Norway
email: privacy@shiftx.com