Privacy Policy
ADSHIFT Limited Liability Company
1. Definitions
1.1. Controller – ADSHIFT Limited Liability Company with its registered office in Radom, Kazimierza Pułaskiego 6/10, 26-600 Radom.
1.2. Personal data – information about a natural person who is identified or can be identified by one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, internet identifier and information collected through cookies and other similar technologies.
1.3. Policy – this Privacy Policy.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – the website operated by the Controller at www.adshift.com
1.6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
1.7. Platform – the AdShift platform (customer dashboard) operated by the Controller at app.adshift.com.
2. Processing of Personal Data in connection with the use of the Website
In connection with the User's use of the Website, the Controller collects data to the extent necessary to provide the individual services offered. The detailed rules and purposes of processing Personal Data collected during the User's use of the Website are described below.
3. Purposes and legal basis for the processing of Personal Data on the Website
A) Use of the Website
3.1.1. for the purpose of providing electronic services in the scope of making the content collected on the Website available to Users – in this case, the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
3.1.2. in order to establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.
B) Contact form
The Controller provides the possibility to contact him using an electronic contact form. Using the form requires providing Personal Data necessary to contact the User and respond to the enquiry. The User may also provide other data to facilitate contact or handling of the enquiry. Providing data marked as mandatory is required in order to accept and handle the enquiry, and failure to provide such data will result in the inability to handle the enquiry. Providing other data is voluntary.
3.2.1. Personal data is processed for the purpose of identifying the sender and handling their enquiry sent via the form provided – the legal basis for processing is the necessity of processing for the performance of a service contract (Article 6(1)(b) of the GDPR); with regard to optional data, the legal basis for processing is consent (Article 6(1)(a) of the GDPR).
C) Marketing
The User's personal data may also be used by the Controller to send marketing content to the User through various channels, i.e. by e-mail, MMS/SMS. Such activities are undertaken by the Controller only if the User has given their consent, which they may withdraw at any time.
3.3.1. for the purpose of sending the requested commercial information – the legal basis for processing, including the use of profiling, is the Controller's legitimate interest (Article 6(1)(f) of the GDPR) in connection with the consent given;
3.3.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in analysing the activity of Users on the Website in order to improve the functionalities used.
4. Cookies
The Controller uses cookies on the Website. Cookies are small text files stored on the User's device that enable the proper functioning of the Website and are used for analytical and statistical purposes. The User may at any time manage or delete cookies in their browser settings; restricting the use of cookies may affect selected functionalities of the Website.
Detailed information about the cookies we use can be found in our Cookie Policy.
5. Period of personal data processing
The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Controller's legitimate interest.
The period of data processing may be extended if processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent required by law. After the processing period has expired, the data is irrevocably deleted or anonymised.
6. User rights
The User has the right to access the content of the data and request its rectification, deletion, restriction of processing, the right to transfer the data and the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
The User also has the right to object to the processing of data based on the legitimate interest of the Controller.
To the extent that the User's data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller via privacy@adshift.com
7. Recipients of Personal Data
In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular IT service providers enabling the proper use of the Website.
If the User's consent is obtained, their data may also be made available to other entities for their own purposes, including marketing purposes.
The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with applicable law.
8. Transfer of Personal Data outside the EEA
The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily through:
8.1.1. cooperation with entities processing Personal Data in countries for which the European Commission has issued an appropriate decision confirming the adequate level of protection of Personal Data;
8.1.2. using standard contractual clauses issued by the European Commission;
8.1.3. applying binding corporate rules approved by the competent supervisory authority.
The Controller shall always inform you of its intention to transfer Personal Data outside the EEA at the stage of its collection.
9. Security of Personal Data
The Controller shall conduct ongoing risk analysis to ensure that Personal Data is processed by it in a secure manner, ensuring, above all, that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Controller ensures that all operations on Personal Data are recorded and performed only by authorised employees and associates.
The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures in each case when they process Personal Data on behalf of the Controller.
10. Google User Data (Google API Services)
Certain features of the AdShift platform integrate with Google services through Google APIs. This section describes how we access, use, store, share, retain and delete Google user data, in accordance with the Google API Services User Data Policy.
10.1. Data we access
Sign in with Google: if you choose to sign in to the AdShift platform using your Google account, we receive your basic Google profile information: e-mail address, name (including given name and family name), profile picture and your Google account identifier.
Google Ads integration: if you choose to connect your Google Ads account to the AdShift platform (OAuth scope: https://www.googleapis.com/auth/adwords), we access: the list of Google Ads accounts available to you (account identifier, account name, currency, time zone, manager account structure), the structure of your advertising campaigns (campaigns, ad groups, keywords) and aggregated advertising performance statistics (such as impressions, clicks, conversions, conversion value and cost). To maintain this connection we also receive and store the OAuth access and refresh tokens issued by Google.
We do not access any other Google services or data (such as Gmail, Google Drive, Contacts or Calendar).
10.2. How we use Google user data
Google profile information is used solely to create, secure and manage your AdShift user account and to authenticate you when you sign in.
Google Ads data is used solely to provide the analytics and attribution features of the AdShift platform to you: we import your advertising cost and performance data so that it can be combined with your own mobile measurement data and presented to you in dashboards and reports. Our access is read-only - we never create, modify or delete campaigns or any other settings in your Google Ads account. We do not use Google user data for advertising or marketing purposes of our own, we do not sell it, and we do not use it to develop, improve or train generalised artificial intelligence or machine learning models.
10.3. Sharing of Google user data
We do not sell Google user data and we do not transfer it to third parties, except for: (a) infrastructure subprocessors (cloud hosting and storage providers) that host the AdShift platform and process the data exclusively on our documented instructions under data processing agreements; and (b) cases where disclosure is required by applicable law. Within the AdShift platform, imported Google Ads statistics are visible only to authorised members of your own organisation.
10.4. Storage and protection of Google user data
Google user data is stored within secured cloud infrastructure. All data is encrypted in transit using TLS (HTTPS) and stored in encrypted storage. OAuth tokens are treated as confidential credentials: access to them is restricted to system components that require them, and they are never exposed to other users or third parties. Access to production systems is limited to authorised personnel and is logged and monitored.
10.5. Retention and deletion of Google user data
We retain Google user data only for as long as it is needed to provide the services described above. You can disconnect your Google Ads account at any time in the AdShift platform settings - upon disconnection we revoke the OAuth tokens with Google and delete them from our systems. You may also revoke AdShift's access to your Google account at any time via your Google Account security settings at https://myaccount.google.com/permissions.
You may request the deletion of all Google user data associated with your account (including imported Google Ads data) at any time by contacting us at privacy@adshift.com. Such requests are fulfilled within 30 days. When your AdShift account is deleted, the associated Google user data is deleted as well.
10.6. Limited Use disclosure
AdShift's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
11. Contact details
The Controller can be contacted via privacy@adshift.com
12. Changes to the Privacy Policy
The Policy is reviewed on an ongoing basis and updated as necessary.
The current version of the Policy was adopted and has been in force since 2026-06-12.