Privacy Policy

Horizontal Oro logo

ORO Health Inc –Privacy Policy with Clients

Last Revised: March 4th, 2022

ORO Health Inc (“ORO Health”, “Us”, “We”, and “Our”) is providing this privacy policy to You, the Client, who engages with US for the provision of Platform Services.  ORO Health provides a platform enabling You to provide medical, telemedicine, and/or telehealth services to individuals of the general public in Canada or Your country (such individuals being Your Customers) who access the Platform through Your web portal associated with (the “Services”).  You may also be referred to as “Client”, “Your” and “You”.    We are providing You with information about the privacy and confidentiality practices applicable to ORO Health and the Platform Services which link to this Privacy Policy.  In addition, any personally identifiable information provided by Your Customers for the purpose of them being able to obtain medical, telemedicine or telehealth services from You will also be subject to Our compliance with the Act Respecting the Protection of Personal Information in the Private Sector, The Personal Information Protection and Electronic Documents Act, the Health Insurance Portability and Accountability Act, General Data Protection Regulation and the UK General Data Protection Regulation,  and Canadian provincial health information laws as applicable.

This policy sets out how We protect Your personal information, the personal information of Your Customers, Your privacy rights and the rights of external users of Platform Services by clearly explaining the following:

*What Information We Collect and Why

*How We Use Your Information

* With Whom Your Information is Shared

* How We Protect Your Information 

*Your Customers’ Rights

* Notification of a Breach of Your Information Under Our Control

This policy applies to all personal information stored on systems and media which are owned, leased or otherwise provided by ORO Health regardless of location.

What Information We Collect and Why

By using the Services, You consent to the collection of the following information:

Information about Yourself

  • Account Information such as but not limited to: Your name, address, email address, telephone number, tax numbers, entity identification numbers, codes, type of services You offer Your Customers

  • Login details of all Your employees, consultants, agents, representative or persons under Your control who is either a medical doctor, special nurse practitioner or other health professional who is authorized to administer prescriptions; Your support staff and IT staff with limited access (“Authorized Personnel”)

  • Banking details

  • Any other information You provide

Information about Your Customers

  • Health information of Your Customers such as but not limited to photographs, medical history, medications, health insurance data, personal physician information, medical history, test and lab results

  • Name, address, email address, telephone number

  • Device information regarding Your Customers’ mobile phone or GPS signal

Information We collect Automatically when You use Your account

  • Your internet protocol address, device, browser type, operating system, the date and time of Your visit, information about the links You click and pages You view when using the Services, server log information

Cookies, pixel tags, and similar technology 

We may use cookies, pixel tags and similar technology to automatically collect information You provide and information automatically collected.  Cookies are information stored by Your computer’s web browser.  Pixel tags are small images or pieces of data embedded in images to recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from Your computer or device.  

Flash cookies may be larger than cookies and are downloaded to a computer or mobile device by Adobe Flash media player.  By using the Platform Services, You consent to Our use of cookies and similar technologies.  You may modify the use of cookies on Your browser through the settings area of Your browser; however, Your experience with the Platform Services may not work properly if You turn off all or some cookies.

How We Use Your Information

Generally, the information collected by Us is used to provide You Platform Services, to contact You, fulfill Your requests, and send You information about additional services.  We will use the information to analyze the use of Platform Services, improve the Platform Services, understand Your Customers’ data, customize content You see when You use the Platform Services, and conduct research.  

We will use the photographs of Your Customers for machine learning purposes to improve the Platform Services.  This use of photographs will NOT be associated with Your Customers’ personal identifiable information such as name, address, email address or Your Account Information.  If Your Customers do not wish their photographs to be used for machine learning purposes, Your web portal must provide an area where Your Customers can easily indicate their non-consent, and this information must be sent to Us during the account creation of Your Customer.  Should Your Customers wish to withdraw their consent to using their photographs, after creating an account please contact Us at [email protected]. If You have questions about the use of photographs, please contact Us at [email protected].

All photographs retained for machine learning purposes and all medical record information shall be securely maintained by for a period of ten years or less (minimum 16 years if in British Columbia).  

In addition to the above uses, We will use information to prevent prohibited or illegal activity on the platform or in using the Platform Services.  We will endeavour to disclose to You the reasons for using information at the time it is collected pursuant to Your consent, for any additional reasons in the future.

With Whom do We Share Your Information

We will share Your banking details and partial Account Information with our financial institution.

