The official PDF of this Privacy Statement can be downloaded here.
Privacy Statement
This Privacy Statement tells you about the collection, use, and disclosure of information related to, and your rights in respect of, the data Digital Innovation Solutions, Inc. ("Company", "We", "Us" or similar pronouns) collects and process related to your use of our services via our website and ancillary services related to our trauma center software service, and other electronic services that link to this Privacy Statement (collectively the "Service(s)" and such locations or applications, the “Sites”). Please be sure to read this entire Privacy Statement before using the Service.
Background and overview
The Company is a trauma registry system service provider to trauma centers throughout the United States (the “Trauma Registry Service”). In connection with our provision of the Trauma Registry Service the Company provides training and backoffice support services to persons who are managing the Trauma Registry Service (“Users”). This Privacy Statement general, the Service collects and processes information about Users of the Trauma Registry Service.
Our obligations with respect to the data stored by the trauma center in the Trauma Registry Service are set forth in a Business Associate Agreement between the Company and the trauma center, and that data is owned by the trauma center or the patients that use the trauma center services and is subject to the trauma center’s privacy policies.
General privacy statement
Subject to our more explanatory statement below, we do not sell your Personal Data and, we do not share your Personal Data with third parties except with your consent (opt in).
Acceptance
By registering for or otherwise using the Service, you agree to the terms of this Privacy Statement. Specifically, you authorize the collection, processing, retention, and disclosure of Information about You by Company and its affiliates, business partners, and service providers for the purposes described in this Privacy Statement or as described to you during your interactions with the Service. For example, We might clarify our practices when you register or when you use the Service, or one of its functions, for the first time.
Effective Date and Changes to this Privacy Statement
This Privacy Statement is updated as of February 12, 2026. We reserve the right to update this Privacy Statement. If We update this Privacy Statement, We will use reasonable electronic efforts to advise you of the change, which may include posting a notice of the change in the Service (for example when you login), or we may send you an electronic notification of the change. If We notify you by an electronic communication, We will provide these electronic messages to your last known or provided electronic communication address (which may be for example, a text message address, X/Twitter user name, or other site address). You are responsible to review communications we send to those addresses, to authorize communications from us, and to keep those addresses up to date. Use of the Service after our notice of a change in the Privacy Statement is acceptance of the terms and changes in the updated Privacy Statement, which shall, unless expressly prohibited by applicable law (or unless expressly stated in such changed Privacy Statement), be effective from the inception of your use of the Service.
NOTICE REGARDING NON-SALE OF PERSONAL DATA. We collect and process your Personal Data as described below solely for use in providing Trauma Registry Service to Users. As noted below, except for certain anonymous, de-identified data that may be used by our service providers in their provision of services to us, we do not sell your Personal Data.
NOTICE AT COLLECTION
THIS IS A NOTICE TO YOU CONCERNING, AND BY USING THE SERVICE, YOUR CONSENT, TO THE COLLECTION AND USE OF PERSONAL DATA ABOUT YOU COLLECTED AND USED BY COMPANY.
Categories of Personal Data we collect and the purpose for which we collect such data: The categories of Personal Data we collect and associated examples are below. Where the Personal Data is identified as “Essential Information” please see our further disclosures and notices below.
|
Category |
Examples (not exhaustive) |
Purpose for which we collect and use this information |
|
Personal identifiers (Essential Information) |
Name, address, phone numbers, email addresses |
We use personal identifiers to identify you in our records, to assist in authentication and authorization of your rights to access the Services, and to personalize our Services, and to communicate with you about our services and offering, depending on your communication preferences. |
|
Authentication data (Essential Information) |
Username, password, email address, tokens, session keys and similar authentication data |
We use authentication data to verify you are authorized to use the Trauma Registry Service. |
|
Usage data (Essential Information) |
Completion of course/training materials, tests and quiz data, report design parameters you create, and similar data about your use of the Services |
We use usage data to track how you use the Services, when you use the Services, and your status of completion of such use. |
|
Support/chat information (Essential Information) |
Personal Data You elect to provide in any chat session |
We use information from support and chat communications to personalize our Services, and to improve customer support services, including responding to inquiries, troubleshooting issues, and enhancing the quality and effectiveness of our support interactions. |
Sources of Personal Data
Changes in Purpose for Previously Collected Personal Data
We will only use Personal Data for the purposes described in this Privacy Statement or as disclosed to you at the time the information was collected. If we intend to use previously collected Personal Data for a purpose not disclosed above, and if applicable Data Privacy Laws require us to obtain your consent to do so, we will:
Uses of Information about You
We use the information about you to provide the Trauma Registry Services, and to market our additional services and options to you.
