Privacy Policy
Revision Dated: October 29, 2024
Dispatch Integration Ltd. (“Dispatch”, “our”, “we”, “us”) is committed to protecting the privacy of individuals who visit our website (“Visitors”) and the privacy, confidentiality, and security of any data that we may process through the delivery of Dispatch Services (defined below) with our clients (“Clients”) (Visitors and Clients, collectively, “you” or “your”) through our compliance with this policy (“Privacy Policy”).
This Privacy Policy applies to data provided on or through the Dispatch website located at dispatchintegration.com, the provision of professional services offered by Dispatch to our Clients, and services provided and hosted by or for Dispatch via our applications at comparecsv.com and www.dispatchsentinel.com (collectively, the “Services”), and describes Dispatch’s privacy practices in connection with the use of our Services. This Privacy Policy also describes the choices available to you as a Visitor to our website regarding the use of your personal information and how you can access and update this information. Personal information for the purposes of this Privacy Policy means information that can be used to personally identify you or is associated with any such information, or personal information may be defined by the laws of the location where you live. In all cases, access and usage of personal and other confidential information shall be limited to the purposes of providing the Services on our website or for which the Client has engaged Dispatch and as otherwise described in this Privacy Policy. This Privacy Policy does not cover any information collected by third-party websites or content or applications that may link to or be accessible from or on our website.
Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our website. By accessing or using this website or our Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of the website or our Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.
Privacy Principles
Dispatch follows these principles in order to protect your privacy:
- We are transparent regarding what data we might handle and what we do to protect that data.
- We do not collect any more information than is necessary to provide the Services.
- We only use personal information for the purposes we specify in this Privacy Policy.
- We do not keep your personal information if it is no longer needed, and
- We do not share your personal information with third parties other than as required to deliver our Services, whom we refer to as subprocessors. We disclose who these third parties are in our Privacy Policy.
What information do we collect or have access to, and how do we use it?
We may collect or have access to your personal or other confidential information through your use of our website or through the provision of our Services.
We treat all Visitor and Client data in accordance with this Privacy Policy. Some data we may have access to through the provision of our Services may be considered “protected” and may fall under legislative requirements in various jurisdictions, including personal information and/or protected health information. With such data, we apply technological standards and corporate policies appropriate for each legislative environment where the data originates and where our Clients reside.
Except as part of the sale of all or substantially all of the assets of Dispatch, Dispatch will not sell, trade, or rent your personal information to any third party unless we have your explicit opt-in consent or except as provided in this Privacy Policy. We will only use and/or disclose personal information in order to: provide you with any Services that you have engaged Dispatch for; understand and meet your needs and preferences; develop new and enhance existing Service offerings; manage and develop our business and operations; and meet legal and regulatory requirements. Dispatch will request your consent if your information is desired to be used for marketing or activities not directly related to the functioning of this website or the fulfillment of contractual obligations. We also reserve the right to use anonymized and aggregated data, provided that the data is not linked to any specific individual.
Dispatch may share your personal information if compelled by law in order to respond to investigations, court orders, or legal processes or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person. To be able to serve you, your personal information may be collected, stored and/or processed or otherwise used by or on our behalf both inside and outside of Canada and the United States by third-party service providers to perform cloud storage, payment processing and other functions on our behalf. As a result, that country’s courts, governments or law enforcement agencies could obtain disclosure of such information under that country’s laws.
Visitors to our website
When you visit www.dispatchintegration.com, there are four ways data may be collected:
- Contact Us form
- In various places on our website, we may provide a form that you can use if you’d like to get in touch with us. This form may include requests for information such as your name, telephone number, email address and a message. When you use this form, it creates a notification in our website service that a message has been received and alerts us that a message has come in via email. We use this information to get in touch with you. We periodically purge the notifications received from the website.
- Blog subscription
- We may provide Visitors and Clients a way to subscribe to blog posts or email newsletters that we may publish from time to time. To subscribe, you provide an email address. When we publish a new post, the subscribers will receive an email from us that there is something new on the blog and a link to return to our website to read the post. Subscribers can also elect to unsubscribe from the blog when they receive these emails. The email addresses provided for blog subscriptions are not used by us for any other purpose. If you unsubscribe from the blog, your email is subsequently deleted from our systems.
- Job Applications
- We may post jobs on our website from time to time. A Visitor may apply for a job by filling out a form that may include their name, email address, phone number, a message, and by uploading their CV or resume. This information is managed by a third-party Applicant Tracking System hosted by RisePeople. Their privacy policy can be found here. We use this information to track applicants, set up and conduct interviews, and make job hires. When a position is filled, we delete the posting. Unless informed otherwise by applicants, we may keep applicant data for consideration on other job opportunities. Applicants can ask us to delete their information, and we will delete their information from our systems within a reasonable time frame when requested.
