This Privacy Notice pertains to the collection, use, and disclosure of personal information obtained by, in the custody of, and/or controlled by Intellijoint Surgical Inc.
Personal information includes (i) personal information as such term is defined in the Personal Information Protection Electronic Documents Act (PIPEDA); (ii) personal health information as such term is defined in PHIPA, HIPAA, and applicable regional legislations. Personal information may include information about Intellijoint Surgical employees and business affiliates.
It is the policy of Intellijoint Surgical Inc. to keep secure any information gathered through the use of its systems and products. As such, any information gathered is not disclosed to or shared with unauthorized third parties except as allowed or required by law and described herein.
2. Personal and Personal Health Information
In many cases, Intellijoint Surgical Inc. collects personal information and patient health information as a service provider to health care professionals (“users”) rather than on our own behalf. Intellijoint Surgical Inc. collects personal information such as name and e-mail, and other information that the user provides to Intellijoint Surgical Inc. for provision of its services and products. Personal information and patient health information may be collected in several ways, including in person, over the phone, by mail, over the Internet, and from third parties who are authorized to disclose this information to us. We make every reasonable effort to keep information secure, accurate, complete, and up-to-date. If desired, you may verify the accuracy and completeness of your personal information and personal health information in our records.
Personal information and personal health information may be disclosed to other users, including Physician(s) and other Health Care Provider(s), individuals and companies managing those Physicians and Health Care Professionals, and Intellijoint Surgical Inc. administrative and technology staff.
3. Collection, Use and Disclosure of Personal and Personal Information
Intellijoint Surgical Inc. uses and discloses personal and personal health information for purposes consistent with such personal information’s collection. For example, Intellijoint Surgical Inc. shall be allowed to collect, use, and disclose personal information in a manner that is consistent with providing the services contemplated by the use of Intellijoint Surgical Inc.’s products.
Access to private, sensitive, and confidential information, including personal information, is restricted to authorized employees with legitimate business reasons. We require all of our employees to abide by Intellijoint Surgical Inc.’s privacy standards. Our employees understand the importance of keeping your information private. For this reason, our employees are required to agree to a confidentiality agreement that prohibits the disclosure of any user information to unauthorized parties.
Employees are strictly prohibited from accessing or disclosing personal information without authorization. All employees are always expected to maintain the confidentiality of personal information and failure to do so will result in appropriate disciplinary measures, up to and including dismissal.
Intellijoint Surgical Inc. will never rent or sell the personal information or personal health information it collects.
Intellijoint Surgical Inc. uses third-party service providers to host servers in Ontario and the United States. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to Intellijoint Surgical Inc., but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.
The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.
Your Personal Information may be disclosed in situations where we are legally permitted to do so, such as while employing reasonable and legal methods to enforce your rights or to investigate suspicion of unlawful activities. We may release certain Personal Information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.
Should Intellijoint Surgical Inc. conduct market or product research, it will never use Personal nor Personal Health Information; rather, it would fully anonymize information, meaning that it would render it unlikely to be traced back to an individual.
4. Usage and Aggregate Data
Intellijoint Surgical Inc. collects usage information from users to our services. The purpose of this collection is to understand how users access and use the services in order to enhance and optimize our services. Usage information and data could include but is not limited to the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of messages sent or received, and times at which the application was accessed and used. In addition, Intellijoint Surgical Inc. will collect aggregate data about a group or category of services or users. This information, as well as the Personal Information collected, enables Intellijoint Surgical Inc. to analyze trends, administer Intellijoint Surgical Inc.’s services and products, troubleshoot, enhance, and improve Intellijoint Surgical’s services.
Intellijoint Surgical Inc. maintains the right to inform our users about any change that may affect information collected or stored. We may be required to comply with a court order or governmental regulatory requirement or disclose information in connection to legal proceedings. If required to do so, we will make every effort to notify the relevant parties about the proceedings.
Intellijoint Surgical Inc. reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.
Intellijoint Surgical Inc. is not anticipating any changes in corporate status, however as we grow and develop that may change. You understand and agree that we may use or disclose your personal information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing personal information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use, and disclose your personal information for substantially the same purposes as those set out in this Policy. In the event the transaction does not go through, we will require, by contract, the other party or parties to the transaction not to use or disclose your personal information in any manner whatsoever for any purpose, and to return or destroy such personal information. Personal information that is collected online remains subject to applicable legislation and corporate policy.
5. Data Retention
Intellijoint Surgical Inc. reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law.
Intellijoint Surgical Inc. may process and store user messages, logs, contact data, and other related information to provide its services. Data will be retained according to personal information retention requirements or deleted as per direction from the individual as allowable by operational needs and relevant law. Intellijoint Surgical Inc. maintains security/privacy policies and procedures to ensure every step is taken to maintain the integrity of the data in our care.
6. Control of Data
Intellijoint Surgical Inc. takes reasonable steps to protect the personal information it collects to prevent loss, misuse and unauthorized access, disclosure, alteration, and destruction.
Intellijoint Surgical Inc. has appointed a Privacy Officer who is responsible for information system monitoring and information security policy and procedure management. The Privacy Officer is responsible for compliance with Intellijoint Surgical Inc.’s privacy program including,
- Fostering a culture of privacy awareness and data stewardship
- Ensuring that privacy impact assessments and threat and risk assessments are completed on a regular basis
- Adopting policies and procedures based on changes to business needs, products, and to address and mitigate identified risks
Personal information may be accessed by contacting Intellijoint Surgical Inc.’s Privacy Officer (contact information can be found below).
Intellijoint uses various safeguard measures to ensure authorized access to information. This includes but is not limited to the use of a username and a password for authentication, and role-based access controls. Credentials must be kept safe to make sure that any person who has access to view private information is permitted to do so. If you believe that your password has been misused or compromised, please contact Intellijoint Surgical Inc. immediately.
Intellijoint Surgical Inc. uses professionally managed services (MongoDB Atlas) for secure data storage. Data storage facilities are located in Montreal, Quebec, Canada. The database backup is co-located in Montreal, QC. MongoDB Atlas databases are hosted on the Amazon Web Service platform. Data stored within the MongoDB Atlas is fully encrypted – this includes at-rest in the file system and while in transit. Data are protected using 256-bit Advanced Encryption Standard (AES-256).
7. Governing Law
Intellijoint Surgical Inc. acknowledges it may be subject to international privacy laws when conducting business in jurisdictions outside of Canada. These jurisdictions include:
- The Health Insurance Portability and Accountability Act in the United States.
- The California Consumer Privacy Act if conducting sufficient business in the State of California.
- Australia’s Privacy Act. Smaller state and territory legislations may apply if Intellijoint Surgical does business with Australian government agencies.
- New Zealand’s Privacy Act, and potentially the Health Information Privacy Code.
- The Protection of Personal Information Act in Japan.
- The General Data Protection Regulation in member countries of the European Union.
Contact Intellijoint Surgical Inc. for details on compliance with privacy legislations outside of Canada.
8. Contacting Intellijoint Surgical
Enquiries on our privacy practices or to the accuracy of your personally identifiable information and to request the update, correction, or deletion of such information can be sent to us by email at [email protected], or by mail at the following address:
Intellijoint Surgical Inc.
809 Wellington Street N., Unit 2
Kitchener, ON, N2H 5L6