Privacy Shield Notice for Commercial Data Solutions, formerly known as SHYFT Analytics

Privacy Shield Notice for Commercial Data Solutions, formerly known as SHYFT Analytics

Last modified: December 16, 2020

The ECJ invalidated EU-US Privacy Shield on July 16, 2020. Click here to learn more. Per ITA guidance, SHYFT Analytics will continue to comply with its EU-US Privacy Shield obligations.  

NOTE: Shyft Analytics has applied to withdraw from the Privacy Shield as of December 15, 2020, as it no longer has any EU-sourced data under the Privacy Shield framework.  Please contact with any questions.

SHYFT Analytics, Inc. (“SHYFT Analytics,” “we,” “us,” “our” or the “Company”) is committed to secure and trustworthy Internet commerce and the individual’s right to privacy. This Privacy Policy describes SHYFT Analytics’ information practices.

SHYFT Analytics complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. This Privacy Shield Notice describes SHYFT Analytics’ practices related to its Privacy Shield obligations. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, SHYFT Analytics is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

SHYFT Analytics’ participation in the Privacy Shield applies to all personal data that is subject to the SHYFT Analytics Privacy Policy and is received from the European Union, the United Kingdom, and the European Economic Area. SHYFT Analytics will comply with the Privacy Shield Principles in respect of such personal data.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

SHYFT Analytics’ accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, SHYFT Analytics remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless SHYFT Analytics proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, SHYFT Analytics commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, UK, and Swiss individuals with Privacy Shield inquiries or complaints should first contact SHYFT Analytics by email at

As further explained in the “Dispute Resolution” section of the Medidata Privacy Policy, we encourage you to contact us should you have a Privacy Shield-related (or general privacy-related) complaint.

SHYFT Analytics has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at