- Cookies that our website may use to track aggregate statistics
- Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website. A website may set a cookie to the browser used if the browser’s preferences allow it. Generally, we use cookies to provide general Visitor analytics such as the country of origin of the Visitor, traffic metrics, etc. Any personal information collected about you through cookies will be treated in accordance with this Privacy Policy. This information is used by us in aggregate form. We never link this information with any other personally identifiable information you may provide us through forms or other means. You can always choose not to accept cookies, but you may not be able to use some of our website’s features.
- Our website uses the following categories of cookies:
- Strictly necessary cookies – these are cookies that are required for the operation of our website. They include, for example, a nonce verification cookie, which is used to secure the interaction between a Visitor and the website.
- Analytics and customization cookies—These functional cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are or to help us customize our website and applications for you to enhance your experience. Our website utilizes Google Analytics, a common website analytics tool. For more information about Google Analytics, please refer to the website “How Google uses data when you use our partners’ sites or apps” at https://www.google.com/policies/privacy/partners/
- Performance and functionality cookies—These cookies enhance the performance and functionality of our website but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
Our website includes links to other websites whose privacy practices may differ from those of Dispatch. If you submit information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any third-party website you visit. For example, we offer a support portal at support.dispatchintegration.com that is hosted by Freshworks. Their privacy policy is found here.
Our website may offer publicly accessible blogs where you may have the ability to comment and engage in dialogue with other Visitors. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request the removal of your personal information from our blog, please contact us using the contact information below.
We display case studies of the work we’ve completed, and we may display testimonials and endorsements from clients. Unless agreed upon by our clients, we anonymize these case studies and testimonies and adhere to contractual provisions regarding how our clients’ names and logos may be used in marketing materials.
Our website includes social media features, such as the LinkedIn share button and widgets. These features may collect your IP address which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing the features.
Our Applications
We currently offer two online applications: comparecsv.com and Sentinel. Both applications are subject to this privacy policy’s provisions.
CompareCSV is an application that enables users to upload two data files to detect differences in these files. This application does not store or inspect any files that are uploaded. The uploaded files are transferred in an encrypted fashion. Dispatch personnel do not and cannot access any files that are uploaded. The files are processed transiently, meaning all processing happens in memory, with nothing written to disk. The memory is purged regularly. Dispatch will receive metadata that a comparison event occurred. The processing occurs in a secure Microsoft Azure environment hosted on Canadian data centres.
We have developed CompareCSV to be a highly secure web service, but for users who may be using Compare for datasets that include PII, we recommend that they download our desktop version of Compare. The desktop version does not transmit any data to the cloud and processes all data on the user’s personal computer.
Sentinel is a web application that provides data integration monitoring and event alerting for dataflows to and from Workday. This platform connects to our customers’ Workday instances via a secure API that provides integration metadata. Sentinel has no access to underlying data contained within our client’s applications, and therefore no PII data is accessed, transmitted or stored by Sentinel.
When we provide Services for our Clients:
Dispatch works on projects for and on behalf of our Clients that involve designing, building and implementing systems and data integrations between different applications and services our Clients use. We typically work on these projects by accessing Client systems directly through computers provided to us by them or by using our own IT infrastructure and accessing systems in a controlled manner through secure and encrypted web access. All of our employees and contractors must provide background checks before they can access our systems or our Clients’ systems. We require all employees and contractors to be trained in and adhere to our company security and privacy policies.
Sometimes the nature of the data integrations we build for our Clients may involve data that is sensitive, confidential and private (such as integrations with human resources systems, financial systems or health information systems). When developing data integrations between systems, we may need to test these integrations with representative data to make sure everything works okay. Whenever possible, we ask our Clients to provide anonymized, de-identified or “dummy” data to conduct these tests. If our Clients provide us with data that may contain sensitive information, we take the following steps:
- We limit access to that data to only those who absolutely need to use it to perform their tasks on behalf of our Clients.
- We will anonymize data whenever possible.
- Whenever possible, we leave all the test data on our Clients’ systems and do not make copies of it.
- If we require data on our own systems to conduct testing, the data is kept in encrypted form until used and destroyed promptly after testing is completed.
- If we require data on our own systems to conduct testing, we will provide notification to our Clients if we suspect any breach of our systems that may impact Client data in accordance with applicable law.
