Privacy Policy
Last Updated: July 06, 2026
1. Introduction & Scope of This Privacy Policy
Baseshift, Inc., together with its subsidiaries and affiliated companies ("Baseshift", "we", "us", or "our") is committed to ensuring that the Personal Data (as defined herein) we process is stored securely, used appropriately, and that our data processing practices are clearly communicated. This privacy policy (“Privacy Policy”) explains how we collect, use, disclose, and safeguard Personal Data in the following scenarios:
- when you (“Website User”) visit and browse our website, available at https://www.baseshift.com/ (“Website”),
- when you (“Platform User”) use our Software-as-a-Service platform made available by Baseshift (“Platform”), or engage with our services.
Under this Privacy Policy, the Platform, Website, and all services provided through them are collectively referred to as the “Services”. Platform Users, Website Users, and any other individuals we interact with in connection with the Services are referred to as "you" or “User”.
Please note that this Privacy Policy does not apply to Personal Data contained in the databases, schemas, query logs, and other content that we process through the Platform’s functionalities on behalf of business customers (“Business Customers”). We process such data as a data processor, and its processing is governed by our agreements with those Business Customers (including our Data Processing Addendum), and not by this Privacy Policy. This Privacy Policy does apply to the Personal Data we process as a data controller – such as Platform Account Data, Charges and Transactions Data, and Online Identifiers and Device and Usage Data – including where you access the Platform through a Business Customer’s account.
This Privacy Policy is an integral part of the Services’ terms and agreements referencing this Privacy Policy, including, as applicable, our Terms of Service (collectively, “Terms”). Any capitalized terms not defined herein shall have the meaning ascribed to them in the applicable Terms. We encourage you to read this Privacy Policy carefully and reach out to us if you have any further questions.
Any Personal Data you provide is given voluntarily and with your consent (where such consent is required under applicable data protection laws). You acknowledge that you are not under any statutory obligation to provide us with Personal Data. However, we may need to collect or receive certain Personal Data in order to provide, operate, secure, and manage the Services. If you do not provide us with the necessary Personal Data, we may be unable to fulfill certain purposes, as further described in Section 3 of this Privacy Policy – The Types of Personal Data We Process & Purpose of Collection and Use – which details the purposes for which each set of Personal Data is collected.
2. Data Controller & Contact Information
Baseshift, Inc. is the “data controller” (as this term or its equivalent is defined under applicable data protection legislation) of the Personal Data collected through the Services covered by this Privacy Policy. This means that we determine the purposes and means of processing the Personal Data.
If you have any questions, inquiries, or concerns regarding this Privacy Policy or the processing of your Personal Data, you may contact us as follows:
By Email: privacy@baseshift.com
3. Types of Personal Data We Process & Purpose of Collection and Use
We collect information related to your use of and interactions with our Services.
This information may include both data that does not identify you or any specific natural person and cannot reasonably be used for such identification (“Non-Personal Data”), as well as data that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). If we combine Personal Data with Non-Personal Data, we will treat the combined data as Personal Data.
Non-Personal Data may include technical information regarding your device or browser, type of operating system, scope and frequency of use, interactions with the Platform and Website, and other technical information regarding the device used. Such information will be considered Non-Personal Data when collected on an aggregate basis and/or not combined with any identifiers. We may further process and anonymize Personal Data so that it becomes Non-Personal Data. Non-Personal Data may be used by us without limitation and for any purpose. Some of this information may be considered “de-identified” under U.S. privacy laws. When we rely on data that has been de-identified, we will take reasonable measures to ensure that the de-identified information cannot be associated with an individual, household, or device, and we will not attempt to re-identify it.
We may collect different categories of Personal Data, depending on the nature of your interaction with the Services. Below, we detail the Personal Data we collect, how and for which purposes we process and use your Personal Data, as well as our lawful basis for processing (subject to the GDPR, if applicable).
Please note that, in addition to the purposes set forth below, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity theft, and any other misuse of the Services, as well as to enforce the Terms, protect the security or integrity of our databases and the Services, and take precautions against legal liability. We will not collect additional categories of Personal Data or use Personal Data for any purpose that is materially different, unrelated, or incompatible without obtaining your consent, unless required or permitted by applicable law.
