Privacy & GDPR

1.Information and contact

SHYFTER SPRL, hereafter referred to as SHYFTER, is a company active in the HR and planning management sector offering a service or provision involving the processing of personal data on behalf of another body (company, firm and/or firm). Our services are used to collect information for commercial and marketing purposes by the organization itself and/or by SHYFTER on request of this organization, in accordance with the GTC (General Terms and Conditions of Sale) included in the commercial contract that unites us with this same organization. The data are essential and directly related to our services. However, our most precious capital is the trust of our customers.

The protection of customer data and their use in accordance with their expectations are of the highest priority for us. For this reason, the following notes on data protection have been drawn up to inform you about the processing of your personal data and your rights regarding such processing, in accordance with the General Data Protection Regulations (“GDPR”) and additional data protection laws.


2. Data Protection Officer

Personal data that you share with us, directly or indirectly, explicitly or automatically, are collected and processed by: 

SHYFTER SPRL – Data Protection Officer – 44 Rue des Palais, 1030 Brussels, under the VAT number BE 0720.922.212. You can at any time contact our data protection officer via the contact details above or by e-mail: [email protected]


3. Processing of your data by SHYFTER

As a subcontractor, SHYFTER undertakes to respect the obligations incumbent on the subcontractor to protect the security and confidentiality of the data and that the use of your data can only be done on the instructions of the person in charge of the treatment, namely the organization (company, firm and/or firm) using our services under commercial contract. SHYFTER undertakes to offer sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the processing meets the requirements of this European Regulation (Article 28) and guarantees the protection of the rights of the data subject.

Any body responsible for processing through our services has its own General Data Protection Regulations (“GDPR”). SHYFTER invites you to contact the organization directly to take note of them.

By using our services, the organization under contract, accepts our Privacy Policy of RGPD. We reserve the right, at our sole discretion, to modify, add or remove portions of this policy at any time.


3.1 What data is collected and processed by SHYFTER?

SHYFTER can collects (not mandatory) and processes through its services the following categories of personal data: Identifying and contact data, such as your name, first name, postal address, e-mail address, language preference, gender, date of birth, telephone and/or mobile phone number, photo or other data required by the customer. Shyfter will in principle refrain from processing sensitive data (special categories of personal data such as your religious beliefs). In exceptional cases, however, your explicit consent will always be requested for this purpose.

3.1.1 How does Shyfter obtain this data?

By registering the customer.

– By the contact form on our website

You can use the contact form on our website ( in order to contact us for all your questions. The personal data that you have entered on the contact form will only be processed for the purpose of answering your request and only on condition that you have given your consent to the processing of the data.


– Through the use of our services

Shyfter collects and processes your personal data via services. Our services are made available to organisations (companies, firms and/or firms) for which you have given your consent and which will use your data for commercial and marketing purposes.

When using our services with our customers, you may be asked for your data on the basis of your identity card, this information will be added to our database.

By giving your identity card, you accept our RGPD privacy policy and you authorize us to use your private data in the context of our various services. Your data may be used for sending mailings and/or sms.



– By the organization under contract

Any information or data already at the disposal of the organization under contract can be added to our database.

For all photos taken on the physical sites of our clients, when you look at the lens, you give your agreement to this same client and/or these partners for the use of this photo on the various digital or handwritten supports.


3.1.2 Why does SHYFTER process these data?


We will process the personal data that we collect on behalf of another organization (company, firm and/or firm) in order to commit ourselves to a contract, to honor it and to activate your account.

Shyfter collects, records and processes personal data :

– Comments, suggestions or other information.

(i) to provide you with the products and services for which you have registered (such as schedule management, contract management, …) and to be able to provide customer administration and problem management ;

(ii) to inform you via e-mail or other channels about the products and services, including actions and promotions, that our customers offer or that are offered by business partners of those customers (in the latter case, only with your consent);

(iii) to enable Shyfter and/or its customers to adapt their communication and their products and services to your preferences and thus provide you with tailor-made information, based, inter alia, on your availability;

(iv) to be able to respond to your comments and/or questions regarding the use of our products or services;

(v) to be able to track customer satisfaction;

(vi) to help ensure the safety of our customers and employees (via a security system);

(vii) to meet our legal obligations, in particular with respect to accounting and tax matters;

(viii) for the purpose of (general) market research and analysis of the operation and use of the website and mobile applications.

The processing for the purposes mentioned under (i), (iv) and (vii) is necessary for the conclusion or execution of our agreement with the client.

Processing for the purposes mentioned in (ii), (iii), (v) and (vi) above is necessary for our legitimate interests to improve and promote our products and services and to ensure a personalized experience for our customers.

Shyfter may use your personal data to contact you directly, by post, telephone or electronically (e.g. by e-mail or SMS). In case of communication by e-mail, you will always have the opportunity to “unsubscribe”.


4. How long does Shyfter keep personal data?

SHYFTER keeps your personal data only for as long as is necessary for the purposes described above and in accordance with the commercial contract with the organization. The provision of the data is essential in order to engage in a contract with our customers and to process your registration as a customer with them.

Thus, the information is in principle only kept for the duration of the commercial contract that unites us with the customer. In this way, we avoid that information that has become obsolete is retained. We retain certain data for a period of 10 years, but only for the purpose of evidence in the event of disputes or in order to be able to respond to a legal request from a public authority.

At the end of the applicable retention period, the data is deleted or made anonymous.


5. Does SHYFTER transfer personal data?

SHYFTER through its services collects information on behalf of another organization (company, firm and/or firm). In accordance with the GTC (General Terms and Conditions of Sale) – “7. Database: The database generated by SHYFTER and its services, will be put exclusively at the disposal of the signatory of the contract, which will be the only person in charge of it “.

We share personal data that you have explicitly provided to us and other non-automated data with other parties only if we have obtained your explicit consent to do so, unless we are required to do so by law, a request from a public authority or a court order.

In principle, your personal data is not processed outside the European Union and we ensure as far as possible that our “subcontractors” also comply with this principle. If, in exceptional cases, they nevertheless process your personal data outside the EU, we ensure, through contractual or other measures, that this data is provided with an adequate level of protection comparable to the level of protection applied within the EU.


6. Your rights with regard to your personal data

As a data subject, you can contact our data protection officer at any time by means of an informal notification via the contact details given above (2. Data Protection Officer) in order to exercise your rights in accordance with the DPMR.

These rights are as follows:

The right to obtain information about the data processing and a copy of the processed data (right of access, art. 15 DPR),

The right to demand the rectification of incorrect data or the completion of incomplete data (right of rectification, art. 16 RGPD),

The right to demand the deletion of personal data and, in case the personal data has been made public, the obligation to inform the other data controllers about the request for deletion (right of deletion, art. 17 RGPD),

The right to demand the restriction of data processing (right of restriction of processing, art. 18 RGPD),

The right to obtain personal data on the subject of the data in a structured, widely used and computer-readable format and to request the transmission of such data to another data controller (right of data portability, art. 20 DPR),

The right to object to the processing of data for the purpose of terminating it (right of objection, art. 21 RGPD),

The right to withdraw a consent given and to terminate data processing based on your consent at any time. The withdrawal will not affect the legality of the processing based on consent prior to the withdrawal (right to withdraw consent, art. 7 GDR).

The right to complain to a supervisory authority if you consider that the data processing constitutes a breach of the GDMP (right to complain to a supervisory authority, art. 77 GDMP).