Last Updated: December 30, 2022

ShiftKey Privacy Policy

Introduction. This notice describes how we use your personal information.

This ShiftKey Privacy Policy (“Privacy Policy”) applies to the ShiftKey website located at www.shiftkey.com (“Site”), the ShiftKey mobile application, and all other related services that are products of ShiftKey LLC, a Texas limited liability company and its affiliates including but not limited to OnShift, Inc. (“ShiftKey,” “we,” or “us”) that link to this Privacy Policy. We take your privacy very seriously. How we will handle information we learn about you depends upon what you do when using one of our services, mobile applications, or websites (collectively our “Services”). Our platform connects independent healthcare providers (“Providers”) to healthcare facilities in search of temporary services provided by healthcare providers (“Facilities”). We strive to make all choices you make while using our Services as transparent as possible. We also hold the security of your personal information and business information as our top priority. This Privacy Policy covers personally identifiable information and other information that you provide us through your use of our Services. The purpose of this Privacy Policy is to explain what information we collect, how we may collect it, to whom we may disclose it, and certain other matters related to such information, including the choices you have regarding our collection of information. We reserve the right to make changes to this policy at any time and will update this Privacy Policy on the Services when we do so.

• 1. Information ShiftKey Collects

During your use of the Services, ShiftKey may collect the following information data about you:

1.1 Information Provided by You

Personal information that you provide to us, such as your user ID and password, name, email address, telephone number, physical address, birth date, gender, zip code, or content you provide by filling in forms through our Services, or other information that can be collected via the Site. You may give us Personal Information about you by filling in forms through our Services or by corresponding with us by phone, e-mail, or otherwise. Personal Information refers to information that is related to an identified or identifiable person, including, but not limited to, your name, email address, phone numbers, photos, government-issued identification, and work credentials.

1.2 For Providers

We generally collect:

• 1.2.1 Contact and registration information, including your name, email address, physical address, phone number, photos and username;
• 1.2.2 Eligibility and identity verification information, including: licenses and credentials, driver license number, social security number, and experience;
• 1.2.3 Payment information including payment account information;
• 1.2.4 Additional scheduling information, in some instances we may also access your calendar information or location for scheduling purposes and to enable you to discover available shifts;
• 1.2.5 Messages to Facilities, the Services enable you to send to and receive messages from Facilities;
• 1.2.6 Inquiries and Feedback: comments and questions you submit through customer service interactions with us or survey; and
• 1.2.7 User Generated Content: certain parts of the Services may enable us to receive content you post or upload.

PLEASE NOTE: WE DO NOT REDACT ANY CREDENTIALS THAT ARE UPLOADED TO THE SERVICES AND ANY DOCUMENTS UPLOADED BY YOU ARE DONE SO AT YOUR OWN RISK. You may redact documents you upload to our Services. Please be aware that in order for us to conduct licensing and credential checking, you may be required to provide us with your social security number. We may also share your social security number with the Facilities you bid on to allow them to conduct their own background checks. You may withdraw your permission and prevent our use of your information by contacting us directly at help@shiftkey.com.

1.3 For Facilities

We may collect your Personal Information if you are using our Services in your capacity as a representative of your Facility. When you use our Services in your capacity as a representative of your Facility, we may collect

• 1.3.1 Contact and Registration Information, including your name, email address, phone number, Facility name, and your employment position.
• 1.3.2 Messages to Facilities the Services enable you to send to and receive messages from Facilities
• 1.3.3 Inquiries and Feedback: comments and questions you submit through customer service interactions with us or surveys.
• 1.3.4 User Generated Content: certain parts of the Services may enable us to receive content you post or upload.

1.4 For Website Visitors

When you visit our website, we may collect information you choose to submit to us including,

• 1.4.1 Contact and registration information, including your name, email address, phone number,.
• 1.4.2 Inquiries and Feedback: comments and questions you submit through customer service interactions with us.

1.5 Information Automatically Collected by ShiftKey

Like other websites or apps, we also may collect and store information that is generated automatically as you navigate through our Services. We may collect