Exchanging information with Other Parties
Except as disclosed above in the section “NOTICE AT COLLECTION,” except for the normal operation of the Service which is a cloud service that stores your data in a data store with the cloud service provider, and except for storing some of your information in services that assist us in communicating with you, such as email service providers, or content management services, in each case that we use internally, We do not share information about you with third parties.
Essential Information:
Our collection, use and disclosure of Essential Information is required for the Services to function properly. The below chart displays the category of third parties that we disclose Essential Information to, and the purposes of such disclosure.
|
Category |
Examples |
Purpose for which this information is disclosed to Third Parties |
|
Cloud hosting providers |
Microsoft Azure |
We use cloud providers for hosting and operating the Service. |
|
Communication and email service providers |
Microsoft Outlook |
We use email service providers for communicating with You, supporting MFA, and delivering communications and alerts. |
|
Authentication or security service providers |
Microsoft Entra ID, Okta Auth0 |
We send information to third-party authentication or authorization services to ensure system integrity and authorization only as elected by You. |
|
Customer support and content management tools |
GitLab, Quickbase |
We store your information in these tools to provide customer support. |
|
Trauma registries |
ACS TQIP, State registries |
The Service enables You to submit data to state and national registries for Trauma center compliance. |
If you choose not to provide Essential Information Personal Data, or if you later request deletion or restriction of such Essential Information, we may be unable to maintain your account or provide the Service. In some cases, we may be required to terminate access to the Service where essential data cannot be processed.
Managing Information about You
If we have stored incorrect information about you contact Us as specified below and We will take appropriate steps to update or correct such information in our possession, or to make changes to the Information about You in accordance with the process described below entitled “Process for Exercising your rights in Personal Data”.
We maintain a central register/ticketing-system, the Personal Data Requests Tracking System, for (1) all requests relating to your exercise of rights in Personal Data; and (2) all legal and regulatory requests by third parties. This system logs, tracks and maintains Personal Data related to these requests and our responses to them and disclosures related thereto.
If we are served with a subpoena, court order, or other legal document that compels us to disclose your Personal Data, we will comply with such legal request and we will log and track that request, our response, and the Personal Data disclosed pursuant to it, using the Personal Data Requests Tracking System.
We communicate corrections or erasures of an individual’s personal information to authorized users and relevant third parties to whom the personal information has been shared or transferred, and we record those communications using the Personal Data Requests Tracking System.
Communicating with You
We may communicate with you through electronic communications and through the Service, such as through the use of notifications and alerts. You may manage certain other ways in which We communicate with you. For example, you may subscribe or unsubscribe to certain electronic communications from Us, such as for notifications and information about updates to the Services. You may not unsubscribe from administrative Service and electronic messages that We may send, such as to alert you of changes in our Privacy Statement or Terms of Service.
Links to Other Services
The Service may provide hyperlinks and references to other websites or allow you to connect your information on this Service to such sites. Our Privacy Statement does not apply to those websites, and we are not responsible for the content or function of those websites. We encourage you to become familiar with the privacy practices of the other websites that you use.
Other Special Considerations
Technology Logging, Cookies, and Related Techniques
When you interact with the Service, your browser or other device may communicate other technical information that we use as part of our Services. For example, as you use the Service, your browser or other device communicates with our technology, which in turn keeps records of your interactivity and requests for services and content to assist Us in managing and improving the utility of the Service, and to conduct research and analysis on its use. The types of such interactive information may include your Internet Protocol (IP) address, browser / device type, URL, requests made, device identification information, mouse clicks, sensor information (keystrokes) and related technical usage information.
We use cookies as strictly necessary to authenticate you to the Service, and maintain your session. The Service may not function properly if your browser or device is configured so it does not accept these associated cookies and other technical means.
We may use cookies and other remote side storage technology (such as clear gifs or web beacons) to analyze how the Service is used, to keep track of your progress in viewing a video or other content, to link information about how you use the Service with your account, and to help tailor our Services. If we use any non-essential cookies, we will provide clear opt-in and opt-out options for you to control your preferences.
Information about Children
The Service is not intended for use by persons under the age of 18.
