RETINAHUB Website Privacy Notice – Personal Information Protection and Electronic Documents Act (PIPEDA), General Data Protection Regulation (GDPR) and Online Privacy Protection Compliant Version
At RETINAHUB, we are committed to protecting your privacy. In this notice, we will explain to you why and how we, as our customers’ data processor, collect, use, disclose, store and protect your personal data. We understand your rights and we will explain how you can exercise them.
By RETINAHUB, “we”, “our”, we mean RETINAHUB, a company registered in Quebec City under number 1228077077. Our head office is located at: 301-3090 Boulevard le Carrefour, Laval, QC H7T 2J7
When we talk about “you” we mean end users who use the service of a self-employed, clinic or physician as part of a group of physicians.
If you are wondering how we process your personal data, or if you have any questions about your rights as a concerned person, please email us at firstname.lastname@example.org.
What personal data do we collect and for what purposes?
We collect three types of information about you :
- basic service information (information required to provide basic services);
- optional information (information required for analysis and marketing).
Registration of an account (direct collection, basic service)
- the following contact details and information: first name, last name, address, email address and telephone number;
- information on the work environment: medical profession or specialty, license number, hospital department or hospital affiliation, or place of work.
Establish a profile (direct, voluntary collection)
- Profile information and the following information: first name, last name, city, type of account, language, email and phone number. The specialty, the province where the license is valid and the license number (specific to the “Physician” and “Clinical Monitor” account types).
Purchase of services (direct collection, basic service)
- payment information: credit card data or other payment instrument information;
- confirmation of contact details and workplace information.
Interaction with our staff and reports (direct, voluntary collection)
- correspondence and communications with us, such as inquiries(including, but not limited to, first name, last name, email address, medical specialty, workplace information);
- information you may provide by email, in the online support chat room, or over the phone(including, but not limited to, first name, last name, email address, medical specialty, workplace information);
- posts on our social media, publicly available information on your Facebook wall, comments you post on our website;
- details of your presence at our offices, including CCTV footage when you visit our offices or at an event hosted by us or an industry event in which we participate.
Contests and surveys (direct collection, voluntary)
- first name, last name, email address and address.
Subscription to the newsletter (direct, voluntary collection)
- first and last name;
- the email address.
Website or use of mobile applications – demographics, geographic and technical information (indirect collection, optional)
- websites visited;
- devices used;
- user preferences;
- Device ID and GPS location;
- which advertisements were inserted for users.
- Device ID and GPS location;
- the type of mobile device you are using;
- the operating system version of your mobile device;
- how often you use the app.
How and when are we processing your personal data?
We collect and process your personal data in the following cases:
- you open an account with us;
- you establish your profile;
- you are using one of our services;
- you are visiting our website;
- you are using the mobile app;
- you are visiting our social media sites;
- you participate in contests and polls;
- you are communicating with customer service (phone, email or online chat);
- you are communicating with us by email;
- you provide us with a testimonial;
- you are applying for a position;
- we receive a referral that was sent to you;
- you are visiting our office;
- You participate in events that we have organized or in industry events that we participate in.
What is the legal basis for the collection of personal data?
For your legitimate interests and ours: we use your personal information and the particularities of your workplace to enable you to use our services. We use your information on payments to process a transaction when you purchase additional services. We assume that you understand that we need your contact details, location information and payment information to provide this service. We will therefore not ask for express consent when you place an order or when you open an account.
Comply with legal obligation: in certain circumstances we will need to disclose your personal data in response to a request from a regulatory authority, police or other government agencies.
We have no legal basis other than consent to the collection of demographic, geographic and technical information for analytical and marketing purposes. Therefore, we provide you with we will therefore ask for your written consent before proceeding with the collection.
- We may use this information to market our products to you or to provide you with offers or products from our partners that we think you may find interesting;
- We may offer you incentives for participating in our surveys and contests. We may subscribe to our newsletter when you purchase products through our partners ;
- We may offer you incentives for participating in our surveys and contests.
Who do we share personal data with?
We may disclose your personal information:
- to our characternnel;
- to our subsidiaries and sister companies;
- to other professionals registered on the platform;
- to third parties who help us facilitate the provision of our services.
Cross-border data flows (data collected in Canada transferred to locations outside of Canada) and restricted transfers (transfers of personal data outside the EEA) strong >
- All of our partners who help us provide our services are resident in and operate their business in the United States and Australia. All of our partners based in the United States are Privacy Shield certified EU-US and have therefore been able to prove that sufficient safeguards are in place to protect your personal data;
- We will not ask for your written consent and we cannot offer you any alternatives, as the IT infrastructure of the cloud service provider platform and our services partners are an integral part of the delivery of our services.
How long do we keep your personal data?
We keep your personal data for as long as you have an account with us and three years after the last activity or when you ask us to delete the information we have about you. inactivity, we will communicate before you before deleting your account.
The right of access:
You can access your account anytime on the website or mobile app.
The right to correction :
You can change your account information at any time.
The right to be forgotten:
Autonomous messaging – You can delete your account, which will automatically delete all personal data (information on basic services, voluntary information and optional information proportional to the sensitivity of the information held) associated to the account. We will ask all third parties to whom we have communicated your data to delete your data.
Member of a group of doctors – In this case, the controller (eg a hospital) is responsible for your data. It is the controller’s responsibility to ask us to remove what they deem appropriate.
The right to restrict processing:
You can change your preferences in your account or browser settings.
The right to data portability:
You can request a copy of the data we have on you and we will provide the information to you by email. Please contact our support team.
The right to object:
You have full control of your account. Deleting your account will delete all related data and therefore we will stop processing your personal data held by us and any third parties to whom we have communicated your data. As long as you have an account with us, you can change your preferences at any time, which will end the collection and processing of optional information.
- essential and functional cookies;
- analytics cookies;
- advertising, marketing and social media cookies.
The essential and functional cookies will be used without your explicit consent since they are necessary for the proper functioning of our services. On the other hand, cookies for analysis, advertising, marketing and social media are optional. They are provided and managed by our service provider, HubSpot. They will ask for your express consent the first time you visit or log in. If you accept these cookies, they will remain on your computer for 13 months, unless erase your browsing data. Each time you use a different device, visit the website, or log in incognito, the cookie banner will ask for your consent again. If at any time during of the 13-month period (lifetime of cookies), you decide to unsubscribe, you can do so by deleting your browsing data selectively or entirely, then by disabling the reappearance of the banner on your next visit.
We can update this privacy notice from time to time. The most recent version of the data can be found at Retinahub.com.