Privacy Policy

Version	Date	Summary of Changes
5.1	April 22, 2026	Explicit language regarding PIPEDA, Quebec Law 25, CCPA/CPRA, and AI processing
5.0	April 7, 2025	Compliance with ISO27001:2022
4.2	October 31, 2024	Additional subprocessors, minor language updates
4.1	December 4, 2023	Additional subprocessors, minor language updates
4.0	October 20, 2023	Compliance with ISO27001:2013
3.0	July 5, 2022	Compliance with CyberSecure Canada standard
2.1	July 15, 2021	Minor language updates
2.0	June 12, 2020	Compliance with Cyber Essentials Plus standard
1.2	April 23, 2019	Minor language updates
1.1	January 4, 2019	Minor language updates
1.0	May 16, 2018	Initial release

Dispatch Integration Ltd. (“Dispatch”, “our”, “we”, “us”) is committed to protecting the privacy of individuals who visit our website (“Visitors”) and the privacy, confidentiality, and security of any data that we may process through the delivery of Dispatch Services (defined below) with our clients (“Clients”) (Visitors and Clients, collectively, “you” or “your”) through our compliance with this policy (“Privacy Policy”). This Privacy Policy applies to data provided on or through the Dispatch website located at dispatchintegration.com, the provision of professional services offered by Dispatch to our Clients, and services provided and hosted by or for Dispatch via our applications (collectively, the “Services”), and describes Dispatch’s privacy practices in connection with the use of our Services. This Privacy Policy also describes the choices available to you as a Visitor to our website regarding the use of your personal information and how you can access and update this information. Personal information for the purposes of this Privacy Policy means information that can be used to personally identify you or is associated with any such information, or personal information may be defined by the laws of the location where you live. In all cases, access and usage of personal and other confidential information shall be limited to the purposes of providing the Services on our website or for which the Client has engaged Dispatch and as otherwise described in this Privacy Policy. This Privacy Policy does not cover any information collected by third-party websites, content or applications that may link to or be accessible from or on our website. Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our website. By accessing or using this website or our Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of the website or our Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.

Privacy Principles

Dispatch follows these principles in order to protect your privacy:

We are transparent about the data we handle and the measures we take to protect it.
We do not collect any more information than is necessary to provide the Services.
If you share personal information or confidential data, we only use personal information for the purposes we specify in this Privacy Policy.
We do not keep your personal information or confidential data if it is no longer needed to provide you the Services.
We do not share your personal information with third parties other than as required to deliver our Services, whom we refer to as subprocessors. We disclose the identities of these third parties in this Privacy Policy.

Legal Basis for Processing Personal Data

For individuals in the European Union, European Economic Area, and other jurisdictions requiring disclosure of a lawful basis for processing, we rely on the following legal bases:

Processing Activity	Legal Basis	Notes
Website contact forms	Legitimate interests (Art. 6(1)(f) GDPR)	Responding to inquiries is a legitimate business interest
Blog subscriptions	Consent (Art. 6(1)(a) GDPR)	Subscriber provides explicit consent; withdrawal available at any time
Job applications	Pre-contractual steps (Art. 6(1)(b) GDPR)	Processing necessary to evaluate and enter into employment contract
Website analytics (cookies)	Consent (Art. 6(1)(a) GDPR)	Non-essential cookies set only after affirmative consent via cookie banner
Professional services delivery	Contract (Art. 6(1)(b) GDPR)	Processing necessary to perform our contractual obligations to Clients
Legal / regulatory compliance	Legal obligation (Art. 6(1)(c) GDPR)	E.g., tax records, responding to court orders
Security and fraud prevention	Legitimate interests (Art. 6(1)(f) GDPR)	Balanced against individual rights; does not override fundamental freedoms
Marketing (existing clients)	Legitimate interests (Art. 6(1)(f) GDPR)	Right to opt out available at any time

Where we rely on legitimate interests as a legal basis, we have conducted a balancing assessment and concluded that our interests are not overridden by the rights and freedoms of the individuals concerned. You have the right to object to processing based on legitimate interests; see the Individual Rights section for details.