• 1.5.1 Device information and related identifiers: When you use our Services, we and our service providers collect and analyze information such as your IP address, browser characteristics, device IDs and characteristics, platform type, operating system, and the state or country from which you accessed the Services.
• 1.5.2 Usage information: When you use our Services, we and our service providers collect and analyze information about your usage activity such as referring and exit pages and URLs, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services and upload or post content, error logs, language preferences, and other similar information. This is used — to analyze trends, administer the Services, track navigation of the site, deliver relevant advertisements and gather broad demographic information for aggregate use . We use this information to improve the understanding of customer needs and provide relevant services. To automatically collect information, we use various technologies including:
• 1.5.3 Cookies. As with many websites, the Site uses and/or permits the placement by authorized third parties of standard technology called “cookies.” Cookies are small data files that a website you visit may save on your hard drive that usually includes an anonymous unique identifier. The Services use cookies for Provider authentication, keeping track of your preferences, promotional campaigns that require Provider identification, keeping track of our audience size and traffic patterns, and in certain other cases. You can configure your browser to accept cookies, reject cookies or notify you when a cookie is being used; however, if you do so it may render your computer unable to take advantage of certain personalized features of the Services. We may use the services of third parties to collect and use information about your visits to and interactions with our website through the use of technologies such as cookies to personalize advertisements for our goods and services. Cookies allow us to provide better security on the Services, to customize the content, to track purchases, and to keep the Services working properly.
• 1.5.4 Analytics We use various analytics services to better understand how visitors interact with our Services. These analytics services provide non-personally identifiable data including but not limited to data on where visitors came from, what actions they took on our site and where visitors went when they left our site. In particular, we use Google Analytics to help us perform our business and Service-related analytics. For more information about how Google Analytics uses your data, please see: http://www.google.com/policies/privacy/partners, as well as its privacy policy: http://www.google.com/policies/privacy. You may opt out of the use of Google Analytics by visiting the Google Analytics opt-out web page at: http://tools.google.com/dlpage/gaoptout.

2. How We Use Facility and Provider Data

We will use the information you provide to us for a variety of purposes, including to:

• 2.1 operate and make available the Services, including to: create and administer your ShiftKey account, provide communication between Facilities and Providers to request and/or confirm scheduling for healthcare services, facilitate direct messaging between Facilities and Providers, disclose Provider profiles to their Facilities and vice versa;
• 2.2 verify the accuracy and status of your licensing credentials with various licensing boards,
• 2.3 respond to your requests for support and to your feedback,
• 2.4 provide you with important information about the Services or important changes or additions to our Services,
• 2.5 send you offers and any other communications that we believe may be of interest to you,
• 2.6 analyze and improve the Services;
• 2.7 market and advertise our Services;
• 2.8 For billing and fraud prevention, on the basis of our legitimate interests in ensuring a safe and secure environment in which Providers and Facilities can conduct business and in order to comply with our legal obligations;
• 2.9 To conduct identification and criminal background checks, if applicable and to the extent permitted by local law, on Providers, for the substantial public interest of ensuring the public safety and preventing or detecting unlawful acts, protecting the public against dishonestly and maintain the integrity of the Services given that Providers interact directly with Facilities and their patients;
• 2.10 To enforce the ShiftKey Terms of Service (and/or other contractual agreements) and our legitimate interests in ensuring our agreements are complied with, and as otherwise set forth in our Terms of Service (and/or other contractual agreements).
• 2.11 To comply with any procedures, laws and regulations which apply to us, to comply with our legal obligations, to establish and defend our legal rights, or otherwise, where it is necessary for our legitimate interests or the legitimate interests of others.
• 2.12 For security and fraud detection purposes, including by detecting, protecting against, and prosecuting security incidents, fraud, and illegal activity and to protect the safety of the Services, our employees and our users.

3. How We May Disclose Facility and Provider Information

We may share your information with third parties outside of ShiftKey under the following circumstances:

• 3.1 With Your Consent or at Your Direction: We may disclose information when you provide us with your consent to do so or when you direct us to through your use of the Services, like when we share Provider profiles with Facilities to link shift opportunities.
• 3.2 Service Providers and Contractors: We may disclose information to other businesses, certain services and individuals that perform functions on our behalf. These activities could include processing or making payments, maintaining the Site and/or our Services, or facilitating email delivery to you. We require that our service providers and contractors protect your Personal Information with the same standards we do, however we are not responsible for their policies or practices.
• 3.3 By Law or to Protect Rights: We may disclose information when we believe that disclosure is necessary to comply with the law, to enforce our intellectual property rights, to enforce our Terms of Service, or to protect the rights, property or safety of ShiftKey and our employees or our users or the public, and if necessary to defend against third-party claims. We may also disclose information when requested to comply with a court order, investigation, or governmental request.
• 3.4 Business Transfers: Should ShiftKeyIf we go through or consider a business transfer, such as consolidation, merger, restructuring, acquisition, or sale of part or all of our assets, you acknowledge and consent to the transfer of your information. You further acknowledge and consent to the continued use of your information by the recipient so long as they comply with this Privacy Policy. Please bear in mind that whenever you voluntarily make your Personal Information available for viewing by third parties online or otherwise make your Personal Information publicly available – for example through comments and participation in forums or through email – that information can be seen, collected and used by others besides us. We are not responsible for any unauthorized third-party use of such information. ShiftKey may use and disclose deidentified and/or aggregated data for any purpose. For example, we may disclose aggregated usage data from our Providers or general demographic information of our Providers to provide anonymous aggregated data to business partners about the volume of use on the Services and the opportunities in which Providers are most interested.

