OnShift
Products Privacy Policy
OnShift, Inc. (collectively with its subsidiaries, “OnShift,”
“the Company,” “we,” “us,” and “our,”) respects your privacy and is committed
to protecting your privacy through our compliance with this privacy policy (the
“Policy”). This Policy should be read in conjunction with our products’ Terms of Use,
into which this Policy is incorporated by reference. If you are an employee of
an OnShift customer company, you further agree to comply with your employer’s
policies, procedures or agreements regarding the use of your personal
information with our products.
This Policy describes:
·
The types of information we
collect from you or that you may provide when you use any product in the
OnShift suite of products, which includes, but is not limited to OnShift
Schedule, OnShift Engage, OnShift Wallet, OnShift Employ, OnShift Text2Hire, OnShift
Insight, OnShift Hire and OnShift’s Payroll-Based Journal reporting software (individually,
the “Product,” collectively, “the Products”).
·
Our practices for collecting,
using, maintaining, protecting, and disclosing that information.
Please read this Policy carefully to understand our
practices regarding your information and how we will treat it. If you do not
agree with our policies and practices, then please do not use our Products. By
using our Products, you agree to the terms of this Policy. This Policy may change from time to time (see
below, “Changes to this Policy”). Your continued use of our Products after we
make changes is deemed to be acceptance of those changes, so please check the
Policy periodically for updates.
What We Collect and How We Collect It
To ensure that we provide you with the best possible experience, we will store, use, and share information about you in accordance with this Policy.
Information You Provide to Us
Personal Information is any information that can be used to individually identify you from a larger group such as data including, but not limited to, your:
· First and last name
· Address number, city, state, zip code
· Date of birth
· Driver’s license
· Social security number
· Telephone number (home and mobile)
· Email address
· Username/login name
· Password
· Photo of your image or likeness
In some cases, the nature of your assigned duties may require that you provide Personal Information relating to individuals other than yourself (such as other employees). Before providing any Personal Information to us, it is your responsibility to obtain the appropriate consent and authorization, to include compliance with any employer policies.
In using the Products, you may provide us Personal Information when you:
The information that you provide in each case will vary. In some cases, we may assign to you a username (“UID”) and ask that you create a password that should only be known to you. In addition, some users may have the opportunity to log into the Products using a third party authentication system (e.g. their Facebook account). In these instances, OnShift may receive certain Personal Information, such as email addresses, from such third party directly.
Important Notice About Health Information. OnShift is not a healthcare provider, payer or clearinghouse. OnShift is a business that provides commercial business-to-business software as a service (“SaaS”) applications and proactive services to solve workforce challenges in healthcare. Unless otherwise established in an agreement between OnShift and a regulated Covered Entity (i.e., a doctor, pharmacy, or insurer) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), OnShift does not collect “Protected Health Information” as defined under HIPAA.
Important Notice About Consumer Information. OnShift may collect Personal Information, with your consent, to be used by OnShift’s trusted third-party partners to complete background checks as ordered by OnShift customers. OnShift is not a “consumer reporting agency” or “reseller” as those terms are defined under the Fair Credit Reporting Act (“FCRA”). OnShift does not process, assemble, or merge any Personal Information to create or modify any consumer report. Furthermore, OnShift plays no role in any eligibility determination based on the Personal Information processed as part of the background check process ordered by OnShift customers. Accordingly, the FCRA does not apply to OnShift’s processing of Personal Information as described in this Policy. Regardless, your Personal Information will be processed by OnShift in accordance with this Policy unless otherwise agreed in writing.
Automated
Information Collection
In addition to the information that you provide to
us, we may also collect information about you during your use of the Products.
We collect this information using automated tools that are detailed below.
These tools may collect information about your behavior and your computer
system, such as your internet address (IP Address), the pages you have viewed,
and the actions you have taken while using the Products. Some of the tools we
use to automatically collect information about you may include:
(a) Cookies. A “cookie” is a small data file transmitted
from a website to your computer’s hard drive.
Cookies are usually defined in one of two ways, and we may use both of
them:
(1) session cookies, which do not stay on your computer after you close your
browser, and
(2) persistent cookies, which remain on your computer until you delete them or
they expire.
