Privacy Policy

Revision Dated: January 24, 2019

Dispatch Integration Ltd. (“Dispatch”) is committed to protecting the privacy of individuals who visit our website (“Visitors”) and the privacy, confidentiality and security of any data that we may process through the delivery of Dispatch Services with our clients (“Clients”) (collectively “you” or “your”). This Privacy Policy applies to data provided on or through the Dispatch website located at www.dispatchintegration.com, the provision of Professional Services offered by Dispatch to our clients, and services provided and hosted by or for Dispatch via our applications (collectively, the “Services”), and describes Dispatch’s privacy practices in connection with the use of Dispatch’s website, apps, and Services. This Privacy Policy describes the choices available to you as a Visitor to our website regarding the use of your Personal Information (defined below) and how you can access and update this information. This Privacy Policy also describes the access and use of private information via the provision of our Professional Services and/or Applications. In all cases, access and usage of personal, private and confidential information shall be limited to the purposes of providing the Services on our website or for which the Client has engaged Dispatch and as otherwise described in this Privacy Policy.

Privacy Principals

Data security, privacy, and confidentiality is absolutely fundamental to what we do. It is critically important to us that you trust how we handle your most private, sensitive and confidential information and data.  Dispatch follows these principals in order to protect your privacy:

  • We are transparent regarding what data we might handle and what we do to protect that data.
  • We do not collect any more Information than is necessary to provide the Services.
  • We only use Personal Information for the purposes we specify in this Privacy Policy.
  • We do not keep your Personal Information if it is no longer needed; and
  • We do not share your Personal Information with third parties other than required to deliver our Services, whom we refer to as subprocessors. We disclose who these third parties are in our Privacy Policy.

What Information do we collect or have access to, and how do we use it?

There are four different ways we may collect or have access to Private, Confidential, Protected and Personal Data.

  1. Through our website.
  2. Through the provision of our Professional Services.
  3. Through our operation of client systems on their behalf.
  4. Through provision and/or operation of our own systems for our clients.

We treat all Visitor and Client data with the utmost care. Some data we may have access to through provision of our Services is considered “protected” and falls under legislative requirements in various jurisdictions.  In this document, we refer to this data as Personally Identifiable Information (PII) and Private Health Information (PHI). With this type of data, we apply technological standards and corporate policies appropriate for each legislative environment where the data originates, and where our Clients reside.

Visitors to our Website

When you visit www.dispatchintegration.com, there are four ways data may be collected:

  1. Contact Us form
    • In various places on our website, we may provide a form that you can use if you’d like to get in touch with us. This form includes information such as your name, telephone number, email address and a message.  When you use this form, it creates a notification in our website service that a message has been received and alerts us that a message has come in via email.  We use this information to get in touch with you. We periodically purge the notifications from the website and do not store these notifications or any of the details from the form.
  2. Blog subscription
    • We may provide Visitors a way to subscribe to blog posts that we may publish from time to time. To subscribe, you provide an email address.  When we publish a new post, the subscribers will receive an email from us that there is something new on the blog and a link to return to our website to read the post.  Subscribers can also elect to unsubscribe from the blog when they receive these emails.  The email addresses provided are not used in any other way and are kept private at all times. If you unsubscribe from the blog, your email is automatically deleted.
  3. Job Applications
    • We may post jobs on our website from time to time. A Visitor may apply to a job by filling out a form that includes your name, email address, phone number, a message, and uploading their CV or resume. This information is managed by a third-party Applicant Tracking System hosted by collage.co. Their privacy policy can be found here. We use this information to track applicants, set up and conduct interviews, and make job hires. When a position is filled, we delete the posting. Unless informed otherwise by applicants, we may keep applicant data for consideration on other job opportunities. Applicants can ask us to delete their information, and we will delete their information from our systems when requested.
  4. Cookies that our site may use to track aggregate statistics
    • Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. A website may set a cookie to the browser used if the browser’s preferences allow it. Generally, we use cookies to provide general Visitor analytics such as country of origin of the Visitor, traffic metrics etc. These cookies do not collect any personally identifiable information. This information is used by us in aggregate form. We never link this information with any personally identifiable information you may provide us through forms or other means.

