This Privacy Statement tells you about the collection, use, and disclosure of information related to, and your rights in respect of, the data Digital Innovation Solutions, Inc. ("Company", "We", "Us" or similar pronouns) collects and process related to your use of our services via our website and ancillary services related to our trauma center software service, and other electronic services that link to this Privacy Statement (collectively the "Service(s)" and such locations or applications, the “Sites”). Please be sure to read this entire Privacy Statement before using the Service.
The official PDF of this Privacy Statement can be downloaded here.
The Company is a trauma registry system service provider to trauma centers throughout the United States (the "Trauma Registry Service"). In connection with our provision of the Trauma Registry Service, the Company provides training and backoffice support services to persons who are managing the Trauma Registry Service (“Users”). This Privacy Statement general, the Service collects and processes information about Users of the Trauma Registry Service.
Our obligations with respect to the data stored by the trauma center in the Trauma Registry Service are set forth in a Business Associate Agreement between the Company and the trauma center, and that data is owned by the trauma center or the patients that use the trauma center services and is subject to the trauma center’s privacy policies.
Subject to our more explanatory statement below, we do not sell your Personal Data and, we do not share your Personal Data with third parties except with your consent (opt in).
By registering for or otherwise using the Service, you agree to the terms of this Privacy Statement. Specifically, you authorize the collection, processing, retention, and disclosure of Information about You by Company and its affiliates, business partners, and service providers for the purposes described in this Privacy Statement or as described to you during your interactions with the Service. For example, We might clarify our practices when you register or when you use the Service, or one of its functions, for the first time.
This Privacy Statement is updated as of October 22, 2025. We reserve the right to update this Privacy Statement. If We update this Privacy Statement, We will use reasonable electronic efforts to advise you of the change, which may include posting a notice of the change in the Service (for example when you login), or we may send you an electronic notification of the change. If We notify you by an electronic communication, We will provide these electronic messages to your last known or provided electronic communication address (which may be for example, a text message address, X/Twitter user name, or other site address). You are responsible to review communications we send to those addresses, to authorize communications from us, and to keep those addresses up to date. Use of the Service after our notice of a change in the Privacy Statement is acceptance of the terms and changes in the updated Privacy Statement, which shall, unless expressly prohibited by applicable law (or unless expressly stated in such changed Privacy Statement), be effective from the inception of your use of the Service.
We collect and process your Personal Data as described below solely for use in providing Trauma Registry Service to Users. As noted below, except for certain anonymous, de-identified data that may be used by our service providers in their provision of services to us, we do not sell your Personal Data.
THIS IS A NOTICE TO YOU CONCERNING, AND BY USING THE SERVICE, YOUR CONSENT, TO THE COLLECTION AND USE OF PERSONAL DATA ABOUT YOU COLLECTED AND USED BY COMPANY.
We use the information about you to provide the Trauma Registry Services, and to market our additional services and options to you.
Except as disclosed above in the section “NOTICE AT COLLECTION,” except for the normal operation of the Service which is a cloud service that stores your data in a data store with the cloud service provider, and except for storing some of your information in services that assist us in communicating with you, such as email service providers, or content management services, in each case that we use internally, We do not share information about you with third parties.
If we have stored incorrect information about you contact Us as specified below and We will take appropriate steps to update or correct such information in our possession, or to make changes to the Information about You in accordance with the process described below entitled “Process for Exercising your rights in Personal Data”.
We may communicate with you through electronic communications and through the Service, such as through the use of notifications and alerts. You may manage certain other ways in which We communicate with you. For example, you may subscribe or unsubscribe to certain electronic communications from Us, such as for notifications and information about updates to the Services. You may not unsubscribe from administrative Service and electronic messages that We may send, such as to alert you of changes in our Privacy Statement or Terms of Service.
The Service may provide hyperlinks and references to other websites or allow you to connect your information on this Service to such sites. Our Privacy Statement does not apply to those websites, and we are not responsible for the content or function of those websites. We encourage you to become familiar with the privacy practices of the other websites that you use.