3.1 Account and Registration Data
Personal Data Sets:
To access and use our Platform’s Services, you will be requested to sign up and create an account (“Platform Account”). You may choose to sign up with your email address or with your accounts on third party platforms or social media accounts, such as Google, and depending on the type of Service you use, we may request you to provide additional information such as your name, organization name and phone number. If you sign up using your account on third-party platforms, you give us your permission to retrieve relevant information about you, depending on the privacy settings of your account on such third-party platforms, which may include your full name, email address, profile picture, phone number, and other public profile information. Where the Services are used under a professional use subscription, we may also process additional business information provided by you, such as your job position or title and organization (collectively, "Platform Account Data").
Purpose of Collection and Use:
We collect and use the Platform Account Data for the following purposes:
- To create and designate your Platform Account, to secure your Platform Account including authentication and validation purposes.
- Account management and administration.
- To communicate with you and send you transactional and operational messages (for example, billing, invoices, and other operational notices).
- Subject to applicable laws, to send you promotional messages and offers, for example, customer success and relationship communications, marketing communications, materials, and other information regarding our Platform and Services. You may change your preferences at any time, including opting out and unsubscribing from marketing communications. However, please note that even if you have opted out of our marketing communications, we may still use your contact details to send you service-related and operational communications.
- To perform, facilitate and optimize our marketing campaigns, ad management and sales operations.
Lawful Basis (where the GDPR applies):
Processing Platform Account Data to designate your Platform Account, provide the Services, and send you related operational communications is based on contract necessity. Processing for security and authentication, as well as for direct marketing purposes, is based on our legitimate interest (provided that, where required under applicable laws, we will obtain your consent for such processing).
3.2 Charges, Billing and Transactions Data
Personal Data Sets:
Services are subject to payment of subscription or other fees. The processing of payments is made by third-party payment processing services, and we do not collect, store, or have access to your full payment details; however, we process commercial transaction data such as records of purchases and prices, billing address, contact telephone number, email address, and your approximate location extracted from the IP address (e.g., country and zip code). In addition, where the fees are calculated and billed based on consumption, we will collect Online Identifiers and Device and Usage Data (as defined below), including through use of cookies and similar technologies, to track and record such usage of our Services (collectively “Charges and Transactions Data”).
Purpose of Collection and Use:
We use Charges and Transactions Data to calculate the fees for our Services or to limit your usage to the agreed upon or purchased services plan, to process your payments, and to provide the applicable Service you have purchased, as well as for billing and record-keeping purposes. The information related to your payment methods and transactions is processed by third-party payment processors and will be further governed by such third parties' own privacy policies and terms, which we recommend you review.
Lawful Basis (where the GDPR applies):
Processing Charges and Transactions Data to calculate charges and for billing purposes is based on contract necessity. We use Charges and Transactions Data for record-keeping purposes to comply with our obligations under applicable laws (where, depending on the billing entity, it might be further based on legitimate interest). We may further use such information to have evidence and records of consumption in the event such are requested by the User or a Business Customer, or in the event of a dispute regarding the charged fees, as well as to analyze our Services and their performance and to customize and improve our offers and Services, based on our legitimate interests.
3.3 Online Identifiers, Device and Platform Usage Data
Personal Data Sets:
When you access, browse, use, or otherwise interact with our Services, including the Website, use the Platform, or interact with our communication channels, certain information regarding your access and use is processed, including information that is automatically collected and generated through the use of our, or our third-party service providers’ and marketing partners’, cookies and tracking technologies (see Section 5 of this Privacy Policy – Cookies and Similar Technologies).
This information includes online identifiers associated with or transmitted from your browser and device, such as Internet Protocol (IP) address, cookie identifiers, user agent, and similar unique online identifiers generated by us and associated with your Platform Account, tags, etc. (“Online Identifiers”).
Online Identifiers, such as IP address, are further used to generate certain information, for example, to extract your approximate location (e.g., country and zip code) and business intelligence information. For example, by identifying the IP as a business organization’s IP, we may receive additional information related to such organization.
We also gather information regarding your browser and device (for example, type of device, operating system, etc.) as well as information regarding your use and interactions with the Services that may be automatically collected. This information may include features used, access time and date stamp, session duration, content viewed on our Websites or Services, your interactions within the Services including clickstream data and video screen recordings, crash data, how often you use the Service, the URL from which you reached our Services, time, language preferences, etc. (“Device and Usage Data”). If Device and Usage Data is associated with an Online Identifier, it is processed by us as Personal Data.
Purpose of Collection and Use:
We collect and use Online Identifiers and Device and Usage Data for the following purposes:
- Our Services’ functionality, operation, security, and fraud prevention, debugging, and resolving technical issues and errors.
