SHIFT IT — PRIVACY POLICY

Last updated: 22/11/2025

Shift It (“Shift It”, “we”, “our”, “us”) is committed to protecting your privacy and ensuring the lawful, fair, and transparent processing of your personal data.

This Privacy Policy describes how we collect, use, store, share and protect your information when you use our website, apps, and related services (the “Services”). It also explains your rights under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

By creating an account, browsing listings, posting a vehicle, or interacting with the Shift It platform, you agree to the terms described in this Privacy Policy.

If you do not agree with these terms, you should stop using our Services immediately.

Who We Are
Personal Data We Collect
2.1 Information You Provide to Us
2.2 Information Collected Automatically
2.3 Cookies & Tracking
Legal Bases for Processing
How We Use Your Personal Data
Sharing & Disclosure of Your Information
International Transfers
Data Retention
Your Rights Under GDPR
Data Security
Children’s Privacy
Automated Decision-Making
Third-Party Links
Changes to this Policy
Contact Information

1. Who We Are

Shift It
Ireland

Shift It is the Data Controller for all personal data processed through our platform.

If a Data Protection Officer (DPO) is appointed in the future, this policy will be updated with their contact details.

2. Personal Data We Collect

We collect personal data to operate Shift It, provide our Services, maintain platform safety, and comply with legal obligations.

We collect data in three ways:

2.1 Information You Provide to Us

Account Registration

Users must have an account to create or manage listings.
We collect:

Name
Email address
Password (hashed; we cannot view it)
Location or county
Phone number (optional)
IP address at signup
User activity logs related to registration

Listing Information

When you post a vehicle listing, we collect:

Vehicle make, model, year, mileage, features
Price
Description
Uploaded images and media
Location or county of the vehicle
Category, subcategory, and listing metadata

Photo metadata:
We attempt to strip GPS/EXIF data where possible, but it may remain depending on your device.

Communications & Contact Form

When you contact us:

Name
Email
Phone (optional)
Message content
Attachments
IP address (anti-spam & security)

Direct Messages / User-to-User Contact (future feature)

If Shift It adds messaging, we may collect:

Sent/received messages
Message metadata (timestamps, status)
Abuse reports
Attachments

We will NOT access message content except:

for moderation
to comply with legal requests
to prevent fraud or abuse

Payments & PRO Features (future)

If Shift It adds paid products or subscriptions, payments may be processed by:

Stripe
PayPal
Apple/Google in-app billing
or other regulated providers

These third-party payment processors act as independent data controllers for payment data.

Shift It does not store full card details, authentication codes, or banking information.

We may receive:

Payment confirmation
Transaction ID
Transaction amount
Masked card details
Status (success/failure)

Dealer Contact, Offers & Lead Sharing (future)

If Shift It introduces dealer lead-sharing, we may share:

Name
Email
Phone
Location
Listing details

…only when you explicitly opt in.

Partner Integrations / Cross-Platform Publishing (future)

If Shift It introduces:

partner websites
listing syndication
cross-posting services

We may share minimal required listing data:

Name / username
Email
Phone
Listing details
Vehicle registration (optional)

…only if you opt-in to that feature.

2.2 Information Collected Automatically

Device & Connection Data

We collect:

IP address
Device type
Browser and OS
Screen size
Network information
Session identifiers

Used for security, fraud detection, and interface optimisation.

Usage Data

We collect:

Pages visited
Listings viewed
Searches performed
Clicks and interactions
Dwell time
Referral URLs
Login history
Abusive or unusual behaviour flags

Security & Anti-Fraud Logging

Including:

Suspicious activity
Repeated failed logins
Automated/bot behaviour
Spam attempts
Account recovery events

2.3 Cookies & Tracking Technologies

Shift It uses:

Strictly Necessary Cookies (login, security, session stability)
Functional Cookies (preferences, saved filters, view settings)
Analytics Cookies (e.g., Google Analytics)
Advertising Cookies (only if explicitly accepted)
reCAPTCHA / bot detection cookies

You control non-essential cookies via the Cookie Banner.

Full details are available in our Cookie Policy.

3. Legal Bases for Processing (GDPR)

We process your data using the following legal grounds:

3.1 Contract Necessity

To provide our Services, including:

Account creation
Listing publishing
Customer support
Communication about service issues

3.2 Legitimate Interests

For:

Fraud prevention
Moderation
Platform security
Analytics
Improving our Services
Preventing abuse
Reporting illegal activity
Protecting our users

3.3 Consent

Required for:

Marketing emails
Advertising cookies
Optional tracking technologies
Any partner-based data sharing

You may withdraw consent anytime.

