Privacy

Revised July 19, 2018

Welcome to the website of Dovico Software, Inc. ("Dovico", "we", "us", and "our"). We have prepared this Privacy Policy ("Privacy Policy") to explain how we collect, use, protect and disclose your information when you use the Dovico website, or any other websites on which this Privacy Policy appears ("Sites"), and Dovico services including any software, mobile applications, products, devices or other services offered by Dovico from time to time (collectively, "Services"). It also describes the choices available to you regarding the use of, your access to, and how to update and correct your Personal Data. "You" refers to you as a user of the Sites or Services, and "Customer" refers to the entity or person who has opened an account and subscribed to the Services.

Quick Links

We recommend that you read this Privacy Policy in full to ensure you are fully informed. If you only want to access a section of this Privacy Policy, then you can click on the relevant link below to jump to that section.

1. Who We Are

Dovico is a provider of time tracking, resource allocation, and employee engagement solutions. We are headquartered in New Brunswick, Canada. Our contact information is at the end of this Privacy Policy.
For more information, please see "About Us" on our website.

2. Information We Collect

Information You Provide to Us

We collect information that personally identifies you and other personally identifiable information that you provide to us when you sign up for or use the Sites or Services ("Personal Data"). This may include:

  • Your name, phone number or other contact details, and the company you work for;
  • Your username and email address when you register for an account to use the Services;
  • Information about other individuals when you add users of the Services to your account and the capacity in which they may use the Services;
  • Credit card or other financial account information in connection with your order to purchase the Services;
  • Messages you send to us by email, social media, mail or other means;
  • Any information that you upload to the Sites and/or input into your account; and
  • Any other information you may provide to us voluntarily through your use of our Sites and Services.

Social Media

Any public posts, such as blog articles, comments, questions and testimonials, that are placed on the Sites may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, please contact us. In some cases, we may not be able to remove your Personal Data.

Information We Collect Automatically

We automatically collect information (“Usage Data”) regarding the actions you take on the Sites and Services. In some countries, including countries in the European Economic Area ("EEA"), this information may be considered Personal Data under applicable data protection laws. Usage Data helps us understand trends in our users' needs so that we can better consider new features or otherwise improve our Services. We may share Usage Data about our users with our third-party service providers for various purposes, including to help us better understand our customers' needs and improve our Services.

When you use the Sites or Services, some examples of the Usage Data we may collect could include:

  • The type of web browser you use;
  • Your operating system;
  • Your web request;
  • Your Internet Service Provider;
  • Your IP address;
  • Referring/exit pages and URLs;
  • The pages you view and how you interact with links on the Services;
  • The time and duration of your visits to the Sites or use of the Services; and
  • Other such information relating to your devices, and your activity on our Sites and Services.

We may store such Usage Data itself and/or such information may be included in databases owned and maintained by Dovico’s service providers. We may use such information and pool it with other information to track, for example, the total number of visitors to our Sites or users of our Services, the number of visitors to each page of our Sites. We use this information to help us understand how people use the Sites and Services, and to enhance the Sites and Services.

Our mobile application may collect certain additional information automatically, including, but not limited to, the type of mobile device you use, your mobile device's unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, available storage space, connection type (e.g. WiFi vs. cellular) and information about the way you use the application. We may also use GPS technology (or other similar technology) to determine your current location. If you do not want us to have your location information, you should turn off the location services for the mobile application located in your mobile phone settings and/or within the mobile application.

Single Sign-On

You can log in to our Sites using sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity, provide you the option to share certain Personal Data (such as your name and email address) with us, and to pre-populate our sign-up form. Services like Facebook Connect give you the option to post information about your activities on our Sites to your profile page to share with others within your network.

Social Media Widgets

Our Sites may include Social Media Features, such as the Facebook “Like” button, and Widgets, such as the “Share this” button or interactive mini-programs that run on our Sites. These Features may collect your Internet protocol address, which page you are visiting on our Sites, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.

3. Tracking Technologies

We use cookies (a small text file placed on your computer to identify your computer and browser) and web beacons (a file placed on a website that monitors usage). Cookies and web beacons operate to improve the experience of the Sites and Services, for example, pre-populating your username for easier login, to allow user-specific messaging or to permit user-specific advertising.

