Privacy Policy

Here at DigitalStaff ("us," "we," or "our"), we believe in the importance of keeping your information confidential and private. We actively design our automation solutions to reduce risk against data breaches and follow certain procedures to ensure data protection.

 

The purpose of this Privacy Policy (hereinafter referred to as “Policy”) is to inform you of the measures we take to protect you and your customer’s personal information and the ways in which we collect, process, use, disclose and retain this information in order to provide you with our services. Our Policy is designed to meet or exceed the requirements of federal, provincial, and territorial privacy laws. We are constantly reviewing our practices and procedures for efficiency and effectiveness, as well as noting feedback from our consumers. Our Policy is reviewed annually, as well as periodically throughout the year.

 

When you visit www.digitalstaff.ca, or any time you interact or do business with us, you agree to the terms of this Policy as updated from time to time. We encourage you to periodically review our Policy.

How privacy fits in our organization

DigitalStaff’s Privacy Officer establishes, manages, and reviews policies and procedures on an ongoing basis. Information security and privacy training is also provided to employees and end users with access to sensitive data.

What kind of information do we collect and how do we use it?

 

We only collect, use, and disclose information that is necessary for carrying out our services. We will obtain your consent verbally or in writing to ensure that you knowingly give us access to your private information. We also log all of our data with detail (e.g. date and time logged) and manually verify information to ensure accuracy. When you use our website, we track your activity and note your computer IP address which may be used for targeted advertising purposes. If you interact with us through our website or email, we collect your name, phone number, email, and other information so that we can communicate directly with you. We may also use this information to send you marketing emails.

 

If we are developing an automation process for you, we will collect details about your business and the relevant internal processes you have. This can include your financial information when necessary. We may also collect your customers’ information, including personally identifiable information and any other information which may be necessary for the automation process. Please note that your financial information and your customers' personal information will only be used for carrying out the automation services that you have requested. We will not use this information for sales or marketing purposes.

 

In certain circumstances, we may set up a remote connection to your computer or network to directly and freely access your information. During this process, we may store your passwords solely for the purpose of carrying out the services and solutions which you have requested.

 

We may use non-personally identifiable information to measure our performance, build reports regarding our efficacy, and ensure that our products and services are working as intended. We may use the information we collect in existing services to improve our own internal processes, our automation software, and to help us develop new products or services.

 

Except where authorized or required by law, we will not collect, use, or disclose personal information for other purposes without obtaining your further consent.

 

We endeavor to maintain the strict confidentiality of your personal and contact information. We acknowledge and adhere to the terms and regulation of the Personal Information Protection and Electronic Documents Act ("PIPEDA") when collecting any personal information. We also do our best to comply with the specific privacy and data protection requirements of the province or territory in which your business operates. If health information is provided and shared with us under a data sharing agreement, we will act in compliance with the Personal Health Information Protection Act (“PHIPA”) and/or the health information act of the province or territory in which your business operates.

 

What information do we not collect?

 

DigitalStaff does not collect any protected classifications, including age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when writing into our support team.


We also don’t collect any biometric data. You are given the option to add a photo to your user profile, which could be a real photo of you or a different photo that represents you best. We do not extract any information from profile pictures. They are for your use alone.


We don’t actively collect either category of the above data unless it is provided and shared with us under a data sharing agreement for the purpose of completing work for you.

How do we keep your information secure?

 

Information will be protected at a level commensurate with its sensitivity and risks. Any information that you provide us with is kept on encrypted and secured devices. Any private or confidential data that we store is always encrypted whether at rest or in transit, and we always use unique and complex passwords. We also use firewalls and anti-virus software. We may use protective file systems to maintain the integrity of your data. Our physical equipment is also stored in secure locations.


To provide you with the highest level of service, we keep your information stored so that you don’t have to provide us with it again in the future. If we use a Structured Query Language (SQL) database to store your data, we will log and audit our processes to ensure all changes to the database are tracked and all versions of your data are recorded.

We may also keep backups of your data, all of which are also encrypted. Backups and disaster recovery procedures are tested and reviewed on a recurring basis. We dispose of your data securely through manually identifying and removing your information from our databases and backups. We will do our best to dispose of your data in accordance with the legislative requirements of the province or territory in which your business operates.

We also use multi-factor authentication (MFA) protocols to ensure that only those with approved access can view and access your data. Access controls are determined when assigning project specific roles and onboarding and offboarding employees. We may also use intrusion detection systems to monitor our networks for potential privacy issues and to ensure compliance with our policies. Access controls will be reviewed in the event of a privacy incident.

We periodically review our existing and planned project processes to ensure they remain reliable, secure, and effective. We always consider privacy risks and notify relevant parties before making changes to our processes to ensure the confidentiality, integrity, and availability of your data.

Incident response

 

In the event that we experience a data breach, we will contact the client affected by the breach within 24 hours of the initial breach. All members of our incident response team will be notified. In the event of particularly serious breaches, we will also take steps to report the breach to the Ontario Privacy Commissioner and/or the Office of the Information and Privacy Commissioner of your province or territory.

We monitor and audit our incident response procedures for effectiveness on a quarterly basis, as well as periodically throughout the year. We will conduct an audit of our procedures in the event of a data breach.

 

Your billing information

We store your credit card information in an online credit card repository called Stripe. Stripe is encrypted and highly secured to ensure your information is protected and safe. We only use your credit card information to process billings on a monthly, automatic, or as-needed basis for the work that we have completed for you. We may keep your bank account details locked up and encrypted for possible future direct billings so that you don’t have to provide us with them again in the future.

 

We may use Plooto or e-Interac to process your billing information. We may also use Xero to store your billing details and information.

 

Sharing your information

 

Within the company, we limit access to private data on a need-to-know basis. Employees will not have access to your information unless it is necessary for the completion of their job. DigitalStaff will also get your consent before disclosing information to a third party. Under certain circumstances, we may use a trusted third-party data controller and processor or cloud service provider, such as Google, Microsoft, UiPath, or Amazon (Amazon Web Services) to provide our automation solutions. These third-party providers each have their own privacy policies. We review and choose third-parties who will ensure your data is protected and secure; however, we do not control the manner in which third parties utilize your personal information. Under the Policy, DigitalStaff is not responsible in any manner for direct, indirect, special, or consequential damages, however caused, arising out of sharing your personal information with a trusted third-party for the automation solution.

 

Data storage

We are a Canadian company and all data infrastructure is located in Canada except where we require additional service providers in order to serve you best. In such cases, those providers are usually in Canada, although we may occasionally procure services from providers in the United States.

Where can you get more information?

If you are interested in knowing what information we have relating to you in our database, please contact us and we can prepare a detailed list for you within 30 days in exchange for a fee. You may also contact us if you would like to request a correction to the information we have relating to you in our database. For administrative purposes, DigitalStaff will keep a record of all requests made. You will be notified by mail, email, or phone if your access or correction request has been approved. Sensitive information will be shared through a secure link.

For security and confidentiality purposes, please note that we reserve the right to request government-issued identification before disclosing data to you.

If you have any questions about our Privacy Policy and how it relates to you, please contact us via phone, email or mail. A response can be expected within 30 days.