4. How We Protect All of Our Data

ShiftKey seeks to use appropriate physical, technical, and administrative measures designed to protect Personal Information within our organization. However, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information supplied will not be intercepted while being transmitted over the Internet. You are responsible for keeping your account information and especially your login information confidential. We ask you not to share your login credentials with anyone.

5. Your Rights and Choices

• 5.1 Your Choices

  Profile Information. You can review, update, change or delete the information you have provided to us (and that we continue to store) in your profile at any time through your profile settings. To disable your account or request assistance with profile changes please contact us directly at help@shiftkey.com.

  Marketing Communications. You can click on the “unsubscribe” link located at the bottom of marketing emails you may receive from us to unsubscribe Regardless of your choices regarding promotional communications and updates regarding content, we may send you administrative messages, service announcements, terms and conditions of your account, or other similar communications.

  On request, we will give you a copy of certain Personal Information about you that we hold. This information is subject to a fee, not exceeding the prescribed fee permitted by law.

• 5.2 Your Privacy Rights

  Your local laws (including those Virginia) may permit you to exercise certain rights with respect to the information we collect from and about you. Depending on your location, you (or an authorized agent acting on your behalf) may make certain requests related to your personal information, including that we:

  • 5.2.1 Provide access to and/or a copy of certain personal information we hold about you.
  • 5.2.2 Correct certain personal information we have about you.
  • 5.2.3 Delete certain personal information we have about you.

    Applicable law may provide you with the right not to be discriminated against for exercising your rights.

    If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, you may contact us at help@shiftkey.com. We will take reasonable steps to verify your identity before responding to your request as required or permitted by applicable law. Please note your rights and choices vary depending upon your location, and certain information may be exempt from such requests under applicable law. In some circumstances, if you ask us to delete your information, you may no longer be able to access or use our Services. Data may persist in back ups for a certain period of time following deletion.

    Virginia residents may appeal the denial of a request here: help@shiftkey.com. We will respond within the legally required time period, including a written explanation of the results of your appeal.

• 5.3 Opt Out of Sale or Processing Personal Information for Targeted Advertising

  Residents of certain states such as Virginia may opt out of the “sale” of their personal information or processing of their personal information for targeted advertising. We allow third parties on our Site to receive certain information such as cookies, IP address, device identifiers, browsing behavior and/or other activity to enable the delivery of targeted advertising about the Services to you. This activity is processing for targeted advertising and may be considered a sale under applicable law.

  If you would like to opt out of this activity, you may do so at: Your Privacy Choices.

  You may still receive advertising on other sites and services, it just may not be tailored to your interests. Please note, if you use different browsers, devices, or services you will need to opt out on each browser or device where you want the choice to apply. In some cases, you may also be presented with a form field to complete, in those cases we ask for your email address or other information so we may add it to an appropriate suppression list.

6. Retention

We may retain certain information as required by law or for necessary business purposes. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. We are under no obligation to store such Personal Information and, to the extent permitted by law, disclaim any liability arising out of, or related to, the destruction of such Personal Information. We are under no obligation to destroy anonymized aggregate data.

7. Links

This Privacy Policy applies only to this Site and our Services. The Services may contain links to other sites or services. We are not responsible for the privacy policies or other practices employed by websites linked to, or from, our website nor the information or content contained therein. We encourage you to review the privacy statements of such third parties prior to using their sites or services. This Privacy Policy applies solely to information collected and used by our Services.

8. Our Policy Toward Children

The Services are not directed to children under the age of 13. We will not knowingly maintain personally identifiable information from or about anyone under 13. If we become aware that we have collected personally identifiable information from a user that is under the age of 13, then we will remove that child’s Personal Information from our files. If a parent or guardian learns his or her child has provided us with Personal Information, he or she should contact us at help@shiftkey.com.

9. Visitors and Users from Outside of the United States

Our computer systems for the Services are currently governed by and operated in the United States, so your Personal Information will be processed by us in the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. ShiftKey makes no representation that the Services are governed by or operated in accordance with the laws of any other nation. If you are a visitor from outside the United States, by using the Services, you understand that your Personal Information will be collected and processed in the United States and other countries where ShiftKey or its vendors operate, and acknowledge that your information may be subject to access by law enforcement and other government entities, in accordance with applicable laws. ShiftKey reserves the right to store this information in and outside of the United States and in locations not under our direct control (for example, co-located server facilities).

10. Changes and Updates

From time to time, we may change this Privacy Policy. We encourage you to periodically review our Privacy Policy for the latest information on our privacy practices. If we make any significant changes, we will notify you of such changes by posting the updated Privacy Policy on the Services and by updating the “Last Updated” date at the end of this Privacy Policy. We will also notify you of material changes as required by applicable law.

11. Contact Us

We welcome your feedback regarding this Privacy Policy. If you have any questions, comments, or concerns about either one, please contact us by email at help@shiftkey.com.

Last Updated: December 30, 2022