Privacy Policy - TechShifts

Privacy Policy – TechShifts Media Limited

Effective Date: January 15, 2025

Introduction
TechShifts Media Limited (“TechShifts,” “we,” or “us”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services (“**Service**”), and outlines your rights. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, which govern data protection in the UK ([
Data protection: The UK's data protection legislation - GOV.UK]). We also adhere to applicable global privacy laws, including the EU GDPR for users in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA) for California residents. Our aim is to handle your data lawfully, fairly, and transparently, in line with relevant regulations.

By using our Service, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service. We may update this Policy from time to time (see “Changes to This Privacy Policy” below), and we will notify you of any material changes. Terms not defined in this Policy have the same meanings as in our Terms and Conditions.

Information We Collect
We collect different types of personal information to provide and improve our Service. “Personal Data” means any information relating to an identified or identifiable individual. The types of data we collect include:

- Identity and Contact Data: Such as your first and last name, email address, telephone number, and postal address. We collect this information when you voluntarily provide it (for example, when contacting us, signing up, or placing an order). This data can be used to contact or identify you.
- Usage Data: We automatically collect certain information about how you access and use our Service. This may include your device’s IP address, browser type/version, the pages you visit, the time and date of your visit, time spent on pages, and other diagnostic data. This helps us understand usage patterns and improve our Service.
- Cookies and Tracking Technologies: We use cookies and similar tracking technologies (e.g. web beacons, pixels, scripts) to enhance your experience. Cookies are small text files stored on your device that can remember your preferences and various details. For example, we use:
- *Session Cookies* to operate our Service (these expire when you close your browser).
- *Preference Cookies* to remember your preferences and settings.
- *Security Cookies* to help secure the Service.
We may also use cookies for analytics (see “Analytics” below) and to understand how our Service is used. You can set your browser to refuse non-essential cookies or alert you when cookies are being sent. **Note:** If you disable cookies, some parts of our Service may not function properly. Where required by law, we will obtain your consent before using non-essential cookies or similar tracking tools on your device. You can manage your cookie preferences at any time via your browser settings or our provided cookie consent mechanism.

We do **not** actively collect any special categories of personal data (such as information about race, ethnicity, health, or political opinions) and request that you do not provide this unless necessary. We also do not knowingly collect information from children (see “Children’s Privacy” below).

## How We Use Your Information (Purposes and Legal Bases)
We use personal data for various purposes **in accordance with the law**. Under the UK GDPR (and EU GDPR), we must have a lawful basis to process your data ([A guide to lawful basis | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/#:~:text=,general%20processing%20and%20an%20additional)) ([A guide to lawful basis | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/#:~:text=The%20lawful%20bases%20for%20processing,whenever%20you%20process%20personal%20data)). This means each purpose for which we use your information is tied to one or more of the lawful bases defined in Article 6 UK GDPR ([A guide to lawful basis | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/#:~:text=The%20lawful%20bases%20for%20processing,whenever%20you%20process%20personal%20data)). The main purposes for which TechShifts processes your data, and the corresponding legal bases, are:

- **To Provide and Maintain Our Service:** We use your data to carry out our obligations and provide you with the features and services you request (e.g. to create accounts, deliver content or services, and process transactions). *Legal basis:* **Contract** – processing is necessary to perform the contract with you or to take steps at your request prior to entering into a contract ([A guide to lawful basis | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/#:~:text=personal%20data%20for%20a%20specific,purpose)).
- **To Communicate with You:** This includes sending administrative information such as confirmations, technical notices, updates, security alerts, and support messages. We also notify you about changes to our Service or terms. *Legal bases:* **Contract** (to inform you about your account or transactions) and **Legitimate Interests** – we have a legitimate interest in keeping you informed about our Service and responding to your inquiries.
- **To Allow You to Participate in Interactive Features:** If our Service offers interactive features (such as user forums, comments, or surveys) and you choose to participate, we will process data to facilitate that. *Legal bases:* **Consent** (when you voluntarily submit information or content) or **Contract** (if it’s part of the service you signed up for).
- **To Provide Customer Support:** We process your contact data and any information you provide when you contact us for help, in order to assist you and resolve issues. *Legal bases:* **Contract** (if support is part of the services) and **Legitimate Interests** – it is in our legitimate interests and yours that we can address queries and ensure customer satisfaction.
- **To Personalize and Improve the Service:** We may use data (especially Usage Data and feedback) to analyze how our Service is used, to understand user needs and preferences, and to improve the content, features, and user experience. This may include using analytics tools (see “Analytics” below). *Legal basis:* **Legitimate Interests** – we have a legitimate interest in analyzing and improving our products and services. We take steps to minimize impacts on your privacy, and where required by law (e.g., for certain analytics cookies), we will obtain your **Consent**.
- **To Send Marketing Communications:** With your permission, we may use your contact details to send you newsletters, promotions or updates about our products and services. *Legal basis:* **Consent** – we will only send you marketing emails or texts if you have opted-in to receive them, or if another lawful basis under applicable law applies. (See “Marketing Communications and Consent” below for more on how we obtain consent in line with UK rules ([ICO direct marketing guidance for email and other electronic mail | Data Protection Network](https://dpnetwork.org.uk/direct-marketing-guidance-email-electronic-mail/#:~:text=PECR%20says%20you%20can%20only,marketing%20by%20electronic%20mail%20if)).)
- **To Comply with Legal Obligations:** We will process or disclose your personal data where necessary to comply with our legal obligations, such as keeping proper business records, responding to lawful requests by public authorities, or meeting law enforcement or court orders. *Legal basis:* **Legal Obligation** – processing is necessary for compliance with a legal obligation to which we are subject ([A guide to lawful basis | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/#:~:text=,before%20entering%20into%20a%20contract)) (for example, under financial regulations or data protection law).
- **To Protect Vital Interests or Public Interest:** In rare cases, we may need to process data to protect someone’s life or in the public interest. *Legal bases:* **Vital Interests** (to protect someone’s life) or **Public Task** (for a task carried out in the public interest) ([A guide to lawful basis | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/#:~:text=,not%20including%20contractual%20obligations)). These bases are unlikely to apply in our typical operations, but we mention them for completeness.
- **To Enforce Our Rights and Policies:** We may process data as necessary to enforce our Terms and Conditions, to prevent fraud or abuse, to defend the rights, property or safety of TechShifts, our users or the public. *Legal basis:* **Legitimate Interests** – for example, detecting and preventing fraud or security incidents is in our legitimate interests (often also fulfilling a legal obligation to ensure data security).

We will not use your personal data for new purposes that are incompatible with the above without notifying you and, if required, obtaining your consent.

## Data Sharing and Disclosure
We treat your personal data with care and confidentiality. We do **not** sell your personal information to third parties. However, in order to run our business and provide our Service, we may share your data with the following parties, **only as necessary and with appropriate safeguards**:

- **Service Providers:** We employ trusted third-party companies and individuals to perform functions on our behalf, such as website hosting, data analytics, payment processing, customer support, or email distribution. These service providers will have access to personal data only to the extent needed to perform their tasks and are contractually obligated to protect it and **not use it for any other purpose**. For example, we use Google Analytics to understand how users use our website; Google may receive Usage Data (e.g. device identifiers, browsing events) for this purpose, but cannot use this data for independent purposes. (You can opt-out of Google Analytics by using the official opt-out browser add-on provided by Google.)
- **Affiliates and Corporate Transactions:** We may share information with our business affiliates (for example, if we are part of a corporate group) in which case we will require them to honor this Privacy Policy. If TechShifts Media is involved in a merger, acquisition, sale of assets, or other business transaction, personal data may be transferred to the new owner or partner **with appropriate confidentiality measures**. You would be notified via email and/or a prominent notice on our Service of any change in ownership or new uses of your personal information.
- **Legal Compliance and Protection:** We may disclose your personal data when we, in good faith, believe such action is necessary to: (a) comply with a legal obligation or lawful request (for example, to respond to subpoenas, court orders, or regulators); (b) protect and defend the rights or property of TechShifts (including enforcing agreements or investigating potential violations); (c) prevent or investigate possible wrongdoing, fraud or security issues; (d) protect the personal safety of our users or the public; or (e) protect against legal liability. In all such cases, we will only share the minimum information required and ensure any request is valid.
- **With Your Consent:** We may share your information for other purposes not listed above if you have specifically consented to such sharing. In that case, you have the right to withdraw your consent at any time (which will not affect any processing that has already occurred).

When we share data with third parties (such as service providers), we remain responsible for its protection. We require all third parties to implement appropriate security measures to safeguard your data and to process it in accordance with applicable law.

## International Data Transfers
TechShifts Media is based in the United Kingdom, but we may process and store your data in other countries. For example, the servers hosting our website or the service providers we use might be located outside of your home country. This means your personal data could be transferred to and maintained on computers **outside the UK or European Economic Area** (EEA), including (for instance) the United States.

