InStaff

Privacy Policy

Our privacy policy will help you understand what information InStaff collects, how we use it, and what choices you have.

Throughout this privacy policy, “InStaff”, “we”, “our” or “us” will refer to INSTAFF INC., the company providing the service. “The service” refers to our online pay stub delivery and employee portal.

A “customer” refers to an organization which uses the service. A “user” refers to any individual with an account that allows them to access and use the service.

Information We Collect and Receive

1. Customer Data

   Content and information submitted by users to the service is referred to in this policy as “customer data”. Customer data is controlled by the organization using the service. Where InStaff collects or processes customer data, it does so on behalf of the customer. Some examples of customer data includes but is not necessarily limited to: company announcements and documents posted to theservice by the customer, employee directory information such as first and last name, job, photo and phone number that an individual user may choose to enter into their profile, and information included on user pay stubs and tax forms. It is the customer's responsibility to obtain informed consent to the usage of the service by the users whom customer submits data to the service on behalf of. It is the customer's responsibility to obtain informed consent to the usage of the service by the users whom customer submits data to the service on behalf of.

   InStaff gathers and processes the necessary personal information to finalize commercial transactions. This includes details found on our users' paystubs and tax forms, which is a fundamental step to connect employees with their respective documents. This process is vital for our service to function effectively. We categorize content and information submitted by users to our service as "customer data". As an organization, we adhere to the highest levels of data privacy and collect only the essential minimal data needed to facilitate our services. This could encompass key personal information required to match employees with their paystubs and tax forms. We assure our customers that all collected data is strictly used for the purpose of delivering, sustaining, and enhancing our services.

2. Other Information

   InStaff may also collect and receive the following information:

   • Account creation information

     Users provide information such as an email address and password to create an account.

   • Customer setup and contact information

     When a customer chooses to use our service, we collect the company name, approximate company size, email addresses of the relevant point(s) of contact within the customer's organization, and domain details (such as companyname.instaff.org).

   • Billing and other information

     Our third party payment processor (Stripe) may collect and store billing address and credit card information on our behalf, or we may do this ourselves.

   • Service usage information

     This is information about how you are accessing and using the service, which may include administrative and support communications with us and information about the features you use.

   • Log data and device information

     This is information about how you are accessing and using the service, which may include administrative and support communications with us and information about the features you use.

   • Geo-location information

     WiFi and IP addresses received from your or device may be used to determine approximate location.

How We Use Your Information

1. Customer Data

   We may access and use customer data as reasonably necessary and in accordance with the customer's instructions to (a) provide, maintain, and improve the service; (b) to prevent or address service, security, technical issues or at a customer's request in connection with customer support matters; (c) as required by law; and (d) as set forth in our agreement with the customer or as expressly permitted in writing by the customer.

2. Other Information

   We use other information in providing the service, specifically:

   • To understand and improve our service

     We may carry out research and analyze trends to better understand how users are using the service and how we can improve them.

   • To communicate with you by:

     • Responding to your requests

       If you contact us with a problem or question, we will use your information to respond.

     • Sending emails

       We may send you service and administrative emails, for the purposes of: informing you of important service related notices such as a security and fraud notices, changes in our service, and our service offerings. These emails are considered part of the service and you may not opt-out of them.

       In addition, we may send promotional emails about new product features or other news about the service. You can opt out of these at any time.

     • Billing management

       We use billing information to manage and keep track of billing and payments.

     • Communicating with you and marketing

       We may need to contact you for invoicing, account management, and similar reasons. We may use your contact information for our own marketing or advertising purposes, however, you can opt of this at any time.

Your Choices

1. Customer Data

   The customer may provide us with instructions on how to handle customer data. The customer has many choices and control over customer data. In the process of initial setup of the service, we create a user with administrative capabilities controlled by us. This is necessary for setup. By default we will stay on as a user for the purpose of providing effective administrative support as necessary. Following setup, the customer may choose to deactivate us as user through the service. However, this action limits our ability to provide full service support. The customer may choose to reactivate us at any time.

2. Other Information

   If you have any questions about your information, our use of this information, your rights when it comes to any of the foregoing, or other choices you may have, contact us at privacy@instaff.org.

Sharing and Disclosure

There are times when information described in this privacy policy may be shared by InStaff. This section discusses only how InStaff may share such information. Customers determine their own policies for the sharing and disclosure of customer data. InStaff does not control how customers or their third parties choose to share or disclose customer data.

1. Customer Data

   InStaff may share customer data in accordance with our agreement with the customer and the customer's instructions, including:

   • With third party service providers and agents.

     We may engage third party companies or individuals to process customer data.