Contacting Us
If you have any questions about this Privacy Statement or the practices of the Service, you may contact our Privacy Officer as noted below.
Rights under Laws
You may have additional rights under state law to access certain information. For example California residents may have rights under California Code Section 1798.83. We honor those rights.
General Privacy Control (GPC). You may set a browser or other device to automatically send a “do not track” or “do not sell” or other privacy signal to our servers, which is generally known as the general privacy control (GPC) signal. See, generally, globalprivacycontrol.org. We do not use the GPC to opt out of selling your Personal Data, instead, please email privacy@ditrauma.com for any privacy-related concerns.
Location of Processing
Company is a United States of America business with its core operations in the United States. Information about You may be processed by Us, our affiliates, business partners, or service providers in the United States.
Your rights under certain laws
This section describes certain rights you may have under the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Consumer Privacy Act (CPRA), other similar state laws applicable in the United States, and under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). Collectively the above referenced laws and regulations are referred to herein as the “Data Privacy Laws.”
Process for Exercising your rights in Personal Data
For individuals that have Personal Data stored in our Service we have created the following mechanisms and practices to provide you with the following control over your personal information that comprises personal data as defined under GDPR, or personal information as defined under the CCPA/CPRA or other state laws (references below to “Personal Data” are meant to also encompass the term “personal information” under the CCPA/CPRA and similar laws):
If any of your Personal Data provided to Company is subject to the Data Privacy Laws, you have a number of rights. Further information and advice about your rights can be obtained from the data protection regulator in your country (under the GDPR) or typically from your state Attorney General, under CCPA/CPRA and other state laws.
IMPORTANT: When you contact Company to exercise your rights it is very important for security verification and other purposes that you use any email address that you know is associated with the Personal Data about which you are contacting Company. Be aware that Company may use reasonable efforts to verify your identity to ensure that it does not improperly disclose, modify or delete Personal Data.
Please also be aware that we cannot search, and therefore cannot locate, any stored documents or information that are either encrypted in a manner that precludes us from accessing the unencrypted information, or that have been de-identified in a manner that prevents us from linking the Personal Data to an individual.
1. The right to object to processing of your Personal Data (the right to opt out)
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities from third parties).
HOW TO EXERCISE YOUR RIGHT: If you want to object to certain types of processing, please direct your communication to our Privacy Officer as noted below, providing specific and detailed information regarding your objection and requested action.
Be aware that you cannot object to certain types of processing of your Personal Data, which limitations are set forth in the Data Privacy Laws. If Company determines that it is required to continue to process your Personal Data it will provide you the basis on which it has made this determination.
2. The right to an accounting of the processing (the right to know)
You have the right to be provided with clear, transparent, and easily understandable information about how we use and process your Personal Data. This is why we are providing you with the information in this privacy statement.
HOW TO EXERCISE YOUR RIGHT: If you have questions about the privacy statement or how Company may be processing your Personal Data, please direct your communication to our Privacy Officer as noted below and please be specific and detailed about your questions and Company will promptly address those questions.
3. The right of access
You have the right to obtain access to your Personal Data (if we are processing it), and certain other information about Our privacy practices with respect to your Personal Data (similar to that provided in this Privacy Statement).
This is so you are aware and can check that we are using your information in accordance with GDPR/CCPA/CPRA or any other applicable data protection laws.
HOW TO EXERCISE YOUR RIGHT: If you have questions specific to your Personal Data and how Company is using it in accordance with GDPR, CCPA/CPRA or other applicable laws, please direct your communication to our Privacy Officer as noted below, and please be specific and detailed about your questions and Company will promptly address those questions.
4. The right to rectification
You are entitled to have your Personal Data corrected if it is inaccurate or incomplete.
HOW TO EXERCISE YOUR RIGHT: If you believe your Personal Data processed by Company is incorrect and needs to be updated or otherwise corrected, please check your settings with respect to your account, and if you still believe your Personal Data is inaccurate, direct your communication to our Privacy Officer as noted below.
5. The right to erasure (the right to delete)
This is also known as “the right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your Personal Data where there’s no basis for us to continue to process it or to retain it. This is not a general right to erasure; there are exceptions as stated in the Data Privacy Laws.
HOW TO EXERCISE YOUR RIGHT: If you no longer want Company to have and/or process your Personal Data, to the extent we do not provide a self-service means of deleting your Personal Data, please direct your communication to our Privacy Officer as noted below.
