C L I N I C M A S T E R

Loading

Privacy Policy

This Privacy Policy (the “Policy”) describes how personal information is collected, used and stored through use of Addatech’s clinic management platform, websites and web-based resources (the “Services”).

In this Policy, anyone who has subscribed to and paid for Services is referred to as a “Subscriber”. Any individual such as a practitioner or staff member of a Subscriber, or an individual browsing or using our websites and web-based resources user of our Services can be referred to as “You”.

Notice to Patients

If you are a client of a Subscriber clinic or practitioner, said clinic or practitioner controls your client information, including, but not limited to, your contact information, billing details and patient records. You must first contact your clinic or practitioner for any questions about your patient information and refer to the section titled Patient Data for further information.

Reasons Why Addatech Collects Personal Information

Addatech collects personal information in order to provide our Services to our Subscribers and their users, to learn about how our Services are used, and to provide you with information about our Services. Addatech warrants that it collects only the minimum amount of personal information needed for these purposes and does not sell or trade personal information. Personal information is shared with third parties as prescribed by law and in ways that are described in this Policy.

Details About the Information Addatech Collects from You

Contact Information

Addatech collects your contact information, including, but not limited to, your name and email address(es), when you fill out online forms or set up user account(s) for our Services. We use your contact information to activate your user account, give you access to the Services, to send you notices, or for marketing purposes. Any can opt-out of marketing communications at any time by unsubscribing or contacting Addatech support. Addatech does not collect or manage the contact information of patients, or any marketing or other communications between a Subscriber and its patients.

Billing Information

When a Subscriber subscribes to our Services, we automatically collect payment information to process payment. Payment information is provided directly to our payment processor and is processed in a PCI-compliant manner. Addatech will never keep your payment information.

Log and Device Information

Addatech collects information about how you are accessing our Services when you access and browse our Services. We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used.

Cookies and Tracking Information

Addatech’s Platform and websites use cookies. Please be advised your web browser allows you to manage cookies through its “settings” menus. As a user, you can change your browser settings to display a warning message before accepting a cookie, or to refuse all cookies. As a user, you can also delete cookies at any time, but please be advised that certain cookies must not be deleted for our Services to function correctly. Web beacons are used to determine if a user has viewed a web page or email.

Cookies and web beacons are used:

  • To learn about Platform and website activity;
  • To identify the effectiveness of communications or marketing campaigns;
  • To allow login to secure areas of our Services;
  • To store login credentials for easy access to our Services

Social Media

If you login to our Services using a third-party social media sign-in service, Addatech will receive personal information from those services, such as, but not limited to, your name, email address and profile photo, in order to pre-populate online forms. Social media “Like” and “Share” buttons could also be included on our websites and these features may collect your IP address and the page(s) you are visiting on our website. They may also set a cookie to enable the feature to function properly. Be advised that your interactions with these features are governed by the privacy policies of the third parties who provide them.

General Data Protection Regulation (EU and UK)

For personal information that is subject to the General Data Protection Regulation (the “GDPR”), Addatech collects and uses your personal information provided that:

  • You consent;
  • Our legitimate interests do not compete or override with your privacy rights.

You may withdraw your consent at any time

Where Addatech uses your personal information for our legitimate interests, you have the right to object to that use at any time. See the section Your Rights to learn how to withdraw consent or object.

If you are a client of one of our Subscriber, please first contact your clinic or practitioner with any questions about the legal basis for collecting and using your personal information. Each Subscriber may have a different legal basis for collecting and using a client’s personal information.

Patient Data

Patient Data

Subscribers use Addatech’s Services to collect personal information from their clients and create client records. These records may include a client’s name, address, health insurance, billing information, medical charts, appointment history and other patient data (“Patient Data”). If you are a client, Patient Data is collected from you when you visit your clinic or practitioner and when you set up an account with the clinic through Addatech’s online booking Services.

Subscriber’s Role

Subscribers retain sole control over Patient Data, and determine:

  • What Patient Data to collect;
  • How the Subscriber will use the Patient Data;
  • Who has access to Patient Data;
  • How long the Subscriber will store Patient Data;
  • Reasons for delete Patient Data.

Subscribers are sole responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use.

Addatech’s Role

Addatech is a service provider to Subscribers and may be referred to as a “processor” of the Subscriber. Addatech stores Patient Data in secure data centers and makes it readily available to Subscribers and their users through its Services. Be advised that Addatech has no other control over Patient Data and will only access Patient Data on the strict instructions of the Subscriber, practitioners or staff, where needed in order to prevent or address technical problems, or if required by law or court order.

Storage Location

Patient Data is stored in the regional data centre required by law. Addatech currently has regional data centres in Canada, the United States, UK, and Australia. All data centres and all service providers Addatech works with maintain a high level of security standards and are compliant with applicable privacy laws.

Patient Rights

Patients have certain rights with respect to their Patient Data, which may include details about what information your clinic stores about you, how to correct inaccurate Patient Data records, how to obtain a record of your Patient Data and, how to delete or remove your Patient Data.