2. Other Information:

   InStaff may share other information as follows:

   • About users employed by the customer with the customer

     There may be times when you contact InStaff to help resolve a service issue. In order to help resolve this issue and given our relationship with the customer, we may share the your concern with the customer.

   • With third party service providers and agents

     We may engage third party companies or individuals, such as our third party payment processor, to process information on our behalf.

3. Other Types of Disclosure

   InStaff may share or disclose customer data and other information as follows:

   • During changes to our business structure.

     If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of InStaff's assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. Due diligence).

   • To comply with laws

     To comply with legal or regulatory requirements and to respond to layful requests, court orders and legal process.

   • To enforce our rights, prevent fraud, and for safety.

     To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

     We may disclose or use aggregate or de-identified information for any purpose. For example,we may share aggregated or de-identified information with partners or others for business or research purposes like telling a prospective customer the average number of employees our customers have or partnering with a research firm or academics to explore questions related to the nature of the service.

   • Data Breach Incidents
     • In the event of a confidentiality incident involving personal information, InStaff will inform affected Customers of the incident's occurrence and the extent of the incident (data elements breached and number of affected individuals) as soon as feasible;
     • InStaff will also notify the Commission d’accès à l’information du Québec (CAI) and the persons concerned and keep a register of confidentiality incidents;
     • In addition, InStaff will take reasonable measures to reduce the risk of injury being caused to the persons concerned, and to prevent new incidents of the same nature from occurring.

Customer Data Retention and Deletion

• Customer Data Retention: InStaff will keep Customer Data for no longer than is necessary to meet the purposes for which it was collected and used. In some cases, this may be as long as users/employees have an active account or while we’re providing you with services. For all terminated employees, InStaff will continue to retain Customer Data as long as the customer deems it necessary, for instance to make pay history data available to terminated employees for a given period of time.

• Customer Data Deletion: InStaff will only delete Customer Data when i) requested by an authorized representative of the Customer (i.e., Customer's portal administrators), for instance when cancelling the service, or when related to a support request; or ii) in accordance with InStaff's own Terms of Service, for instance by default at the end of the standard 7 year retention period for pay documents. It is the Customer's responsibility to collect and administer Customer Data deletion requests brought forth by Customer's own employees/users, for instance, if a given user decides they do not want their pay history stored online. Customer's portal administrators have the power and responsibility to delete any given user's data from Customer's portal upon user request. InStaff cannot and is not responsible for fulfilling employee/user data deletion requests due to InStaff's inability to adequately verify any given employee/user's identity. Employees/users with data deletion requests must contact their portal administrator to have their request fulfilled.

• Security Incidents: All security incidents will be recorded and retained for five years.

Our Cookie Policy

InStaff uses cookies and similar technologies like single-pixel gifs and web beacons to record log data. We use both session-based and persistent cookies.

Cookies are small text files sent by us to your computer and from your computer or mobile device to us each time you visit our website or use our service. They are unique to your account or browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Some cookies are associated with your account and personal information in order to remember that you are logged in. Other cookies are not tied to your account but are unique and allow us to carry out site analytics and customization, among other similar things. If you access the service through your browser, you can manage your cookie settings there, however, if you disable some or all cookies, you may not be able to use the service.

InStaff sets and accesses our own cookies on the domains operated by InStaff. In addition, we may use third parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on its website. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.

Security

InStaff takes the security of your data very seriously and has measures in place to address security, availability, and disaster recovery concerns. If you have any questions regarding security, please contact contact@instaff.org.

Confidentiality

We place strict controls over our employees' access to the data made available by the customer and its users through the service and are committed to ensuring that customer data is not viewed by anyone who should not have access to it. The operation of the service requires that some employees have access to the systems which store and process customer data. For example, in order to diagnose a problem you are having with the service, we may need to access your customer data. Your data is never accessed for any reason other than stated within this policy.

Changes To This Privacy Policy

We may change this policy from time to time, and if we do we will post any changes on this page. If the change will materially affect the way we use or disclose previously collected customer data or other information, we will notify you by email. If you continue to use the service after the changes are in effect, you agree to the revised policy.

Special Note for Quebec Resident’s Regarding Law 25: InStaff’s privacy policy is written in accordance with the guidelines established by Quebec’s Law 25. We will continue to update our privacy policy in accordance with Law 25’s gradual phased roll-out of guidelines.

Contacting InStaff

Please feel free to contact us at any time if you have questions about InStaff's Privacy Policy or practices.

To reach the Privacy Officer:

• Email: privacy@instaff.org
• Mail: 2000 Argentia Road, Plaza 2, Suite 210, Mississauga, ON, L5N 1V8

---