(NOTE: Consistent with Data Privacy Laws Company may retain a trivial amount of information, for example, to keep a record of its compliance with your request.)
6. The right to restrict processing
You may have rights to “block” or suppress further use of your Personal Data that Company processes. When processing is restricted, we can still store your Personal Data but may not use it further. We may keep lists of people who have asked for further use of their information to be “blocked” to make sure the restriction is respected in future, but also be aware that upon making this request, we may terminate your account and delete your Personal Data instead of restricting the processing of it.
HOW TO EXERCISE YOUR RIGHT: If you want to restrict, or terminate restrictions, on Company’s processing your Personal Data, please direct your communication to our Privacy Officer as noted below.
7. The right to data portability
You may have rights to obtain and reuse your Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider of services like the Services from Company that you subscribed to, this may enable you to move, copy, or transfer your Personal Data.
HOW TO EXERCISE YOUR RIGHT: Company may have or may in the future provide you with the ability to download your Personal Data. If Company has done so, please use these functions to obtain a copy of your Personal Data. If Company has not enabled this functionality, and if you want Company to export your Personal Data for portability, please direct your communication to our Privacy Officer as noted below.
(NOTE: Company will retain and continue to process your Personal Data unless you also request to be forgotten or request restricted or blocked processing.)
8. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator (GDPR/UK) or applicable state regulator (under CCPA/CPRA or other state law). However, we hope you will contact Company first (by calling or emailing our Privacy Officer as noted below) so Company can try to address your complaint directly.
HOW TO EXERCISE YOUR RIGHT: If you want to lodge a complaint with Company, please direct your communication to our Privacy Officer as noted below.
9. The right to withdraw consent
If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
HOW TO EXERCISE YOUR RIGHT: If you want Company to withdraw your consent to process your Personal Data, please either use out functionality in the Sites to make such a request, or if we have not enabled such functionality, direct your communication to our Privacy Officer as noted below.
10. The right to be free from discrimination for exercising your rights.
We cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under Data Privacy Laws. However, if you refuse to provide your Personal Data to us or exercise one of your rights, for example, to delete your Personal Data or restrict its processing, and that Personal Data or processing is necessary for us to provide you with Services, we may not be able to complete that transaction and we may terminate your access to the Services.
You may report any claim that we have engaged in discrimination against you to an applicable regulator, though we would prefer that you first contact our Privacy Officer as noted below so that we may address your concern.
First, to the extent Data Privacy Laws requires us to take an action without charging you, we will comply with those legal requirements. In some cases we may be permitted to charge for some of these services. We usually act on requests and provide Personal Data free of charge, but in such cases we may charge a reasonable fee to cover our administrative costs of providing the Personal Data, which such costs can arise in one or more of the following cases, which are not meant to express all the instances in which we may charge a fee:
Baseless or excessive/repeated requests, or
Further copies of the same Personal Data.
Alternatively, we also may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
We only retain your Personal Data for as long as is necessary for us to use your information as described above or to comply with our legal obligations and legitimate interests, including to perform contracts with our customers (who are collecting your Personal Data). Please be advised that this means that we may retain some of your Personal Data. For instance, we may retain your data as necessary to meet our legal obligations, such as for tax and accounting purposes.
Our service is not a backup service. We do not assume an obligation to retain your information.
When determining the relevant period in which we retain or establish/revise periods for retaining Personal Data, we will take the following factors into account:
Our contractual obligations and rights in relation to the information involved, including contractual obligations we may owe to our customer;
Legal obligation(s) under applicable law to retain data for a certain period of time or with respect to pending or anticipated legal actions;
Our legitimate interest where we weigh your interest in controlling your Personal Data and against our lawful purpose in processing your Personal Data;
Statutes of limitations under applicable law(s);
If you have made a request to have your information deleted; and
Guidelines issued by relevant data protection authorities.
Otherwise, pursuant to Data Privacy Laws, we will securely erase your Personal Data once there is no lawful basis or legal obligation to store or process it.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on servers or in locations in data centers that we control or manage such resources.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, or other authentication providers, you are responsible for keeping this password or other authentication provider data confidential. We ask you not to share your password or authentication service with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we take reasonable effort to secure your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Sites or via our Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites or via the Services.
Where noted above when contacting us about privacy matters, please contact our Privacy Officer at privacy@ditrauma.com.