Our website includes links to other websites whose privacy practices may differ from those of Dispatch. If you submit information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Our website offers publicly accessible blogs where you may have the ability to comment and engage in dialog with other Visitors. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our blog, please contact us using the contact information below.

We display case studies of the work we’ve completed, and we may display testimonials and endorsements from clients. Unless agreed upon by our clients, we anonymize these case studies and testimonies and adhere to contractual provisions regarding how our clients’ names and logos may be used in marketing materials.

Our website includes social media features, such as the Linkedin share button and widgets. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing the features.

Dispatch will not share your Personal Information, or otherwise make your Personal Information available to any other parties except as provided in this Privacy Policy. We will not sell, rent, or exchange your Personal Information with any third-parties.

Dispatch will share your information if compelled by law, in order to respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person. If Dispatch is required by law or an order of a court of competent jurisdiction to disclose your information, Dispatch will promptly notify you of this requirement so that you may seek a protective order or other appropriate relief.

When we provide Professional Services for our Clients:

Dispatch works on projects for and on behalf of our clients that involves designing, building and implementing systems and data integrations between different applications and services our clients use.  We typically work on these projects by accessing client systems directly through computers provided to us by them, or by using our own IT infrastructure.  We always adhere to client-specific privacy and security policies in all of our project work whether we use their systems and tools or whether we use our own.  All of our employees and contractors must provide background checks before they can access our systems or our clients’ systems.  We require all employees and contractors to be trained in and adhere to our Security Compliance Policy and Acceptable Use Policy.

Sometimes the nature of the data integrations we build for our clients may involve data that is sensitive, confidential and private (such as integrations with Human Resources systems, Financial systems or Health Information systems). When developing data integrations between systems, we need to test these integrations with representative data to make sure everything works okay.  Whenever possible, we ask our clients to provide anonymized, de-identified or “dummy” data to conduct these tests.  If our clients provide us with data that may contain private information, we take the following steps:

  1. We limit access to that data to only the people who have an absolute need to use it to perform their tasks on behalf of our clients.
  2. We will anonymize data whenever possible.
  3. Whenever possible we leave all the test data on our clients’ systems and do not make copies of the data.
  4. If we require the data on our own systems to conduct testing, the data is kept in an encrypted form until used for the testing and is destroyed immediately after testing is completed.
  5. If we require data on our own systems to conduct testing, Dispatch’s Security Compliance Policy requires us to provide notification to our clients within 24 hours if we suspect any potential breach of our systems that may impact client data that contains Personally Identifiable Information or Protected Health Information.
  6. We use the data only for the specific purposes of running tests necessary to successfully complete the project.
  7. We do not provide access to or share that data with any third party or unauthorized individual.
  8. If any employees or contractors leave us, we immediately revoke all access to systems that may contain client data.

When we operate integration systems on our Clients’ behalf using client-provisioned applications

Dispatch may operate systems integrations on behalf of our clients or may be involved in supporting integrations that are “in production” and processing live data.  When these integrations are run on client owned / licensed systems, we typically require access to those systems.  We always adhere to client-specified privacy and security policies when working with or accessing any of their live systems. All of our employees and contractors must provide background checks that meet client requirements before provisioned access to our client systems.  We require all employees and contractors to be trained in and adhere to our Security Compliance Policy and Acceptable Use Policy.

Some of the live integrations that we may operate and maintain involve data that is sensitive, confidential and private (such as integrations with Human Resources systems, Financial systems or Health Information systems). In some cases, we may need to access data in these integrations, or the applications associated with the integrations in order to operate them, make upgrades, troubleshoot and conduct maintenance tasks and perform other activities on behalf of the client.

  1. We limit data access to only the people who have an absolute need to access it to perform their tasks on behalf of our clients.
  2. We limit data access to only the minimum necessary data required to perform necessary tasks on behalf of our clients.
  3. We leave all data on our clients’ systems and do not make copies of the data.
  4. We use the data only for the specific purposes of operating, upgrading, troubleshooting and maintaining the integrations.
  5. We do not provide access to or share any data with any third party, and we do not permit access to data by employees or contractors not authorized by our Clients.

