Privacy Policy

Last updated: 2024-10-14

At CShift AB (“CShift“, “we“, “us“, or “our“), your privacy is important. This Privacy Notice (“Notice“) describes who we are, how we collect, share and use information that can identify you directly or indirectly (“personal information”), and how you can exercise your privacy rights. This Notice applies in general to all instances where we collect and process personal information, whether online or offline. Whenever we collect your personal information, we will either refer you to this Notice and the applicable sections, or we will provide a separate notice.

CShift 

CShift AB has expertise in the intersection of cybersecurity, compliance and cloud. Based in Gothenburg and Stockholm we help customers across the nordics and northern Europe to work more efficiently and effectively with their cybersecurity and compliance in the cloud. 
CShift AB - 559375-6108
Kungsgatan 57
C/O KG57
411 15 Göteborg
Sweden
To ask questions or share comments about this Notice and our privacy practices, contact us at: info@cshift.tech.

CShift as a Data Controller

This Notice applies to personal information in situations where we decide how and why your personal information is to be processed and thus act as a data controller. This Notice does not apply where we are acting merely as a service provider to another organization who decides how and why we process your personal information, in other words, where we act as a data processor.

Who we collect information from

While we are a business-to-business company we process personal information of various categories of individuals in order to function and to maintain relationships with these individuals. We process the personal information of the following individuals:
a. Website visitors
b. Customers,  suppliers, and business partners
d. Employees, contractors, and potential employees
e. Other visitors and individuals we connect with professionally

What kind of personal information we process

In the course of our business activities and providing our services, we process personal information that you provide directly or indirectly to us when using our services or interacting with us in any other situation, including:
  • Identification data, such as your name, online identifier or signature in case of contracting
  • Business contact information, such as your email address and professional phone number
  • Professional information, such as your job title/position and employer
  • Other information you choose to provide to us, for example the purpose of your visit if you visit our office, or any other information when using our electronic means of contact or physical forms when visiting our office.
Collection of personal information through webtracking for website visitors
On the CShift website, certain electronic information is collected using webtracking technologyy. What kind of cookies we use and the purposes for which we use it, is described in our cookie notice:
  • Crumb
    Prevents cross-site request forgery (CSRF)
    Type: Security
    Duration: Session
  • ss_cookieAllowed
    Remember opt-in or opt-out of cookie consent (we still never use any webtracking technology)
    Duration: 30 days
We will never collect tracking data for marketing purposes and we do not make use of performance cookies.

Privacy notice for website visitors

Certain parts of our website will ask you to provide personal information. For example, we will ask you to provide certain personal information (e.g., name, contact details, company name) in order to find out more about our services when using a contact form or our email contact information. We use the personal information from you for the following commercial purposes:
  • To respond to your online inquiries and requests, and to provide you with information and access to resources about the Services that you have requested from us.
  • For the specific purposes stated on any forms on this website.
  • To monitor our website for security purposes to ensure we protect our site and company from hacking, viruses, fraud attempts or other unauthorized access.
  • To send you information about services/products for marketing purposes, in accordance with your marketing preferences.
  • To comply with laws and regulations, under judicial authorization.
Legal Basis
Legitimate Interest. To conduct our business, we normally collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to improve, maintain, provide and enhance our technology and services, communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
Legal Obligation. In some limited cases, we may have a legal obligation to collect personal information from you. We will let you know prior to collection whether the provision of the personal information we are collecting is a statutory or contractual requirement, as well as whether you are obliged to provide it and the possible consequences, if any, of not providing the information.

Privacy Notice for customers, suppliers and business Partners

If you are in a business relationship with us we will collect and use personal information about you in order to manage our business relationship with you. We use the personal information we collect for the following business purposes:
  • General business relationship management within CShift, including contracts for example, to enable us to deliver our services to your company, or to audit our business and provided services.
  • To manage our daily business activities.
  • To manage any queries, complaints or claims relating to the assignements and services you may have for us.
  • To help us conduct our business more effectively and efficiently or check and improve the quality of our products and services.
  • To investigate violations of law or breaches of our policy.
  • To enforce our rights arising from any contracts entered into between you or your company and us.
  • To protect our legal rights, property, or safety of CShift, our customers, our personnel or others or to enable us to take precautions against liability, security issues, hazards or other damages and risks.
  • Where necessary to comply with laws and regulations such as screening against sanctioned parties lists.
Legal Basis
We process this information based on our legitimate interest or as part of performance of contract.

Recruitment

For this group we have separate privacy notices that explain the purposes for processing and is distributed to individuals when recruiting.

Employees

For this group we have separate privacy notices that explain the purposes for processing and is distributed internally only.

Access to your Personal Data and other rights

We try to be as open as we reasonably can about Personal Data that we process. If you would like specific information, just ask us.
You also have a legal right to make a “subject access request”. If you exercise this right and we hold Personal Data about you, we are required to provide you with information on it, including a description and copy of the Personal Data and an explanation of why we are processing it.
If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted.  You may also have the right to be given your data in a machine-readable format for transmitting to another data controller though this right is unlikely to be relevant to you the context of our recruitment processes.
We are unlikely to rely on consent as a ground for processing.  However, if we do, you may withdraw consent at any time — if you do so that will not affect the lawfulness of what personal data processing activities that was carried out before you withdraw consent.
If you have complaints relating to our processing of your Personal Data, please contact info@cshift.tech.
You may also raise complaints with the statutory regulator in your jurisdiction. For instance at www.imy.se in Sweden.