We will share Your Customers’ information with certain third-party service providers through API connections designed to provide Your Customers with their services (such as but not limited to pharmacy details)

We will share Your Account Information with third-party service providers to be able to provide You the Services.  Such third parties provide analytics, storage, and hosting services.

We may share Your Account Information and anonymized information about Your Customers in connection with a substantial corporate transaction such as the sale of the platform, a merger, asset sale, or in the unlikely event of bankruptcy. Anonymized information means the identity can not be discovered or rebuilt by any third party. We may have to disclose Account Information or information from Your Customers in relation to Our response to subpoenas, court orders, legal process, law enforcement, government authority requests or claims, and to protect and defend Our rights and interests.  

With Your consent, We may share Your information for other purposes which purposes will be disclosed to You at the time of requesting such consent.  

How We Protect Your Information

With Your help in ensuring Your login details are kept securely, We take reasonable security measures to protect the data and information we collect and use from You and Your Customers; however, no platform is able to guarantee 100% security at all times.  Some of Our security and confidentiality practices include only authorizing specific personnel with access to Your Information, such personnel include information technology employees or subcontractors with limited access to encrypted data with need-to-know access.  Other measures We take to protect information include but are not limited to:

  • Backups

  • Encryption

  • Segregated databases

  • Redundancy measures

  • Cloud servers and cold storage

In addition to limited access by specific personnel, We use cloud services for encryption and storage of information, located in Quebec, Canada.  Medical records will be maintained in accordance with the legal retention periods of Your province (no longer than 10 years, and 16 years in British Columbia) or country.

After a period of 2 (two) years of inactivity by Your Customers, Your Customers’ information will be transferred to cold storage in the Cloud until the minimum number of required years of retention has expired – after which Your Customers’ information shall be destroyed.

Information collected and used by third parties, are subject to different security practices and You should read their policies and terms to this effect before using their services.

Your Customers’ Rights 

Your Customers have the right to have their information deleted from Our databases.  This information does not include data which is required to be maintained for government or other legal reasons, and may include information rendered incapable of being read in such a manner as to identify a specific Customer.

Your Customers have the right to obtain access to their information in a digital format they can easily read.  Such access shall be provided free of charge and within a reasonable period and You shall be notified if the request is too onerous to provide access to Your Customers.  

Your Customers have the right to have their Information transferred to a third-party of their choice in a secure manner.  

Your Customers have the right to rectify any errors in the Information collected about them.  

With respect to any of the above rights, please instruct Your Customers to contact Us at [email protected] to exercise these rights.  We endeavour to respect the rights listed within 15 business days from the date of request.  Any complaints regarding this privacy policy and its use should be sent to [email protected]

Breach Notification

In the event of any unauthorized access to Your Account Information or Your Customers’ information under the control of ORO Health which causes or is likely to cause a real risk of significant harm to You or Your Customers, shall be reported to the Privacy Commissioner (or its equivalent body in Your country of residence) as soon as feasible after We determine the breach occurred.

Unless otherwise prohibited by law, We shall notify You of any breach of security safeguards to protect Your information which is under Our control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to You.  The notification shall contain sufficient information to allow You to understand the significance of the breach to Your Account Information or Your Customers information, and the steps to take, if any are possible, to reduce the risk of harm which could result from it or to mitigate such harm to You and/or Your Customers.  Such notification shall be provided as soon as feasible after We determine the breach occurred.

Sensitive information which could pose a real risk of significant harm to You or Your Customers includes but is not limited to information which could result in the following:

  • Bodily harm

  • Humiliation

  • Damage to reputation or relationships

  • Loss of employment

  • Loss of business or professional opportunities

  • Financial loss

  • Identity theft

  • Negative effects on credit records

  • Damage to or loss of property

General Provisions

This Privacy Policy shall be governed and construed in accordance with the laws of the province of Quebec and Canada without regard to principles of conflicts of law.  You agree, any claim or dispute against Us arising out of or relating to the Platform Services must be resolved by arbitration before one arbitrator in Quebec City, Quebec.  Any changes to this policy shall be effective seven days after the Last Revised date indicated above.  

You may contact Us at any time via email at [email protected], by telephone at:  by mail at:  The Data Privacy Director of ORO Health Inc is the Chief Operating Officer who may be contacted at:  [email protected] [telephone]

600-201 Notre Dame Street West, Montreal, QC, H2Y 1T4