When we transfer personal data internationally, we take steps to ensure an **adequate level of protection** as required by law. **If you are in the UK or EEA:** whenever your data leaves the UK/EEA, we will ensure it remains safeguarded by at least one of the following legal mechanisms:

- **Adequacy Decisions:** We may transfer personal data to countries that have been **officially recognized as providing an adequate level of data protection**. An “adequacy” decision by the UK government or European Commission means that personal data can be transferred to that country just as it would within the UK/EU ([
The UK approach to international data transfers - GOV.UK
](https://www.gov.uk/government/publications/uk-approach-to-international-data-transfers/international-data-transfers-building-trust-delivering-growth-and-firing-up-innovation#:~:text=Data%20%E2%80%98adequacy%E2%80%99%20is%20a%20status,of%20the%20relevant%20adequacy%20decision)). For example, the EU has determined that the UK offers adequate protection for personal data, and likewise the UK may recognize certain non-EU countries as adequate. Transfers to such countries do not require additional safeguards.
- **Standard Contractual Clauses (SCCs):** For transfers to countries without an adequacy decision (for instance, to the U.S. in absence of an applicable adequacy decision), we use approved **Standard Data Protection Clauses**, commonly known as Standard Contractual Clauses. These are legal agreements that impose contractual obligations on the data importer to protect your information and give you enforceable rights over your data ([A guide to international transfers | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/#:~:text=Standard%20data%20protection%20clauses%20impose,sender%20or%20receiver%2C%20or%20both)). In effect, SCCs bind the recipient to handle your data in accordance with EU/UK privacy standards.
- **Other Safeguards:** In some cases, we may rely on other permitted transfer mechanisms such as **Binding Corporate Rules** (for intra-group transfers), **UK International Data Transfer Agreements/Addendums**, or specific derogations under Article 49 UK GDPR (e.g. your explicit consent or necessity for contract) if appropriate. We will only rely on these if they are valid and suitable for the particular transfer.

Regardless of where your personal data is processed, we will protect it as described in this Policy. We also continuously monitor the legal landscape for international data transfers and will adjust our safeguards if required (for example, if new transfer frameworks or regulations come into effect).

**Notice for EU/EEA Users:** The European Commission has determined that the UK’s data protection laws are adequate, allowing personal data to flow from the EEA to the UK ([International data transfers | ICO](https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/international-data-transfers/#:~:text=International%20data%20transfers%20,The%20EU)). We likewise ensure that any transfer of EU residents’ data to third countries complies with EU GDPR requirements (e.g., using EU SCCs or other safeguards recognized under EU law ([Standard Contractual Clauses (SCC) - European Commission](https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en#:~:text=Standard%20Contractual%20Clauses%20%28SCC%29%20,from%20controllers%20or%20processors))). If you have questions about our international data transfer practices, please contact us.

## Your Rights under UK and EU Law
Under the UK GDPR, EU GDPR and related laws, individuals (“data subjects”) have strong rights regarding their personal data ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=Under%20the%20legislation%2C%20you%20have,These%20include%20the%20right%20to)). TechShifts is committed to honoring these rights. **If you are in the UK, EU, or a jurisdiction with similar data rights, you may exercise the following:**