We use the following categories of cookies on in our Products.
i. Strictly Necessary Cookies. These cookies are essential
in order to enable you to use the Products’ feature. Without these cookies,
services you have requested, such as maintaining a record of your shift
schedules, cannot be provided.
ii. Performance Cookies. These cookies collect
anonymous information on how people use our Products to help us understand how you
use our Products and highlight areas where we can improve, such as navigation.
The data stored by these cookies never shows personal details from which your
individual identity can be established.
iii. Functionality Cookies. These cookies remember choices you make such
as the country from which you use our Products, your screen layout preferences,
and your search parameters. This information can then be used to provide you
with an experience more appropriate to your selections and to make your use of
our Products more tailored to your preferences. The information in these
cookies may be anonymized. These cookies
cannot track your browsing activity on other websites.
iv. Targeting Cookies or Advertising
Cookies. These cookies collect information about your
browsing habits in order to make advertising more relevant to you and your
interests. They are also used to limit the number of times you see an
advertisement as well as help measure the effectiveness of an advertising
campaign. The cookies are usually placed
by third-party advertising networks.
These cookies remember the websites you visit and that information is shared
with other parties such as advertisers.
One
such trusted third-party partner is HotJar. The Products send aggregated,
non-Personal Information to HotJar for the purpose of providing us with the
ability to conduct technical and statistical analysis on the Products’
performances and better understand how our users interact with our Products.
Another
trusted third-party partner is Google Analytics. The Products send aggregated,
non-Personal Information to Google Analytics for the purpose of providing us
with the ability to conduct technical and statistical analysis of the Products’
performances. For more information on
how Google Analytics supports our Products and uses information sent from the Products,
please review Google’s privacy policy available at https://policies.google.com/technologies/partner-sites.
Of
course, if you do not wish to have cookies on your devices, you may turn them
off at any time by modifying your internet browser’s settings. However, by
disabling cookies on your device, you may be prohibited from full use of the Products’
features or lose access to some functionality.
(b) Embedded
Web Links. Links
provided in our emails and, in some cases, on third-party websites may include
tracking technology embedded in the link. The tracking is accomplished through
a redirection system. The redirection system allows us to understand how the
link is being used by email recipients.
Some of these links will enable us to identify that you have personally
clicked on the link and this may be attached to the Personal Information that
we hold about you. This data is used to improve our service to you and to help
us understand the performance of our marketing campaigns.
(c) Third-party
Websites and Services.
We work with a number of service providers of marketing communications
technology. These service providers may use various data collection methods to
improve the performance of the marketing campaigns we are contracting them to
provide. The information collected can be gathered through our Products and
also on the websites where our marketing communications are appearing. For
example, OnShift sends metadata identifying individual users to Pendo.io, Inc.
for detailed usage tracking and marketing analysis.
Your Choices and Selecting Your Privacy
Preferences
We want to
provide you with relevant information that you have requested.
If we provide
subscription-based services, such as email newsletters, we will allow you to
make choices about what information you provide at the point of information
collection or at any time after you have received a communication from us while
you are subscribed. Any transactional or service-oriented messages are usually excluded
from such preferences, as such messages are required to respond to your
requests or to provide goods and services, and are not intended for the
purposes of marketing.
We will not
intentionally send you email newsletters and marketing emails unless you
consent to receive such marketing information. You may opt out of them at any
time by selecting the “unsubscribe” link at the bottom of each email. Please
note that by opting out or unsubscribing you may affect other services you have
requested we provide to you, in which email communication is a requirement of
the service provided.
Any such communications
you receive from us will be administered in accordance with your preferences
and this Policy.
Accuracy and Access to Your Personal Information
We strive to
maintain and process your information accurately. We have processes in place to
maintain all of our information in accordance with relevant data governance frameworks
and legal requirements. We employ technologies designed to help us maintain
information accuracy on input and processing.
Where we can
provide you access to your Personal Information in our possession, we will
always ask you for a username or UID and password to help protect your privacy
and security. We recommend that you keep your password safe, that you change it
periodically, and that you do not disclose it to any other person or allow any
other person to use it.
