1. Introduction: Who We Are and Why We Collect Your Information
Parmar 239 Applications, Inc. maintains a web-based and mobile application, called Shifts2Go (“Application”) (Parmar 239 Applications, Inc. and Shifts2Go are referred to, collectively, as “Shifts2Go,” “we,” “us,” and “our”), which facilitates the scheduling and management of working shifts in our hotels.
We take privacy of personal information seriously. Please read the following to learn more about our privacy practices. By downloading and using the Application, either on your mobile device or the website, and/or accessing or using any other functionalities, features, surveys, media, content, applications or services offered from time to time by Shifts2Go in connection with the Application (collectively, “Services”), you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent to our collection, use, and sharing of your information in the following ways.
2. What Does This Privacy Policy Cover?
This Privacy Policy covers our collection and processing of (1) personally identifiable information (“PII”) protected by data security and breach notification laws in the United States (“PII Laws”), (2) protected health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”), if and to the extent we handle PHI as a business associate of a covered entity under HIPAA; (3) information protected by the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and California Online Privacy Protection Act (“CalOPPA”), if and to the extent those laws apply to information that we collect and process, (4) information protected by the New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”), if and to the extent that law applies to information that we collect and process; (5) information protected by the European Union General Data Protection Regulation (“GDPR”), Canadian Personal Information Protection and Electronics Documents Act, and Canadian Provincial corollaries of that Act (collectively, “PIPEDA”), and the Brazilian General Data Protection Law (“LGPD”), if and to the extent those laws apply to information that we collect and process, (6) personal data protected by the Virginia Consumer Data Protection Act (“CDPA”), if and to the extent that law applies to information that we collect and process, (7) information protected by the Colorado Privacy Act (“CPA”), if and to the extent that law applies to information that we collect and process, and (8) personal information the confidentiality, availability, or integrity of which is protected by applicable law (such laws collectively with the PII Laws, HIPAA, CCPA, CPRA, CalOPPA, the SHIELD Act, GDPR, PIPEDA, LGPD, CDPA, and CPA, the “Privacy Laws”) (collectively, “Personal Information”), which we gather when you are accessing, viewing or using the Application and/or Services. Where noted, the terms of this Privacy Policy are limited by the Privacy Laws that govern an individual’s or user’s jurisdiction, such that requirements created by the Privacy Laws of one jurisdiction with regard to Personal Information are not incorporated herein and made to apply to the Personal Information of an individual or user of another jurisdiction if such Privacy Laws would not otherwise govern. This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or otherwise control.
3. What Information Does Shifts2Go Collect?
Shifts2Go endeavors to limit the type and amount of Personal Information that we collect and process through the Application to only information necessary to fulfill the purposes identified in this Privacy Policy. With that in mind, we collect and process the following types of information:
3.1. Information You Provide to Us
When you download, register with, create an account with, or use the Application, we may ask you to provide information:
- By which you may be personally identified, such as your name, contact information (including email address, physical address, and phone number), user name, password, and answers to security question.
- About you but that does not necessarily identify you, such as your educational or professional background, work experience(s), ongoing and completed projects and/or work-orders, time-logs of various shift and/or projects, details about the type of jobs you perform and your credentials, and records and copies of your correspondence with us.
3.2. Information Collected Automatically
When you use our Application, certain information is passively collected (that is, gathered without you actively providing the information) using various technologies and means, such as Internet Protocol (IP) addresses, cookies, and geolocation tracking. These are described in more detail below:
- IP Addresses. The Application uses IP addresses. An IP address is a number assigned to your device by your internet service provider to access the internet. In most consumer cases an IP address is dynamic (changing each time you connect to the internet), and not static (unique to a particular user’s device).
- Cookies are small text files that are placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, and to provide information to the owners of the site. Most web browsers allow some control of cookies through browser settings. We may collect the following information via cookies when you visit the Website or interact with the Services: aggregate statistical information, information related to your use of our Services (including your password, the links you click on, your movement around the Website and Services, the pages you visit, the number of times you open a page, and which information is consulted), period of use, your geographic location, your IP address, your device, your operating system, and your browser type. You may be able to change the preferences on your browser or mobile device to send “do not track” signals or to prevent or limit your computer or device’s acceptance of cookies, but this may affect the functionality of the Services or prevent you from using parts of the Services. This Privacy Policy does not cover the use of cookies by any third parties.