- **Right to Be Informed:** You have the right to be informed about how your data is being used ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=Under%20the%20legislation%2C%20you%20have,These%20include%20the%20right%20to)). This Privacy Policy is part of our effort to fulfill this right by explaining who is collecting your data, what data we collect, why we use it, and with whom we share it.
- **Right of Access:** You have the right to access the personal data we hold about you ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=Under%20the%20legislation%2C%20you%20have,These%20include%20the%20right%20to)). This is also known as making a “data subject access request.” It entitles you to a copy of the information, as well as information on how we process it ([What is the right of access? | ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/what-is-the-right-of-access/#:~:text=The%20right%20of%20access%2C%20commonly,well%20as%20other%20supplementary%20information)). In most cases, we will provide you a copy of your data free of charge, within one month of your request.
- **Right to Rectification:** If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or update it ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=,the%20processing%20of%20your%20data)). We encourage you to keep your information up-to-date and will act on correction requests promptly.
- **Right to Erasure:** You have the right to request that we delete your personal data in certain circumstances ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=,the%20processing%20of%20your%20data)). This is often called the “right to be forgotten.” For example, you can ask for deletion if the data is no longer necessary for the purposes we collected it, if you withdraw consent (where the processing was based on consent), or if you object to processing and we have no overriding legitimate grounds. We will honor valid deletion requests and also take reasonable steps to inform any third parties processing the data of your request (when required). *Note:* This right is not absolute – sometimes we may retain certain information if required by law or if an exemption applies (for instance, we may need to keep some data to comply with a legal obligation). ([Your right to get your data deleted | ICO](https://ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/#:~:text=The%20right%20to%20get%20your,the%20%E2%80%98right%20to%20be%20forgotten%E2%80%99))
- **Right to Restrict Processing:** You have the right to request that we limit the processing of your personal data in certain situations ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=,the%20processing%20of%20your%20data)). This means we would store your data but temporarily refrain from using it for specific purposes – for example, while we resolve a complaint about data accuracy or an objection to processing.
- **Right to Data Portability:** You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to have that data transmitted to another controller where technically feasible ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=,is%20processed%20in%20certain%20circumstances)). This right applies when processing is based on your consent or on a contract and is carried out by automated means. We will help by directly transferring the data for you if possible, or by providing you a copy in a portable format.
- **Right to Object:** You have the right to object to our processing of your personal data in certain circumstances ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=,is%20processed%20in%20certain%20circumstances)). In particular, you can always object **at any time** to the processing of your data for direct marketing purposes – if you object, we will stop using your data for marketing. You can also object if we are processing your data on the basis of legitimate interests or public interest, and you believe your rights and interests outweigh ours. In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing (if allowed by law), but we will consider and respond to each objection individually.
- **Rights Related to Automated Decision-Making:** If we ever use automated decision-making or profiling that produces legal or similarly significant effects, you have the right **not** to be subject to such decisions without human involvement ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=You%20also%20have%20rights%20when,using%20your%20personal%20data%20for)). You also have the right to express your point of view and contest the decision. (At present, TechShifts does not use your data for any purely automated decisions with significant effects.)
- **Right to Withdraw Consent:** If we rely on your consent for any processing (for example, for optional marketing emails), you have the right to withdraw that consent at any time. You can do this by contacting us or using any provided opt-out mechanisms. Withdrawal of consent will not affect the lawfulness of processing we conducted prior to your withdrawal, and it won’t affect processing under other legal bases.
- **Right to Complain:** If you have concerns or believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the **Information Commissioner’s Office (ICO)** ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=If%20you%E2%80%99re%20concerned%20about%20how,is%20handling%20your%20personal%20data)). You can find details on how to contact the ICO on their website. If you are in the EEA, you can contact your local Data Protection Authority. We would, however, appreciate the chance to address your concerns first – please contact us with any complaint and we will do our best to resolve it.

**How to Exercise Your Rights:** You can exercise these rights at any time by contacting us (see “Contact Us” section below). We may need to verify your identity before acting on certain requests (to ensure that we don’t disclose your data to someone else). We will respond to your request as soon as possible, and in any event within the timeframe required by law (generally within one month for UK/EU requests, with the possibility to extend by two further months if the request is complex – we will inform you if an extension is needed). There is usually no fee for exercising your rights, but if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it as permitted by law.

## California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (**CCPA**), as amended by the California Privacy Rights Act (CPRA). These rights are designed to give California consumers greater control over their personal information ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=The%20California%20Consumer%20Privacy%20Act,rights%20for%20California%20consumers%2C%20including)). They include:

