At Therabyte, we are extremely concerned to protect your confidentiality and privacy. We understand that all users of our website are also concerned to know that their information and data will not be used for any purpose other than those intended by them. If at any time you think our policy falls short of your expectations or that we are not abiding by our policy, please reach out to us.
2. Nature of privacy law in Canada
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations. It sets out the ground rules for how businesses must handle personal information in the course of commercial activity. During the development of Therabyte it became evident that practitioners and clinics want to learn how “personal information” can be protected.
What is “personal information”?
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
To date, Quebec, British Columbia and Alberta have adopted private sector legislation deemed substantially similar to the federal law. As well, Ontario, New Brunswick, Nova Scotia, and Newfoundland and Labrador have adopted substantially similar legislation with respect to personal health information.
Even in the provinces listed above, PIPEDA continues to apply to all interprovincial and international transactions. Therabyte works diligently to apply both federal and provincial rules.
The definition of “personal information” varies slightly from province to province legislation:
- British Columbia (PIPA) – means information about an identifiable individual and includes employee personal information but does not include a) contact information or b) work product information
- Alberta (PIPA) – means information about an identifiable individual
- Ontario (PHIPA) – means identifying information about an individual in oral or recorded form, if the information,
- relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,
- relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,
- is a plan of service within the meaning of the Home Care and Community Services Act, 1994 for the individual,
- relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the individual,
- relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance,
- is the individual’s health number, or
- identifies an individual’s substitute decision-maker.
- New Brunswick (PHIPAA) – PHI is defined as identifying information about an individual regardless of form, including information that is oral, written or photographed. It applies to information recorded or stored in media such as paper, microfilm, X-rays and electronic records if the information:
- relates to an individual’s physical or mental health, family history or health-care history, including
genetic information about the individual;
- is the individual’s registration information, including the Medicare number of an individual;
- relates to the provision of health care to an individual;
- relates to information about payments or eligibility for health care in respect of an individual, or eligibility for coverage for health care in respect of an individual;
- relates to the donation by an individual of any body part or bodily substance of the individual or is derived from the testing or examination of any body part or bodily substance;
- identifies an individual’s substitute decision maker; and
- identifies an individual’s health-care provider
- relates to an individual’s physical or mental health, family history or health-care history, including
3. Information we collect from you
The following is a list of information we collect when you sign up for Therabyte Services and why it is necessary to collect it:
Basic identification and contact information, such as your name and contact details
- To maintain our accounts
- To verify your identity for security purposes
- To enable us to answer your questions
- To provide you with our services
- For marketing our services and products
- For improvement and purpose of quality control of our web applications and sites
Application usage patterns, such as frequency of use, type of use, features accessed, IP address, computer host details (e.g., IP address, MAC address, operating system type/version/language, web browser type and version
- To understand customer/user experience patterns and trends to improve parts of the Services
- To help us anticipate and/or determine potential security threats
- To provide you with analytical usage data to help you improve your practice
Billing information – includes name, phone number, billing address and credit card number
- To purchase services and product for Therabyte
- This information is only used for internal purposes
- This information is used to obtain payment for services you have ordered from us. This information is never actually stored by us.
4. Your personal data
We will never use your information for any other reason than to help you integrate it with the services you have purchased.
We do not sell personal information to third parties.
5. Data Retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If at any time you no longer wish to use our products and services, or your information changes, you can update or delete information by logging into your account. Alternatively, you may contact support at email@example.com.
6. How secure is Therabyte?
At Therabyte, we understand the importance of maintaining all data safe and secure. In order to achieve the highest level of security Therabyte has committed to the following:
- Data encryption – This is the most effective way to achieve data security. Sensitive information, such as passwords, are translated into a secret code. As a result, not even Therabyte can read your encrypted information. Using a key or password, you are the only individual able to access encrypted information.
SSL – Additionally, we use a technology called SSL. This is the same technology used by banks to secure information being transferred over the internet. This technology establishes a secure link between your internet browser and our servers. This link ensures that all data passed remain private and integral. No computer system or information can ever be fully protected against every possible hazard, but Therabyte is committed to providing reasonable and appropriate security controls to protect this Site and its information against foreseeable hazards.
Backups – We understand that your notes and documentation are critical to your practice’s success. At Therabyte, data is backed up on a regular basis so you can rest assured your data is safe. We use an automated process so you never have to worry about backing up any of the information you have in Therabyte.
7. Disclosure to Government and other legal disclosure
We may be required to give information to legal authorities if they so request it. We reserve the right to disclose your information in the follow cases:
- As required by law such as to comply with a subpoena, or similar legal process
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,
- if Therabyte is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Websites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information,
- to any other third party with your prior consent to do so.
8. Data ownership
All data and information that is uploaded from your practice into Therabyte is owned by you, the account holder. In other words, Therabyte can be thought of as a container for all of your information. As a result, all your information is easily accessible and stored so you can use it at any time.
Additionally, since information is owned by you, Therabyte allows for data to be downloaded. You are able to use our export tools to save information and documents into your personal drives.
Third Party Cookies
Our Website pages contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.
Customer reviews, testimonials and comments
We post customer testimonials/comments/reviews on our web site which may contain personally identifiable information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. To request removal of your personal information from Testimonials or comments please contact us at firstname.lastname@example.org
Social media widgets
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Websites, you can contact us at email@example.com.
10. If you’re a user or visitor in the European Economic Area these rights also apply to you:
Therabyte is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
If at any time there is a data breach, we will let you know within 72 hours. We will contact you via the email you provided to us when you signed up for our services.
Legal basis for processing
We only use your personal information as permitted by law. The table below informs you of the legal basis of the processing of your personal information:
|With your consent||Processing is based on your consent. Areas where we rely on your consent, you have the right to withdraw it at anytime.|
|To comply with law||Processing is necessary to comply with our legal obligations.|
|To provide our services||Processing is necessary to move forward with your request for our Services or perform our contract with you.|
|To communicate with you
To create aggregated or de-identified information
For compliance, fraud prevention and safety
|These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
11. Rights of access, correction, erasure, and restriction
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information we hold about you if you believe we are holding incorrect data.
- Request erasure of some or all the personal information we hold about you.
- Request restriction of processing of your personal data
- Request transfer to a third party of your personal data should you so require
- Object to us processing the data
12. Data Protection Officer
Therabyte uses an internal Data Protection Officer to oversee the whole privacy process. This ensures that our privacy efforts are focused and our compliance up-to-date. If you have any questions about security on our Websites, you can contact us at firstname.lastname@example.org.
We reserve the right to update this privacy notice at any time, to reflect changes to our information practices. Changes in how we use your personal information will be notified to you by email or by means of a notice on the Therabyte website.
If you have any questions in regards to this Privacy Statement you can contact us via email@example.com.