- Usage Details. When you access and use the Application, we may automatically collect certain details of your access to and use of the Application, such as the resources that you access and use on or through the Application, and your activity log which may include, among other things, any attempts made at screen scraping and/or attempts made to access prohibited information or content that is beyond authorization.
- Device Information. We may collect information about your mobile device and the internet connection, including the device’s unique device identifier, operating system, browser type, mobile network information, and the device’s telephone number.
- Geolocation Data. The Application may rely on your mobile device to passively obtain and track your geolocation. Before this data is collected, you will receive a prompt from the Application requesting authorization. If you do not authorize such collection, the Application may not function properly.
3.3. E-mail and Other Communications
We may communicate with you by email or other means. When we do this, in addition to the information contained in the email, we may collect a confirmation when you open email or click on links in the email. This confirmation helps us improve our service. If you do not want to receive email or other mail from us, please indicate your preference by visiting our email preference page. Please note that, if you do not want to receive legal notices from us, those legal notices will still govern your use of the Application, and you are responsible for reviewing such legal notices for changes.
3.4. Special Categories of Personal Information and Sensitive Personal Information
Except as otherwise stated in this Privacy Policy, we do not knowingly collect sensitive Personal Information or special categories of Personal Information in the Application, including (1) Personal Information revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, or trade union membership, (2) genetic data, biometric data, data concerning health, and data concerning a natural person’s sex life or sexual orientation, and (3) government identifiers (such as Social Security numbers and driver’s licenses), financial account and login information (such as credit or debit card number together with login credentials), or content of nonpublic communications (mail, email and text messages).
4. What Does Shifts2Go Do With Personal Information?
We use information that we collect about you or that you provide to us, including any personal information, to:
- Operate, maintain, develop, and grow the Application;
- Operate, develop, maintain, and improve the Services;
- Facilitate the management of personnel functions related to you, including time keeping, payroll, and performance management (“HR Functions”);
- Respond to inquiries and comments;
- Fulfill your requests concerning the Application, Services, or HR Functions;
- Contact you with administrative communications and changes to this Privacy Policy, the Terms of Use, and our other policies;
- Provide you with information with respect to the Application, Services, or HR Functions;
- Prepare a profile for you that will be available to us;
- Conduct market research;
- Investigate and resolve disputes and security issues;
- Comply with regulatory and legal obligations; and
- For any other lawful, legitimate business purpose.
Shifts2Go may anonymize or aggregate Personal Information it collects. It may also use that information and other non-Personal Information it collects when you use or interact with the Application to better understand our users and their behaviour and to improve the user experience of the Application.
5. Will Shifts2Go Share Any of the Personal Information it collects?
We share Personal Information with third parties as described below.
5.1. Agents and Service Providers
We employ other companies and people to perform tasks on our behalf and may need to share Personal Information with them to provide Services and HR Functions to you. Unless we tell you differently, our agents and service providers do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.
5.2. Business Transfers
We may choose to buy or sell assets. In these types of transactions, Personal Information is typically one of the business assets that is transferred. Also, if we (or all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information would be one of the assets transferred or acquired.
5.3. Protection of Shifts2Go and Others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe necessary to comply with law or court order, enforce or apply our Terms of Use, Terms of Access, or other agreements, or protect the rights, property, or safety of Shifts2Go, our employees, our users, or others, including exchanging information with other organizations for fraud protection and credit risk reduction.
5.4. With Your Consent
Except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information.
6. How Long Does Shifts2Go Retain Personal Information?
Except upon the request of an individual, as explained in Section VII below, and except as the law permits and requires, Shifts2Go will determine the retention period for Personal Information based on the following criteria:
- The nature of our relationship with you;
- The nature of the Personal Information in question;
- Our business needs
7. What Are Users’ Rights to Control Their Personal Information?
To the extent required by the Privacy Laws, except where permitted or required by law (including, but not limited to, compliance with a legal obligation, to further a public interest, and establishing and/or exercising a legal claim or defense), you have the following rights regarding Shifts2Go’s collection and use of your Personal Information.
