Privacy Policy

1 INTRODUCTION: 

7shifts Employee Scheduling Software Inc. (or " we", or “ 7shifts”) values and respects the privacy of individuals and as a result we have updated our Privacy Policy to align with applicable data protection legislation, including the European General Data Protection Regulation (Regulation (EU) 2016/679) and any other legislation in force which applies to privacy or the handling of personal data (the " Data Protection Legislation"). 

This Privacy Policy aims to clearly outline our policies and procedures for collecting, using, storing and disclosing personal data of individuals. In this Privacy Policy, “ Personal Data” refers to information about identifiable individuals and information which can be used to identify an individual. 

7shifts's service offering involves providing organizations and individuals within those organizations with access to and use of the 7shifts Application which allows our customers to and their staff members to administer work scheduling (the “ Service”) through their devices (any computer used to access the 7shifts Application, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each a “ Device”)).

 This Privacy Policy explains what we do with your Personal Data when: 

  • your organization signs up to the Service and you access the 7shifts Application using a business account via our website (www.7shifts.com), subdomain (*.7shifts.com), Apple App Store, Google Play Store, through applications on devices, through APIs, or through third-parties, or partner marketplaces (together, the " Application Users"); 
  • you cease to access the 7shifts Application using a business account attached to your organization (“ Former Application User”); 
  • you visit our website www.7shifts.com (the " Website") while browsing the internet (together, the " Website Users"); and
  • you call our customer service team or sales team for any purpose (" Phone User"). 

7shifts may amend this Privacy Policy from time to time. Please just visit this page if you want to stay up to date, as we will post any changes here. 7shifts will also notify affected individuals of any material changes in the way we process data.

1. 7shifts Role as Data Controller and Data Processor

If you are an Application User, our primary purpose for collecting and using your Personal Data is to provide the Service to your organization. When use Personal Data to allow Application Users to access and use the 7shifts Application on the instructions of your organization and on behalf of your organization. This makes us a "data processor" for the purposes of the Data Protection Legislation. Please see section 4 ("How do we use your Personal Data") for more information. 

If you are a Former Application User, we may retain your Personal Data to maintain a limited version of your business account profile and for our own purposes, for example, where we wish to offer you services which we think you may be interested in. This makes us a "data controller" for the purposes of the Data Protection Legislation. Please see section 4 ("How do we use your Personal Data") for more information. 

If you are a Website User, we use your information for our own purposes. This makes us a "data controller" for the purposes of the Data Protection Legislation. Please see section 4 ("How do we use your Personal Data") for more information.

 If you are a Phone User, we may record your call for our own purposes. This makes us a "data controller" for the purposes of the Data Protection Legislation. Please see section 4 ("How do we use your personal information") for more information. 

2. WHAT KIND OF PERSONAL DATA DO WE COLLECT? 

2.1 Application Users: 

We need to use Personal Data in the course of providing the Service to your organization and for ancillary purposes set out in this Privacy Policy. Depending on the relevant circumstances and requirements, we may collect some or all of the Personal Data listed below to help us with this:

  • Name; 
  • Phone number; 
  • Date of Birth; 
  • Credit card details or other billing information; 
  • Email address; 
  • Business postal addresses; 
  • Profile photo; 
  • Any further Personal Data contained in any files that you upload, download, or create (“ Files”) within the 7shifts Application; and 
  • Log data from your Device, its software, and your activity using the 7shifts Application including the Device’s Internet Protocol (“ IP”) address, browser type, locale preferences, geo-Location Information, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the 7shifts Application. 

In particular, Application Users are required to submit Personal Data to create an account and use the Service. Our customers staff members create employee profiles to allow their employer and fellow employees to interact with them on the Service

2.2 Former Application Users

7shifts retains the Personal Data set out above in respect of Former Application Users for as long as it is needed to fulfil our contractual obligation with the Customer. Former Application Users can request their information be deleted when they leave an organization, otherwise Former Application Users’ information will be held as long as an organization’s account is active.

2.3 Website Users

We collect a limited amount of Personal Data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes log data such as your Device’s IP address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information and other interactions with the Website. If you contact us via the Website (including via any chat widget), we will collect any information that you provide to us, for example your name and contact details to order to respond to the inquiry.