When our own applications are used to operate and manage integration systems on our clients’ behalf

Dispatch has developed a number of applications that are used by our clients to operate data integrations, manage these integrations, and help perform tasks necessary to test these integrations.  These applications are typically hosted by us or by third-party hosting services, and our clients get access to them through a subscription or license.  The specific usage of these systems for each client is governed by contracts between us and our clients.

We use industry best practices for data security and access controls in the design and deployment of our systems and conduct penetration testing on our systems on a regular basis.  We have executed Business Associate Agreements and Data Processing Agreements with our third-party hosting providers, and they are obligated to inform us immediately of any potential data breaches.  We limit access to our own systems to only those required to conduct maintenance and upgrades.

Sometimes our clients engage us to also operate and manage their integrations that may be run on our own applications.  The nature of the data integrations we may operate on our own systems for our clients may involve data that is sensitive, confidential and private (such as integrations with Human Resources systems, Financial systems or Health Information systems).  In some cases, we may need to access data in these integrations, or the applications associated with the integrations in order to test them, operate them, make upgrades, troubleshoot and conduct maintenance tasks and perform other activities on behalf of the client.

We adhere to the following principals regarding the operation and management of integration systems on our clients’ behalf:

  1. Client data is never “co-mingled” with data from other clients.
  2. We respect our clients’ data sovereignty requirements. We explicitly define with our clients where the physical servers are located that contain our applications and through which their data will be processed, and provision our Services to meet their data sovereignty requirements. This is established through contractual agreements with each client.
  3. We limit access to client data to only the people who have an absolute need to access it to perform their tasks on behalf of the clients.
  4. We endeavor to conduct our systems support and maintenance activities without requiring access to client data whenever possible.
  5. Data in all our applications is by default encrypted “in flight” and encrypted “at rest”, with specific encryption details determined by the contracts with our clients.
  6. Our applications will decrypt data in order to conduct certain operations such as data transformations. This data is re-encrypted once these operations are complete.
  7. Integrations are, by their nature, data-transient. This means that the only client data within our systems are in-transit to another system.  For this reason, we do not store client data longer than is needed to receive, transform and transmit the data from an upstream system to a downstream system.  We may maintain “message queues” of data for short amounts of time sufficient to ensure records are transmitted to the downstream application.  Upon request by our clients, we may turn off these message queues so that no data is written to disk and only remains in volatile memory while being processed by our applications.
  8. Our applications may generate and log metadata on the integrations as a necessary component to provide certain functionality. This metadata does not contain Personally Identifiable Information, Private Health Information or any other confidential information.
  9. On occasion, we may need to access specific data records for the purposes of operating, upgrading, troubleshooting and maintaining the application. Our contracts with our clients govern how we access this data, which typically involves us logging the date, time, location and purpose for accessing the data, which specific records were accessed, who accessed the data, and confirmation that no data was retained.
  10. We do not provide access to our systems nor provide access to any data to any third party.

 

Our Trusted Subprocessors

The following are the third-party service processors that we use to help us provide our services and who may have access to personal, confidential and private information.  All these parties have agreed through contractual arrangements to observe and protect the data we process.

Amazon AWS: Secure Hosting services and network infrastructure

Google: email, calendar, shared cloud drive, website analytics, google cloud platform for secure application hosting services

Freshdesk: customer support ticketing and messaging platform

collage.co: Job posting and Applicant tracking system

 

Change of Ownership

If Dispatch is involved in a merger, acquisition, or sale of all or a portion of its assets, your Personal Information may be transferred to the acquiring person or entity and you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

 

Updates to this Privacy Policy.

Dispatch may update this Privacy Policy from time to time.  The date of publication of the Privacy Policy is at the top of the document.

 

A Message to our Clients

In case of any conflict between this Privacy Policy and verbiage in our contracts with you, Dispatch commits to meet the highest standard of Data Privacy & Security as determined by 1) Legislative requirements governing the type of data in question in the jurisdiction where the data originates 2) Commitments as agreed upon in our contracts with you, and 3) this Privacy Policy.

 

Contact Information.

For questions related to this Privacy Policy, or to correct, update, amend or request that we remove your Personal Information, or to contact Dispatch’s Data Protection Officer, please contact privacy@dispatchintegration.com or at

 

 

Dispatch Integration Ltd.

1155 North Service Road West

Unit 11

Oakville Ontario

Canada L6M 3E3

+1 289-291-3845