- Home /
Last Revised: March 4th, 2022
This policy sets out how We protect Your personal information, the personal information of Your Customers, Your privacy rights and the rights of external users of Platform Services by clearly explaining the following:
*What Information We Collect and Why
*How We Use Your Information
* With Whom Your Information is Shared
* How We Protect Your Information
*Your Customers’ Rights
* Notification of a Breach of Your Information Under Our Control
This policy applies to all personal information stored on systems and media which are owned, leased or otherwise provided by ORO Health regardless of location.
What Information We Collect and Why
By using the Services, You consent to the collection of the following information:
Information about Yourself
Account Information such as but not limited to: Your name, address, email address, telephone number, tax numbers, entity identification numbers, codes, type of services You offer Your Customers
Login details of all Your employees, consultants, agents, representative or persons under Your control who is either a medical doctor, special nurse practitioner or other health professional who is authorized to administer prescriptions; Your support staff and IT staff with limited access (“Authorized Personnel”)
Any other information You provide
Information about Your Customers
Health information of Your Customers such as but not limited to photographs, medical history, medications, health insurance data, personal physician information, medical history, test and lab results
Name, address, email address, telephone number
Device information regarding Your Customers’ mobile phone or GPS signal
Information We collect Automatically when You use Your account
Your internet protocol address, device, browser type, operating system, the date and time of Your visit, information about the links You click and pages You view when using the Services, server log information
Cookies, pixel tags, and similar technology
How We Use Your Information
Generally, the information collected by Us is used to provide You Platform Services, to contact You, fulfill Your requests, and send You information about additional services. We will use the information to analyze the use of Platform Services, improve the Platform Services, understand Your Customers’ data, customize content You see when You use the Platform Services, and conduct research.
We will use the photographs of Your Customers for machine learning purposes to improve the Platform Services. This use of photographs will NOT be associated with Your Customers’ personal identifiable information such as name, address, email address or Your Account Information. If Your Customers do not wish their photographs to be used for machine learning purposes, Your web portal must provide an area where Your Customers can easily indicate their non-consent, and this information must be sent to Us during the account creation of Your Customer. Should Your Customers wish to withdraw their consent to using their photographs, after creating an account please contact Us at [email protected]. If You have questions about the use of photographs, please contact Us at [email protected].
All photographs retained for machine learning purposes and all medical record information shall be securely maintained by for a period of ten years or less (minimum 16 years if in British Columbia).
In addition to the above uses, We will use information to prevent prohibited or illegal activity on the platform or in using the Platform Services. We will endeavour to disclose to You the reasons for using information at the time it is collected pursuant to Your consent, for any additional reasons in the future.
With Whom do We Share Your Information
We will share Your banking details and partial Account Information with our financial institution.
We will share Your Customers’ information with certain third-party service providers through API connections designed to provide Your Customers with their services (such as but not limited to pharmacy details)
We will share Your Account Information with third-party service providers to be able to provide You the Services. Such third parties provide analytics, storage, and hosting services.
We may share Your Account Information and anonymized information about Your Customers in connection with a substantial corporate transaction such as the sale of the platform, a merger, asset sale, or in the unlikely event of bankruptcy. Anonymized information means the identity can not be discovered or rebuilt by any third party. We may have to disclose Account Information or information from Your Customers in relation to Our response to subpoenas, court orders, legal process, law enforcement, government authority requests or claims, and to protect and defend Our rights and interests.
With Your consent, We may share Your information for other purposes which purposes will be disclosed to You at the time of requesting such consent.
How We Protect Your Information
With Your help in ensuring Your login details are kept securely, We take reasonable security measures to protect the data and information we collect and use from You and Your Customers; however, no platform is able to guarantee 100% security at all times. Some of Our security and confidentiality practices include only authorizing specific personnel with access to Your Information, such personnel include information technology employees or subcontractors with limited access to encrypted data with need-to-know access. Other measures We take to protect information include but are not limited to:
Cloud servers and cold storage
In addition to limited access by specific personnel, We use cloud services for encryption and storage of information, located in Quebec, Canada. Medical records will be maintained in accordance with the legal retention periods of Your province (no longer than 10 years, and 16 years in British Columbia) or country.
After a period of 2 (two) years of inactivity by Your Customers, Your Customers’ information will be transferred to cold storage in the Cloud until the minimum number of required years of retention has expired – after which Your Customers’ information shall be destroyed.
Information collected and used by third parties, are subject to different security practices and You should read their policies and terms to this effect before using their services.
Your Customers’ Rights
Your Customers have the right to have their information deleted from Our databases. This information does not include data which is required to be maintained for government or other legal reasons, and may include information rendered incapable of being read in such a manner as to identify a specific Customer.
Your Customers have the right to obtain access to their information in a digital format they can easily read. Such access shall be provided free of charge and within a reasonable period and You shall be notified if the request is too onerous to provide access to Your Customers.
Your Customers have the right to have their Information transferred to a third-party of their choice in a secure manner.
Your Customers have the right to rectify any errors in the Information collected about them.
In the event of any unauthorized access to Your Account Information or Your Customers’ information under the control of ORO Health which causes or is likely to cause a real risk of significant harm to You or Your Customers, shall be reported to the Privacy Commissioner (or its equivalent body in Your country of residence) as soon as feasible after We determine the breach occurred.
Unless otherwise prohibited by law, We shall notify You of any breach of security safeguards to protect Your information which is under Our control, if it is reasonable in the circumstances to believe the breach creates a real risk of significant harm to You. The notification shall contain sufficient information to allow You to understand the significance of the breach to Your Account Information or Your Customers information, and the steps to take, if any are possible, to reduce the risk of harm which could result from it or to mitigate such harm to You and/or Your Customers. Such notification shall be provided as soon as feasible after We determine the breach occurred.
Sensitive information which could pose a real risk of significant harm to You or Your Customers includes but is not limited to information which could result in the following:
Damage to reputation or relationships
Loss of employment
Loss of business or professional opportunities
Negative effects on credit records
Damage to or loss of property
You may contact Us at any time via email at [email protected], by telephone at: by mail at: The Data Privacy Director of ORO Health Inc is the Chief Operating Officer who may be contacted at: [email protected] [telephone]
600-201 Notre Dame Street West, Montreal, QC, H2Y 1T4