To view
and change the Personal Information that you have provided to us, you can log in
to your account and follow the provided instructions, or contact us directly
for assistance.
Information
of Minors
We do not intentionally seek to gather information
from individuals under the age of eighteen (18). We do not target any of our Products
to minors, and would not expect them to be engaging with our Products or
services. If we are aware of any Personal Information that we have collected
about minors, we will take steps to securely remove it from our Products and
supporting systems.
How
We Use Your Information
The
information we gather and that you provide is collected to provide you
information and the services you request, in addition to various other
purposes, including, but not limited to:
·
Assisting you with items such as personalized
experiences, facilitation of Product usage, and enforcement of Terms of Use.
·
Identify the results of your responses to polls and
surveys.
·
Preventing malicious activity and providing you
with a secure experience.
·
Providing service and support for services you request.
·
Providing marketing communications that are
effective and optimized for you.
·
Keeping you up-to-date with the latest benefits
available from us.
·
Preventing unwanted messages or content.
·
Measuring the performance of our marketing
programs.
·
Contacting you about services and offers that are
relevant to you.
Consent to Receive Text Messages from
OnShift
In
providing your mobile device or cell phone number, you consent to receive text
messages from OnShift in order to facilitate any services offered through our Products,
including, but not limited to, engagement and communication with employees
to schedule shifts. You also consent to receive phone calls or pre-recorded messages,
including those from automated dialing systems at the mobile device number you
provide. You consent to the use of your mobile device number(s) by OnShift and
its affiliates in accordance with this Privacy Policy and our Terms of Use. You
agree you have the authority and permission to consent to receive such text
messages for all mobile device numbers associated with your account in any of
our Products. You further acknowledge that no purchase is required to opt into
this messaging service, and you may opt out at any time by following
instructions from OnShift and its affiliates in any message you receive and as
described in the Privacy Policy.
To
discontinue receiving SMS messages from OnShift at any time, reply STOP or text
STOP to 79245 in the United States or 79246 in Canada or call 216.333.1353 or
toll-free 800.385.1494. For help, reply HELP or text HELP to 79245 in the
United States or 79246 in Canada.
How We Share Your Information
We do not sell or lease your information to any
third party. We may disclose your Personal Information to our trusted third-party
business partners in accordance with this Policy. We may also share your
information with your employer if the employer is a contracted customer of
OnShift. We also work with a number of partners that help us process your
requests, deliver customer service and support, send email marketing
communications, and provide experiences that you have come to expect from us. For
example, when you participate in polls and surveys, we may share the
information that you provide with Pendo.io and Hotjar to analyze your responses
and aggregate them based on your role or your building location.
We will share your Personal Information with these third
parties in order to fulfill the service that they provide to us. These third-party
partners are under contract to keep your Personal Information secure and not to
use it for any reason other than to fulfill the service we have requested from
them. For example, one of our trusted third-party partners is PayActiv, which
performs some banking services. However, none of the banking information
provided to PayActiv is stored or processed by OnShift. Likewise, if you
provide your credit card information to purchase certain services from the
Products, OnShift will not store or process that information. Instead, any credit card information
collected through the Products will be stored and processed by a trusted third-party
and PCI-DSS compliance vendor, such as Braintree, a division of PayPal, Inc.
Except as described in this Policy, we will not
share your information with third parties without your notice and consent, unless
it is under one of the following circumstances:
·
Responding to duly authorized information requests
from law enforcement or other governmental authorities.
·
Complying with any law, regulations, subpoena, or
court order.
·
Investigating and helping prevent security threats,
fraud, or other malicious activity.
·
Enforcing or protecting the rights and properties
of the Company or its subsidiaries.
·
Protecting the rights or personal safety of the
Company’s employees.
There are circumstances where the Company
may decide to buy, sell, or reorganize its business in selected countries. Under these circumstances, it may be
necessary to share or receive Personal Information with prospective or actual
partners or affiliates. In such circumstances, the Company will ensure your
information is used in accordance with this Policy.