7.1. Requests to Shifts2Go
Unless contrary to or prohibited by law or a legal obligation so Shifts2Go, you may request the following from Shifts2Go with respect to your Personal Information:
- Correction, updating, deletion, or restriction of collection and processing of your Personal Information;
- The categories of your Personal Information that Shifts2Go collects or processes;
- The categories of sources from which Shifts2Go collects or processes your Personal Information;
- The expected period for which Shifts2Go will store your Personal Information, or if not possible, the criteria used to determine that period;
- The business or commercial purpose(s) for Shifts2Go collecting, processing, and disclosing your Personal Information;
- A description of how Shifts2Go has used or is using your Personal Information;
- A copy of your Personal Information, including the specific pieces of Personal Information, in a format that is easily understandable to the average consumer, and to the extent technically feasible, in a structured, commonly used, machine-readable format, which also may be transmitted to another entity at your request without hindrance;
- Categories of third parties with whom Shifts2Go shares your Personal Information, and list of third parties with whom Shifts2Go has shared your Personal Information;
- Categories of your Personal Information that we have shared with third parties, and the categories of third parties to which we have shared each particular category of Personal Information; and
- Your specific Personal Information Shifts2Go has collected, used, or disclosed.
If you request that your Personal Information be erased or deleted or that Shifts2Go otherwise restrict its collection and processing of Personal Information, Shifts2Go may terminate or limit your access to the Application, and such request may impair your ability to continue to work for us. If Shifts2Go has not collected or processed your Personal Information, or has not shared your Personal Information with another party, Shifts2Go will inform you of that in response to any of the above requests. Some information may remain in Shifts2Go’s backup media after erasure or deletion for a period of time. When you request that Shifts2Go update information, Shifts2Go may retain a copy of the unrevised information in Shifts2Go’s records. Shifts2Go also may use any anonymized aggregated statistical data derived from or incorporating Personal Information after it is updated, erased, or deleted, but not in a manner that would identify you.
We will confirm receipt of all such requests, provide information about how Shifts2Go will process the request, and substantively respond to all such requests consistent with the Privacy Laws. There may be a delay in processing a request while we verify that the request is valid and originates from you as opposed to an unauthorized third party.
Our verification process varies based on the source and nature of the request, but may include: comparing data in the request against Personal Information we retain; contacting you using other contact information; requesting further information, although we will avoid doing so to the extent possible; and the consideration of certain factors, including the type, sensitivity, and value of your Personal Information, the risk of harm to you posed by an unauthorized request, the likelihood that fraudulent or malicious actors would seek your Personal Information, the manner in which we interact with you, the available technology, and whether the information you have provided to verify your identity is sufficiently robust to protect against fraudulent requests. To the extent permitted by the Privacy Laws, Shifts2Go retains the right to deny any request if we cannot verify that it originated from you.
Shifts2Go retains records of all of the above requests and our responses as required by the Privacy Laws.
7.2. Making Foregoing Requests
The foregoing requests may be made by (1) email: email address, (2) phone: phone number, or (3) mail: mailing address. To the extent you would like to contact a particular individual, please feel free to reach out to name using the foregoing email, phone or mail information.
7.3. Authorized Agent
You may authorize an agent to take any of the acts permitted in this Section 7 on your behalf. To do so, you must provide written and signed authority to the agent, and written and signed notice to Shifts2Go that Shifts2Go may act on such requests by that agent.
7.4. Withdrawal of Consent
To the extent that we process your Personal Information based on your consent, you may withdraw your consent in the manner set forth in paragraph 7.2. Please be aware that such withdrawal does not affect the lawfulness of Shifts2Go’s collection or processing of your Personal Information before such withdrawal. We reserve the right to terminate or limit your access to the Website and Services in the event that you withdraw your consent.