What Information Do We Collect or Have Access To, and How Do We Use It?

We may collect or have access to your personal or other confidential information through your use of our website or through the provision of our Services. We treat all Visitor and Client data in accordance with this Privacy Policy. Some data we may have access to through the provision of our Services may be considered “protected” and may fall under legislative requirements in various jurisdictions, including personal information and/or protected health information. With such data, we apply technological standards and corporate policies appropriate for each legislative environment where the data originates and where our Clients reside. Except as part of the sale of all or substantially all of the assets of Dispatch, Dispatch will not sell, trade, or rent your personal information to any third party unless we have your explicit opt-in consent or except as provided in this Privacy Policy. We will only use and/or disclose personal information in order to: provide you with any Services that you have engaged Dispatch for; understand and meet your needs and preferences; develop new and enhance existing Service offerings; manage and develop our business and operations; and meet legal and regulatory requirements. Dispatch will request your consent if your information is desired to be used for marketing or activities not directly related to the functioning of this website or the fulfillment of contractual obligations. We also reserve the right to use anonymized and aggregated data, provided that the data is not linked to any specific individual. Dispatch may share your personal information if compelled by law in order to respond to investigations, court orders, or legal processes or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person. To serve you, your personal information may be collected, stored, processed, and/or used by or on our behalf, both inside and outside Canada and the United States, by third-party service providers to perform cloud storage, payment processing, and other functions. As a result, that country’s courts, governments or law enforcement agencies could obtain disclosure of such information under that country’s laws.

Visitors to Our Website

When you visit dispatchintegration.com, there are four ways data may be collected:

1. Contact Us Form

In various places on our website, we may provide a form that you can use if you would like to get in touch with us. This form may include requests for information such as your name, telephone number, email address and a message. When you use this form, it creates a notification on our website service that a message has been received and alerts us via email. We use this information to contact you. We periodically purge the notifications received from the website.

2. Blog Subscription

We may provide Visitors and Clients with the option to subscribe to blog posts or email newsletters we publish from time to time. To subscribe, you provide an email address. When we publish a new post, subscribers will receive an email from us with a message that there is something new on the blog and a link to return to our website to read the post. Subscribers can also elect to unsubscribe from the blog when they receive these emails. The email addresses provided for blog subscriptions are not used by us for any other purpose. If you unsubscribe from the blog, your email is subsequently deleted from our systems.

3. Job Applications

We may post jobs on our website from time to time. A Visitor may apply for a job by filling out a form that may include their name, email address, phone number, a message, and by uploading their CV or resume. This information is managed by a third-party Applicant Tracking System hosted by RisePeople. Their privacy policy can be found at risepeople.com/privacy-policy. We use this information to track applicants, set up and conduct interviews, and make job hires. When a position is filled, we delete the posting. Unless applicants inform us otherwise, we may retain applicant data for consideration of other job opportunities. Applicants can ask us to delete their information, and we will do so from our systems within a reasonable time frame when requested.

4. Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work or work more efficiently, as well as to provide information to website owners. Consent first: Non-essential cookies are not set until you have provided affirmative consent through our cookie preference tool. When you first visit our website, you will be presented with a cookie banner allowing you to accept or manage your preferences for non-essential cookies (Analytics, Customization, Performance) before they are set. You can always change your preferences or choose not to accept cookies, but please be aware that certain website features may not function properly if non-essential cookies are disabled. Our website uses the following categories of cookies:

Strictly necessary cookies: These cookies are required for the operation of our website and are set without requiring your consent. They include, for example, a nonce verification cookie used to secure the interaction between a Visitor and the website.
Analytics and customization cookies: These functional cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website for you to enhance your experience. These require your prior consent.
Performance and functionality cookies: These cookies enhance the performance and functionality of our website but are non-essential to its use. Without these cookies, certain functionality may become unavailable. These require your prior consent.