Your
California Rights
Pursuant
to California Civil Code Section § 1798.83, we will not disclose or share your
Personal Information with third parties for the purposes of third-party
marketing to you without your prior consent.
Other
than as disclosed in this Policy, the Products do not track users over time and
across third-party websites to provide targeted advertising. Therefore, the Products do not operate any
differently if it receives Do Not Track (“DNT”) signals from your internet web
browser or device.
With respect to its Products, the extent to which
Company is governed by the California Consumer Privacy Act of 2018 (“CCPA”) may
be dictated by whether Company operates as a “Service Provider” as defined
under CCPA. To the extent that Company is recognized as a Service Provider, it
will abide by the terms of the written contract between Company and any applicable
“business,” such as an employer or other OnShift customer.
If
you are a California consumer, as defined by the California Consumer Privacy
Act of 2018, you may be afforded additional rights with respect to your
“Personal Information” as that term is explicitly defined under California
law. Any Personal Information we collect
is collected for the commercial purpose of effectively providing our services
to you, as well as enabling you to learn more about, and benefit from, our services.
You may exercise each of your rights as identified below, subject to our
verification of your identity.
Access. You may email us at privacy@onshift.com to request a copy of the Personal
Information our Product databases currently contain.
Prohibit
Data Sharing. When applicable, you may prohibit the sharing
of your Personal Information by submitting a request via email to privacy@onshift.com. In your email, please explain how you
wish us to prohibit the sharing of your Personal Information, and which
categories of third parties you want to prohibit from receiving your Personal
Information. When such prohibitions are not possible to provide our services to
you, we will advise you accordingly. You can then choose to exercise any other
rights under this Policy.
Portability. Upon request and when possible, we can
provide you with copies of your Personal Information. You may submit a request
via email to privacy@onshift.com. When such a
request cannot be honored, we will advise you accordingly. You can then choose
to exercise any other rights under this Policy.
Deletion. If you should wish to cease use of our Products
and have your Personal Information deleted from our Products, then you may
submit a request by emailing us at privacy@onshift.com. Upon receipt
of such a request for deletion, we will confirm receipt and will confirm once
your Personal Information has been deleted.
Where applicable, we will ensure such changes are shared with trusted
third parties.
We
do not sell your Personal Information. If we ever decide to sell Personal
Information, we will update you via this Policy and include a link entitled “Do
Not Sell My Personal Information,” to provide you with an opportunity to opt
out of sales of your Personal Information.
In addition to the email address provided above, you may also submit
requests at the following toll-free telephone number: 1-800-385-1494.
In
addition, if a California resident exercises his or her rights under California
law, including the CCPA, we shall not discriminate against that California
resident by denying our goods or services, charging different prices or rates
to similarly situated consumers, providing a different level or quality of our
goods or services, or taking any other adverse action.
Third-party
Websites
This Policy does not apply to websites or other domains that are
maintained or operated by third parties or our affiliates. Our Products may
link to third-party websites and services, but these links are not endorsements
of these sites, and this Policy does not extend to them. Because this Policy is
not enforced on these third-party websites, we encourage you to read any posted
privacy policy of the third-party website before using the service or site and
providing any information.
For
Users Outside of the United States
We do not warrant or represent this Policy or the Products’
use of your Personal Information complies with the laws of any jurisdiction.
Furthermore, to provide you with our services, we may store, process, and
transmit information in the United States and other locations around the world,
including countries that may not have the same privacy and security laws as
yours. Regardless of the country in which such information is stored, we will
process your Personal Information in accordance with this Policy.
For
Product Users in the European Union (“EU”)
Under the General Data Protection Regulation
(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016, or “GDPR”), individuals in the EU are afforded specific rights with
respect to their Personal Information, or “personal data” as defined under the
GDPR. For the purposes of this Policy, Company operates as a data controller.
Any personal data we collect from you is processed in the United States and
under the terms of this Policy.
Any personal data we collect from you is processed
in the legitimate interest of our business and providing our services to you as
the lawful means of such processing. You
may always withdraw your consent to our use of your personal data as described
below. We will only retain your personal data for the time necessary to provide
you the information and services to which you have consented, to comply with
the law and in accordance with your rights below.
