Revision Dated: April 23, 2019
Dispatch follows these principles in order to protect your privacy:
- We are transparent regarding what data we might handle and what we do to protect that data.
- We do not collect any more information than is necessary to provide the Services.
- We do not keep your personal information if it is no longer needed; and
What information do we collect or have access to, and how do we use it?
We may collect or have access to your personal or other confidential information through your use of our website or through the provision of our Services.
Dispatch may share your personal information if compelled by law, in order to respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person. We also reserve the right to use, disclose, sell, trade or rent aggregated data, provided that the data is not linked to any specific or otherwise identifiable individual.
To be able to serve you, your personal information may be collected, stored and/or processed or otherwise used by or on our behalf both inside and outside of Canada and the United States by third party service providers to perform cloud storage, payment processing and other functions on our behalf. As a result, that country’s courts, governments or law enforcement agencies could obtain disclosure of such information under that country’s laws.
Visitors to our website
When you visit www.dispatchintegration.com, there are four ways data may be collected:
- Contact Us form
- In various places on our website, we may provide a form that you can use if you’d like to get in touch with us. This form may include requests for information such as your name, telephone number, email address and a message. When you use this form, it creates a notification in our website service that a message has been received and alerts us that a message has come in via email. We use this information to get in touch with you. We periodically purge the notifications received from the website.
- Blog subscription
- We may provide Visitors and Clients a way to subscribe to blog posts that we may publish from time to time. To subscribe, you provide an email address. When we publish a new post, the subscribers will receive an email from us that there is something new on the blog and a link to return to our website to read the post. Subscribers can also elect to unsubscribe from the blog when they receive these emails. The email addresses provided for blog subscriptions are not used by us for any other purpose. If you unsubscribe from the blog, your email is subsequently deleted from our systems.
- Job Applications
- Cookies that our website may use to track aggregate statistics
This website uses the following categories of cookies:
- Strictly necessary cookies – these are cookies that are required for the operation of our website. They include, for example, nonce verification cookie, which is used to secure the interaction between a Visitor and the website.
- Analytics & customization cookies – these functional cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and applications for you in order to enhance your experience.
- Performance & functionality cookies – these cookies are used to enhance the performance and functionality of our website but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
Our website offers publicly accessible blogs where you may have the ability to comment and engage in dialog with other Visitors. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog, please contact us using the contact information below.
We display case studies of the work we’ve completed, and we may display testimonials and endorsements from clients. Unless agreed upon by our Clients, we anonymize these case studies and testimonies and adhere to contractual provisions regarding how our Clients’ names and logos may be used in marketing materials.
When we provide Services for our Clients:
Dispatch works on projects for and on behalf of our Clients that involves designing, building and implementing systems and data integrations between different applications and services our Clients use. We typically work on these projects by accessing Client systems directly through computers provided to us by them, or by using our own IT infrastructure. All of our employees and contractors must provide background checks before they can access our systems or our Clients’ systems. We require all employees and contractors to be trained in and adhere to our company security policies.
Sometimes the nature of the data integrations we build for our Clients may involve data that is sensitive, confidential and private (such as integrations with human resources systems, financial systems or health information systems). When developing data integrations between systems, we may need to test these integrations with representative data to make sure everything works okay. Whenever possible, we ask our Clients to provide anonymized, de-identified or “dummy” data to conduct these tests. If our Clients provide us with data that may contain sensitive information, we take the following steps:
- We limit access to that data to only the people who have an absolute need to use it to perform their tasks on behalf of our Clients.
- We will anonymize data whenever possible.
- Whenever possible we leave all the test data on our Clients’ systems and do not make copies of the data.
- If we require the data on our own systems to conduct testing, the data is kept in an encrypted form until used for the testing and is destroyed promptly after testing is completed.
- If we require data on our own systems to conduct testing, we will provide notification to our Clients if we suspect any breach of our systems that may impact Client data in accordance with applicable law.
- We use the data only for the specific purposes of running tests necessary to successfully complete the project.
- We do not provide access to or share that data with any unauthorized third party.
- If any employees or contractors leave us, we promptly revoke all access to systems that may contain Client data.
Dispatch may operate systems integrations on behalf of our Clients or may be involved in supporting integrations that are “in production” and processing live data. When these integrations are run on Client owned / licensed systems, we typically require access to those systems. In some cases, we may need to access sensitive data in these integrations, or the applications associated with the integrations in order to operate them, make upgrades, troubleshoot and conduct maintenance tasks and perform other activities on behalf of the Client. If our Clients provide us with access to data that may contain sensitive information, we take the following steps:
- We limit data access to only the people who have an absolute need to access it to perform their tasks on behalf of our Clients.
- We limit data access to only the minimum necessary data required to perform necessary tasks on behalf of our Clients.
- We leave all data on our Clients’ systems and do not make copies of the data.
- We use the data only for the specific purposes of operating, upgrading, troubleshooting and maintaining the integrations.
- We do not provide access to or share any data with any third party, and we do not permit access to data by employees or contractors not authorized by our Clients.
Dispatch has developed a number of applications that are used by our Clients to operate data integrations, manage these integrations, and help perform tasks necessary to test these integrations. These applications are typically hosted by us or by third-party hosting services, and our Clients get access to them through a subscription or license. The specific usage of these systems for each Client is governed by contracts between us and our Clients.
We use reasonable industry best practices for data security and access controls in the design and deployment of our systems and conduct penetration testing on our systems on a regular basis. We have executed Business Associate Agreements and Data Processing Agreements where necessary with our third-party hosting providers, and they are obligated to promptly inform us of any data breaches. We limit access to our own systems to only those required to conduct maintenance and upgrades.