3.4 Legal Obligations

We may process and retain data to:

Comply with Irish/EU law
Respond to lawful data access requests
Handle disputes
Maintain tax or regulatory records

4. How We Use Your Personal Data

We use your data to:

4.1 Provide the Shift It Service

Manage accounts
Publish listings
Display listings to buyers
Support user interactions
Allow login/authentication

4.2 Communications

We send:

Account verification emails
Security alerts
Listing updates
Service announcements

Marketing emails are only sent if you opted in.

4.3 Advertising & Personalisation

We may use your preferences to:

Show relevant listings
Improve recommendations
Tailor your browsing experience
Measure ad performance

Advertising cookies only run with consent.

4.4 Fraud Prevention & Safety

We process data to:

Detect and block scams
Enforce our Terms & Conditions
Verify account ownership
Investigate disputes or abuse reports

4.5 Analytics & Improvements

We analyse data to:

Understand usage patterns
Improve features
Develop new services
Identify problems

Analytics data is anonymised where possible.

4.6 Payments & PRO Upgrades (future)

Used for:

Processing orders
Confirming transactions
Handling refunds

5. Sharing & Disclosure of Your Information

We do not sell your personal data.

We may share information with:

5.1 Service Providers (Processors)

Such as:

Hosting (cloud providers)
Email delivery services
Fraud detection tools
Analytics platforms
Moderation systems
Backup systems
Payment processors

They only process data as instructed by Shift It.

5.2 Payment Providers

For paid features (future):

Stripe
PayPal
Apple/Google billing

They act as independent controllers.

5.3 Dealers or Partners (future opt-in feature)

Only when you choose to:

Request offers
Contact a dealer
Syndicate listings
Use integration features

5.4 Legal Authorities

We may share data when required:

by Gardaí
by court order
to comply with Irish/EU legislation
to prevent fraud, crime, harm, or abuse

5.5 Business Change

If Shift It:

merges
sells assets
is acquired
enters a joint venture

…your data may be transferred to the new entity under the same protections.

6. International Transfers

Some service providers may store data outside the EEA.

We ensure compliance by using:

Standard Contractual Clauses (SCCs)
Adequacy decisions
Binding corporate rules
GDPR-compliant processor agreements

7. Data Retention

We retain personal data only as long as necessary.

Account Data

Stored while your account is active.
After account deletion → retained up to 7 years for legal, tax, and anti-fraud purposes.

Listings

Removed when you delete them.
Metadata may remain for security or abuse prevention.

Messages

(If messaging is added)
Stored as long as legally required for moderation, safety, and legal compliance.

Analytics Data

May be stored indefinitely in anonymised form.

Payment Data (future)

Shift It stores no card data.
Payment metadata may be retained for up to 7 years.

Contact Form Submissions

Retained up to 24 months.

8. Your Rights Under GDPR

You have the right to:

Access your data
Rectify inaccuracies
Request deletion
Restrict processing
Object to processing
Request data portability
Withdraw consent
Lodge a complaint with the Irish Data Protection Commission

To exercise your rights, contact:
info@shiftit.ie

9. Data Security

We take appropriate technical and organisational measures to secure your data, including:

Encrypted connections (HTTPS)
Hashed passwords
Firewalls
Anti-spam systems
Abuse detection
Rate-limiting
Monitoring & logging
Secure backups
Restricted access controls

However, no system is completely secure.
We cannot guarantee absolute protection against all threats.

10. Children’s Privacy

Shift It is not intended for users under 16.
We do not knowingly collect children’s data.

If a minor account is identified, it will be removed and data deleted promptly.

11. Automated Decision-Making

Shift It does not use automated decision-making that produces significant legal effects.

Automated systems (e.g., fraud checks) may highlight issues, but human review is always available.

12. Third-Party Links

Shift It contains links to third-party websites.
We are not responsible for their privacy practices.
Users should review their Privacy Policies.

13. Changes to This Policy

We may update this Privacy Policy to reflect:

Legal changes
New features
Platform improvements

The “Last Updated” date will show the most recent revision.

14. Contact Information

For any privacy-related questions or requests, contact us:

Email: info@shiftit.ie
Country: Ireland

You may also contact the Data Protection Commission (Ireland):
https://www.dataprotection.ie