- To promote, market, and advertise our Services, including sending you marketing promotions such as new features, additional offerings, special opportunities, or any other information we think you will find valuable based on your usage of the Services, including interactions with the Platform or Website, including targeted advertisements presented on other digital assets visited by the User. For example, when we market the Services, we use cookies and other tracking tools, including those of third-party providers, that collect information such as the individual's journey, when they clicked our ad, and if they subscribed or engaged with such campaign or ad.
- To calculate fees based on consumption and have evidence and records of consumption.
- To enhance, improve, and customize our Services and the way we offer them. For example, we analyze how Users use our Platform or the most viewed content on our Websites to improve the way we present such content and to analyze the performance of our marketing campaigns.
Lawful Basis (where the GDPR applies):
Processing Online Identifiers and Device and Usage Data for Services’ functionality, security, and necessary operational purposes is based on our legitimate interest.
When the processing of Online Identifiers and Device and Usage Data is carried out through cookies, and for non-strictly necessary purposes such as marketing, analytics, or tracking, we will obtain your consent to process Personal Data (where required under applicable laws). You may withdraw consent at any time through our cookie preference management tool available on the Website.
Processing of Online Identifiers and Device and Usage Data for the calculation of subscription or other fees, is based on contract necessity.
3.4 Customer Data
Where Baseshift processes Customer Data (database schema metadata, query logs, stack traces, and workload-derived content) on behalf of business customers, it does so as a Data Processor under the DPA. Customers are responsible for applying appropriate masking and protection to sensitive data before transmission to Baseshift systems.
3.5 Communications and Marketing
Personal Data Sets:
We process Users’ and potential users and prospects’ contact information, such as, as applicable to the communication, name, email address, phone number, position, organization you work with, and country (“Contact Information”).
Contact Information is collected if you contact us with any inquiries or request to connect, be provided with information regarding our Services, sign up for our offers, or to receive our marketing materials and newsletter, etc., either through an online form available on our Website, by sending us an email, or by any other means.
We will further process and store the content of communications with you, including email correspondence and, where applicable, call and meeting recordings and transcripts of such calls, and may also process data related to such communications, such as interactions with email communications (access time and date), etc. (“Communications Data”). Any recording of calls or meetings shall be made subject to obtaining your consent where required under applicable laws.
Purpose of Collection and Use:
We collect and use Contact Information and Communications Data for the following purposes:
- For responding to your inquiries or requests, or sending you the information and materials you have requested or signed up to receive.
- Contact Information related to potential users and prospects may be used to send marketing materials related to our Services in which you have shown your interest, or we assume will be relevant to you, including promotions, such as new offerings, special offers, etc.
- Communications Data may be processed and stored by us to have records of our communications, to manage, measure, and improve our marketing and sales efforts, and enhance our Services. We may further use and retain Communications Data in the event we believe it is required to continue to store it, for example, in the event of any claims or to provide you with further assistance (if applicable).
- Internal analytics and statistics, used to enhance and improve our Services, and the way we offer them.
Lawful Basis (where the GDPR applies):
Processing Contact Information and Communications Data to respond to your inquiry or request in the event you have contacted us, or to send you information or materials you have signed up to receive, is based on your consent. For other purposes set forth above, including for prospect’s marketing communications, Contact Information and Communications Data are processed and stored subject to our legitimate interests. You can opt out of or withdraw consent, as applicable, from receiving our marketing communications at any time using the “unsubscribe” or other option we provide within the body of the message. Where required, we will obtain your consent for call recordings.
3.6 Customer Support & Participation in Survey
Personal Data Sets:
When you contact us for customer support, we will process your contact information, as well as any information you choose to provide, as part of our communications and correspondence.
We may ask you to provide feedback on our Services through various means of communication such as through our Platform, marketing communications, or otherwise through third-party survey platforms. If you choose to address our request for such feedback or participate in our survey, we will collect your feedback and may collect, as applicable, additional information related to the feedback provided such as feature of our Platform used which is the subject matter of the feedback, contact information such as your name, email address, etc.
Purpose of Collection and Use:
We collect and use the information provided through customer support or participation in surveys for the following purposes:
- To provide the customer support needed and communicate with you. We will retain such communications and, where applicable, the call recordings and transcripts, for as long as needed, to have evidence of the support provided, offers made or agreed upon, and for any future needs, as well as to further improve our Services and support. We may use AI tools to assist us in analyzing our interactions to improve our Services and customer support.