Questions about Patient Data

Any questions about your Patient Data, or wish to exercise any of your patient rights, must be addressed by contacting your clinic or practitioner. If your clinic or practitioner has any questions about the management of Patient Data in the Services, they may hen contact Addatech for support. Be advised that in order to maintain strict security of Patient Data, Addatech can only access Patient Data upon express instructions from the Subscriber.

Sharing Your Information

Addatech does not sell or distribute personal information to third parties for commercial or marketing purposes. Sharing of collected personal information may occur in the following circumstances:

Suppliers and Service Providers

In order to operate Addatech’s business and provide Services to Subscribers and their users, we may need to share a limited amount of personal information, which may include Patient Data, with third-party suppliers and service providers. We ensure that third parties receiving personal information have provided appropriate safeguards, and that privacy rights are protected and preserved, namely by these third-party suppliers and service providers:

  • Our data centers where Platform data is stored
  • Customer support services to collect feedback and manage our support services
  • Communication services to send notices or reminders
  • Payment processors

Corporate Transactions

Addatech may share personal information when negotiating or carrying out transactions for financing, acquisition(s), merger(s) or amalgamation(s), or a sale of all or part of our company assets. We will ensure that appropriate confidentiality and non-disclosure undertakings are in place. We will not share Patient Data in any of these circumstances.

Compliance with Laws

Addatech may disclose personal information to a third party if required to do so by law, government request, court order or regulatory body. Disclosing personal information may also be done when enforcing Addatech’s legal rights, security requirements, or when responding in good faith to an emergency. We will always make every reasonable effort to give you a notice regarding the disclosure of your personal information, what information was disclosed and why. We will not disclose Patient Data unless legally required to do so.

Anonymized/Aggregated Data

Addatech may use computer-generated algorithms to gather anonymous and aggregated information from Subscribers and their Patient Data in order to assist in development and improvement of our Services, and for research, data analysis, benchmarking, statistics or trend analysis. We will ensure that none of the information we gather identifies, or could be used to identify, any user or client. Addatech may share such anonymized information with Subscribers and other third parties.

Security

Addatech protects your personal information, including Patient Data stored in our platform, by:

  • Using industry standard security controls such as, but not limited to, encryption and SSL. certificates to ensure information is transmitted over a secured connection;
  • Using industry-standard data centres with appropriate security and compliance certifications;
  • Having our staff sign strict confidentiality agreements to ensure they understand the confidential nature of the data we process, and only accessing your account when requested;
  • Requiring password protection of your user account with a password set by you.

Despite our best efforts, no electronic communication can ever be completely secure. As a user, you share equal responsibility to protect your personal information by crafting a strong password and by keeping your username and password confidential at all times.

Storage Period

Addatech retains personal information only for as long as necessary to achieve the stated purposes, or as required by applicable law. User account information may also be retained to comply with our legal obligations, resolve disputes or preserve a business relationship with your Subscriber. Payment information is never kept or stored. If you are a client of one of our Subscribers, please first contact your clinic or practitioner directly for information regarding the storage period for your Patient Data.

International Transfers

Personal information may be conveyed to and processed in Canada and the United States. Addatech ensures that industry-standard safeguards exist and that privacy rights are protected and preserved.

Your Rights

Each client may have certain rights regarding their personal information, as set forth in this section. If you are a client of one of our Subscribers, please first contact your clinic or practitioner to exercise any of these Patient Data rights.

Correction and Deletion

Addatech will make reasonable efforts to ensure that the collected personal information is accurate and complete. As a user, you may update, correct or delete account information at any time by logging into your account and make the appropriate updates. You may also update, correct or delete your personal information by contacting Addatech.

Withdrawing Consent

Wherever and whenever applicable, you have the right to withdraw consent at any time by contacting Addatech.

Access and Portability

You have the right to contact Addatech, request and ask for a record of your personal information that Addatech may have collected about you. There may be cases where this information cannot be provided to you if it would mean disclosure of personal information of another person or other confidential information, or if it would compromise our security systems. We will respond to you within thirty (30) days of receiving your request but may charge a pre-determined fee where permitted by applicable law.

Restriction and Objection

Users in the EU may request that we restrict our use of their personal information and you have the right to object to such use. In these cases, Addatech can and may be required to no longer use your personal information. Be advised that this may cause certain components of our Services to not be made available to you anymore. Your right to restrict or object can be exercised by contacting Addatech.

Complaints

You have the right to lodge a complaint with a supervisory authority. You may also contact the Privacy Commissioner of Canada (for international matters and inter-provincial matters) ( http://www.priv.gc.ca/ ).

Contact Us

Questions or concerns about our Privacy Policy and our privacy practices can be forwarded to support@Addatech.com. Addatech will make every effort to answer your questions.

Updated on September 20th, 2020. This Privacy Policy is subject to changes and updates from time to time.