Our website includes links to other websites whose privacy practices may differ from those of Dispatch. If you submit information to any of those sites, your information is governed by their privacy policies. For example, we offer a support portal at support.dispatchintegration.com, hosted by Freshworks. Their privacy policy is found at freshworks.com/privacy. Our website may include social media features, such as the LinkedIn share button and widgets. These features may collect your IP address and the page you are visiting on our website, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company that provides them. We display case studies of the work we have completed and may include testimonials and endorsements from clients. Unless agreed upon by our clients, we anonymize these case studies and testimonies and adhere to contractual provisions regarding the use of our clients’ names and logos in marketing materials.

Our Applications

We currently offer several online applications, including DAVE (dave.dispatchintegration.com), Compare (comparecsv.com), and Sentinel (dispatchsentinel.com). All Dispatch applications are subject to this Privacy Policy.

DAVE

DAVE is an AI-driven Workflow Automation Business Case Evaluator. It uses a private instance of Claude (Anthropic) and does not use any user data to train AI models. DAVE is trained on externally available case studies and other materials published by Dispatch over a ten-year period. DAVE is not trained on any confidential or proprietary information. When a user conducts an analysis using DAVE, a report is generated using the AI, which is emailed to the user and to Dispatch. Processing only happens in memory, and at the end of the session, no data is stored. Users should be aware that because email is inherently not a secure medium, no personal information or confidential information should be entered into the application. Users should also be aware that their name, email address, and a copy of the report will be sent to a Dispatch representative who may contact them as a result of their use of the Service.

CompareCSV

CompareCSV is an application that enables users to upload two data files to detect differences in those files. This application does not store or inspect any files that are uploaded. The uploaded files are transferred in an encrypted fashion. Dispatch personnel cannot access any files that are uploaded. The files are processed transiently, meaning all processing happens in memory, with nothing written to disk. The memory is purged regularly. Dispatch will receive metadata that a comparison event occurred. The processing occurs in a secure Microsoft Azure environment hosted on Canadian data centres. We have developed CompareCSV to be a highly secure web service, but for users who may be using Compare for datasets that include personal information, we recommend that they download our desktop version of Compare or contact us for a private server instance that may be installed in their environment. The desktop version and private server version do not transmit any data to the open internet and process all data within the user’s protected environment.

Sentinel

Sentinel is a web application that provides data integration monitoring and event alerting for dataflows to and from Workday. This platform connects to our customers’ Workday instances via a secure API that provides integration metadata. Sentinel has no access to underlying data contained within our clients’ applications, and therefore no personal information is accessed, transmitted or stored by Sentinel.

Artificial Intelligence

Dispatch uses AI-powered tools in certain areas of our business. We are committed to transparency about how AI is used in relation to personal data.

AI in Our Applications

As described above, our DAVE application uses a private instance of Claude, provided by Anthropic Inc., under an enterprise agreement. Under this agreement, Anthropic does not use data submitted through our private instance to train its AI models. This commitment is reflected in our Data Processing Agreement with Anthropic.

AI in Professional Services Delivery

Dispatch may use AI-assisted tools in the delivery of professional services to Clients, such as productivity tools, code generation, and documentation assistance. When such tools are used, we apply the same data minimization and confidentiality obligations that govern all our professional services work. We do not submit Client personal data or confidential information to AI services that use submitted data for model training without explicit Client consent.

No Automated Decision-Making with Legal or Significant Effects

Dispatch does not make decisions about individuals that produce legal effects or similarly significant effects solely by automated means. If this practice changes, we will update this Privacy Policy and, where required, seek your consent or implement safeguards required by applicable law (including GDPR Article 22 and Quebec Law 25).

When We Provide Professional Services for Our Clients

Dispatch works on projects for and on behalf of our Clients that involve designing, building and implementing systems and data integrations between different applications and services our Clients use. We typically work on these projects by accessing Client systems directly through computers provided to us by them or by using our own IT infrastructure and accessing systems in a controlled manner through secure and encrypted web access. All of our employees and contractors must provide background checks before they can access our systems or our Clients’ systems. We require all employees and contractors to be trained in and adhere to our company security and privacy policies.