2.4 Phone Users: 

We collect a limited amount of Personal Data by recording and subsequently storing certain telephone calls. On each occasion, you will be notified whether the call is being recorded at the commencement of the call. The primary purpose of the call recording is to improve the quality of the services we provide. During the course of the phone call we will collect limited categories of Personal Data including name, phone number, and email address to assist us in confirming the identity of the caller.

3 HOW DO WE COLLECT YOUR PERSONAL DATA? 

3.1 Application Users: 

We collect your Personal Data in three primary ways: 

  • Personal Data that you provide to us when you register for the Application, use the Application, contact us or create content in the Application;
  • Personal Data that we receive from your organization (our Customer) and other sources, for email when we receive your email address to invite you to the Service; and/or;
  • Personal Data that we collect automatically through the Service, in particular when you use the Application, where we automatically record Personal Data in the form of log data from your Device, its software, and your activity using the 7shifts Application and/or where we collect your personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see section 11 (" Cookies"). 

3.2 Former Application Users

We will have collected your Personal Data during the period that you were an Application User in the manner described above. 

3.3 Website Users: 

When you visit our Website there is certain Personal Data in the form of log data that we may automatically collect, whether or not you use the 7shifts Application. We also collect some limited Personal Data (name, email, phone number, company name) when you opt into certain marketing activities (download template files, for example).  We also collect some limited Personal Data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see section 11 (" Cookies"). 

3.4 Phone Users: 

As set out in Section 2 above, we collect a limited amount of Personal Data by recording and subsequently storing certain telephone calls. On each occasion, you will be notified at the commencement of the call whether the call is being recorded and for what purpose. 

4 HOW DO WE USE YOUR PERSONAL DATA? 

4.1 Application Users:

Our primary purpose for using your Personal data is to Provide the Service to your organization. When we use your Personal Data to allow you to access and use the 7shifts Application, we do so on the instructions of your organization (our Customer) and on the behalf of your organization. This makes us a "data processor" for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include: 

  • Allowing you to access and use the 7shifts Application; 
  • Providing you with assistance (including technical assistance) in relation to your use of the 7shifts Application; 
  • Personalizing and optimizing your experience of the 7shifts Application and providing you with software updates; and 
  • Ensuring compliance with the terms of our agreement with your organization. 

However, there may be certain circumstances under which we use your Personal Data for purposes that are not on behalf of your organization or in accordance with instructions of your organization. Under these circumstances, we are a "data controller" for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:

  • Making announcements to you regarding our products and service offerings (see section 5 (" Marketing") below); 
  • Providing you with any service offering outside of the 7shifts Application directly; 
  • Ensuring compliance with our own obligations under applicable law and regulations; 
  • Using your Personal Data to help us to establish, exercise or defend legal claims; and 
  • Analyzing log data/user statistics with the aim of improving the 7shifts Application for all Application Users. 

We may use your Personal Data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see section 12 ("Legal basis for processing your Personal Data"). If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in section 9 ("How can you access, amend or take back the Personal Data that we hold about you"). 

4.2 Former Application Users: 

If we retain your Personal Data once you have left your organization and cease to use your 7shifts Account for our own purposes, we are a "data controller" for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include: 

  • Making announcements to you regarding our products and service offerings (see section 5 ("Marketing") below); 
  • Providing you with any service offering outside of the 7shifts Application directly; 
  • Ensuring compliance with our own obligations under applicable law and regulations; and
  • Using your Personal Data to help us to establish, exercise or defend legal claims. 

We may use your Personal Data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see section 12 ("Legal bases for processing your Personal Data"). If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in section 9 ("How can you access, amend or take back the Personal Data that we hold about you"). 

4.3 Website Users

We use your Personal Data to help us to improve your experience of using our website, for example by analyzing your recent search criteria to help us to present information to you that we think you will be interested in. This makes us a "data controller" for the purposes of the Data Protection Legislation. 

4.4 Phone Users: 

We use your Personal Data to help us to improve our customer experience, for example by analyzing whether the Personal Data we collect is suitable for the purpose of verifying the identity of the caller. This makes us a "data controller" for the purposes of the Data Protection Legislation. 

5 MARKETING 

If you are an Application User or a Former Application User, we may wish to use your Personal Data in order to let you know about, and invite you to participate in, our products and service offerings. We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the delivery of direct marketing to you through digital channels) and, depending on the situation, we'll ask for this via an opt-in in accordance with applicable laws. If you are not happy about this, you have the right to opt out of receiving marketing materials from us and can find out more about how to do so in section 9 ("How can you access, amend or take back the Personal Data that we hold about you?").

