SiteSafe Privacy Policy

Scope of Policy

This policy applies to all employees, owners, and contractors of SiteSafe and applies to the collection and use of all data from users of the SiteSafe software. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE APPLICATION.

Data Collection

SiteSafe collects only the personal information that we need for the purposes of providing services to our clients, including personal information needed to:

  • Open and manage an account
  • Provide the requested products and services
  • Process payments
  • Verify that you meet the business’ requirements to access their location(s)
  • Establish the business requirements for access to their location(s)
  • Communicate with you about new SiteSafe features, changes, or service issues
  • Comply with lawful requests from health authorities to contact you

We normally collect this information directly. If we collect any information about you from a 3rd party, we will inform you and request your approval. If you volunteer such information for an obvious purpose such as making a payment by credit card, we will not require your additional approval.

SiteSafe collects minimal financial data to process payments and refunds. All other financial data is stored by our payment processor (Stripe). You are encouraged to review their privacy policy.

Data Access

Access to the above collected data is restricted to only authorized SiteSafe employees, with the following exceptions:

  • Application access to provide the requested products and services
  • User access to your own account and the ability to update your information via:

    • Your business account if you are a business

    • Your consumer smartphone application account if you choose to have one

  • Business confirmation that you visited their locations:

    • Locations entered of that business

    • Timestamp of completed entry scan procedure associated with that business location

    • First name only with last initial (no full name, address, email or phone number)

    • Pass/fail entry scan result (no details of the individual questions or other data points verified)

  • Providing visual verification of your results
  • Compliance with lawful, health authority, and regulatory body requests

Cookies and Access

SiteSafe uses cookies if you visit our website or applications to enable a seamless experience with our services and to gain statistics used to improve this experience.

If you use the mobile app, SiteSafe requires access to your camera to scan our the SiteSafe QR code.

To confirm your visit, SiteSafe may require access to your geo-location information. SiteSafe does not need to track or record your geo-location continuously, only in the moment you scan into a business location using the SiteSafe QR code.

Restrictions on Use

SiteSafe uses the data collected from you to provide services to our users, improve our products and services, contact you regarding your account, send you information about our services that may be relevant to you, administer your account and other lawful permitted purposes.

SiteSafe will not sell your data to 3rd parties and will not provide it to 3rd parties for the purposes of un- requested advertising. Your data is protected, kept confidential using firewalls, passwords and encryption technology, and is used only for the purposes described above.

Your location information is not used for any purpose other than to confirm you visited a business location. Your optional photo is not used for any purposed other than to visually confirm that you are the owner of your account and entry verification results.

Correction of Data

Users have a right to correct personal data in their account. Incorrect contact, business, and billing data can be corrected through either the user’s busines account (if a business) or the users consumer smartphone application at any time. Incorrect self-test or other volunteered self-declared information may be corrected by resubmitting the correct self-test of self-declared information at any time.

Monitoring and Incidents

In addition to management oversight of our systems, SiteSafe uses technology systems to monitor access to your data and investigates any potential unauthorized access. Should we discover any unauthorized access, we will advise you. SiteSafe maintains audit logs to facilitate and verify any such investigations.

Responsibilities

All SiteSafe employees, contactors, and owners with access to user data must agree to treat all personal information as confidential and subject to this Privacy Policy. It is their responsibility to act in accordance with this policy, report all breeches and contraventions of this policy to SiteSafe management and agree that failure to do so my result in termination and legal actions against them.

Change Control

Each change to SiteSafe’s security systems or access will be tested to ensure there can be no unauthorized access and to verify compliance with this policy.

Continuity

Users will have access to their data while they have an active account. SiteSafe maintains data on a redundant database that is backed up daily to ensure no loss of data. 3rd party-provide data is the sole responsibility of the 3rd party provider.

External Links

Some features in SiteSafe are provided by 3rd party external links not affiliated with SiteSafe. Once you have used these links to leave the application, any information you provide to these 3rd parties is not covered by this Privacy Policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the application.

Security Measures

SiteSafe has implemented security measures to help protect your personal information. Despite this, please be aware that no security system can guarantee the absolute security of your data. Below are some of the measures we commit to:

  • Administrative/Access: Direct database access by users is not permitted and provided to only a limited number of authorized SiteSafe employees and contractors with special user ids for only authorized purposes such as maintenance and upgrades. All other users are restricted to only the data displayed through the user applications (mobile and website) which are designed subject to this policy.

  • Technical: All data is stored on a protected, encrypted database server managed in Canada. These systems are monitored continuously and kept behind technical firewalls. In addition, SiteSafe applications do not continually broadcast any signal and do not need to run when not in use. The application is only in use when a user chooses to scan a SiteSafe QR code and complete the check-in process at a location. The QR code itself does not contain any private information, only a random number linking it to the correct user account.

  • Physical: Copies of private information, whether in paper or electronic form, are never to leave SiteSafe’s control, sent anywhere or emailed to anyone outside of SiteSafe without the express written permission of the management.

Retention and Disposition of Personal Data

SiteSafe keeps your data for as long as it deems necessary. In the case of self-check questionnaires, individual answers to questions are not stored or retained. The pass/fail result is kept for a minimum of 30 days, after which SiteSafe may delete this data from our systems. Contact, preferences, and billing information is kept for a minimum of 1 year after the account becomes inactive prior to deletion, or longer as required by law.

Term

This policy is effective as of the date above. SiteSafe may, from time to time, update this policy. At that time, we will notify you of the new policy.