Effective Date: May 25, 2018 Last Updated July 18, 2018
This privacy statement (the “Statement) sets forth data privacy principles followed by Integrated Database Systems, Inc. (“IDS”) which are Privacy Shield and GDPR certified by TrustArc in connection with transfers of data to and from the US and the member states within the European Union.
This statement applies to our websites and our mobile application owned and operated by Integrated Database Systems (IDS) with respect to our responsibilities as the controller of the data you provide to us. IDS has certified it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about IDS’s Privacy Shield status, please visit https:/www.privacyshield.gov/list.
IDS may update this Statement from time to time. We will post any update to this website, by email or by in app notification.
The following definitions apply to this Statement:
- Data Controller: The entity that alone or jointly with others determines the purposes and the means of the processing of Personal Information. The agency or customer of IDS is the controller of data. Controllers have a relationship with the Individuals to whom they provide service. IDS is the controller of information collected on its public web sites and mobile apps. IDS clients are the controller for data they provide IDS for IDS service
- Data Processor: The entity that processes Personal Information on behalf of the Data Controller in accordance with the instructions or contractual obligations for service. IDS is the processor of data for its clients.
- General Data Protection Regulation or GDPR: Regulations that surround the protection, collection and access to Personal Identification that apply to EU member citizens that became effective May 25, 2018.
- Personal Data and Personal Information: Data and information about an identified or an identifiable individual that are within the scope of the EU Directive or subject to HIPAA privacy laws in the US. Neither includes anonymized data or data that is reported in aggregate.
- Sensitive Information: Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or that concerns an individual’s health.
This privacy statement describes how IDS collects, uses, shares, and secures the personal information you provide on our website(s) and on our mobile application. It also describes the choices available to you regarding our use of personal information and how you can access and update this information.
Websites subject but not limited to this privacy statement
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, our US customers may contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
EU member state customers may contact their respective data protection authority. Locate a full list EU DPA’s here.
Information Collection and Use
IDS collects and uses your personal information such as name, company name, billing address, phone number and email address in order to create and administer your account. IDS also collects and securely stores credit card information from customers to process orders and facilitate payment for service.
When you download and/or use our Services, we automatically collect information on the type of device you use, operating system version, and unique device id.
We collect client and caregiver GPS location based information for the purpose of recording caregiver visit verification when arriving and departing from the client’s location. Location based tracking is an optional component of the service that must be subscribed to and turned on by the customer/client of IDS.
You may opt-out of location based services at any time globally by editing your company preferences or individually by editing the setting at the device level. Customers of IDS can cancel location based visit verification services including location services by emailing us at firstname.lastname@example.org.
EU-US Privacy Shield
IDS processes personal information in the United States and participates in and has certified its compliance with the EU-US Privacy Shield Framework. IDS uses articles defined by GDPR as guiding principles for policies surrounding data protection for customers in EU member states. IDS is committed to subjecting all personal data received by and sent back to EU member countries is in accordance with the Privacy Shield Framework and as part of our compliance with the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, and to view our Privacy Shield status, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list]. IDS is responsible for the processing of personal data it stores and receives, under the Privacy Shield Framework, and subsequent transfers to third parties acting as an agent on its behalf. IDS complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, IDS is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, IDS may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may provide your personal information to companies that provide services to help us with our business activities, such as offering customer service or a mapping service provider to provide a map of the location you are looking for or the location you are currently in. These companies are authorized to use your personal information only as necessary to provide these services to us. We do not share or disclose any data you enter into the application without your prior consent. We may also disclose your personal information:
- As required by law, such as to comply with a subpoena, or similar legal process.
- When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- If IDS is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding the transfer of your personal information to any other third party with your prior consent to do so.
Upon request, IDS will provide you with the information about whether we hold any of your personal information. If your personal information changes, or if you no longer desire our service, you may correct, update, amend or delete it by emailing us at email@example.com or by using the secure online form found within Generations. We will respond to your request within a reasonable timeframe.
Where IDS is a data processor, it does not collect information from individuals nor interact individuals but instead hosts Personal Information provided by its clients. IDS will provide assistance to its clients to provide reasonable access to Personal Information that is holds on behalf of its clients, and will take reasonable steps to assist its clients in allowing individuals the ability to correct, amend, or delete any Personal Information which is inaccurate or incomplete.
We will retain your business contact information only for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you wish to subscribe to our newsletter(s), we will keep and use your name and email address to send newsletters and company announcements to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or you can contact us at firstname.lastname@example.org
Cookies and Other Tracking Technologies
As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and clickstream data to analyze trends in the aggregate and administer the site.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the applications, aggregated usage, performance data, and where the application was downloaded from.
IDS implements reasonable security measures and precautions to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Security measures include logical and physical access controls for user access to Personal Information, as well as technical security measures at the network, operating system and database layers.
When you enter your log in information on our service and/or provide geo-location on our mobile application, we encrypt the transmission of that information using secure socket layer technology (SSL). For more information on our security measures please review our Security Statement on our website http://www.idb-sys.com/security.
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. With the help of TrustArc we are confident security and privacy practices are as strong as possible to prevent a breach or loss of data. If If you have any questions about security of your data and its use on our web site, contact us at or email@example.com
IDS does not process Personal Information in a way that is incompatible with the instructions provided by the clients of IDS. IDS takes reasonable steps for its clients to ensure Personal Information is reliable for its intended use, is accurate, complete and current.
Links to 3rd Party Sites
IDS, when fulfilling its obligations to its customers acts as the Data Processor, and as such is not responsible under the EU Directive for providing individuals choice respecting the use of their Personal Information.
Clients of IDS, who are the data controllers, are responsible for compliance with opt-in and opt-out requirements and data accuracy of individuals under the EU Directive or as by local applicable law.
Rights of the Individual whose personal data is stored in Generations
IDS acknowledges that you have the right to access, update or delete your personal information. IDS collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processes. If you would no longer like to be contacted by one of our Clients that uses Generations, please contact the Client of IDS, who may be your employer, or providing agency of service, that you interact with directly. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the IDS Client (the data controller for service purposes).
Cross Border Data Protection
Personal Information collected on our websites may be stored and processed in the United States or any other country in which IDS affiliates or contracts with in order to provide our service to you, including countries which may not have data protection laws similar to the laws in the country from which you initially provided the information. By choosing to use our websites, and to provide data to them, you consent to any such transfer of information outside of your country.
Our data hosting service is not meant to be used by children under the age of 16 without their parents express written consent. In compliance with GDPR, we do not knowingly collect personal information from or market our services to individuals under the age of 16.
Changes to This Policy
Any questions regarding the use or disclosure of Personal Information or questions about this Privacy Statement should be directed to IDS Legal and Privacy Department using the contact information listed below:
EU and US Customers:
Generations Homecare System
Integrated Database Systems, Inc.
2625 S. Denison, Suite A
Attention Lisa M. Ferden, Vice President
Mt. Pleasant, Michigan 48858 USA