Development and Testing

Sometimes, the nature of the data integrations we build for our Clients may involve sensitive, confidential, and private data. When developing data integrations between systems, we may need to test these integrations with representative data. Whenever possible, we ask our Clients to provide anonymized, de-identified or dummy data to conduct these tests. If our Clients provide us with data that may contain sensitive information, we take the following steps:

We limit access to that data to only those who absolutely need to use it to perform their tasks on behalf of our Clients.
We will anonymize data whenever possible.
Whenever possible, we leave all the test data on our Clients’ systems and do not make copies of it.
If we require data on our own systems to conduct testing, the data is kept in encrypted form until used and destroyed promptly after testing is completed.
If we require data on our own systems to conduct testing, we will inform the Client in advance of this need and seek explicit approval. We will notify our Clients if we suspect any breach of our systems that may impact Client data, in accordance with applicable law.
We use the data only for the specific purposes of running tests necessary to successfully complete the project.
We do not provide access to or share that data with any unauthorized third party.
If any employees or contractors leave us, we promptly revoke all access to systems that may contain Client data.

Production Operations and Support

Dispatch may operate systems integrations on behalf of our Clients or support integrations that are in production and processing live data. When we need to access sensitive data to operate, troubleshoot, upgrade, or maintain integrations, we take the following steps:

We limit data access to only the people who have an absolute need to access it to perform their tasks on behalf of our Clients.
We limit data access to only the minimum necessary data required to perform necessary tasks on behalf of our Clients.
We leave all data on our Clients’ systems and do not make copies of the data.
We use the data only for the specific purposes of operating, upgrading, troubleshooting and maintaining the integrations.
We do not provide access to or share any data with any third party, and we do not permit employees or contractors not authorized by our Clients to access data.

Hosted Application Management Sometimes our Clients engage us to operate and manage their applications or solutions on our own infrastructure. We adhere to the following principles regarding the operation and management of systems on our Clients’ behalf:

Client data is never co-mingled with data from other Clients.
We respect our Clients’ data sovereignty requirements. We explicitly define with our Clients where the physical servers that contain our applications are located and through which their data will be processed, and we provision our Services to meet their data sovereignty requirements. This is established through contractual agreements with each Client.
We limit access to Client data to only the people who have an absolute need to access it to perform their tasks on behalf of the Clients.
We endeavour to conduct our systems support and maintenance activities without requiring access to Client data whenever possible.
Data in all our applications is encrypted in flight and at rest by default, with specific encryption details determined by the contracts with our Clients.
Our applications will decrypt data to conduct certain operations, such as data transformations. Once these operations are complete, the data is re-encrypted.
Our applications may generate and log metadata on the integrations as a necessary component to provide certain functionality. This metadata does not contain personally identifiable information, protected health information or any other Client confidential information.
On occasion, we may need to access specific data records to operate, upgrade, troubleshoot, and maintain the application. Our contracts with our Clients govern how we access this data, typically requiring us to log the date, time, location, and purpose of the access, which specific records were accessed, who accessed the data, and confirmation that no data was retained.
We do not provide access to our systems nor provide access to any data to any unauthorized third party.

Security of Your Personal Information

We use industry-standard best practices for data security and access controls in the design and deployment of our systems. We are ISO-27001:2022 certified and our security program aligns with recognized frameworks including the NIST Cybersecurity Framework. We conduct regular penetration testing and security reviews. We have executed Business Associate Agreements and Data Processing Agreements with our third-party hosting providers, as needed, and they are obligated to promptly notify us of any data breaches. We limit access to our own systems to only those required to conduct maintenance and upgrades. We incorporate reasonable technical and organizational safeguards to help protect and secure your personal information. However, no data transmission over the internet, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the contact information provided below.

