top of page


Last update: 01/30/2023


G&L Shift OÜ as data controller, attaches great importance to the protection and respect of your privacy. This policy aims to inform you, in accordance with European Regulation No. 2016-679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereafter: after referred to as the "Regulations" or "GDPR"), of our practices concerning the collection, use and sharing of the information that you are required to provide to us, in particular through our website _cc781905-5cde-3194-bb3b -136bad5cf58d_ (hereinafter the “Site”). This policy aims to inform you about the categories of personal data that we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.

Definition of Personal Data

The term "personal data" refers to all data that allows you to be identified as an individual. When you use the website (the "Site"), we may ask you to provide us with certain personal data about you.


Data collected

By using our Site and as part of the support you receive, you are required to send us information, some of which is likely to identify you and therefore constitutes personal data (hereinafter referred to as the "Data"). ). This Data contains in particular (i) identification data (last name, first name, address, email), (ii) transaction data (RIB for payment), (iii) technical data (if necessary for the operation of the Site), (iv) data related to the support mission that we carry out for you (which may include specific data) and (v) relating to your browsing on our Site.

Use of Collected Data

The simple consultation of the Site does not require registration or prior identification. It can be done without you communicating any personal data about yourself. However, when you contact us directly through the Site, respond to surveys, or send us comments, we collect this information for the purposes strictly necessary to carry out our mission.


This collected data is used to:

  • Carry out the support missions that you entrust to us, manage contracts, invoice and monitor the commercial relationship with you. The processing is based on the performance of the contract;

  • Carry out commercial prospecting operations. This processing is based on our legitimate interest;

  • Manage accounting and meet our tax obligations. This processing is based on a legal obligation;

  • Respond to your requests for information and contact made on our Site. This processing is based on your consent;

  • To help us maintain a safe and healthy environment on our Site. This processing is (i) based on our legitimate interest (ensuring the security of the Site), (ii) necessary for compliance with our legal obligations and/or (iii) necessary for the recognition, exercise or defense of a right. in justice ;

  • Manage our Site and perform internal technical operations in the context of problem solving, data analysis, testing, research, analysis, studies and surveys. This processing is based on our legitimate interest (ensuring the security of our Site and improving its characteristics).


Data controller

Within the meaning of the GDPR, the controller of your personal data is the company G&L Shift OÜ, Limited Liability Company, Registered with the Tartu County Court Registry under number 16254139, Head Office: Harju County, Lasnamäe District , Lõõtsa tn 5, 11415 Tallinn, Estonia.


Recipients of the data collected and reasons for their transmission


1. Data transferred to public authorities and/or bodies

In accordance with the regulations in force, the Data may be transmitted to the competent authorities on request and in particular to public bodies, court officers, ministerial officers, bodies responsible for collecting debts, exclusively to meet legal obligations, as well as in the case of the search for the perpetrators of offenses committed on the Internet.


2. Data transferred internally

The Data collected and processed is transmitted to any team members, assistants, trainees, and to any internal service of the Company.


3. Data transferred to third parties

We may work in collaboration with third-party companies or consultants, auto-entrepreneurs who may have access to your Data, and in particular with:

  • The subcontractors we use for the provision of IT services (database management, hosting, storage, maintenance, etc.), accounting or communication;

  • Agents, consultants, or any third party involved in the support mission(s) we offer. We only provide these third parties with the Data they need to perform their services, and we require that they do not use your Data for any other purpose. These third parties will only act in accordance with our instructions and will be contractually bound to ensure a level of security and confidentiality of your Data identical to ours and to comply with the applicable regulations on the protection of personal data.

Data retention period

Your Data will not be kept beyond the time strictly necessary for the purposes pursued as set out in this Policy and in accordance with the Regulations and applicable laws. In this respect, the Data used for the purpose of carrying out the missions that you entrust to us are kept for the duration of the contractual relationship, then archived in accordance with the limitation periods. Your Data is erased when the retention periods expire. Archiving implies that your Data will no longer be available online but will be extracted and stored on an independent and secure medium. The Data used for prospecting and communication purposes may be kept for a maximum of 3 years from the end of the commercial relationship or the last contact of the prospect concerned. Your Data is erased when the retention periods expire. Nevertheless, your Data may be archived beyond the periods provided for the purposes of research, observation and prosecution of criminal offenses for the sole purpose of allowing, as necessary, the provision of your Data to the judicial authority.

Data protection

All precautions and appropriate organizational and technical measures have been taken to preserve the security, integrity and confidentiality of your personal data. In the event of recourse to a service provider, we ensure that the latter meets its security obligations, prior to the communication of your data. Your data is retained and stored for the duration of its processing on secure external media.

Rights and exercise of rights over Data

In accordance with applicable laws and regulations on the protection of personal data, you have a number of rights relating to your Data, namely:

  • Right to information: you have the right to be informed about the processing of your personal data.

  • Right of access: you have the right to access all of your personal data at any time.

  • Right of rectification: you have the right to rectify your inaccurate, incomplete or obsolete personal data at any time.

  • Right of erasure: in certain cases, you have the right to obtain the erasure of your Data. However, this is not an absolute right and we may, for legal or legitimate reasons, keep this Data.

  • Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in art. 18 of the GDPR.

  • Right to portability: you have the right to receive your personal data in a readable format and to require their transfer to the recipient of your choice.

  • Right to be forgotten: you have the right to demand that your personal data be erased, and to prohibit any future collection.

  • Right to lodge a complaint: with the CNIL in France, if you consider that the processing of your personal data constitutes a violation of the applicable texts.

  • Right to object: you have the right to object to the processing of your personal data. We may nevertheless maintain their processing despite this opposition, for legitimate reasons or the defense of legal rights.

  • Right to withdraw your consent at any time: you can withdraw your consent to the processing of your Data when the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent made prior to such withdrawal.

  • Right to give instructions concerning the fate of your data after your death: you have the right to give us directives concerning the use of your Data after your death.


Changes and application of the privacy policy

We reserve the right, at our sole discretion, to modify this charter, in whole or in part, at any time. These changes will come into force as of the publication of the new charter. We will inform you in advance by any useful means.



For any question relating to this Policy or for any request relating to your Data, you can contact us by sending us an email at the address

bottom of page