If you want to know more about how we obtain consent, please see section 12 ("Legal bases for us processing your Personal Data"). If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time and can find out more about how to do so in section 9 ("How can you access, amend or take back the personal data that we hold about you?") 

6 INFORMATION SHARING & DISCLOSURE 

Where appropriate and in accordance with applicable laws and requirements (and where we use your Personal Data as a data processor on behalf of and under the instructions of your organization in accordance with our obligations under our agreement with your organization), we may share your Personal Data in the following ways. We reserve the right to change providers, vendors, and partners when we deem necessary without prior notice. In all cases we have done our due diligence to ensure those services to not violate this Privacy Policy, and those services are in compliance with privacy regulation. 

  • Your Use: We will display your Personal Data on your profile page and this may be viewed by other persons to whom you are connected within your organization depending on their access level. If you use community services on the 7shifts Application such as messaging, log book, and notes, you should be aware that any Personal Data you provide in these areas may be read, collected, and used by Application Users who access them. Your posts may remain even after you close your account. 
  • Service Providers, Business Partners and third parties: We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve the 7shifts Application (including but not limited to data storage, maintenance services, chat tools, database management, web analytics, payment processing, and improving the features of the 7shifts Application). These third parties may have access to your Personal Data only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. 
  • Other Service Providers, Business Partners and third parties: We may share your Personal Data with our agents or third-party service providers (including professional advisers and telecommunication service providers) which require your Personal Data to provide their services to 7shifts. Such agents and third party service providers will not be permitted to use your Personal Data for any other purpose. 
  • Third-Party Applications: We may share your information with a third-party application with your consent, for example when you choose to access 7shifts through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you before allowing this feature to be employed. 
  • Compliance with Laws and Law Enforcement Requests: We may disclose to parties outside 7shifts, Files stored in your 7shifts Application and Personal Data about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; or (b) to protect 7shifts’s intellectual property rights. If we provide your Files to a law enforcement agency as set forth above, we will remove 7shifts’s encryption from the files before providing them to law enforcement. 
  • Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your Personal Data may be transferred as part of that transaction, but we will notify you and/or your organization (for example, via email and/or a prominent notice on our website) of any change in control or use of your Personal Data or Files, or if either become subject to a different Privacy Policy. 
  • Non-private or Non-Personal data: We may disclose your non-private, aggregated, or otherwise non-personal data, such as usage statistics of the 7shifts Application. 
  • List of service provider types and locations:
    • Infrastructure, hosting, and data storage: USA & Canada
    • SMS, Push, Email providers: USA
    • Sales and Marketing tools: USA, Ireland
    • Payment Processing and Contract Storage: USA

7 HOW DO WE SAFEGUARD YOUR PERSONAL DATA?

 We are committed to taking all reasonable and appropriate steps to protect the Personal Data that we hold from misuse, loss, destruction or unauthorized access. We do this by having in place a range of appropriate technical and organizational measures. These include measures to deal with any suspected data breach. If you enter payment details onto our payment pages, we encrypt the transmission of that information using secure socket layer technology (SSL) and Transport Layer Security (TLS) which is PCI DSS compliant. All call recordings that we (or our third-party service providers) collect and store are encrypted. 

8 HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR? 

We will not keep your Personal Data for longer than we are permitted to do so under our agreement with your organization or as is necessary for the purposes for which we have collected it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements. 

When we are no longer permitted under our agreement with your organization or it is otherwise no longer necessary to retain your Personal Data, we will delete the Personal Data that we hold about you from our systems. While we will endeavour to permanently erase your Personal Data once it reaches the end of its retention period, some of your Personal Data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again. 

All Call Recordings are stored for a maximum of 1 year from the date of collection where after they are automatically deleted. 

9 HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT WE HOLD ABOUT YOU? 

You have various rights in relation to the Personal Data that we hold about you. If you are an Application User and you wish to make a request in relation to our use of your Personal Data for the purposes of providing the Service to your organization (and in respect of which we are a data processor), please contact your organization, the data controller, in the first instance to handle your request. If you contact us, we will refer your request to your organization. If you are an Application User and you wish to make a request in relation to our use of your Personal Data which is unconnected to your organization or you are a Former Application User or a Website User, please contact us and we will handle your request. 