- **Right to Know:** You have the right to request that we disclose what personal information we have collected about you, including the categories of information, the sources of that information, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=,with%20some%20exceptions)). You also have the right to request a copy of the specific pieces of personal information we collected about you in the past 12 months.
- **Right to Delete:** You have the right to request that we delete any personal information we have collected from you (and direct our service providers to do the same), subject to certain exceptions ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=,with%20some%20exceptions)). For example, we may deny deletion requests if we need the information to complete a transaction you requested, to detect security incidents, to comply with legal obligations, or other CCPA-recognized reasons.
- **Right to Opt-Out of Sale or Sharing:** The CCPA gives you the right to opt-out of the **sale** or sharing of your personal information ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=,for%20exercising%20their%20CCPA%20rights)). “Sale” is broadly defined to include certain types of sharing of personal information with third parties for valuable consideration. **However, TechShifts does not sell your personal information** to third parties for monetary compensation or other valuable consideration. If in the future we ever contemplate selling personal data, we will update this Policy and provide a clear “Do Not Sell or Share My Personal Information” mechanism on our website as required by law. We also recognize “global privacy control” (GPC) signals as a valid opt-out request for sale/sharing, to the extent applicable ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=,for%20exercising%20their%20CCPA%20rights)).
- **Right to Correct:** Under the CPRA (effective January 1, 2023), you have the right to request correction of inaccurate personal information that we hold about you ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=,personal%20information%20collected%20about%20them)). If you identify information that is incorrect, please let us know and we will correct it as required.
- **Right to Limit Use of Sensitive Personal Information:** The CPRA also provides the right to limit the use and disclosure of **sensitive personal information** if we collect such information ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=,personal%20information%20collected%20about%20them)). TechShifts does not collect or use sensitive personal information for purposes beyond what is necessary to provide the Service (and currently, we do not collect sensitive data like Social Security numbers, financial account passwords, precise geolocation, etc.). If that changes, we will implement appropriate opt-out or limitation mechanisms.
- **Right to Non-Discrimination:** You have the right not to receive discriminatory treatment for exercising any of your CCPA rights ([California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General](https://oag.ca.gov/privacy/ccpa#:~:text=%2A%20The%20right%20to%20opt,for%20exercising%20their%20CCPA%20rights)). This means we will not deny you our services, charge you different prices, or provide a different level of quality just because you exercised your privacy rights. However, please note that if you ask us to delete your data or opt-out of certain uses, it may affect our ability to personalize or provide certain services to you (for example, we might not be able to offer a personalized experience or specific features without your data).

**How to Exercise California Rights:** To exercise any of these rights, you (or your authorized agent) can contact us using the details in the “Contact Us” section. Please specify that you are making a "CCPA Request" and describe which right you seek to exercise. We will need to verify your identity (or your agent’s authority) before processing the request, which may involve asking you for information that matches our records. We aim to respond to verifiable requests within 45 days as required by CCPA, or inform you if we need more time.

California’s “Shine the Light” law (Civil Code § 1798.83) also entitles California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. As noted above, we do not share personal information with unaffiliated third parties for their own direct marketing without your consent.

## Marketing Communications and Consent
We respect your preferences regarding receiving marketing communications. **TechShifts will only send you promotional emails, newsletters, or other electronic marketing messages if we have your consent or another lawful basis to do so.** In practice, this means:

- If you are a **new user or subscriber**, we will obtain your **explicit consent** (opt-in) before sending you email marketing. For example, we may ask you to tick a box indicating you want to receive news and offers from us.
- If you are an **existing customer**, we may send you marketing about products or services similar to those you previously purchased or showed interest in, based on what is known as the “soft opt-in” rule – but only if you have not opted out. The UK Privacy and Electronic Communications Regulations (PECR) allow this type of communication to individuals in the context of an existing customer relationship ([ICO direct marketing guidance for email and other electronic mail | Data Protection Network](https://dpnetwork.org.uk/direct-marketing-guidance-email-electronic-mail/#:~:text=PECR%20says%20you%20can%20only,marketing%20by%20electronic%20mail%20if)). We will always provide a clear way to opt out in every message if you don’t wish to receive further marketing.
- We will **not send unsolicited direct marketing** by email, text, or other electronic means without the required consent. Under PECR, organizations can only send such messages to individuals if they have consent *or* meet the criteria for a soft opt-in ([ICO direct marketing guidance for email and other electronic mail | Data Protection Network](https://dpnetwork.org.uk/direct-marketing-guidance-email-electronic-mail/#:~:text=PECR%20says%20you%20can%20only,marketing%20by%20electronic%20mail%20if)). We adhere strictly to these rules. In other words, no spam – you will only hear from us in a promotional context if you have agreed to it or if it’s otherwise allowed, and you can change your mind at any time.
- **Opting Out:** You have the right to opt out of marketing communications from us at any time. If you no longer wish to receive emails from us, simply click the “unsubscribe” link in any email newsletter or promotional message, or contact us at the email address below with your request. Once you opt out, we will stop using your email for marketing (though we may still contact you for non-marketing reasons, such as service notifications or account issues).
- **Third-Party Marketing:** We will not share your contact details with third-party companies for their own marketing purposes unless you have given us permission to do so. If we ever offer such option, we will ensure you have a clear choice to opt-in or opt-out.