Most web browsers are initially set up to accept cookies. At this time, Dovico does not recognize automated browser signals regarding tracking, including "do-not-track" signals. You can remove persistent cookies and change your privacy preferences by following directions provided in your Internet browser's "help" directory. However, certain features of the Sites or Services may not work if you delete or disable cookies. Some of our service providers may use their own cookies and web beacons in connection with the services they perform on our behalf, as further explained below.

We and our service providers use similar technologies to analyze trends, administer the Sites, track users' movements around the Sites, and to gather demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level.

For additional information, see our Cookie Statement.

4. How We Use Your Information

We may use your Personal Data for the following purposes:

  • Business Relationship: We will use your Personal Data to manage our business relationship with you.
  • Providing and Monitoring the Services: We will use your Personal Data to provide you with access to and support for your use of the Services and to monitor your use of the Services.
  • Requests: If you contact us by email or otherwise, we will use the Personal Data you provide to answer your question or resolve problems.
  • Other Products, Services and Events: Dovico may use your Personal Data to contact you in the future about products, services and events that may be of interest to you. You can opt-out of such contact from Dovico using the unsubscribe link in email communications or contact us directly.
  • Customer Data is data and information, including Personal Data, owned by our Customer and provided or created by the Customer’s their licensed users in the course of using the Services. Dovico only uses Customer Data according to instructions from our Customer.
  • Service Improvement: Dovico may use your Personal Data and other information collected through our Sites to help us improve the content and functionality of the Sites. Dovico may also use aggregated anonymous data about Customer's use of the Services that is not identifiable with respect to Customer to better understand our users and to analyze, improve, support and operate the Services.
  • Surveys, Contests and Other Special Offers: From time to time, we may offer our users the opportunity to participate in surveys, contests and other special offers. If you choose to participate in these services, you may be required to provide certain Personal Data.
  • Dovico does not ever sell Personal or Corporate Data.

5. Who We Share Your Personal Data With

We may disclose your Personal Data to the following categories of recipients:

  • To third party service providers who provide data processing services to us (for example, delivery, functionality and enhanced security of the Services), or otherwise process Personal Data for purposes that are described in this Privacy Policy or notified to you when we collect your Personal Data;
  • To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Dovico will cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Data and any other content and information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to or comply with legal requests (including court orders and subpoenas), to protect the safety, property or rights of Dovico or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law;
  • To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we require the buyer to use your Personal Data only for the purposes disclosed in this Privacy Policy; and
  • To any other person with your consent to the disclosure.

6. Security

We recognize our legal obligations to protect the Personal Data we have gathered about individuals. We have therefore implemented appropriate technical and organizational measures to secure against unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of Personal Data; These arrangements may include physical security measures, network security measures, and organizational measures such as non-disclosure agreements and need-to-know access.

7. Data Retention

We will retain your information for as long as your account is active or where we have an ongoing business need to do so (for example, to comply with applicable, legal, tax, or accounting requirements). We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

8. Third Party Links

Our Sites and Services may contain links or integrate with other websites and online services or allow others to send you such links. Dovico is not responsible or liable for any damage or loss related to your use of any third-party website or online service. You should always read the terms and conditions and Privacy Policy of a third-party website or online service before using it, whether directly or in connection with your use of the Sites or Services. Third parties may collect, but we do not authorize them to collect, personally identifiable information about your online activities over time and across different websites when you use the Sites or Services.

9. Additional Notice to Residents of the European Economic Area (EEA)

9.1 International Data Transfers

Customer Data

Data and information, including Personal Data, provided or created by our Customers and their licensed users in the course of using the Services (“Customer Data”) is processed in the geographic region where the Customer is located. The Customer is the data controller of Customer Data. Dovico, as data processor, only processes the Customer data according to the instructions of the data controller. For more information, see Dovico’s standard Data Protection Addendum (“DPA”) which determines the processing of Customer Data.

Any questions about the processing of Customer Data should be directed to the Dovico customer through whose account you access the Services.

Direct Data Transfers to Dovico (Canada)

In some circumstances, Personal Data may be transferred from the EEA to Dovico’s offices in Canada. These include direct communications for support, finance, and sales, and occasionally Customer Data may be transferred if required for technical support.

Such transfers are legally authorized by a finding by the EU Commission that Canada has an adequate level of data protection.