Data Breach Notification

In the event of a personal data breach, we will act as follows:

Under GDPR (EU/EEA): We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of natural persons. Where the breach is likely to result in a high risk to individuals, we will notify affected individuals without undue delay.
Under PIPEDA (Canada): We will report breaches of security safeguards involving personal information that create a real risk of significant harm to the individual to the Office of the Privacy Commissioner of Canada, and we will notify affected individuals as soon as feasible. We will also maintain a record of all breaches.
Under applicable US state laws: We will notify affected individuals and relevant regulatory authorities in accordance with the applicable state breach notification laws.
In other jurisdictions: We will adhere to jurisdictional regulatory requirements if contracted to provide Services for Clients within jurisdictions outside those named above. This commitment will be explicitly defined in contractual agreements with those Clients.
Client notification: We will notify Clients if we suspect any breach of our systems that may impact Client data, in accordance with applicable law and our contractual commitments.

Privacy Impact Assessments

Dispatch conducts privacy impact assessments (PIAs) — referred to as Data Protection Impact Assessments (DPIAs) under GDPR and as required under Quebec Law 25 — for new or significantly changed processing activities that may involve sensitive data or present a heightened risk to individuals. This includes new integrations involving health, financial, or human resources data, and new deployments of AI processing tools. Clients may request a summary of applicable privacy impact assessments upon reasonable notice. Where a DPIA identifies unacceptable residual risks that cannot be mitigated, we will consult with the applicable supervisory authority as required by law.

Cross-Border Data Transfers

Dispatch is based in Ontario, Canada. In the course of providing our Services, personal data may be transferred to, stored in, and processed in countries other than Canada, including the United States, where some of our subprocessors are based.

Transfers from Canada

For transfers of personal information from Canada to third-party service providers outside Canada, we rely on the accountability principle under PIPEDA. We require all subprocessors to contractually commit to protecting personal information to a standard comparable to PIPEDA and applicable Canadian privacy law. Our contracts with subprocessors include data processing agreements and, where applicable, standard contractual protections.

Transfers from the EU/EEA

For transfers of personal data from the European Union or European Economic Area to countries not recognized as providing an adequate level of protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms as appropriate. A copy of applicable transfer safeguards may be requested by contacting us at [email protected].

Transfers to Specific Subprocessors

Several of our subprocessors are based in the United States, including Anthropic, HubSpot, Amazon AWS, and Google. We have Data Processing Agreements in place with each of these providers. Specifically:

Anthropic processes data under the Commercial Terms of Service agreement provided, which includes a commitment that data submitted through our private instance will not be used to train AI models.
All US-based subprocessors are subject to US law, including potential government access requests. We take steps to minimize the personal data transferred to these services.

Our Trusted Subprocessors

The following are the third-party service processors that we use to help us provide our Services and who may have access to personal or otherwise confidential information. All these parties have agreed through contractual arrangements to observe and protect the data we process.

Subprocessor	Location	Purpose
Amazon AWS	USA	Secure hosting services and network infrastructure
Microsoft Azure	Canada (primary)	Secure hosting services and network infrastructure
Google (GCP, Workspace)	USA	Email, calendar, shared cloud drive, website analytics, cloud platform hosting
Freshdesk / Freshworks	USA/India	Customer support ticketing and messaging platform
RisePeople	Canada	Job posting and applicant tracking system
HubSpot	USA	Customer relationship management system
Slack	USA	Internal messaging application
Anthropic	USA	Enterprise AI platform (private instance; no training on client data)

We will post notice of material changes to this subprocessor list on this Privacy Policy page with reasonable advance notice. Clients with executed Data Processing Agreements may object to the addition of new subprocessors through the process defined in their applicable agreement.

Online Tracking and Do Not Track / Global Privacy Control

Some jurisdictions require us to disclose how we respond to browser-based privacy signals.

Do Not Track (DNT): Because there is no widely accepted standard on how to respond to DNT browser-based signals, we do not respond to such signals.
Global Privacy Control (GPC): We do not track our visitors across third-party websites for the purposes of advertising or cross-context behavioural profiling. Accordingly, GPC signals do not alter our data practices, as we do not engage in the data sharing that GPC is designed to prevent. We will continue to monitor legal requirements regarding GPC in jurisdictions such as California and Colorado and update our practices as required.

