Last Updated: December 1, 2022

This Privacy Policy applies to Personal Information (as defined below) collected by or on behalf of Shiftlab, Inc. ("Shiftlab"), through or in conjunction with its products and services (the "Services"), by web, email, phone or any other interactions and anywhere else we post or display this Privacy Policy. By accessing or using the Services, you accept and agree to the terms of this Privacy Policy in effect at the time of your use.

Unless otherwise stated, Shiftlab acts as a "Processor of Personal Information in which Shiftlab collects, processes and discloses Personal Information on behalf of another entity (such as a storefront or chain) who determines the purposes and means of processing your Personal Information (the "Controller"). Shiftlab values your privacy and provides the following rights subject to the limitations of acting on behalf of a Controller. Nevertheless, your Personal Information may be submitted directly to or passed through to the Controller, and may be subject to that Controller's terms of service, privacy policy, and other policies and is therefore, beyond the responsibility or control of Shiftlab.

The Services are not designed for use by users who have not reached the age of majority, and we do not intentionally collect personal information from children through the Services. You represent and warrant to us that you have reached the age of majority where you are using the Services. You are only authorized to use the Services if you have reached the age of majority where you access the Services and agree to abide by all applicable laws and the Terms.

1. How We Collect, Use and Share Your Personal Information

"Personal Information" is information that directly or indirectly identifies you or can reasonably be used to identify you as an individual. Additional terms specific to any Service where we collect Personal Information will describe the information we collect and the use of that information with regard to that particular Service.

Unless we have your consent or as stated in this Privacy Policy, we do not share any of your Personal Information.

However, we may submit any Personal Information we have regarding an alleged violation of law involving the Services to law enforcement, or to other governmental or regulatory entities (including pursuant to a subpoena, court order, or other legal process; or upon reasonable belief that a violation of applicable law has occurred). We may also submit such Personal Information as is required to establish our legal rights or defend against legal claims.

We may also share your Personal Information with an affiliate or assign and transfer the Personal Information to a third-party successor-in-interest in connection with, or in negotiation of: a merger, acquisition, sale of substantially all our assets or stock, or similar change-in-control transaction; a financing event; or a bankruptcy or dissolution proceeding.

We may use Personal Information to create aggregated and anonymized information ("Blind Data"). Blind Data does not and cannot reasonably be used to identify you as an individual. You hereby grant to us a non-exclusive, transferable, sublicenseable, royalty-free license to use Personal Information we collect from you to generate Blind Data. If we collect or generate Blind Data, it will be owned by us and we may use it for any lawful business purpose without further consideration.

2. Your Personal Information

"Personal Information" is information that directly or indirectly identifies you or can be used to identify you as an individual.

2.1. Information We Collect

The following are categories of Personal Information we may collect about you and how we collect it:

• Identifiers including protected classification characteristics. During registration or login, you (or someone on your behalf) may be required to enter information such as full name, phone number, email address, date of birth, etc., to use and access the Services.
• Biometric information. During registration or login, you may be required to enter biometric information in the form of a fingerprint scan for authentication. We have practices specific to biometric information which are detailed in the Biometric Information section of this Privacy Policy.
• Professional or employment-related information. During registration or login, you may have provided information related to your professional or employment status such as job-title, employer and location name, start and termination date, pay rate, scheduled shifts, etc.
• Internet or other electronic network activity information. While accessing or using the Services, Shiftlab collects activity information such as access times, Internet Protocol (IP) addresses and browser used.

2.1.1. Sources

We collect the Personal Information listed above from the following categories of sources:

• Voluntary interaction. While interacting with the Services, you may be asked directly to provide personal information. For example, you may enter your name and address when registering for an account.
• Indirectly through your interaction. We may indirectly and automatically collect information associated to your account. For example, the Services may create access logs when you login to your account.
• Third parties. Third parties such as a human resources management system, point of sale, or other third party integrator may indirectly provide additional information related to a transaction.

2.2. Use of Information

We collect and process Personal Information through the Services for the following purposes:

• Authentication purposes. To verify your identity and to protect our rights, your rights and the rights of other users.
• Providing the Service. To perform functions for time and attendance management or otherwise provide the Service.
• Security. To detect and prevent fraud and abuse and to provide security alerts and support and administrative messages.
• Improving the Service. To research and analyze usage of the Services for the development of future products and to improve the Services.

We may also use Personal Information to create aggregated and anonymized data as described in our Privacy Policy. Such data does not and cannot reasonably be used to identify you as an individual.

2.3. Information Sharing

We provide Personal Information to our agents, technology vendors and other service providers on a "need-to-know" basis for the purpose of providing the Services and operating our business. For example, business analytics platforms, marketing vendors, fraud detection and prevention firms and other vendors that help us improve our products and services and protect against fraud or misuse. These service providers are required to keep your Personal Information confidential, and may not use it for any purpose other than to perform services for us or as otherwise required by law.

3. Your Rights and Choices

Under applicable data privacy laws in the US and Canada, you may have certain rights with regard to your Personal Information. Those rights may only apply in certain circumstances and may be subject to limitations or exceptions. A summary of those rights is provided below as well as information on how to exercise your rights. Please note that we will require certain identifying information about you as necessary for us to verify your request in accordance with applicable law.

