Scope of Policy
SiteSafe collects only the personal information that we need for the purposes of providing services to our clients, including personal information needed to:
- Open and manage an account
- Provide the requested products and services
- Process payments
- Verify that you meet the business’ requirements to access their location(s)
- Establish the business requirements for access to their location(s)
- Communicate with you about new SiteSafe features, changes, or service issues
- Comply with lawful requests from health authorities to contact you
We normally collect this information directly. If we collect any information about you from a 3rd party, we will inform you and request your approval. If you volunteer such information for an obvious purpose such as making a payment by credit card, we will not require your additional approval.
Access to the above collected data is restricted to only authorized SiteSafe employees, with the following exceptions:
- Application access to provide the requested products and services
User access to your own account and the ability to update your information via:
Your business account if you are a business
Your consumer smartphone application account if you choose to have one
Business confirmation that you visited their locations:
Locations entered of that business
Timestamp of completed entry scan procedure associated with that business location
First name only with last initial (no full name, address, email or phone number)
Pass/fail entry scan result (no details of the individual questions or other data points verified)
- Providing visual verification of your results
- Compliance with lawful, health authority, and regulatory body requests
Cookies and Access
If you use the mobile app, SiteSafe requires access to your camera to scan our the SiteSafe QR code.
To confirm your visit, SiteSafe may require access to your geo-location information. SiteSafe does not need to track or record your geo-location continuously, only in the moment you scan into a business location using the SiteSafe QR code.
Restrictions on Use
SiteSafe uses the data collected from you to provide services to our users, improve our products and services, contact you regarding your account, send you information about our services that may be relevant to you, administer your account and other lawful permitted purposes.
SiteSafe will not sell your data to 3rd parties and will not provide it to 3rd parties for the purposes of un- requested advertising. Your data is protected, kept confidential using firewalls, passwords and encryption technology, and is used only for the purposes described above.
Your location information is not used for any purpose other than to confirm you visited a business location. Your optional photo is not used for any purposed other than to visually confirm that you are the owner of your account and entry verification results.
Correction of Data
Users have a right to correct personal data in their account. Incorrect contact, business, and billing data can be corrected through either the user’s busines account (if a business) or the users consumer smartphone application at any time. Incorrect self-test or other volunteered self-declared information may be corrected by resubmitting the correct self-test of self-declared information at any time.
Monitoring and Incidents
In addition to management oversight of our systems, SiteSafe uses technology systems to monitor access to your data and investigates any potential unauthorized access. Should we discover any unauthorized access, we will advise you. SiteSafe maintains audit logs to facilitate and verify any such investigations.
Each change to SiteSafe’s security systems or access will be tested to ensure there can be no unauthorized access and to verify compliance with this policy.
Users will have access to their data while they have an active account. SiteSafe maintains data on a redundant database that is backed up daily to ensure no loss of data. 3rd party-provide data is the sole responsibility of the 3rd party provider.
SiteSafe has implemented security measures to help protect your personal information. Despite this, please be aware that no security system can guarantee the absolute security of your data. Below are some of the measures we commit to:
Administrative/Access: Direct database access by users is not permitted and provided to only a limited number of authorized SiteSafe employees and contractors with special user ids for only authorized purposes such as maintenance and upgrades. All other users are restricted to only the data displayed through the user applications (mobile and website) which are designed subject to this policy.
Technical: All data is stored on a protected, encrypted database server managed in Canada. These systems are monitored continuously and kept behind technical firewalls. In addition, SiteSafe applications do not continually broadcast any signal and do not need to run when not in use. The application is only in use when a user chooses to scan a SiteSafe QR code and complete the check-in process at a location. The QR code itself does not contain any private information, only a random number linking it to the correct user account.
Physical: Copies of private information, whether in paper or electronic form, are never to leave SiteSafe’s control, sent anywhere or emailed to anyone outside of SiteSafe without the express written permission of the management.
Retention and Disposition of Personal Data
SiteSafe keeps your data for as long as it deems necessary. In the case of self-check questionnaires, individual answers to questions are not stored or retained. The pass/fail result is kept for a minimum of 30 days, after which SiteSafe may delete this data from our systems. Contact, preferences, and billing information is kept for a minimum of 1 year after the account becomes inactive prior to deletion, or longer as required by law.
This policy is effective as of the date above. SiteSafe may, from time to time, update this policy. At that time, we will notify you of the new policy.