The Data Protection Legislation gives you the following rights in relation to your Personal Data: 

  • Right to object: this right enables you to object to us processing your Personal Data 
  • Right to withdraw consent: Where we have obtained your consent to process your Personal Data for certain activities (for example, sharing your information with a third-party application), you may withdraw this consent at any time. For certain activities this may require you having to cancel your 7shifts account due to the nature of the Service. For example, opting out of our notifications makes the 7shifts Application impossible to use.
  • Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. You may also request a copy of the information we hold about you. 
  • Right to erasure: You have the right to request that we "erase" your Personal Data in certain circumstances. We will try to delete your Personal Data quickly upon request and if desired make it available to you. While we will endeavour to permanently erase or return your Personal Data upon request, some of your Personal Data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this Personal Data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again. We may retain and use your Personal Data if we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements. If you are an Application User connected with an organization, we shall not delete or edit your Personal Data without the approval of your organization. 
  • Right to restrict processing: You have the right to request that we restrict our processing of your Personal Data in certain circumstances, for example if you dispute the accuracy of the Personal Data that we hold about you or you object to our processing of your Personal Data for our legitimate interests. If we have shared your Personal Data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your Personal Data . 
  • Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete Personal Data that we hold about you, including by means of providing a supplementary statement. If we have shared this Personal Data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete Personal Data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
  • Right of data portability: If you wish, you have the right to request that we transfer your Personal Data to another third party. To allow you to do so, we will provide you with your Personal Data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the Personal Data for you. This right of data portability only applies to certain types of Personal Data. 
  • Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. 

10 HOW DO WE STORE AND TRANSFER YOUR PERSONAL DATA INTERNATIONALLY?

In order for us to carry out the functions described in this Privacy Policy (for more details, please see section 4 ("How do we use your Personal Data?") your Personal Data is processed by us (or our third party service providers) outside of the European Economic Area (EEA). Our primary, encrypted data storage is located in the United States of America, with encrypted backups in Canada. All data transferred in and out of the 7shifts Application are encrypted securely end-to-end.

11 COOKIES

7shifts uses cookies in providing the Website and Service. For more information on how we use cookies and how to opt out, please see our Cookie Policy, which is available at: https://www.7shifts.com/cookie-policy

12 LEGAL BASES FOR US PROCESSING YOUR PERSONAL DATA 

Where we process your Personal Data as a data processor on behalf of and under the instructions of your organization, your organization is responsible for ensuring that there is a legal basis for us processing your Personal Data on their behalf. 

Where we process your Personal Data as a data controller, we need to ensure that there is a legal basis to justify our processing of your Personal Data . There are a number of different ways that we are lawfully able to process your Personal Data. We have set these out below. 

12.1 Where processing your Personal Data is necessary for us to carry out our obligations arising from any contracts entered into between you and us 

We process certain Personal Data where it: "is necessary for the performance of a contract to which [you] are a party.”  If you enter into a contract with us in relation to any service offerings outside of the 7shifts Application, including our Terms of Service, we may process certain Personal Data about you in order to perform our obligations under this contract. 

12.2 Where processing your Personal Data is within our legitimate interests 

We can process certain Personal Data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of Personal Data." We may process your Personal Data for the purposes of our legitimate interests to enforce the Terms of Servicer and to analyze log data/user statistics to improve the 7shifts Application for all Authorized Users.

12.3 Where you give us your consent to process your Personal Data 

In certain circumstances, we will seek to obtain your opt-in consent before we undertake certain processing activities with your Personal Data. 

We will obtain your opt-in consent where necessary prior to sharing your Personal Data with third party applications and carrying out certain marketing activities. As and when we introduce these particular processing activities, we will provide you with more information so that you can decide whether you want to opt-in. You have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found above at section 9 ("How can you access, amend or take back the Personal Data that we hold about you"). 

13 WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA AND CONTACT INFORMATION 

If you would like further information about how we handle your Personal Data, who our Data Processing Officer is, if you have any concerns regarding this Privacy Policy or if you wish to exercise your legal rights, please contact support@7shifts.com. Please outline to us your concerns and our legal team or 7shifts representative will be in touch to discuss the matter.