Privacy Policy

1. Who we are (Controller)

Shift Group s.r.o., with registered office in Prague, Czech Republic, is the controller of personal data processed through this website. Contact: info@shiftgroup.eu.

2. Data we collect

Contact form: first name, last name, email, and the message you submit. Consent records: a hashed (non-reversible) form of your IP, your user agent, your cookie choices, language, and timestamp — kept as a legal audit trail. Server logs: standard request data such as IP, user agent, and URL, retained for security and operational purposes only.

3. Why we process it (purposes & legal bases)

Replying to your inquiry — Art. 6(1)(b) GDPR (steps prior to entering into a contract) or 6(1)(f) (legitimate interest in answering your message). Cookies and consent logging — Art. 6(1)(a) GDPR (consent), with the consent record retained on the basis of Art. 6(1)(c) (legal obligation to demonstrate consent). Site security and abuse prevention — Art. 6(1)(f) GDPR (legitimate interest).

4. Who receives your data (processors)

We use Lovable Cloud (powered by Supabase) as our hosting and database processor. They process data only on our documented instructions under a Data Processing Agreement. We do not sell or share personal data with advertisers, brokers, or other third parties.

5. International transfers

Our infrastructure is hosted in the European Union. Where any sub-processor is located outside the EEA, transfers are protected by Standard Contractual Clauses or an adequacy decision under GDPR.

6. How long we keep it

Contact submissions: up to 24 months from last contact, then deleted. Consent records: up to 24 months after withdrawal/expiry. Server logs: 90 days.

7. Your rights under GDPR (EU/EEA/UK residents)

You have the right to: access your data; have it corrected; have it erased; restrict processing; object to processing based on legitimate interests; receive your data in a portable format; withdraw consent at any time (without affecting processing already done); and lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ — uoou.gov.cz) or your local supervisory authority.

To exercise these rights, email info@shiftgroup.eu. We respond within 30 days.

8. Your rights under CCPA/CPRA (California residents)

If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; delete personal information we hold about you; correct inaccurate personal information; opt out of the "sale" or "sharing" of personal information; limit the use of sensitive personal information; and not be discriminated against for exercising these rights.

We do not sell personal information and we do not share it for cross-context behavioral advertising. To submit a request, email info@shiftgroup.eu. We will verify your identity using the email you provide. You may use an authorized agent.

9. Children

Our site is not directed to children under 16, and we do not knowingly collect their personal data. If you believe we have, please contact us and we will delete it.

10. Security

We use industry-standard safeguards: encryption in transit (TLS), access controls, role-based permissions, and audit logging. No system is perfectly secure, but we work continuously to protect your data.

11. Changes to this policy

When we make material changes, we update the date above and — for cookie-related changes — re-prompt you for consent.

12. Contact

Questions or requests: info@shiftgroup.eu.