Privacy and cookie policy

Shift2 respects your privacy and treats your personal data with care. We treat and secure your data with the utmost care and process it only in accordance with applicable laws and regulations.

What personal data we process 

We capture personal data as soon as you contact us, for example, when you: 

  • enters into an agreement with us;
  • you subscribe to our newsletter;
  • attend one of our events;
  • attend a training course;
  • uses our services;
  • You show interest through a form or contact prompt. 

Personal data we (may) process: 

  • First and last name
  • Gender
  • Address details
  • Phone number
  • Email address
  • IP address
  • Other personal data you actively provide (e.g. via profile creation or telephone contact)
  • Location details
  • Activities on our website
  • Surfing behavior across different websites
  • Internet browser and device type 

Use of photo and video material during events 

During events that we organize, photographs or video recordings may be made. We sometimes use this footage in our communications, such as on social media, our website or in newsletters. We always do this with respect for your privacy. Do you not want to be (recognizable) in the picture? Please let one of our colleagues know in advance or during the event. In some cases we also ask explicit permission, for example via a registration form or permission list on site. 

Special and/or sensitive personal data 

Our website and/or service does not intend to collect information about visitors under the age of 16 without parental consent. Do you believe we have collected personal information from a minor without consent? Please contact us at contact@shift2.nl, and we will remove this information. 

For what purpose we process personal data 

We process your data for: 

  • Sending our newsletter;
  • Being able to call or email for our services;
  • Informing about changes to services/products;
  • Improving the website through behavior and preference analysis. 

Use of anonymized data for advice and improvement 

 In order to advise you better and continuously improve our services, we analyze anonymized usage data of our services. We use this data, for example, for advice on optimizing usage and performance, and for internal quality improvement. The data contains no personal data and cannot be traced back to specific individuals. 

Automated decision-making 

We do not make decisions based on automated processing that affect individuals. We do use CRM systems for customer management and personal contact. 

How long we keep data 

  • As long as you are a customer + 7 years (due to administration obligations)
  • Direct marketing: as long as you are active or have given consent 

Sharing data with third parties 

We share your data with third parties only when necessary for our services or to comply with legal obligations. We conclude agreements with processors for your security. 

International data processing 

If data is processed outside the EEA, we ensure appropriate safeguards, such as model contracts in line with European Commission requirements. 

Cookies 

We use: 

  • Functional cookies (required, no consent needed)
  • Analytical cookies (such as Analytics - anonymized, no consent required)
  • Social media cookies (permission only)
  • Tracking cookies (permission only) 

See also explanation at veiliginternetten.nl(What are cookies?) or the explanation of the Information Security Service for Municipalities(Cookies on municipal websites - Information Security Service). 

Rights of data subjects 

You have the right to access, correct, delete, object, data portability and withdraw consent. To do so, please contact us at contact@shift2.nl.  

Security 

We take appropriate measures against abuse, loss, unauthorized access and modification. Do you suspect a leak or misuse? If so, please email our CISO at contact@shift2.nl.  

Responsible Disclosure 

We take the security of our systems and users very seriously and are committed to improving it. Despite all precautions, it remains possible that a vulnerability can be found in the systems. To stay one step ahead of malicious actors, we would like anyone who finds a vulnerability in our systems to report it to us. Please see our Responsible Disclosure for this at: https://www.shift2.nl/responsible-disclosure  

Unsubscribe & Complaints 

You can always unsubscribe from communications via the unsubscribe link or contact@shift2.nl. For complaints, you can contact the Personal Data Authority at autoriteitpersoonsgegevens.nl. 

Changes 

We reserve the right to modify this policy. Please check this page regularly for updates.