SHIFT.ORG INC.

PRIVACY STATEMENT

LAST UPDATED: DECEMBER 10, 2019

Thank you for choosing to be part of our community at Shift.Org Inc. (“Shift”, “we”, “us”, or “our”). We are committed to protecting your Personal Information and your right to privacy. If you have any questions or concerns about our statement, or our practices with regards to your Personal Information, please contact us at info@shift.org. This privacy statement is incorporated by reference into the Terms of Service (the “Terms of Service”) When you visit our website ("the Website") and use our services, you trust us with your Personal Information. In this privacy statement, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. If there are any terms in this privacy statement that you do not agree with, please discontinue the use of our Website or our services. By using the Website, you authorize Shift to process Personal Information, and collect, use and disclose information as described in this privacy statement. For purposes of this statement, Personal Information means any information relating to an individual from which that person is or can be directly or indirectly identified ("Personal Information").

PERSONAL INFORMATION WE COLLECT

We collect different types of information that may contain your Personal Information, such as:

By using our Website, you consent to the collection of categories of Personal Information specified above. If we determine to use your Personal Information for any other reason not specified above, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no. At any time, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information by contacting us at info@shift.org or mailing us at: Shift.org Inc., 660 4th Street, #700, San Francisco, CA, 94107, United States.

HOW WE COLLECT PERSONAL INFORMATION

Customer Support. The Website may collect Personal Information through your communications with a Shift support team member.

Location and Device Information from Your Mobile Device. Shift collects and stores your location and device information, including persistent identifiers, such as device identification numbers and/or your Internet Protocol (IP) address, which is the number automatically assigned to your smartphone/computer whenever you access the Internet and that can sometimes be used to derive your general geographic area. Shift will also collect your geo-location. This data is derived from location services on your phone. We use this information for the legitimate purpose of improving the Website and our services by improving the Shift platform by refining device information related to the collection of data for your experiments, and developing product features, optimizations, and enhancements. We also use this information to provide you with customized offers from us.

Cookies, Automatic Data Collection, and Related Technologies. The Website collects and stores information that is generated automatically as you use it, including your preferences and anonymous usage statistics.

When you use the Website, we and our third-party service providers may receive and record information on our server logs from your browser, including your IP address, and from cookies and similar technology. Cookies are small text files placed in a user’s computer browser to store the user’s preferences. Most browsers allow you to block and delete cookies. However, if you do that, the service may not work properly. You can usually find out information about how to delete cookies on your browser through a “help” menu.

Below is a list of cookies that we currently use. In the event you'd like to opt-out, please email us at info@shift.org

Analytics Services. Shift may use third-party tools to collect and aggregate anonymous information about how users interact with the Website by their use of cookies, web beacons, and other technologies, and we use this aggregated information to adapt, modify and/or improve the Website for the benefit of our users and partners. If you do not wish to have these tools collect anonymous information about your activities on the Website then you should not use the Website.

Social Sign-On. The Website collects Personal Information from social media websites when you opt in to use that social media website’s credentials to log into the Website. For example, when you log in with your Facebook credentials, Shift collects the Personal Information you have made publicly available in Facebook, such as your name, and email address.

HOW WE USE YOUR INFORMATION

Shift uses Personal Information to:

Internal and Website-Related Usage. We use information, including Personal Information, for the legitimate purpose of improving the Website. For example, if you create a Shift account, we may store and use the information you provide during that process, such as your full name, email address, zip code, physical address, and other information you may provide with your account, such as your phone number, preferred location(s) for opportunities. We may disclose your first name and last name, as well as other content you submit through the registration process, as part of your account profile and to our business partners which only pertain to relevant opportunities for you. You can modify some of the information associated with your account through your profile and account settings. If you believe that someone has created an unauthorized account depicting you or your likeness, you can request its removal by emailing us at info@shift.org.

We may also store information about your use of the service, such as the pages you view, the date and time of your visit, opportunities you are interested in, and transactions you make through the service. We may also store information that your computer or mobile device may provide to us in connection with your use of the service, such as your browser type, type of computer or mobile device, browser language, IP address, advertising identifier, and location. You may be able to limit or disallow our use of certain location data through your device or browser settings, for example by adjusting the "Location Services" settings on your device.

