In order to provide organizations with great tools to empower their workplaces, IBEX must collect and handle sensitive data. We take that responsibility seriously and take care in our approach. Knowing that the data we collect can be personal in nature we thought we would write down our procedures for collecting, using and disclosing your information in an understandable way. Maybe we’ll even have some fun. I mean, there’s only so many times you can say PIPEDA out loud without smiling. By using the IBEX system and website you consent to all the activity described in this policy.
Information We Collect and Store
When you are using the IBEX system and website we may collect and store the following information:
Information you give us
When you register for a trial with IBEX we may collect some basic contact information that can be used to communicate with and identify both the person who requested a trial/account and the organization they have requested a trial/account for. Basically we’re talking about your business card with some follow-up questions. We call this Trial Information.
This information will include data like name, phone number, email address, organization postal code, position within said organization and an inquiry into how you feel about your current processes. By entering this information yourself you consent to us collecting and storing it.
In preparation for activating an account with IBEX we will collect additional information about your organization and your processes to help the IBEX system fit your team nicely. This is information about your employees, as well as your current and past processes. We call this Organization Information.
This information will include data like employee information (see "Information your organization gives us" for a better idea of this), preferred billing address, financial routing information, Remittance Number, RP number, payroll schedule, and preferred contact email address and phone number. By sending us this information you consent to us collecting and storing it.
Upon signing up for one of our blog mailing lists we may collect some basic information used to send the blog posts. Like the trial, we are asking for a business card here - but no followup questions. We call this Mailing List Information.
This information will include data like name, email address, place of work and Province of Residence. By sending us this information you consent to us collecting and storing it.
Information your organization gives us
When your organization signs up for and uses the IBEX system or website they may store certain personal information about employees. This is the information required to pay and contact employees. This amounts to the meat and potatoes of what the IBEX system needs to run. In addition to this information, your organization may also store your historical payroll and shift data with them to get a better view of their admin process as a whole. We call all of this information Employee Information.
This information will include data like demographic information such as name, date of birth, gender, preferred language, SIN number, Home address, postal code, Home phone number, mobile phone number, shift contact preferences. In addition to that demographic information this will also include payroll information such as wage information, payroll history with the organization, ongoing scheduling, time approval and payroll data, positional history with the organization, bank routing numbers, and tax exemptions. As an employee of the organization you have consented that the organization will pay you in the method they deem appropriate.
Information collected through system logs and cookies
Cookies are small data files that we transfer to your device that tell us how you interact with our systems or websites. We use two kinds of cookies: session ID, and persistent. Session ID cookies track things that happen when you are using the system such as load times, clicks etc. We use this information to help improve the IBEX system and website. Persistent cookies remember your username and password next time you come to log in. You have the option to refuse persistent cookies in your browser. We call this data User History Information.
This information will include data like system activity (crashes, load time), browser type, device type, clicks, data uploads, data entries, date and time stamps associated with you activity, ip address, geographic location, system information, login usernames, and login passwords. When you use IBEX system or websites you consent to the gathering of this data.
How We Use the Information We Collect
IBEX uses your information for the following internal processes
We use and display this information for the benefit of your organization to help them pay you correctly, communicate with you, generate reports, and understand how their payroll and administrative process is running as a whole. The meat and potatoes of our system.
IBEX uses this information at an aggregate level in the organization to understand the needs of your team so that we might tweak and polish the system to better suit the needs of your organization.
Lastly we use this information to contact you if you are a system user affected by a system update or news bulletin. If you do not wish to be contacted you can opt out by clicking the unsubscribe link in our update emails.
We use this information to pay your team correctly, communicate with you, bill you, interact with the CRA and Service Canada on your behalf, and provide you with reports and data on your admin process as a whole.
User history information
We use this information to authenticate users and verify a user has the authorization required for the system to process their request. We also use this information to understand the needs of your team and organization so that we might optimize the technical capabilities, messaging, and user friendliness of the system and website.
