Privacy Policy

Shiftlify ("we", "our", "us") operates a temporary staffing platform that connects candidates seeking work with clients who need qualified staff for events and shifts. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform, in accordance with the European Union General Data Protection Regulation (GDPR). This policy applies to all users of our platform, including candidates seeking employment opportunities, clients posting events and shifts, and any visitors to our website. By using our services, you acknowledge that you have read and understood this Privacy Policy. We are committed to protecting your privacy and handling your personal data with transparency and care. If you have any questions about this policy or our data practices, please contact us using the details provided at the end of this document.

For the purposes of applicable data protection laws, the data controller responsible for your personal data is: MELIORAPPS INTERACTIVE SRL Mihail Sadoveanu 20/1 Chisinau, MD-2044 Moldova Email: privacy@shiftlify.io We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at privacy@shiftlify.io. We process your data in accordance with the European Union General Data Protection Regulation (GDPR) requirements.

We collect and process various categories of personal data depending on how you interact with our platform: **Account Data** When you register for an account, we collect your name, email address, phone number, and login credentials. For candidates, this also includes date of birth and nationality for employment verification purposes. **Profile Data** Candidates provide additional information including professional qualifications, work experience, employment history, skills, certifications, availability preferences, and optionally a profile photograph. Clients provide company information, contact details, and billing information. **Employment Data** We process data related to your work through our platform, including shift assignments, contract details, time records, attendance data, performance ratings, and payment information. **Usage Data** We automatically collect information about how you use our platform, including pages visited, features used, search queries, and interaction patterns. This helps us improve our services and user experience. **Device and Technical Data** We collect technical information including your IP address, browser type and version, device identifiers, operating system, and timezone settings. We also collect information through cookies and similar technologies as described in the Cookies section below.

We use your personal data for the following purposes: **Platform Operation and Account Management** To create and manage your account, verify your identity, and provide you with access to our platform features. **Matching and Staffing Services** To match candidates with suitable events and shifts based on qualifications, availability, location, and client requirements. This is the core purpose of our platform. **Contract Creation and Management** To generate, manage, and store employment contracts when candidates are assigned to shifts, including tracking contract status and maintaining records. **Payment Processing** To calculate, process, and record payments to candidates for completed shifts, and to bill clients for staffing services rendered. **Communications** To send you important notifications about your account, shifts, schedule changes, and platform updates. We may also send promotional communications where you have consented to receive them. **Legal Compliance** To comply with our legal obligations, including employment law requirements, tax reporting, and responding to lawful requests from authorities. **Platform Improvement** To analyze usage patterns, conduct research, and improve our platform features, security, and user experience. This processing is based on our legitimate interest in providing better services.

We process your personal data based on the following legal grounds: **Contract Performance** Most of our data processing is necessary to perform our contract with you. For candidates, this includes matching you with shifts, creating contracts, and processing payments. For clients, this includes providing staffing services and managing your account. **Legitimate Interests** We process certain data based on our legitimate business interests, such as improving our platform, preventing fraud, and ensuring security. We always balance these interests against your rights and freedoms. **Legal Obligations** We process some data to comply with legal requirements, including employment law obligations, tax reporting requirements, and responding to lawful requests from government authorities. **Consent** Where required by law, we obtain your consent before processing certain data, such as marketing communications or placing non-essential cookies. You can withdraw your consent at any time by contacting us or adjusting your preferences in your account settings. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose.

We share your personal data with the following categories of recipients: **Clients and Candidates** To facilitate staffing services, we share relevant candidate information with clients when candidates are assigned to their events, and we share relevant event information with candidates. This includes contact details, qualifications, and availability. **Payment Processors** We work with secure payment service providers to process candidate payments and client billing. These providers only receive the data necessary to complete transactions. **Government Authorities** We may disclose your data to tax authorities, social security institutions, labor inspectorates, or other government bodies when required by law or in response to lawful requests. **Service Providers** We use third-party service providers for hosting, email delivery, analytics, and customer support. These providers process data on our behalf and are contractually bound to protect your data and use it only for specified purposes. We do not sell your personal data to third parties. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law.