The Data Controllers are:
NAME:
OnShift, Inc.
ADDRESS:
1621 Euclid Avenue, Cleveland, OH 44115
EMAIL ADDRESS:
privacy@onshift.com
You can exercise any of the following rights,
subject to verification of your identity, by notifying us as described below:
·
Access. You may email us at privacy@onshift.com to
request a copy of the personal data our Product databases currently contain.
·
Automated Processing and Decision-Making. You may email us at privacy@onshift.com to request that we
stop using your personal data for automated processing, such as profiling. In your email, please explain how you wish us
to restrict automated processing of your personal data. When such restrictions
are not possible, we will advise you accordingly. You can then choose to
exercise any other rights under this Policy, to include withdrawing your
consent to the processing of your personal data.
·
Correction or Rectification. You can correct
what personal data our Product database currently contains by accessing your
account directly, or by emailing us at privacy@onshift.com
to request that we correct or rectify any personal data that you have provided
to us. We may not accommodate a request to change information if we believe the
change would violate any law or legal requirement or cause information to be
incorrect. Where applicable, we will ensure such changes are shared with
trusted third parties.
·
Restrict Processing. When applicable,
you may restrict the processing of your personal data by submitting a request
via email to privacy@onshift.com. In your email, please explain how you wish us
to restrict processing of your personal data.
When such restrictions are not possible, we will advise you
accordingly. You can then choose to
exercise any other rights under this Policy, to include withdrawing your
consent to the processing of your personal data. Where applicable, we will ensure
such changes are shared with trusted third parties.
·
Object to Processing. When applicable,
you have the right to object to the processing of your personal data by
submitting a request via email to privacy@onshift.com.
When such objections are not possible, we will advise you accordingly. You can
then choose to exercise any other rights under this Policy, to include
withdrawing your consent to the processing of your personal data. Where
applicable, we will ensure such changes are shared with trusted third parties.
·
Portability. Upon request and when possible, we can
provide you with copies of your personal data. You may submit a request via
email to privacy@onshift.com. When such a request cannot be honored, we
will advise you accordingly. You can then choose to exercise any other rights under
this Policy, to include withdrawing your consent. Where applicable, we will
ensure such changes are shared with any trusted third parties.
·
Withdraw Consent. At any time, you may withdraw your consent
to our processing of your personal data through the Products by notifying us
via email at privacy@onshift.com.
Using the same email address associated with your Product account, simply type
the words “WITHDRAW CONSENT” in the subject line of your email. Upon receipt of
such a withdrawal of consent, we will confirm receipt and proceed to stop
processing your personal data. Where applicable, we will ensure such changes
are shared with trusted third parties.
·
Erasure. If you should wish to cease use of our Products
and have your personal data deleted from our Products, then you may submit a
request by emailing us at privacy@onshift.com.
Upon receipt of such a request for erasure, we will confirm receipt and will
confirm once your personal data has been deleted. Where applicable, we will
ensure such changes are shared with trusted third parties.
·
Submit Complaints or Questions. If you wish to
raise a complaint on how we have handled your personal data, you can contact us
as described below. If you reside in a European Union member state, you may
also lodge a complaint with the supervisory authority in your country.
Safeguarding
the Information We Collect
We take reasonable technical,
administrative, and physical safeguards in order to protect your Personal
Information against accidental loss and from unauthorized access, use,
alteration, and disclosure. However, we can never promise 100% security. You have a responsibility, as well, to
safeguard your information through the proper use and security of any online
credentials used to access your Personal Information, such as a username and
password. If you believe your credentials have been compromised, please change
your password. Please also immediately notify us of any unauthorized use of
your credentials or Personal Information.
Changes
to this Policy
If we make any changes to this Policy, a
revised Policy will be posted on this screen and the date of the change will be
reported in the “Last Revised” block above. You can get to this screen from any
of our Products by clicking on the “Privacy Policy” link (usually at the bottom
of the screen).
How
to Contact Us
We value your opinions and welcome your
feedback. To contact us about this Policy or your Personal Information, please
contact us at privacy@onshift.com.
Last Revised: June 4, 2020