Some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your internet browser may allow you to set privacy signals so that third parties know you do not want to be tracked.

No Collection of Children’s Personal Information

This website and our Services are intended for individuals who are at least 18 years of age. We do not knowingly collect any personally identifiable information from anyone under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will delete such information promptly. We reserve the right to delete any information we believe to be in violation of this Privacy Policy.

Retention of Personal Information

We will retain your information for as long as your account is active or as long as needed to provide you with Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements. We do not intend to retain personal information longer than necessary for such purpose(s) unless necessary for compliance with a legal obligation. The criteria we use to determine our retention periods include:

Data Category	Retention Period	Basis
Client data (professional services)	Duration of contract plus any legally mandated period	Contractual and legal obligation
Website contact form submissions	Maximum 24 months after last communication, unless a client relationship is established	Legitimate interests
Job applicant data	2 years for consideration of future opportunities, unless earlier deletion is requested	Legitimate interests
Blog subscription email addresses	Until unsubscription; deleted promptly upon opt-out	Consent
Billing and transaction data	Statutory period required for tax, accounting, and audit purposes (7 years in Ontario)	Legal obligation
Website analytics data	As set by our analytics provider; aggregated and anonymized thereafter	Consent
Breach records	Minimum 24 months from the date of breach determination (PIPEDA requirement)	Legal obligation

Individual Choice and Access

We do our best to keep your data accurate and up to date, to the extent you provide us with the information we need to do so. If your data changes, then you are responsible for notifying us of those changes. We will provide individual access to any personal information we hold about them within 30 days of any request for that information. Individuals may request this information from us by contacting us using the contact information provided below. Unless it is prohibited by law, we will remove any personal information about an individual from our servers at their request. There is no charge for an individual to access or update their personal information.

Data Privacy Rights for Individuals in the European Union and/or European Economic Area

In addition to your right to certain information contained in this Privacy Policy, pursuant to the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data that we hold:

Be informed of our intent to transfer your personal information to another country or international organization, the recipients of that information, and where information regarding the applicable privacy safeguards may be obtained;
Request access to your personal information (Article 15);
Request correction of your personal information if it is incorrect (Article 16);
Request that we delete or stop processing your personal information under certain circumstances (Article 17);
Object to our processing of your personal information where we rely on legitimate interests (Article 21);
Request that we restrict our processing of your personal information (Article 18);
Where our processing is based on your consent, withdraw that consent (which may be done by emailing [email protected]) without affecting the lawfulness of processing based on consent before its withdrawal;
Request that we transmit your personal information either to you or another service provider under certain circumstances — data portability (Article 20);
Not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects (Article 22). Dispatch does not currently engage in such processing.
Be informed of your right to complain to a supervisory authority if you feel that we have not complied with applicable laws regulating your personal information. Contact information for supervisory authorities may be found at ec.europa.eu/justice.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. For more information or to make a request, please email [email protected] with your name, email address, request, and basis for your request. We will respond within 30 days (extendable by a further 60 days for complex requests).

Data Privacy Rights for Individuals in Canada

Federal Rights under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

Know why your personal information is being collected, used, or disclosed;
Expect Dispatch to collect, use, or disclose your personal information in a reasonable way;
Know who in our organization is responsible for protecting your personal information;
Expect Dispatch to protect your personal information with appropriate safeguards;
Expect that the personal information we hold about you is accurate, complete, and up to date;
Access the personal information we hold about you and ask for corrections;
Complain to our Privacy Officer if you believe we have not respected your rights.

Complaint — Office of the Privacy Commissioner of Canada: If you are unsatisfied with our response to a privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or by calling 1-800-282-1376.

