Personal Data Protection
1. Information & GDPR
Contact SHYFTER SA, hereinafter referred to as SHYFTER, is a company active in the HR and scheduling management sector offering a service or performance involving the processing of personal data on behalf of another organization (company, business, and/or firm). Our services are used to collect information for commercial and marketing purposes by the organization itself and/or by SHYFTER at the request of this organization, in accordance with the General Terms and Conditions of Sale (GTC) included in the commercial contract that binds us to this same organization. The data is essential and directly related to our services. However, our most valuable capital is the trust of our clients.
Protecting client data and using it in accordance with their expectations is our highest priority. For this reason, the following notes on data protection have been written to inform you about the processing of your personal data and your rights regarding this processing, in accordance with the General Data Protection Regulation (“GDPR”) and additional data protection laws.
2. Data Protection Officer
The personal data that you share with us, directly or indirectly, explicitly or in an automated manner, are collected and processed by: SHYFTER SA – Data Protection Officer – Rue des 30 Boulevard de Waterloo 1000 Brussels, VAT BE 0720.922.212. You can contact our Data Protection Officer at any time using the above contact details or by email: rgpd@shyfter.co
3. Processing of Your Data by SHYFTER
As a processor, SHYFTER commits to respecting the obligations of the processor to protect the security and confidentiality of the data and that the use of your data can only be done on instruction of the data controller, namely the organization (company, business, and/or firm) using our services under a commercial contract. SHYFTER commits to offering sufficient guarantees regarding the implementation of appropriate technical and organizational measures in such a way that the processing meets the requirements of this European regulation (Article 28) and guarantees the protection of the rights of the concerned person.
Any organization responsible for processing through our services has its own General Data Protection Regulation (“GDPR”). SHYFTER invites you to contact the organization directly to become familiar with it.
By using our services, the contracted organization accepts our GDPR privacy policy. We reserve the right, at our sole discretion, to modify, add or remove parts of this policy at any time.
3.1 What Data is Collected and Processed by SHYFTER?
SHYFTER collects and processes through its services the following categories of personal data: – Identification and contact data, such as your name, first name, postal address, email address, language preference, gender, date of birth, telephone and/or mobile number, your photo or other data required by the client. Shyfter will in principle refrain from processing sensitive data (special categories of personal data such as your religious beliefs). If this is exceptionally the case, your explicit consent will be requested for this purpose.
3.1.1 HOW DOES SHYFTER OBTAIN THIS DATA? Through client registration.
- Via the contact form on our website
You can use the contact form on our website (https://shyfter.co/fr/nous-contacter/) to contact us with any questions. The personal data you enter on the contact form will only be processed for the purpose of responding to your request and only if you have given your consent to the data processing.
- Via the use of our services
Shyfter collects and processes your personal data through services. Our services are made available to organizations (companies, businesses, and/or firms) for which you have given your consent and which will use your data for commercial and marketing purposes. When using our services with our clients, you may be asked for your data based on your identity card; this information will be added to our database. By giving your identity card, you accept our GDPR privacy policy, and you authorize us to use your private data within the framework of our various services. Your data may be used for mailing and/or SMS sending.
- Via the contracted organization
All information or data already available to the contracted organization may be added to our database. For all photos taken at the physical sites of our clients, when you look at the camera, you give your consent to the same client and/or their partners for the use of this photo on various digital or handwritten supports.
3.1.2 WHY DOES SHYFTER PROCESS THIS DATA?
We process the personal data that we collect on behalf of another organization (company, business, and/or firm) for the purpose of engaging in a contract, honoring it, and activating your account.
Shyfter collects, records, and processes personal data:
- Comments, suggestions, or other information.
(i) to provide you with the products and services for which you have registered (such as schedule management, contract management, etc.) and to be able to ensure customer administration and problem management in this regard; (ii) to inform you via email or other channels about the products and services, including actions and promotions, that our clients offer or that are offered by commercial partners of these same clients (in the latter case, only with your consent); (iii) to enable Shyfter and/or its clients to best adapt their communication and their products and services to your preferences and thus provide you with tailored information, based on, among other things, your availability; (iv) to be able to respond to your remarks and/or questions regarding the use of our products or services; (v) to be able to follow up on customer satisfaction; (vi) to help ensure the security of our clients and employees (via a security system); (vii) to fulfill our legal obligations, particularly in accounting and tax matters; (viii) for (general) market research and analysis of the functioning and use of the website and mobile applications.
The processing for the purposes mentioned in points (i), (iv), and (vii) is necessary for the conclusion or execution of our contract with the client. The processing for the purposes mentioned in points (ii), (iii), (v), and (vi) above is necessary for our legitimate interests in improving and promoting our products and services, as well as ensuring a personalized experience for our clients.
Shyfter may use your personal data to contact you directly, by post, telephone, or electronically (for example, by email or SMS). In the case of communication by email, you will always have the option to “unsubscribe”.
4. How Long Does Shyfter Keep Personal Data?
SHYFTER keeps your personal data only for the duration necessary for the purposes described above and the commercial contract established with the organization. The provision of data is essential to engage in a contract with our clients and to process your registration as a client with them.
Thus, the information is in principle only kept for the duration of the commercial contract that binds us to the client. This avoids the retention of outdated information. We keep certain data for a period of 10 years, but only for evidence in the event of disputes or to respond to a legal request from a public authority.
At the end of the applicable retention period, the data is erased or made anonymous.
5. Does SHYFTER Transfer Personal Data?
SHYFTER, through its services, collects information on behalf of another organization (company, business, and/or firm). In accordance with the GTC (General Terms and Conditions of Sale) – “7. Database: The database generated by SHYFTER and its services will be made exclusively available to the signatory of the contract, who will be the sole responsible for it.”
We share the personal data that you have explicitly communicated to us and other non-automated data only with other parties if we have obtained your explicit consent for this purpose, unless we are required to do so under a legal provision, a request from a public authority, or a judicial decision.
In principle, your personal data is not processed outside the European Union, and we ensure as much as possible that our “subcontractors” also respect this principle. If, in exceptional cases, they nevertheless process your personal data outside the EU, we ensure, via contractual or other measures, that these data benefit from an adequate level of protection comparable to the level of protection applied within the EU.
6. Your Rights Regarding Your Personal Data
As a data subject, you can contact our Data Protection Officer at any time with an informal notification using the contact details provided above (2. Data Protection Officer) to exercise your rights in accordance with the GDPR.
These rights are as follows:
The right to obtain information about the processing of data and a copy of the processed data (right of access, Art. 15 GDPR), The right to require the correction of incorrect data or to complete incomplete data (right to rectification, Art. 16 GDPR), The right to require the erasure of personal data and, if the personal data has been made public, the obligation to inform other data controllers about the request for erasure (right to erasure, Art. 17 GDPR), The right to require the restriction of data processing (right to restriction of processing, Art. 18 GDPR), The right to obtain the personal data concerning the data subject in a structured, commonly used, and machine-readable format and to request the transfer of these data to another data controller (right to data portability, Art. 20 GDPR), The right to object to the processing of data for the purpose of ending it (right to object, Art. 21 GDPR), The right to withdraw a given consent and to end the data processing based on your consent at any time. The withdrawal will not affect the legality of the processing based on consent before its withdrawal (right to withdraw consent, Art. 7 GDPR). The right to file a complaint with a supervisory authority if you believe that the data processing constitutes an infringement of the GDPR (right to file a complaint with a supervisory authority, Art. 77 GDPR).