In this Policy, anyone who has subscribed to and paid for Services is referred to as a “Subscriber”. Any individual such as a practitioner or staff member of a Subscriber, or an individual browsing or using our websites and web-based resources user of our Services can be referred to as “You”.
If you are a client of a Subscriber clinic or practitioner, said clinic or practitioner controls your client information, including, but not limited to, your contact information, billing details and patient records. You must first contact your clinic or practitioner for any questions about your patient information and refer to the section titled Patient Data for further information.
Addatech collects personal information in order to provide our Services to our Subscribers and their users, to learn about how our Services are used, and to provide you with information about our Services. Addatech warrants that it collects only the minimum amount of personal information needed for these purposes and does not sell or trade personal information. Personal information is shared with third parties as prescribed by law and in ways that are described in this Policy.
Addatech collects your contact information, including, but not limited to, your name and email address(es), when you fill out online forms or set up user account(s) for our Services. We use your contact information to activate your user account, give you access to the Services, to send you notices, or for marketing purposes. Any can opt-out of marketing communications at any time by unsubscribing or contacting Addatech support. Addatech does not collect or manage the contact information of patients, or any marketing or other communications between a Subscriber and its patients.
When a Subscriber subscribes to our Services, we automatically collect payment information to process payment. Payment information is provided directly to our payment processor and is processed in a PCI-compliant manner. Addatech will never keep your payment information.
Addatech collects information about how you are accessing our Services when you access and browse our Services. We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used.
Cookies and web beacons are used:
If you login to our Services using a third-party social media sign-in service, Addatech will receive personal information from those services, such as, but not limited to, your name, email address and profile photo, in order to pre-populate online forms. Social media “Like” and “Share” buttons could also be included on our websites and these features may collect your IP address and the page(s) you are visiting on our website. They may also set a cookie to enable the feature to function properly. Be advised that your interactions with these features are governed by the privacy policies of the third parties who provide them.
For personal information that is subject to the General Data Protection Regulation (the “GDPR”), Addatech collects and uses your personal information provided that:
Where Addatech uses your personal information for our legitimate interests, you have the right to object to that use at any time. See the section Your Rights to learn how to withdraw consent or object.
If you are a client of one of our Subscriber, please first contact your clinic or practitioner with any questions about the legal basis for collecting and using your personal information. Each Subscriber may have a different legal basis for collecting and using a client’s personal information.
Subscribers use Addatech’s Services to collect personal information from their clients and create client records. These records may include a client’s name, address, health insurance, billing information, medical charts, appointment history and other patient data (“Patient Data”). If you are a client, Patient Data is collected from you when you visit your clinic or practitioner and when you set up an account with the clinic through Addatech’s online booking Services.
Subscribers retain sole control over Patient Data, and determine:
Subscribers are sole responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use.
Addatech is a service provider to Subscribers and may be referred to as a “processor” of the Subscriber. Addatech stores Patient Data in secure data centers and makes it readily available to Subscribers and their users through its Services. Be advised that Addatech has no other control over Patient Data and will only access Patient Data on the strict instructions of the Subscriber, practitioners or staff, where needed in order to prevent or address technical problems, or if required by law or court order.
Patient Data is stored in the regional data centre required by law. Addatech currently has regional data centres in Canada, the United States, UK, and Australia. All data centres and all service providers Addatech works with maintain a high level of security standards and are compliant with applicable privacy laws.
Patients have certain rights with respect to their Patient Data, which may include details about what information your clinic stores about you, how to correct inaccurate Patient Data records, how to obtain a record of your Patient Data and, how to delete or remove your Patient Data.
Any questions about your Patient Data, or wish to exercise any of your patient rights, must be addressed by contacting your clinic or practitioner. If your clinic or practitioner has any questions about the management of Patient Data in the Services, they may hen contact Addatech for support. Be advised that in order to maintain strict security of Patient Data, Addatech can only access Patient Data upon express instructions from the Subscriber.
Addatech does not sell or distribute personal information to third parties for commercial or marketing purposes. Sharing of collected personal information may occur in the following circumstances:
In order to operate Addatech’s business and provide Services to Subscribers and their users, we may need to share a limited amount of personal information, which may include Patient Data, with third-party suppliers and service providers. We ensure that third parties receiving personal information have provided appropriate safeguards, and that privacy rights are protected and preserved, namely by these third-party suppliers and service providers:
Addatech may share personal information when negotiating or carrying out transactions for financing, acquisition(s), merger(s) or amalgamation(s), or a sale of all or part of our company assets. We will ensure that appropriate confidentiality and non-disclosure undertakings are in place. We will not share Patient Data in any of these circumstances.
Addatech may disclose personal information to a third party if required to do so by law, government request, court order or regulatory body. Disclosing personal information may also be done when enforcing Addatech’s legal rights, security requirements, or when responding in good faith to an emergency. We will always make every reasonable effort to give you a notice regarding the disclosure of your personal information, what information was disclosed and why. We will not disclose Patient Data unless legally required to do so.
Addatech may use computer-generated algorithms to gather anonymous and aggregated information from Subscribers and their Patient Data in order to assist in development and improvement of our Services, and for research, data analysis, benchmarking, statistics or trend analysis. We will ensure that none of the information we gather identifies, or could be used to identify, any user or client. Addatech may share such anonymized information with Subscribers and other third parties.
Addatech protects your personal information, including Patient Data stored in our platform, by:
Despite our best efforts, no electronic communication can ever be completely secure. As a user, you share equal responsibility to protect your personal information by crafting a strong password and by keeping your username and password confidential at all times.
Addatech retains personal information only for as long as necessary to achieve the stated purposes, or as required by applicable law. User account information may also be retained to comply with our legal obligations, resolve disputes or preserve a business relationship with your Subscriber. Payment information is never kept or stored. If you are a client of one of our Subscribers, please first contact your clinic or practitioner directly for information regarding the storage period for your Patient Data.
Personal information may be conveyed to and processed in Canada and the United States. Addatech ensures that industry-standard safeguards exist and that privacy rights are protected and preserved.
Each client may have certain rights regarding their personal information, as set forth in this section. If you are a client of one of our Subscribers, please first contact your clinic or practitioner to exercise any of these Patient Data rights.
Addatech will make reasonable efforts to ensure that the collected personal information is accurate and complete. As a user, you may update, correct or delete account information at any time by logging into your account and make the appropriate updates. You may also update, correct or delete your personal information by contacting Addatech.
Wherever and whenever applicable, you have the right to withdraw consent at any time by contacting Addatech.
You have the right to contact Addatech, request and ask for a record of your personal information that Addatech may have collected about you. There may be cases where this information cannot be provided to you if it would mean disclosure of personal information of another person or other confidential information, or if it would compromise our security systems. We will respond to you within thirty (30) days of receiving your request but may charge a pre-determined fee where permitted by applicable law.
Users in the EU may request that we restrict our use of their personal information and you have the right to object to such use. In these cases, Addatech can and may be required to no longer use your personal information. Be advised that this may cause certain components of our Services to not be made available to you anymore. Your right to restrict or object can be exercised by contacting Addatech.
You have the right to lodge a complaint with a supervisory authority. You may also contact the Privacy Commissioner of Canada (for international matters and inter-provincial matters) ( http://www.priv.gc.ca/ ).