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA). **Transfers to Other Countries** When we transfer data to countries that do not have an adequacy decision from the European Commission, we implement appropriate safeguards to protect your data. These safeguards include: - Standard Contractual Clauses (SCCs) approved by the European Commission - Binding Corporate Rules for transfers within our corporate group - The transferee's certification under approved frameworks You can request a copy of the safeguards we use for international transfers by contacting us at privacy@shiftlify.io. We only transfer personal data outside the EEA when necessary for the purposes described in this Privacy Policy, and we ensure that appropriate protection measures are in place.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. **Active Accounts** While your account is active, we retain all data necessary to provide our services. You can access, update, or delete your data through your account settings at any time. **After Account Termination** When you close your account, we retain certain data for the following periods: - Contract and payment records: 10 years (legal requirement) - Tax-related documentation: 10 years (tax law requirement) - Employment records: 10 years after end of employment relationship - Communication records: 2 years **Legal Requirements** We may retain data for longer periods if required by law, if there is an ongoing legal dispute, or if we need to enforce our agreements. **Anonymized Data** We may retain anonymized or aggregated data that can no longer identify you for analytical and statistical purposes indefinitely. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements.

Under the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data: **Right of Access** You have the right to request a copy of the personal data we hold about you and information about how we process it. **Right to Rectification** You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. **Right to Erasure** You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected. **Right to Data Portability** You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller. **Right to Object** You have the right to object to processing of your personal data based on legitimate interests. We will stop processing unless we have compelling legitimate grounds. **Right to Restrict Processing** You have the right to request that we restrict the processing of your personal data in certain circumstances. **Right to Withdraw Consent** Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. **Right to Lodge a Complaint** You have the right to lodge a complaint with your local data protection supervisory authority. To exercise any of these rights, please contact us at privacy@shiftlify.io. We will respond to your request within one month, or inform you if we need additional time.

We use cookies and similar tracking technologies to collect and use personal data about you, including to serve interest-based advertising. **Essential Cookies** These cookies are necessary for the platform to function properly. They enable core functionality such as security, account access, and remembering your preferences. You cannot opt out of essential cookies. **Analytics Cookies** We use analytics cookies to understand how visitors interact with our platform. This helps us improve our services and user experience. These cookies collect information about pages visited, time spent on the platform, and any errors encountered. **Managing Your Cookie Preferences** You can control and manage cookies in several ways: - Through your browser settings: Most browsers allow you to refuse or delete cookies. The method varies by browser, so please check your browser's help documentation. - Through our cookie consent banner: When you first visit our platform, you can choose which categories of cookies to accept. - Through your account settings: Logged-in users can manage their cookie preferences in their account settings. Please note that disabling certain cookies may impact the functionality of our platform. For more information about the cookies we use, please contact us at privacy@shiftlify.io.

We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect it. **Technical Measures** We employ industry-standard security measures including: - Encryption of data in transit using TLS/SSL - Encryption of sensitive data at rest - Secure password hashing - Multi-factor authentication options - Regular security testing and vulnerability assessments - Firewalls and intrusion detection systems **Organizational Measures** We maintain strict organizational controls including: - Access controls limiting data access to authorized personnel only - Confidentiality agreements with all employees and contractors - Regular security training for staff - Data protection impact assessments for high-risk processing - Vendor security assessments for third-party providers **Incident Response** We have established procedures for detecting, reporting, and investigating personal data breaches. In the event of a breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the legally required timeframes. While we implement these safeguards, no system is completely secure. We cannot guarantee the absolute security of your data, but we are committed to protecting it to the best of our ability.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. **How We Notify You** When we make material changes to this Privacy Policy, we will notify you by: - Posting the updated policy on our platform with a new effective date - Sending you an email notification if the changes significantly affect how we process your data - Displaying a prominent notice on our platform **Effective Date** Any changes to this Privacy Policy will be effective immediately upon posting, unless otherwise stated. The date of the last update is shown at the top of this policy. **Your Continued Use** Your continued use of our platform after we post changes to this Privacy Policy means that you accept those changes. If you do not agree with the updated policy, you should stop using our platform and contact us to close your account. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: **Privacy Inquiries** Email: privacy@shiftlify.io **Postal Address** MELIORAPPS INTERACTIVE SRL Attn: Privacy Team Mihail Sadoveanu 20/1 Chisinau, MD-2044 Moldova **Response Timeframe** We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject requests (access, deletion, etc.), we will respond within one month as required by law. If your request is complex or we receive many requests, we may extend this period by up to two additional months, but we will notify you if this is the case. **Supervisory Authorities** If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.