- To improve and enhance our Service, train our team, as well as optimize and customize the Services.
Lawful Basis (where the GDPR applies):
Processing the data for customer support purposes is based on contract necessity. Processing for the purpose of record keeping and service improvement is based on our legitimate interest.
When you participate in our survey, we process your data subject to your consent. You may withdraw your consent at any time by contacting us through the contact information provided herein.
Please note that the actual processing operation for each purpose of use and lawful basis detailed above may differ. Such processing operations usually include a set of actions made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed below under Section 7 of this Privacy Policy – International Data Transfers, is based on the same lawful basis as stipulated above.
4. How We Collect Your Personal Data
Depending on the nature of your interaction with us, we may collect the above detailed Personal Data from you, as follows:
- Automatically, when you visit our Websites or interact with our Platform and Services, including through the use of cookies and similar tracking technologies (as detailed under Section 5 of this Privacy Policy – Cookies and Similar Technologies).
- When you voluntarily choose to provide us with information, such as when you create an account or contact us, all as detailed in this Policy.
- From third-party service providers, such as analytics service providers, or obtained by us from third-party business platforms.
5. Cookies and Similar Technologies
We use cookies and other technologies. A cookie is a small text file that a website places and stores on your device while you are viewing a website. These tracking technologies are used for various purposes, including:
- Strictly Necessary Cookies: these cookies are necessary for our Website and Platform to function or for the provisions of the Services to Users or Business Customers and cannot be switched off.
- Functional Cookies: these cookies enable certain non-strictly necessary functions as well as provide enhanced functionality and personalization (e.g., remembering your preferences so you don’t have to reset them each time you visit). They may be set by us or by third-party providers whose services we have added to our pages.
- Performance and Analytics Cookies: these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Services and marketing campaigns. They help us to know which pages are the most and least popular, how Users move around the Platform or Website, and from which marketing campaign they arrive.
- Marketing and Targeting Cookies: these cookies allow us to know whether you’ve seen an ad or a type of ad, how you interacted with such an ad, and how long it has been since you’ve seen it. We also use cookies to help us with targeted advertising. We may partner with ad networks and other ad serving providers that serve ads on our behalf and on behalf of others on other platforms and websites. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information ad networks and ad serving providers collect about your use of our Services and other sites over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.
The information generally collected and stored by cookies includes Online Identifiers, Device and Usage Data (as defined under Section 3 of this Privacy Policy – Types of Personal Data We Process & Purpose of Collection and Use), preferences, and technical information related to your device or browser.
Such cookies and tracking technologies can be placed by us (known as “first-party cookies”) or by third parties such as our marketing partners, social media, analytics providers, etc. (known as “third-party cookies”). In addition, the duration of such cookies and tracking technologies – meaning the period until they are deleted – can be either when you close your browser (known as “session cookies”) or longer periods according to their purpose and settings (known as “persistent cookies”). You can delete or block cookies through your browser or device settings.
The third-party cookies we currently use, and their purpose, are listed under the cookie preference management tool available on our Website, which you may further use to opt out of cookies or change your preferences at any time. Also note that most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. Please refer to the support page of your browser to learn more about how you can adjust your privacy and cookies preference settings. Please note that once you choose to opt out of or disable cookies, some features of the Website may not operate properly, and your online experience may be limited.
Except for the opt-out preference signals described below, our Services do not currently respond to “Do Not Track” browser signals. Where required under applicable law, we treat valid opt-out preference signals, such as the Global Privacy Control (GPC), as a request to opt out of the “sale” or “sharing” of Personal Data for the browser or device transmitting the signal (see Section 12 of this Privacy Policy – “Sale” of Personal Data).
Where we use third-party advertising cookies, such third parties may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including combining such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaigns you interacted with. These third parties collect and use this information under their own privacy policies.
6. How We Share Personal Data
We share your Personal Data with third parties, including our partners or service providers that help us provide our Services. The categories of such third-party recipients, the type of Personal Data we share, and the purpose of sharing are as follows:
6.1 Service Providers
We may disclose Personal Data to our trusted service providers that provide technology or platforms that are essential for providing the Services, such as hosting and server services, communications and content delivery networks, cybersecurity services, fraud detection services, billing and payment processing services, activity recording services, AI tools, support and customer relationship management systems. We also share Personal Data with our legal, financial, and compliance advisors. These service providers are prohibited from using your Personal Data for any purposes other than providing us with requested services.