Quebec Residents — Loi 25 (Law 25)

Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25) grants Quebec residents the following additional rights:

The right to be informed of the existence of a file containing personal information about you and to access or request correction of that information;
Right to data portability: The right to receive computerized personal information that you provided to us in a structured, commonly used technological format, or to have it communicated to any person or body you designate;
Right to de-indexing: The right to request that we cease disseminating your personal information or de-index any hyperlink attached to your name;
The right to be informed of and to refuse any decision made solely on the basis of automated processing of your personal information.

Dispatch has designated a Privacy Officer responsible for compliance with Law 25. Our Privacy Officer can be reached at [email protected].

Complaint — Commission d’acces a l’information: Quebec residents who are unsatisfied with our response may file a complaint with the Commission d’acces a l’information du Quebec (CAI) at cai.gouv.qc.ca or by calling 1-888-528-7741.

Data Privacy Rights for Individuals Residing in California

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information, subject to certain exceptions.

Your Rights

Right to Know: The right to request that Dispatch disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the personal information is collected, the purposes for collecting personal information, and the categories of third parties with whom we share personal information.
Right to Delete: The right to request the deletion of your personal information that we have collected, subject to certain exceptions.
Right to Correct: The right to request that we correct inaccurate personal information we hold about you.
Right to Opt-Out of Sale or Sharing: The right to direct Dispatch not to sell or share your personal information. Dispatch does not sell, trade, or rent personal information to third parties and does not share personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: The right to direct Dispatch to limit the use of sensitive personal information to purposes disclosed at the time of collection. We do not use sensitive personal information for inferencing or for purposes beyond providing our Services.
Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

How to Exercise Your Rights

To exercise any of these rights, please submit a verifiable request to [email protected]. We will respond to your request within 45 days. If we require more time, we will inform you of the reason and the extension period (up to an additional 45 days).

Employee and Contractor Data

Personal information collected from Dispatch employees and contractors is handled under separate privacy notices provided at the time of engagement, consistent with applicable employment and privacy law. Dispatch requires all employees and contractors to undergo background checks prior to accessing Dispatch or Client systems. Access is revoked promptly upon termination of the working relationship.

Social Media Platforms and Other Websites

Our website may include social media features, like a button for allowing users to share blog articles. These features may collect your IP address and the page you are visiting on our site, and they may set a cookie to ensure the feature functions properly. We also maintain a presence on social media platforms like LinkedIn. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

Change of Ownership

If Dispatch is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring person or entity. You will be notified via email and/or a prominent notice on our website of any such change in ownership or material change in the use of your personal information, and you will be afforded a choice regarding the use of your personal information, where required by applicable law.

Consent

By using our website or Services, you consent to the collection and use of your information as set forth in this Privacy Policy. Except as required or allowed by law, we will not use or disclose your personal information for any purpose for which you refuse us consent or later withdraw your consent. If you withdraw consent, you agree that in spite of this withdrawal, we may continue to use the personal information previously provided to us to the extent that we are legally or contractually obligated to do so and to the extent necessary to enforce any contractual obligations you may have to Dispatch. You also understand that although you can use our website for some purposes without providing us with any personal information, we need personal information about you for some Services, including those that involve an ongoing relationship with Dispatch. If you refuse to provide us with the information we require or later withdraw your consent to use and disclose this information, we may no longer be able to provide you with these Services.

A Message to Our Clients

In case of any conflict between this Privacy Policy and the verbiage in our contracts with you or with applicable law, such conflict shall be resolved by giving precedence first to applicable legal requirements governing the type of data in question in the jurisdiction where the data originates, next to commitments as agreed upon in our contracts with you, and next to this Privacy Policy.

Updates to This Privacy Policy

Dispatch may update this Privacy Policy from time to time. The version history table at the top of this document records material changes. Material changes to this policy will be communicated via email to existing Clients and posted to this page with the updated revision date.

Contact Information

For questions related to this Privacy Policy, to correct, update, amend or request that we remove your personal information, or to contact Dispatch’s Privacy Officer, please contact us at:

Dispatch Integration Ltd. Attention: Privacy Officer 1155 North Service Road West, Unit 11 Oakville, Ontario, Canada L6M 3E3 +1 289 291 3845 [email protected]