Technology Logging, Cookies, and Related Techniques
When you interact with the Service, your browser or other device may communicate other technical information that we use as part of our Services. For example, as you use the Service, your browser or other device communicates with our technology, which in turn keeps records of your interactivity and requests for services and content to assist Us in managing and improving the utility of the Service, and to conduct research and analysis on its use. The types of such interactive information may include your Internet Protocol (IP) address, browser / device type, URL, requests made, device identification information, mouse clicks, sensor information (keystrokes) and related technical usage information. We use cookies and other remote side storage technology (such as clear gifs or web beacons) to authenticate you to the Service, maintain your session, to analyze how the Service is used, to keep track of your progress in viewing a video or other content, to link information about how you use the Service with your account, and to help tailor our Services. The Service may not function properly if your browser or device is configured so it does not accept these associated cookies and other technical means.
The Service is not intended for use by persons under the age of 18.
If you have any questions about this Privacy Statement or the practices of the Service, you may contact our Privacy Officer as noted below.
You may have additional rights under state law to access certain information. For example California residents may have rights under California Code Section 1798.83. We honor those rights.
You may set a browser or other device to automatically send a “do not track” or “do not sell” or other privacy signal to our servers, which is generally known as the general privacy control (GPC) signal. See, generally, globalprivacycontrol.org. We do not use the GPC to opt out of selling your Personal Data, instead, please email privacy@ditrauma.com for any privacy-related concerns.
Company is a United States of America business with its core operations in the United States. Information about You may be processed by Us, our affiliates, business partners, or service providers in the United States.
This section describes certain rights you may have under the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Consumer Privacy Act (CPRA), other similar state laws applicable in the United States, and under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). Collectively the above referenced laws and regulations are referred to herein as the “Data Privacy Laws.”
For individuals that have Personal Data stored in our Service we have created the following mechanisms and practices to provide you with the following control over your personal information that comprises personal data as defined under GDPR, or personal information as defined under the CCPA/CPRA or other state laws (references below to “Personal Data” are meant to also encompass the term “personal information” under the CCPA/CPRA and similar laws):
If any of your Personal Data provided to Company is subject to the Data Privacy Laws, you have a number of rights. Further information and advice about your rights can be obtained from the data protection regulator in your country (under the GDPR) or typically from your state Attorney General, under CCPA/CPRA and other state laws.
IMPORTANT: When you contact Company to exercise your rights it is very important for security verification and other purposes that you use any email address that you know is associated with the Personal Data about which you are contacting Company. Be aware that Company may use reasonable efforts to verify your identity to ensure that it does not improperly disclose, modify or delete Personal Data.
Please also be aware that we cannot search, and therefore cannot locate, any stored documents or information that are either encrypted in a manner that precludes us from accessing the unencrypted information, or that have been de-identified in a manner that prevents us from linking the Personal Data to an individual.
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities from third parties).
HOW TO EXERCISE YOUR RIGHT: If you want to object to certain types of processing, please direct your communication to our Privacy Officer as noted below, providing specific and detailed information regarding your objection and requested action.
Be aware that you cannot object to certain types of processing of your Personal Data, which limitations are set forth in the Data Privacy Laws. If Company determines that it is required to continue to process your Personal Data it will provide you the basis on which it has made this determination.
You have the right to be provided with clear, transparent, and easily understandable information about how we use and process your Personal Data. This is why we are providing you with the information in this privacy statement.
HOW TO EXERCISE YOUR RIGHT: If you have questions about the privacy statement or how Company may be processing your Personal Data, please direct your communication to our Privacy Officer as noted below and please be specific and detailed about your questions and Company will promptly address those questions.
You have the right to obtain access to your Personal Data (if we are processing it), and certain other information about Our privacy practices with respect to your Personal Data (similar to that provided in this Privacy Statement).
This is so you are aware and can check that we are using your information in accordance with GDPR/CCPA/CPRA or any other applicable data protection laws.
HOW TO EXERCISE YOUR RIGHT: If you have questions specific to your Personal Data and how Company is using it in accordance with GDPR, CCPA/CPRA or other applicable laws, please direct your communication to our Privacy Officer as noted below, and please be specific and detailed about your questions and Company will promptly address those questions.
You are entitled to have your Personal Data corrected if it is inaccurate or incomplete.
HOW TO EXERCISE YOUR RIGHT: If you believe your Personal Data processed by Company is incorrect and needs to be updated or otherwise corrected, please check your settings with respect to your account, and if you still believe your Personal Data is inaccurate, direct your communication to our Privacy Officer as noted below.