6.2 Affiliated Companies & Corporate Transactions
We share Personal Data internally within our group to fulfill certain purposes for which Personal Data is collected and retained, or in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). The types of Personal Data that will be shared can be any data processed by us, as needed; however, our affiliated companies or acquiring company will assume the rights and obligations as described under this Privacy Policy.
6.3 Enforcement of our Rights, Security and Fraud Prevention & Law Enforcement
We may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties, in order to comply with applicable laws or in response to a verified request or order. We may further disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity, or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required. The types of Personal Data that will be shared are as needed to fulfill the purposes set forth above, for example, subject to a law enforcement authority request.
6.4 Marketing Service Providers & Partners
We share Online Identifiers, Device and Usage Data, Platform Account Data, and Contact Information with our marketing service providers, who either process certain data on our behalf to target you and offer you our Services, or provide us with tools to do so.
7. International Data Transfers
Your Personal Data collected by us is accessed by us from our premises and team’s locations, as well as processed and stored by our third-party service providers, affiliated companies, and partners, as detailed above. Therefore, your Personal Data may be transferred to and processed in countries other than the country from which you accessed our Platform, Services, or Website, including countries with different data protection standards. We will take appropriate measures to ensure that the transfer of such Personal Data will provide sufficient safeguards, including contractual commitments on behalf of our partners and service providers. You may exercise your rights, where applicable, to receive information regarding the transfer mechanism that was used during such transfer.
Where the GDPR applies to our processing of your Personal Data, if Personal Data collected within the EEA, UK, or Switzerland is transferred outside of such territories, we will do so pursuant to the Standard Contractual Clauses (EU SCCs, UK IDTA, or Swiss SCCs as applicable), or other transfer mechanisms approved by these authorities. By using our Services, you acknowledge that your data may be transferred internationally as described.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this Policy, or as required or permissible by law or regulation or until you request deletion of your information, where applicable.
Other circumstances in which we may retain your Personal Data for longer periods, when permissible by law or regulation, include: where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or if we reasonably believe there is a prospect of litigation relating to your Personal Data.
Please note that, except as required by applicable law or our specific agreements with you, we will not be obligated to retain your Personal Data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you.
9. Data Security
We implement industry-standard technical, organizational and security measures to protect Personal Data, to reduce the risks of damage to (or loss of) information, or any unauthorized access or use of information, including encryption in transit (TLS) and at rest, access controls, audit logging, and regular security assessments. We hold ISO 27001 and SOC 2 Type II certifications, available on request.
However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your Personal Data, it is not guaranteed, and you cannot expect that the Services will be immune to information security risks or attacks. Also, as the security of information depends in part on the security of the computer, device, or network you use to communicate with us, the security of your Personal Data depends on you as well. Please make sure to take appropriate measures to use secure networks and devices and to protect your access credentials.
Please contact us at: privacy@baseshift.com if you feel that your privacy was not handled properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.
10. Children's Data
The Platform is not intended for use by children (the phrase "child" shall mean an individual under the age defined by applicable law), and we do not knowingly process children's information. We do not knowingly collect data from children, and we will discard any information we receive from a User that is considered a "child" immediately upon discovering that such a User shared information with us. If you believe we hold data about a child, please contact us at privacy@baseshift.com and we will promptly investigate and delete it.
11. Your Rights
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction, and the data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.
Your rights
The principal rights that may apply to your Personal Data (subject to your jurisdiction and additional conditions) may include:
- Right to Be Informed, Right to Know, and Right to a List of Specific Third Parties: you have the right to be provided with information regarding our Personal Data collection and privacy practices, as we detail under this Privacy Policy. You may also have the right, at our option, to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data. This Privacy Policy also details our Personal Data handling practices.
- The Right to Access/Inspect Your Personal Data: you have the right to ask us to confirm whether or not we collect and use your Personal Data, the right to know which Personal Data we specifically hold about, and to ask for a copy of your Personal Data in a portable and, to the extent technically feasible, readily usable format or otherwise access it.
- Right to Correct/Rectify Your Personal Data: considering the nature and purposes of the processing of the Personal Data, you have the right to ask us to correct inaccuracies or update your Personal Data we hold, or request deletion of inaccurate Personal Data.