We use this information to help you regain access to your account if you get locked out. We use a separate verification process before doing so. In addition to this we use this same information to occasionally set up users with accounts on our support sites using identical logins and passwords in order to make that login process simpler.
Mailing list information
We use this information to send you the requested blog postings on a regular schedule. You may opt out at any time by following the unsubscribe link in the emails.
We also use this information to better understand our subscribers so we can provide more useful and relevant content to them.
We use this information to contact and identify your organization in preparation for offering you a trial of the IBEX system.
We also use this information to better specify and personalize the trial so that it will display the aspects of the IBEX system you might be most interested in.
Information Sharing and Disclosure
We will display some of your personal demographic information on your Statement of Earnings that you receive with each pay. If you are a user of the IBEX system we will also display your username. If you are locked out of your account we will disclose your password to you once you have passed through a secondary verification process.
Your organization’s use
We will display your Employee Information within the system to all individuals in your organization with sufficient privileges to see that information. Speak to leadership in your organization to better understand who has those privileges.
We will also disclose some User History Information of certain users to other users within the same organization with more administrative privileges. This information would be with respect to actions taken within the system.
Service providers, businesses and others
We do not sell any of the information we collect to third parties.
We may however, use trusted third party companies to help us provide, analyze, store and improve our systems (including but not limited to maintenance services, data storage, database management, web analytics, and payment processes). These other businesses only have access to your information for the purposes of completing their specific and limited tasks on our behalf and have similar commitments to your privacy and the security of your data.
Non-private aggregated data
We may disclose non-identifiable, non-personal, aggregated Employee Information or User History Information. Sounds scary but basically, we might publish studies on payroll or other related data across the industry using data from multiple organizations. Within the studies it would be impossible to tell who was who, or what organization provided what data. We do this because there is not much research on the niche field of Developmental Service Agency administration and we think the data is really useful for your organizations.
Compliance with laws and good conscience
In the situation where we believe that withholding information may result in extremely negative consequences to IBEX or another human being, we reserve the right to disclose information to law enforcement and other parties who can assist in the situation. Specifically IBEX may disclose information if we have a good faith belief that disclosure is reasonably necessary to: comply with a law, regulation, or compulsory legal demand, protect against fraud or abuse of IBEX, protect the property rights of IBEX, and/or protect the safety of any person from death or serious bodily harm.
Viewing, Changing or Deleting Information
Those users within your organization with administrator level account privileges may view and edit Employee Information by accessing the employee editing screens. They may also view and edit Organization Information by accessing the organization screen.
These users may also view and modify the accounts and access of all other IBEX system users within the organization. This can include but is not limited to access to payroll data, system pieces, departments, usernames, and passwords. This also includes any additional information a user may have provided the system.
Employees can be designated terminated, but Employee Information cannot be completely deleted. We can’t delete employees entirely because we might be required to at any point in the future print an ROE for that employee and as such we must retain the data. We store this data for the amount of time required to comply with labour standard laws as legislated by governing bodies.
Please refer to your organization’s policies and procedures if you have any questions about the rights of System Administrators.
Those employees who do not have administrator level privileges can see most of their Employee Information on their statement of earnings, or within the employee portals of the IBEX system such as My Schedule or Time Entry.
To make changes to their Employee Information or to see it in its entirety an employee will need the assistance of a user with administrator level privileges.
We will delete Organization Information and all attached Employee Information of an organization following a termination of IBEX services. IBEX will delete the data within 365 days of an official termination of services.
The administrator of your trial with IBEX can view, edit and delete our Trial Information on your organization by accessing the Organization page of your trial account. Please note that if you delete certain information the trial may not be able to proceed properly.
The IBEX system deals with some of your most sensitive data as an organization and we take that responsibility seriously. In keeping with our obligation as a good partner we go through every length to ensure security for your data.
The IBEX system is encrypted using secure socket layer technology (SSL) so that your data is as safe as possible. Furthermore internal controls on access within your accounts and organization protect against internal fraud. Lastly all our stored data, whether that is Employee Information or Mailing List Information, is protected by industry standard firewalls and defense systems.
Contacting Us About the Policy