Sometimes our Clients engage us to also operate and manage their integrations that may be run on our own applications. The nature of the data integrations we may operate on our own systems for our Clients may involve sensitive data. In some cases, we may need to access data in these integrations, or the applications associated with the integrations in order to test them, operate them, make upgrades, troubleshoot and conduct maintenance tasks and perform other activities on behalf of the client.
We adhere to the following principals regarding the operation and management of integration systems on our Clients’ behalf:
- Client data is never “co-mingled” with data from other Clients.
- We respect our Clients’ data sovereignty requirements. We explicitly define with our Clients where the physical servers are located that contain our applications and through which their data will be processed, and provision our Services to meet their data sovereignty requirements. This is established through contractual agreements with each Client.
- We limit access to Client data to only the people who have an absolute need to access it to perform their tasks on behalf of the Clients.
- We endeavor to conduct our systems support and maintenance activities without requiring access to Client data whenever possible.
- Data in all our applications is by default encrypted “in flight” and encrypted “at rest”, with specific encryption details determined by the contracts with our Clients.
- Our applications will decrypt data in order to conduct certain operations such as data transformations. This data is re-encrypted once these operations are complete.
- Integrations are, by their nature, data-transient. This means that the only Client data within our systems are in-transit to another system. For this reason, we do not store Client data longer than is needed to receive, transform and transmit the data from an upstream system to a downstream system. We may maintain “message queues” of data for short amounts of time sufficient to ensure records are transmitted to the downstream application. Upon request by our Clients, we may turn off these message queues so that no data is written to disk and only remains in volatile memory while being processed by our applications.
- Our applications may generate and log metadata on the integrations as a necessary component to provide certain functionality. This metadata does not contain personally identifiable information, protected health information or any other Client confidential information.
- On occasion, we may need to access specific data records for the purposes of operating, upgrading, troubleshooting and maintaining the application. Our contracts with our Clients govern how we access this data, which typically involves us logging the date, time, location and purpose for accessing the data, which specific records were accessed, who accessed the data, and confirmation that no data was retained.
- We do not provide access to our systems nor provide access to any data to any unauthorized third party.
Online tracking / Do Not Track
Some jurisdictions may require us to disclose how we respond to “Do Not Track” signals. Because there is no widely accepted standard on how to respond to “do not track” browser-based signals, we do not respond to such signals. We do not track our visitors across third party websites to provide targeted advertising. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your internet browser may allow you to set the “Do Not Track” signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
No collection of children’s personal information
Individual Choice and Access
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you are responsible for notifying us of those changes.
We will retain your information for as long as your account is active or as long as needed to provide you Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements. We do not intend to retain personal information longer than necessary for such purpose(s), unless necessary for compliance with a legal obligation, or in order to protect your vital interests or the vital interests of another natural person.
We will provide an individual access to any personal information we hold about them within 30 days of any request for that information. Individuals may request this information from us by contacting us using the contact information provided below. Unless it’s prohibited by law, we’ll remove any personal information about an individual from our servers at their request. There is no charge for an individual to access or update his or her personal information.
Data privacy rights for individuals in the European Union and/or the European Economic Area
- be informed of our intent to transfer your personal information to another country or international organization, the recipients of that information, and where information regarding the applicable privacy safeguards may be obtained;
- request access to your personal information;
- request correction of your personal information if it is incorrect;
- request that we delete or stop processing your personal information under certain circumstances;
- object to our processing of your personal information under certain circumstances;
- request that we restrict our processing of your personal information, and where our processing is based on your consent, withdraw that consent (which may be done by emailing: firstname.lastname@example.org) without affecting the lawfulness of processing based on consent before its withdrawal;
- request that we transmit your personal information either to you or another service provider under certain circumstances (costs may apply);
- be informed of your right to complain to a supervisory authority if you feel that we have not complied with applicable laws regulating your personal information (contact information for supervisory authorities may be found at: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. For more information, or to make a request, please email: email@example.com with your name, email address, request, and basis for your request.
Social Media Platforms and Other Websites
Our website may include social media features, like a Facebook login button for allowing users to share blog articles. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. We also maintain presences on social media platforms like Facebook, Twitter, and LinkedIn. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Security of Your Personal Information
We incorporate reasonable safeguards to help protect and secure your identifying information. However, no data transmission over the internet, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Services and provide us with your information at your own risk. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible in accordance with applicable legal requirements.
You understand that electronic communications may be accessed by unauthorized parties when communicated across the internet, network communications facilities, or other electronic means. You agree that we are not responsible for any electronic communication and/or any of your data which may be lost, altered, intercepted or stored without authorization during the transmission of any data whatsoever across networks not owned and/or operated by us. We do not guarantee that your information will not be misused or disclosed to third parties. We will not have any liability to you for any such misuse or disclosure.
Our Trusted Subprocessors
The following are the third-party service processors that we use to help us provide our Services and who may have access to personal or otherwise confidential information. All these parties have agreed through contractual arrangements to observe and protect the data we process.
Amazon AWS: Secure hosting services and network infrastructure.
Google: email, calendar, shared cloud drive, website analytics, google cloud platform for secure application hosting services.
Freshdesk: customer support ticketing and messaging platform.
collage.co: Job posting and applicant tracking system.
Change of Ownership
If Dispatch is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring person or entity, and you will be notified via email and/or a prominent notice on our website of any such change in ownership.
A Message to our Clients
Dispatch Integration Ltd.
1155 North Service Road West
Canada L6M 3E3
+1 289 291 3845