- We use the data only for the specific purposes of running tests necessary to successfully complete the project.
- We do not provide access to or share that data with any unauthorized third party.
- If any employees or contractors leave us, we promptly revoke all access to systems that may contain Client data
Dispatch may operate systems integrations on behalf of our Clients or may be involved in supporting integrations that are “in production” and processing live data. When these integrations are run on Client owned/licensed systems, we typically require access to those systems. In some cases, we may need to access sensitive data in these integrations, or the applications associated with the integrations in order to operate them, make upgrades, troubleshoot and conduct maintenance tasks and perform other activities on behalf of the Client. If our Clients provide us with access to data that may contain sensitive information, we take the following steps:
- We limit data access to only the people who have an absolute need to access it to perform their tasks on behalf of our Clients.
- We limit data access to only the minimum necessary data required to perform necessary tasks on behalf of our Clients.
- We leave all data on our Clients’ systems and do not make copies of the data.
- We use the data only for the specific purposes of operating, upgrading, troubleshooting and maintaining the integrations.
- We do not provide access to or share any data with any third party, and we do not permit employees or contractors not authorized by our Clients to access data.
Dispatch has developed several applications that our Clients use to operate data integrations, manage these integrations, and perform tasks necessary to test them. These applications are typically hosted by us or third-party hosting services and Clients get access to them through a subscription or license. The specific usage of these systems for each Client is governed by contracts between us and our Clients.
We use reasonable industry best practices for data security and access controls in the design and deployment of our systems and conduct penetration testing on our systems on a regular basis. We have executed Business Associate Agreements and Data Processing Agreements where necessary with our third-party hosting providers, and they are obligated to promptly inform us of any data breaches. We limit access to our own systems to only those required to conduct maintenance and upgrades.
Sometimes our Clients engage us to also operate and manage their integrations that may be run on our own applications. The nature of the data integrations we may operate on our own systems for our Clients may involve sensitive data. In some cases, we may need to access data in these integrations or the applications associated with the integrations in order to test them, operate them, make upgrades, troubleshoot and conduct maintenance tasks and perform other activities on behalf of the client.
We adhere to the following principals regarding the operation and management of integration systems on our Clients’ behalf:
- Client data is never “co-mingled” with data from other Clients.
- We respect our Clients’ data sovereignty requirements. We explicitly define with our Clients where the physical servers that contain our applications are located and through which their data will be processed, and we provision our Services to meet their data sovereignty requirements. This is established through contractual agreements with each Client.
- We limit access to Client data to only the people who have an absolute need to access it to perform their tasks on behalf of the Clients.
- We endeavour to conduct our systems support and maintenance activities without requiring access to Client data whenever possible.
- Data in all our applications is encrypted “in flight” and “at rest” by default, with specific encryption details determined by the contracts with our Clients.
- Our applications will decrypt data to conduct certain operations, such as data transformations. Once these operations are complete, the data is re-encrypted.
- Integrations are, by their nature, data transient. This means that the only Client data within our systems are in-transit to another system. For this reason, we do not store Client data longer than is needed to receive, transform and transmit the data from an upstream system to a downstream system. We may maintain “message queues” of data for short amounts of time sufficient to ensure records are transmitted to the downstream application. Upon request by our Clients, we may turn off these message queues so that no data is written to disk and only remains in volatile memory while being processed by our applications.
- Our applications may generate and log metadata on the integrations as a necessary component to provide certain functionality. This metadata does not contain personally identifiable information, protected health information or any other Client confidential information.
- On occasion, we may need to access specific data records to operate, upgrade, troubleshoot, and maintain the application. Our contracts with our Clients govern how we access this data, which typically involves us logging the date, time, location, and purpose for accessing the data, which specific records were accessed, who accessed the data, and confirmation that no data was retained.
- We do not provide access to our systems nor provide access to any data to any unauthorized third party.
Online tracking / Do Not Track
Some jurisdictions may require us to disclose how we respond to “Do Not Track” signals. Because there is no widely accepted standard on how to respond to “do not track” browser-based signals, we do not respond to such signals. We do not track our visitors across third-party websites to provide targeted advertising. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your internet browser may allow you to set the “Do Not Track” signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
No collection of children’s personal information
This website and our Services are intended for audiences at least 18 years old. We do not knowingly collect any personally identifiable information from children under the age of 13. We reserve the right to delete any information we believe to be in violation of this Privacy Policy.
Individual Choice and Access
We do our best to keep your data accurate and up to date to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you are responsible for notifying us of those changes.