- Right to Delete Your Personal Data (the Right “To Be Forgotten”): you have the right to request the deletion of certain Personal Data we process, if specific conditions are satisfied, for example, if you think we no longer need to use it for the purpose we collected it; in the event that the collection was based on your consent; where we have used it unlawfully, or; where we are subject to a legal obligation to delete your Personal Data. Deletion request will be subject to our rights and obligations under applicable law (for example, our legitimate interests to maintain record keeping, completing transactions, providing a service that you have requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, fulfilling the terms of a written warranty, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity; debugging; exercising right provided for by law; engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest, etc.).
- Data Portability Right: you have the right to request to be provided with a copy of your Personal Data in a portable format and, to the extent technically feasible, a readily usable format that allows you to transmit the Personal Data without hindrance.
- Right to Withdraw Consent: when we collect and process your Personal Data based on your consent, you have the right to withdraw such consent at any time.
- Right to Opt-Out/Opt-Out of Sale: you have the right to opt-out of receiving our marketing communications, if applicable, by unsubscribing through the message received. You further have the right to opt out of the “sale” of Personal Data (i.e., to opt out of targeted advertising by us) as further explained under Section 12 of this Privacy Policy – “Sale” of Personal Data. We do not profile you in a manner that has a significant effect on you or other individuals; therefore, we do not provide an opt-out option from such use of Personal Data.
- Right to Object to the Processing of your Personal Data: you have the right to object to any use of your Personal Data which we have justified by our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest.
- Right to Restrict Processing of your Personal Data: you have the right to ask us to restrict or limit the purpose for which we process your Personal Data, where certain conditions are satisfied (for example, where you contest the accuracy of the Personal Data, for a period enabling us to verify its accuracy).
- Right to Appeal or Lodge a Complaint: If we decline to take action on your request to exercise your rights related to your Personal Data, we will inform you without undue delay within the timeframe set out under the applicable law. Our notice will include a justification for declining your request as well as information on how you may appeal, if applicable. Within the timeframe set under applicable law as of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or the Attorney General of your jurisdiction. Where the GDPR applies, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK. If you are in Israel, you may also lodge a complaint with the Israeli Privacy Protection Authority.
How to Exercise Your Privacy Rights
You may submit a request to exercise most of your privacy rights under applicable privacy laws by contacting our privacy team at: privacy@baseshift.com.
Certain rights can be easily exercised independently by you without the need to contact us. For example, you can opt out of receiving our marketing messages by clicking the “unsubscribe” link or following other opt-out instructions provided in the message; you can use the cookies preference management tool on our Website to change your preferences and opt out of cookies, including opting out of the “sale” of Personal Data.
We will respond to and fulfill your request within the timeframe required under applicable laws. When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or, where necessary, to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.
12. “Sale” of Personal Data
Under US privacy laws, the term “sale” refers to disclosing or making available Personal Data to a third party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” Personal Data as most people would commonly understand that term, i.e., we do not disclose your Personal Data in direct exchange for money or some other form of payment. However, subject to the definition of the term “sale” under such US privacy laws, our practice of sharing the categories of Personal Data detailed above, when we use cookies or other third-party advertising services, is considered as “selling” Personal Data. The categories of Personal Data shared for this purpose include: Online Identifiers such as IP and Cookie ID; Internet and electronic network activity information (Device and Usage Data – such as your engagement with our Services); Geolocation data (such as country level extracted from IP) (all terms as defined under Section 3 of this Privacy Policy – Types of Personal Data We Process & Purpose of Collection and Use). You have the right to opt out of such “sale” at any time by changing your preference using the cookies preferences tool available on our Website. Where required under applicable US privacy laws, we also honor valid opt-out preference signals, such as the Global Privacy Control (GPC), as a request to opt out of such “sale” for the browser or device transmitting the signal.
13. Contact Us and Policy Updates
For any questions, concerns, or to exercise your rights, contact us at privacy@baseshift.com.
We may update and amend this Privacy Policy from time to time at our sole discretion. The most recent version of the Privacy Policy will always be available on our Platform and Website, with the updated date indicated in the “Last Updated” heading. For material changes or if required by law, we will provide notice of such changes through reasonable means. Any material amendments to our privacy practices described in this Privacy Policy will become effective within the period specified in the notice. Unless otherwise stated, any changes will take effect upon publication of the modified Privacy Policy. We recommend that you review this Privacy Policy periodically to stay informed about our most current privacy practices. Continued use of the Platform and the Website after the effective date of any update constitutes acceptance of the revised Privacy Policy.