This is also known as “the right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your Personal Data where there’s no basis for us to continue to process it or to retain it. This is not a general right to erasure; there are exceptions as stated in the Data Privacy Laws.
HOW TO EXERCISE YOUR RIGHT: If you no longer want Company to have and/or process your Personal Data, to the extent we do not provide a self-service means of deleting your Personal Data, please direct your communication to our Privacy Officer as noted below.
(NOTE: Consistent with Data Privacy Laws Company may retain a trivial amount of information, for example, to keep a record of its compliance with your request.)
You may have rights to “block” or suppress further use of your Personal Data that Company processes. When processing is restricted, we can still store your Personal Data but may not use it further. We may keep lists of people who have asked for further use of their information to be “blocked” to make sure the restriction is respected in future, but also be aware that upon making this request, we may terminate your account and delete your Personal Data instead of restricting the processing of it.
HOW TO EXERCISE YOUR RIGHT: If you want to restrict, or terminate restrictions, on Company’s processing your Personal Data, please direct your communication to our Privacy Officer as noted below.
You may have rights to obtain and reuse your Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider of services like the Services from Company that you subscribed to, this may enable you to move, copy, or transfer your Personal Data.
HOW TO EXERCISE YOUR RIGHT: Company may have or may in the future provide you with the ability to download your Personal Data. If Company has done so, please use these functions to obtain a copy of your Personal Data. If Company has not enabled this functionality, and if you want Company to export your Personal Data for portability, please direct your communication to our Privacy Officer as noted below.
(NOTE: Company will retain and continue to process your Personal Data unless you also request to be forgotten or request restricted or blocked processing.)
You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator (GDPR/UK) or applicable state regulator (under CCPA/CPRA or other state law). However, we hope you will contact Company first (by calling or emailing our Privacy Officer as noted below) so Company can try to address your complaint directly.
HOW TO EXERCISE YOUR RIGHT: If you want to lodge a complaint with Company, please direct your communication to our Privacy Officer as noted below.
If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your Personal Data for marketing purposes.
HOW TO EXERCISE YOUR RIGHT: If you want Company to withdraw your consent to process your Personal Data, please either use out functionality in the Sites to make such a request, or if we have not enabled such functionality, direct your communication to our Privacy Officer as noted below.
We cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under Data Privacy Laws. However, if you refuse to provide your Personal Data to us or exercise one of your rights, for example, to delete your Personal Data or restrict its processing, and that Personal Data or processing is necessary for us to provide you with Services, we may not be able to complete that transaction and we may terminate your access to the Services.
You may report any claim that we have engaged in discrimination against you to an applicable regulator, though we would prefer that you first contact our Privacy Officer as noted below so that we may address your concern.
First, to the extent Data Privacy Laws requires us to take an action without charging you, we will comply with those legal requirements. In some cases we may be permitted to charge for some of these services. We usually act on requests and provide Personal Data free of charge, but in such cases we may charge a reasonable fee to cover our administrative costs of providing the Personal Data, which such costs can arise in one or more of the following cases, which are not meant to express all the instances in which we may charge a fee:
Alternatively, we also may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
We only retain your Personal Data for as long as is necessary for us to use your information as described above or to comply with our legal obligations and legitimate interests, including to perform contracts with our customers (who are collecting your Personal Data). Please be advised that this means that we may retain some of your Personal Data. For instance, we may retain your data as necessary to meet our legal obligations, such as for tax and accounting purposes.
Our service is not a backup service. We do not assume an obligation to retain your information.
When determining the relevant period in which we retain or establish/revise periods for retaining Personal Data, we will take the following factors into account:
Otherwise, pursuant to Data Privacy Laws, we will securely erase your Personal Data once there is no lawful basis or legal obligation to store or process it.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on servers or in locations in data centers that we control or manage such resources.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, or other authentication providers, you are responsible for keeping this password or other authentication provider data confidential. We ask you not to share your password or authentication service with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we take reasonable effort to secure your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Sites or via our Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites or via the Services.
Where noted above when contacting us about privacy matters, please contact our Privacy Officer at privacy@ditrauma.com.
