Privacy

We take your rights to privacy, data protection, and informational self-determination very seriously. Therefore, we would like to inform you how shiftspace collects and uses personal data.

Web Application

When you register with shiftspace and log in to use our web application, we only collect the data you explicitly provide or that is required for technical reasons:

  • IP address – Stored for the duration of your programme to support troubleshooting and the collection of anonymised usage statistics.
  • Cookies – Used to maintain your login session and deleted when you log out.
  • Name and email address – Required to create your account, send reminders, or invite you to workshops that are part of the programme.
  • User-generated content – Journal entries and peer reflections are stored privately unless you explicitly request review by a coach.

Your data is stored securely on the Google Cloud Platform (GCP). shiftspace is the data controller and ensures GDPR-compliant handling. GCP acts as a data processor certified under leading security standards. See also the GCP Terms of Service.

We retain your data for up to 6 months after the end of the programme. After that, all personally identifiable data is removed. You may delete your account and any non-shared content at any time via your profile settings.

Legal Basis for Processing

Personal data is processed by shiftspace on the basis of the following legal grounds under Article 6 GDPR:

  • Art. 6 (1)(b) – Performance of a contract and provision of the programme
  • Art. 6 (1)(a) – Consent (e.g. for marketing communications or tracking)
  • Art. 6 (1)(c) – Compliance with legal obligations
  • Art. 6 (1)(f) – Legitimate interests (e.g. IT security)

Right to object: You may object to any processing based on legitimate interests at any time by emailing hallo@shiftspace.com

Additional Channels

WhatsApp

Communication via WhatsApp uses the WhatsApp Business API through SuperX GmbH (SuperChat) and infrastructure provided by Meta Platforms Ireland Ltd.. We receive your phone number and WhatsApp username, but no message content is analysed.

Learn more: SuperChat Privacy FAQs, SuperChat Privacy Policy, WhatsApp Privacy Policy

Microsoft Teams

We use Microsoft Teams for programme delivery, with services from Microsoft Ireland Operations Ltd., Microsoft Azure, and Heroku (Salesforce Inc.). See: Microsoft Privacy Statement, Microsoft Trust Center, Heroku Privacy Policy

Voluntary and Confidential Content

You may write journal entries or reflections that contain sensitive content. shiftspace does not process this content automatically. Review by a coach is only done upon your explicit request.

Processors & Third-Party Services

We use the following service providers to process personal data on our behalf:

  • Google Cloud Platform (GCP) – Hosting
  • Brevo (formerly Sendinblue) – Email marketing
  • SuperChat / Meta – WhatsApp messaging
  • Microsoft Teams / Azure – Communication platform
  • Heroku (Salesforce) – Infrastructure services

Transfers to third countries (e.g. the US) are protected by EU Standard Contractual Clauses (SCCs).

Marketing

With your consent, we use Brevo to send newsletters and relevant programme communication. You may unsubscribe at any time or contact us at hallo@shiftspace.com. Read the Brevo Privacy Policy for more.

Data Security

We protect your data through HTTPS encryption, access restrictions, role-based permissions, and cloud backups. Our technical and organisational safeguards are regularly reviewed and updated.

Your Data Protection Rights

  • Access to your personal data
  • Correction of inaccurate or incomplete data
  • Erasure under certain conditions
  • Restriction of processing
  • Objection to data processing
  • Portability of your data to another provider or yourself

Contact us at hallo@shiftspace.com. We respond to requests within one month.

External Websites

Our website may contain links to other websites. Their data practices are subject to their own privacy policies.

Changes to This Policy

We update our privacy policy as needed and publish changes on this website.
Last updated: 21 July 2025

Supervisory Authority

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61 (Entrance: Alt-Moabit 60)
10555 Berlin
Phone: +49 30 13889‑0
Fax: +49 30 2155050
Email: mailbox@datenschutz-berlin.de