Additionally, our use of cookies for advertising or analytics is done in accordance with applicable law. Where required, we seek your consent for placing cookies or similar trackers on your device (for example, for advertising targeting or analytics beyond the scope of purely internal analysis). You can manage cookie preferences as described in the “Cookies” part of the Information We Collect section above. For targeted ads, you can also typically opt-out via your device settings or industry opt-out websites. We currently do not use any mechanism that would be considered a “sale” of data under CCPA (and as stated, we do not sell personal data).

If you have any questions about your preferences or wish to object to any specific type of communication, please contact us. We strive to honor all requests regarding marketing preferences as soon as possible.

## Data Security
The security of your personal data is important to us. We implement appropriate technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These include measures like encryption in transit (SSL/TLS), access controls to databases, and regular monitoring of our systems for vulnerabilities. Our staff are trained on data protection and obliged to keep personal data confidential.

However, please note that **no method of transmission over the Internet or electronic storage is 100% secure** ([Privacy Policy - TechShifts](https://businessgps.ai/privacy-policy-2/#:~:text=Security%20Of%20Data%20The%20security,cannot%20guarantee%20its%20absolute%20security)). While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. You should also take care with how you handle and disclose your personal data and avoid sending sensitive information via insecure channels. If you have reason to believe that your interaction with us or your data might no longer be secure (for example, if you feel your account has been compromised), please contact us immediately.

## Data Retention
We will retain your personal data **only for as long as necessary** to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements ([
Data protection: The UK's data protection legislation - GOV.UK
](https://www.gov.uk/data-protection#:~:text=,access%2C%20loss%2C%20destruction%20or%20damage)). In general, this means:

- We keep your information for as long as you have an account or an ongoing relationship with us.
- If you close your account or withdraw from the Service, we may still retain certain limited data for a period of time to finalize any pending transactions, to comply with legal obligations (e.g. record-keeping, tax, or audit purposes), to resolve disputes, or to enforce our agreements.
- We regularly review the data we hold and delete or anonymize personal data that is no longer needed. For example, if we collected personal data for a specific campaign or event with your consent, and that information is not needed after the campaign ends, we will erase it or anonymize it.
- Usage Data used for analytics is generally aggregated or anonymized over time, or deleted when no longer useful for analysis. If we keep any raw log data, it will be for a limited duration.
- Where we anonymize data (so it can no longer be associated with an identifiable individual), we may retain that anonymized information indefinitely without further notice, as it no longer constitutes personal data.

The exact retention periods for different categories of data depend on the nature of the data and the purposes for which it is collected. If you would like more detail about how long we keep a specific type of information, you can contact us. Once the retention period expires, or if you request deletion and we have no lawful basis to keep the data, we will securely erase or irreversibly anonymize your personal data.

## Children’s Privacy
Our Service is **not directed to anyone under the age of 18**, and we do not knowingly collect personal information from children. If you are under 18, please do not use the Service or provide any information to us. In the event we learn that we have collected personal data from a child under 18 without verifiable parental consent, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and you believe your child under 18 has provided personal information to TechShifts, please contact us right away. We will promptly investigate and remove any such information. We recognize special rules often apply to the personal data of minors (for example, the UK GDPR and US COPPA law provide additional protections for children’s data ([Your right to get your data deleted | ICO](https://ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/#:~:text=You%20used%20social%20media%20or,gaming%20app%20as%20a%20child))) and we are committed to respecting those rules.

## Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we update the Policy, we will revise the “Effective Date” at the top. If the changes are significant, we will provide a more prominent notice (such as a notice on our website or an email notification) **before** the new changes take effect ([Privacy Policy - TechShifts](https://businessgps.ai/privacy-policy-2/#:~:text=We%20may%20update%20our%20Privacy,Privacy%20Policy%20on%20this%20page)). We encourage you to review this page periodically to stay informed about how we are protecting your information.

Changes to this Policy are effective when posted on this page (unless otherwise indicated). If you continue to use the Service after any changes become effective, you will be deemed to have accepted the updated Policy. However, if we were to make a material change that retroactively affects how we handle previously collected personal data, we would seek your consent or give you a clear opportunity to opt-out, where required by law.

## Contact Us
If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:

- **By Email:** [[email protected]](mailto:[email protected])
- **By Mail:** TechShifts Media Limited, 31 Spencer Close, Alsager, Stoke-On-Trent, ST7 2TA, United Kingdom.

We will be happy to assist you and address any concerns you have. Your privacy is important to us, and we welcome feedback on how we can improve our policies and practices.

----

*Last updated: Jan 15, 2025.*