Transfers to Other Countries

We use third-party service providers to provide some services that are necessary or ancillary to our delivering the Sites and the Services, and some of these services may include processing Personal Data. These may be located generally in Canada, the EEA, the USA, and other countries. In order to provide security and confidentiality for your Personal Data, Dovico has undertaken contractual and other measures to ensure our service providers provide adequate protection for Personal Data, as follows:

  • Service providers located in the EEA are directly governed by the General Data Protection Regulation (“GDPR”) and by applicable national legislation.
  • Service providers located in Canada are governed by the Personal Data Protection and Electronic Documents Act (“PIPEDA”) which has been found by the EU Commission to provide an adequate level of protection as required by EU data protection laws.
  • Other service providers are in the United States. Dovico has in some cases has entered into contractual provisions, known as Standard Contractual Clauses, with service providers to ensure adequate protection of your Personal Data. In other cases, service providers located in the United States have certified their compliance with the Privacy Shield Framework which requires US suppliers to provide adequate protection of your Personal Data. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce.
  • Additionally, Dovico enters into Data Processing Agreements with each of our third-party providers which provide our instructions for processing and requires an appropriate level of confidentiality and security.

9.2 Your Data Protection Rights

If you access our Sites and Services from the EEA, you have the following legal rights in respect of your Personal Data:

The right to be informed – You have the right to be told about the collection and use of the Personal Data you provide. This Privacy Policy sets out the purpose for which we process your Personal Data, how long we will keep your data, and who we will share your data with. (For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/).

Right of access – You have the right to know whether we are processing your Personal Data, and to receive a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 30 days of receipt of your request. (For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/).

Right to rectification – You have the right to have any incorrect Personal Data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 30 days of receiving the request. (For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/).

Right to erasure – This right, often referred to as the right to be forgotten, allows you to ask us to erase Personal Data where there is no valid reason for us to keep it. (For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/).

Right to restrict processing – You have the right to ask us to restrict processing of your data. (For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/).

Right to data portability – You have the right to move, copy or transfer your Personal Data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. (For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/).

Right to object – You have the right to object to our processing of your Personal Data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.

  • Legitimate interests/legal task – Your objection should be based on your situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.
  • Direct marketing – You have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.
  • Scientific/historical research and statistics – Your objection should be based on your situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection.

(For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/).

Rights relating to automated decision making including profiling – You have the right in respect of automated decision making, including profiling. Where we carry out solely automated decision making, including profiling, which has legal or similarly significant effects on you, we can only do this if it is in connection with a contract with you, we have a right under law or you have provided your explicit consent. We will tell you if this happens and tell you how you can request human intervention or challenge the decision. (For more information: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/rights-related-to-automated-decision-making-including-profiling/).

Rights to withdraw consent – Where we process your Personal Data based on your consent you have the right to withdraw that consent at any time without reason. You can opt-out by using the unsubscribe/opt-out in any marketing we send you.

Exercising your data rights – If you want to exercise any of the above rights, or If you have any questions on how and why we process your data, please contact us. We will respond to your request within 30 days of receipt of your request. However, if Dovico derives the custody or control of the Personal Data through its Customer, the Customer will be the data controller and all requests for access to Personal Data should be forwarded through such data controller to Dovico.

If you are not satisfied with any aspect of our handling of your data, and you consider that the processing of your Personal Data infringes the GDPR which is applicable throughout the EEA, you can make a complaint to the supervisory authority of the Member State of your habitual residence , place of work or place of the alleged infringement.

We respond to all requests we receive from individuals wishing to exercise their data protection rights promptly and at the latest within a month. If you are not located in the EEA, you may have similar rights in your location. If feasible, we will help with your request.

9.3 Legal Basis For Processing Personal Data

If you are visiting our Sites or accessing our Services from the EEA, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

We will generally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, or for more details on our legitimate interests, please contact us.

10. Privacy Policy Changes

We may change this privacy policy at any time and from time to time. When we update the policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy policy or other notice on the Sites. We encourage you to review this privacy policy often to stay informed of changes that may affect you.

11. How To Contact Us

If you have any questions or concerns about our use of your Personal Data, please contact us by email or telephone, or by mail at the address below.

Dovico Software Inc.
236 St George Street, Suite 210
Moncton, NB, Canada
E1C 1W1