Communications. We will communicate with you by email using the email address you provide to us to verify your account and for informational and operational purposes, such as account management, and system maintenance.

Marketing. We use information, including Personal Information, for the legitimate purpose of providing you advertising and marketing via the Website.

You may opt out of receiving certain marketing materials from Shift by sending an email to info@shift.org.

HOW WE SHARE YOUR PERSONAL INFORMATION

We may share your information:

Vendors and Service Providers. We share information with our vendors and service providers who provide administrative and technological support for our services. Those vendors and service providers are under contractual obligations to us maintain the confidentiality of your Personal Information that we disclose to them and only use the Personal Information at our direction.

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your Personal Information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your Personal Information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this privacy statement or our website’s Terms of Service.

Marketing. We do not rent, sell, or share your Personal Information with other people or nonaffiliated companies for their direct marketing purposes without your consent. We may, however, allow access to other data collected by the Website to enable the delivery of online advertising on and through the Website, or otherwise facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you. For example, we may target advertising towards you based upon your Personal Information without sharing your Personal Information with a third party. If you respond to such advertising, then the third party may deduce that you meet certain characteristics (e.g., you are a woman between the ages of X and Y). In all cases, Shift may market our services to you directly, and such third party advertisers may also market their services to you directly. Information collected through the Website shall be available to us and to such third parties subject to this privacy statement.

As Required By Law and Similar Disclosures. We may access, preserve, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect yours’, ours’ or others’ rights, property, or safety.

Merger, Sale, or Other Asset Transfers. If Shift is involved in a change in control, merger, acquisition, financing due diligence, or reorganization, bankruptcy, receivership, sale assets, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information.

We may also disclose your Personal Information with your permission and to fulfill your requests.

SECURITY

Shift has administrative and technological measures in place to protect information, including Personal Information in our care. We use various safeguards such as SSL, data encryption, obfuscation of personal identifiable information (such as email address, IP Address, etc.), internal and external data security processes and procedures to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet or via mobile device, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Our payment solution is hosted with Stripe. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Stripe's data storage, databases and the general Stripe application. They store your data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read the Terms of Service here or privacy statement here.

RETENTION

We will retain Personal Information while you maintain an account with us. Should you delete your account, we will retain your Personal Information only as necessary to protect our legal rights, and the rights of other users.

CHILDREN

We do not knowingly solicit or receive information from children under the age of 16. Please contact us promptly if you believe we might have collected any information from a child under the applicable age of consent in your country, so that we may appropriately investigate and address the issue.

LINKED WEBSITES

We may provide hyperlinks to other sites for your convenience that are not covered by this statement. If you click on any such hyperlink, we recommend that you read the relevant privacy notice to make sure you are comfortable with the applicable privacy and data security practices that govern, which may be different than as described in this statement.

INTERNATIONAL USERS

By using the Website, you will transfer data to the United States.

By choosing to visit the Website or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this privacy statement will be governed by the law of the State of California and the dispute resolution provisions set forth in the Terms of Service.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information you consent to any transfer and processing in accordance with this privacy statement.

If you wish to withdraw your consent for the use and sharing of your Personal Information pursuant to this privacy statement, then you will need to terminate your account and cease all use of the Website. You can deactivate your account by sending an e-mail to info@shift.org or mailing us at: Shift.org Inc. 660 4th St, #700, San Francisco, CA, 94107, United States.

If you reside in the European Union, you have certain rights under the EU General Data Protection Regulation in regards to your Personal Information. These include the following rights:

If you wish to exercise these rights, please email us at info@shift.org. If you make a request, we have one month to respond to you.

YOUR CALIFORNIA PRIVACY RIGHTS

Under the California “Shine The Light” law, California residents may opt out of our disclosure of Personal Information to third parties for their direct marketing purposes. You may choose to opt out of this sharing at any time by submitting a request to info@shift.org. This opt out does not prohibit disclosures made for non-marketing purposes or for marketing by Shift.

CHANGES TO OUR PRIVACY STATEMENT

We reserve the right to modify this privacy statement at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this statement, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. You agree to be bound by such modifications or revisions. Nothing in this privacy statement shall be deemed to confer any third-party rights or benefits.

If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any Personal Information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at info@shift.org or by mail at Shift.org Inc. 660 4th St, #700, San Francisco, CA, 94107, United States