We will retain your information for as long as your account is active or as long as needed to provide you with Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements. We do not intend to retain personal information longer than necessary for such purpose(s) unless necessary for compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
We will provide individual access to any personal information we hold about them within 30 days of any request for that information. Individuals may request this information from us by contacting us using the contact information provided below. Unless it’s prohibited by law, we’ll remove any personal information about an individual from our servers at their request. There is no charge for an individual to access or update his or her personal information.
Data privacy rights for individuals in the European Union and/or the European Economic Area
In addition to your right to certain information contained in this Privacy Policy, pursuant to the General Data Protection Regulation, you have the following rights regarding your personal data that we hold:
- be informed of our intent to transfer your personal information to another country or international organization, the recipients of that information, and where information regarding the applicable privacy safeguards may be obtained;
- request access to your personal information;
- request correction of your personal information if it is incorrect;
- request that we delete or stop processing your personal information under certain circumstances;
- object to our processing of your personal information under certain circumstances;
- request that we restrict our processing of your personal information, and where our processing is based on your consent, withdraw that consent (which may be done by emailing: [email protected]) without affecting the lawfulness of processing based on consent before its withdrawal;
- request that we transmit your personal information either to you or another service provider under certain circumstances (costs may apply);
- be informed of your right to complain to a supervisory authority if you feel that we have not complied with applicable laws regulating your personal information (contact information for supervisory authorities may be found at: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. For more information, or to make a request, please email: [email protected] with your name, email address, request, and basis for your request.
Social Media Platforms and Other Websites
Our website may include social media features, like a button for allowing users to share blog articles. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. We also maintain a presence on social media platforms like LinkedIn. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Security of Your Personal Information
We incorporate reasonable safeguards to help protect and secure your identifying information. However, no data transmission over the internet, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Services and provide us with your information at your own risk. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible in accordance with applicable legal requirements.
No Liability
You understand that electronic communications may be accessed by unauthorized parties when communicated across the internet, network communications facilities, or other electronic means. You agree that we are not responsible for any electronic communication and/or any of your data which may be lost, altered, intercepted or stored without authorization during the transmission of any data whatsoever across networks not owned and/or operated by us. We do not guarantee that your information will not be misused or disclosed to third parties. We will not have any liability to you for any such misuse or disclosure.
Our Trusted Subprocessors
The following are the third-party service processors that we use to help us provide our Services and who may have access to personal or otherwise confidential information. All these parties have agreed through contractual arrangements to observe and protect the data we process.
Amazon AWS: Secure hosting services and network infrastructure.
Microsoft Azure: Secure hosting services and network infrastructure
Google: email, calendar, shared cloud drive, website analytics, google cloud platform for secure application hosting services.
Freshdesk: customer support ticketing and messaging platform.
RisePeople: Job posting and applicant tracking system.
Hubspot: Customer Relationship Management System.
Slack: Internal messaging application.
Change of Ownership
If Dispatch is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring person or entity, and you will be notified via email and/or a prominent notice on our website of any such change in ownership.
Updates to this Privacy Policy
Dispatch may update this Privacy Policy from time to time. The date of publication of the Privacy Policy is at the top of the document. Material changes to this policy will be communicated via email to existing Clients.
A Message to our Clients
In case of any conflict between this Privacy Policy and the verbiage in our contracts with you or with applicable law, such conflict shall be resolved be giving precedence first to applicable legal requirements governing the type of data in question in the jurisdiction where the data originates, next to commitments as agreed upon in our contracts with you, and next to this Privacy Policy.
Consent
By using our website or Services, you consent to the collection and use of your information as set forth in this Privacy Policy. Except as required or allowed by law, we will not use or disclose your personal information for any purpose for which you refuse us consent or later withdraw your consent. If you withdraw consent, you agree that in spite of this withdrawal we may continue to use the personal information previously provided to us to the extent that we are legally or contractually obligated to do so and to the extent necessary to enforce any contractual obligations you may have to Dispatch. You also understand that although you can use our website for some purposes without providing us with any personal information, we need personal information about you for some Services, including those that involve an ongoing relationship with Dispatch. If you refuse to provide us with the information we require or later withdraw your consent to use and disclose this information, we may no longer be able to provide you with these Services.
Contact Information
For questions related to this Privacy Policy, or to correct, update, amend or request that we remove your personal information, or to contact Dispatch’s Data Protection Officer, please contact [email protected] or at
Dispatch Integration Ltd.
1155 North Service Road West
Unit 11
Oakville, Ontario
Canada L6M 3E3
+1 289 291 3845
[email protected]