7.5. Do Not Sell and Opting Out
Shifts2Go does not “sell” Personal Information, as that term is defined by the CCPA and CPRA. Nonetheless, if you would like to do so, you may opt out of Shifts2Go’s disclosure of your Personal Information in the manner set forth in paragraph 7.2.
We will act upon any request to opt out of all disclosure and sharing of your Personal Information, including notifying all third parties to whom we have disclosed or shared your Personal Information and ceasing to disclose or share your Personal Information, consistent with the requirements of the Privacy Laws.
If you exercise your right to opt out of the disclosure of your Personal Information to third parties, Shifts2Go will cease disclosing your Personal Information as of the date we receive notice in a manner provided above. Shifts2Go will not contact you about opting in to disclosing your Personal Information for at least 12 months following the date that it receives your notice.
If you opt out of the disclosure of your Personal Information to third parties, some of the Services may not function properly, and Shifts2Go may terminate or limit your access to the Application.
7.6. Object or Challenge
You may object to, or otherwise challenge, Shifts2Go’s collection and processing of your Personal Information in the manner set forth in paragraph 7.2.
7.7. Filing a Complaint
Regulatory authorities that oversee the Privacy Laws typically advise individuals to file an objection or challenge with the company before lodging a formal complaint with a regulatory authority. If an individual is dissatisfied with Shifts2Go’s response to an objection or challenge filed under Section VIII, or wishes to file a complaint with a regulatory authority first, the individual may do so, including as follows: CCPA and CPRA – California Attorney General and California Privacy Protection Agency; PII Laws – relevant state Attorney General
7.8. Prohibit Automated Processing
Shifts2Go does not use any automated decision making or profiling at this time. If and to the extent we do so in the future, at your request, Shifts2Go will terminate any automated decision making, including profiling, that is the sole source of decisions that produce a legal effect concerning or similarly significantly affecting you.
7.9. Accessibility for Users with Disabilities
If you are unable to review this Privacy Policy or any portion of it, please contact us in the manner set forth in paragraph 7.2.
7.10. Non-Discrimination
Shifts2Go will not discriminate against you because you have exercised any of the rights above or any other rights you retain pursuant to Privacy Laws, including, but not limited to by:
- Denying goods or services to you;
- Charging different prices or rates for services, including through the use of discounts or other benefits or imposing penalties;
- Providing a different level or quality of services to you; and
- Suggesting that you will receive a different price or rate for services or a different level or quality of or services.
8. Is Personal Information About Me Secure?
We employ appropriate administrative, organizational, technical, and physical measures designed to protect the confidentiality, integrity, and availability of your Personal Information, which we regularly review and update as necessary. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to the Application, you are responsible for keeping this password confidential.
9. Children’s Privacy
The Application is not intended for children under the age of 16, and we do not knowingly collect or solicit, and expressly instruct you not to provide, any Personal Information from anyone under the age of 16. If and to the extent we learn that we have collected Personal Information from a child under age 16 without verified parental consent, we will delete that information, except as provided below. If you believe that we might have any information from or about a child under age 16 without verified parental consent, please contact us in the manner set forth in paragraph 7.2.
10. Contractual or Statutory Requirement
Except as noted in this Privacy Policy or in contractual documents, Shifts2Go’s collection and use of Personal Information is not a contractual or statutory requirement or a requirement necessary to enter into a contract.
11. Failure to Provide Personal Information
You can always opt not to disclose information to us. Please keep in mind, some information may be needed to register with us or to take advantage of some or most of our features.
12. Automated Decision Making
Shifts2Go does not currently rely on automated decision making, including profiling, and will not subject you to decisions based solely on automated processing which will produce legal effects concerning you or similarly significantly affecting you.
13. Changes to this Privacy Policy
We may amend this Privacy Policy from time to time. Collection and processing of information we collect now is subject to the Privacy Policy in effect at the time such information is processed. If we make changes in the way we use Personal Information, we will notify you by posting an announcement on the Application or by sending you an email. You are bound by any changes to the Privacy Policy when you use the Application after such changes have been first posted.
14. Questions or Concerns; Contact Information
If you have any questions or concerns regarding our privacy policies, please contact us in the manner set forth in paragraph 7.2
Effective Date: February 1, 2023