• Right to Know: You may request us to disclose the categories of personal information we collected about you, the purposes for which we collected, sold or disclosed that information, and the categories of third parties to whom we disclosed the information in the last 12 months. To exercise this right, please email your request to support@Shiftlab.com and include "Disclosure Request" in the subject line of your message.
• Right to Access: You have the right to request access to the personal information specific to you individually, that we collected, used, disclosed and/or sold about you in the last 12 months. To exercise this right, please email your request to legal@iqmetrix.com and include "Access Request" in the subject line of your message.
• Right to Delete: You have the right to request us to delete the personal information we have collected or maintain about you. Please note that certain exceptions may apply to your right to delete information, such as when we must retain personal information as required or permitted by law and we will also maintain a record of your deletion request. We will notify you if any such exceptions apply to your request. To exercise this right, please email us at legal@iqmetrix.com and include "Deletion Request" in the subject line of your message.

We will not discriminate against you for exercising the rights outlined in this section, and your use of the Service will be limited and altered only to the extent permitted by law or as a direct and foreseeable consequence of the exercise of your rights. We may also offer certain financial incentives, charge reasonable fees related to your requests, or deny your right to know, right to access or right to deletion in accordance with applicable law.

You can exercise these rights yourself or you can designate an authorized agent to make a request on your behalf. If you would like an authorized agent to submit a request on your behalf, please send us an email at legal@iqmetrix.com for instructions and details on proof and information required for use of an authorized agent.

4. Notice to California Residents

The information in this section applies to residents of California with regard to Personal Information subject to this Privacy Policy. If you have any questions about this Privacy Policy or would like to receive a printed copy, please contact us at support@Shiftlab.com.

4.1. How We Collect, Use and Share Your Personal Information

In accordance with the California Consumer Privacy Act of 2018 ("CCPA"), we describe in additional terms specific to any Service where we collect personal information (as defined by the CCPA) the personal information we collected about California residents in the last 12 months, the sources of that information, our business or commercial purposes for collecting the information, and the third parties with whom we shared that information. Please refer to the How We Collect, Use and Share Your Personal Information section in this Privacy Policy for details.

4.2. Your Rights and How to Exercise Them

Under the CCPA, California residents have certain rights with regard to their personal information. A summary of those rights is provided in the section on Your Rights and Choices as well as information on how to exercise your rights. Those rights may only apply in certain circumstances and may be subject to limitations or exceptions. Please note that we will require certain identifying information about you as necessary for us to verify your request in accordance with applicable law.

5. Information Security

We use commercially reasonable efforts designed to protect Personal Information via maintenance of standard physical, electronic, and procedural safeguards. Despite our actions and precautions, no Internet data transmissions are completely secure, and they are subject to theft, fraud, destruction, alteration, disclosure, unauthorized access and other misuse.

The security of your Account and Personal Information depends on you performing your responsibility to control access to your devices and applications, including maintaining physical possession of your device, and keeping your passwords and PINs confidential and not sharing them with anyone. It is also your responsibility to alert us if you believe the security of information in any part of the Service has been compromised.

6. Retention and Disposal of Personal Information

We retain Personal Information to provide, maintain, and augment the Service, and to comply with legal requirements and standard business practices. We retain Personal Information for as long as (a) we have a business need, or (b) applicable laws, regulations, or government orders require. When we dispose of Personal Information, we use reasonable procedures to erase or render it unreadable (for example, shredding documents and wiping electronic media). We may retain Blind Data for so long as it is relevant to our business model, in our discretion.

7. Biometric Information

7.1. Authentication Purposes Only

If your access to the Services involves a fingerprint scanner, you may be asked to authenticate with your fingerprint. We encrypt the data derived from your fingerprint ("Fingerprint Data") before storing it in our database. Your Fingerprint Data will be used for the sole purpose of authenticating your identity.

7.2. Disclosure and Storage of Biometric Information

Your Fingerprint Data will never be sold, traded or disclosed for profit. Fingerprint Data is stored under encryption and cannot be used to recover your original fingerprint in any way.

The Fingerprint Data stored in our database is routinely deleted. Your specific Fingerprint Data will be deleted following a 3 year period of inactivity.

7.3. Your Consent

By agreeing to and accepting this Privacy Policy, you acknowledge that you have read and understood these terms and are consenting to our collection, use and disclosure of your fingerprint, the Fingerprint Data and any other information derived from your fingerprint.

8. General

8.1. Privacy of Children

We do not knowingly collect Personal Information from children under the age of 13. If we learn that we have inadvertently done so, we will take commercially reasonable steps to delete that Personal Information.

8.2. Enforcement

If you violate our Privacy Policy or the Terms, we may prevent you from using the Services. If you believe another person has committed such a violation, please contact us.

8.3. Changes to this Privacy Policy

This Privacy Policy will change from time to time to maintain compliance with applicable law and regulations. We reserve the right to modify this Privacy Policy at any time in our sole discretion by posting the most recent version (which will supersede any other version and become effective as of the last updated date indicated) on this webpage. Your continued use of the Services following posting of these changes constitutes acceptance of the terms as they exist at the time of your usage. You agree to review this Privacy Policy on a regular basis and remain in compliance with any modifications.

8.4. Contact Us

For any questions regarding this Privacy Policy, please contact us at legal@iQmetrix.com with the subject "Shiftlab Privacy Policy Contact".