Effective upon: 28 September, 2022
Last updated: 28 September, 2022
At OraQ AI Inc. (“we” and “us”), we are strongly committed to transparency, and we want you (“you” or “your”) to understand how we collect, use, disclose and protect your personal information, as well as how you can manage the information we collect from you.
Personal information means information about an identifiable individual (collectively, “personal information”), and does not include information that cannot be attributed to an identifiable individual, such as information of an aggregate or anonymous nature (collectively, “non-personal information”).
Health information refers to diagnostic, treatment and care information, and/or registration information, as defined in Alberta’s Health Information Act (the “HIA”) and includes, without limitation, information about the physical health of an individual, information about a health service provided to an individual, and related billing information (collectively, “health information” and together with personal information, “Information”).
We will only collect, use, and disclose the Information that we need in order to provide you with the Services.
We may rely on your implied consent in certain circumstances, after taking into account factors such as the sensitivity of the Information and your reasonable expectations. We will limit the collection, use, and disclosure of your Information to only that which is necessary for the purposes identified, unless you have otherwise consented, or when such collection, use, and/or disclosure is permitted or required by law.
You can always refuse to provide your Information, except that it may prevent you from using our Services or receiving responses to your inquiries or other information of interest.
Types of Information We Collect
We may collect various types of Information from you and/or your dental clinic, depending upon how you and/or your dental clinic interact with us or use or interact with our Services. This Information may include your:
- Contact/Location Information. Name, email address, postal address, phone number, and other contact information.
- Demographic Information. Date of birth, gender, marital status, and occupation.
- Information Relating to Health and Habits. History of and details about smoking and alcohol consumption, history of mouth-related issues such as bleeding gums, grinding teeth, and clenching jaw, details about sleep habits, and details about medical history, medical examinations, allergies, and medications.
- Photographic Information. Photographs, electronic images, and/or x-rays of facial features, mouth, and teeth.
- Insurance/Billing Information. Insurance provider, insurance group/plan number, insurance ID number, credit card information, and account number.
- Device Information. IP address, operating system and platform, device type and device identifiers.
How We Collect information
We need to collect Information from you and/or your dental clinic in order to provide you and/or your dental clinic with our Services, as well as to improve your experience and/or your dental clinic’s experience using our Services. You and/or your dental clinic may provide us with Information in several ways, including, for example when you and/or your dental clinic:
- use our Services;
- create an account or profile;
- correspond with us, including through surveys;
- sign up to receive our newsletter or promotional information;
- ask for customer service, support or other assistance; or
- interact with us in any other way, online or offline, including through our Services.
We may also collect Information from other sources (such as from third party service providers) to, among other things, enable us to complete, verify, or update Information contained in our records and to better customize the Services we provide.
How We Use Information
We use Information to:
- provide you and your dental clinic and/or your insurance provider with our Services;
- maintain and improve our Services;
- administer our relationship with you, including creating and managing your patient portal;
- respond to your requests and communications;
- measure performance (such as our customer care interactions with you);
- develop new products and services;
- conduct surveys and research to better understand the preferences of our customers like you;
- respond to legally binding demands from law enforcement, regulatory authorities or other third parties;
- defend, protect or enforce our rights or applicable terms of service;
- to prevent fraud or the recurrence of fraud;
- assist in the event of an emergency; and
- comply with applicable law.
In many cases, we de-identify your Information as soon as we collect it. In these cases, your Information is non-personal information. We may use non-personal information for any legitimate business purpose.
How We Disclose Information
We may disclose Information:
- to your dental clinic, your insurance provider, and/or our third party service providers to help us with the uses described in the How We Use Information section above;
- to comply with your directions or any additional consent you have provided us;
- to other parties where we are under a duty to disclose your Information in order to comply with any applicable legal obligation including a regulatory process, or an order of a government institution, investigative body, regulatory body or judicial authority of competent jurisdiction;
We disclose non-personal information to third parties as reasonably necessary to meet our business needs. We do not disclose your Information to third parties for their own direct marketing purposes without your consent.
How We Disclose Information
We are concerned about ensuring the security of your Information, and we have taken appropriate measures to ensure its security and confidentiality. We exercise great care in providing secure transmission of your Information from your browser or device to our servers. For example, we use an encrypted channel(s) between our front-end web service and our APIs, and we store encrypted Information that we have collected in secure operating environments. We will only retain your Information for the period of time reasonably required to fulfill the purposes for which it was collected. We may retain non-personal information for as long as we have a business need to do so.
Our Services may utilize third party systems, programs, websites, solutions, and/or applications, including without limitation Google (which hosts OraQ’s web application), Sikka AI (which offers dental automation software and practice management services), Redis Enterprise (which provides cache management services), Prefect (which provides data workflow automation services), and Confluent Kafka (which offers data processing solutions).
An organization must protect personal information that is in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. All of our service providers and contractors are contractually obligated to employ appropriate data security measures with respect to your Information and to collect/use/disclose/retain it only within the scope required for the provision of our Services. However, we are not responsible for the actions and privacy policies of these third parties and their systems, programs, websites, solutions and/or applications. Check the privacy policies of these third parties for information on their privacy practices, e.g. Google, Sikka AI, Redis Enterprise, Prefect, Confluent Kafka.
We try our best to safeguard Information once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your information, please contact us as soon as possible.
We offer you certain choices in connection with our Services.
Access to your personal information
On your reasonable written request, we will provide you, not later than thirty (30) days from our receipt of your request, or such additional time as required by law, with access to or information about your personal information (if any) under our custody or control, and the names of persons to whom, and any circumstances in which, your personal information has been and is being disclosed by us. You must provide sufficient information in your request to allow us to verify your identity and identify the information you are seeking.
If you request a copy of your personal information and the personal information can reasonably be reproduced, we will provide you with a copy of the personal information, or, if applicable, we will give you reasons for any delay in providing a copy of the requested personal information. All requests may be subject to minimal costs, in accordance with applicable privacy legislation.
We reserve all rights not to disclose personal information, in whole or in part, in certain circumstances permitted or required by law, including but not limited to where:
- the personal information is protected by any legal privilege;
- the disclosure of the personal information would reveal confidential commercial information;
- the disclosure could reasonably be expected to threaten the life or security of another individual;
- the personal information was generated in the course of a formal dispute resolution process; or
- the personal information was collected by us without your knowledge and consent for reasonable purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
If access to your personal information is refused, in whole or in part, we will provide you with the reasons for the refusal, the provision of applicable privacy legislation on which the refusal is based, and the contact information of the Privacy Officer who can answer your questions about the refusal, and will inform you that you may ask for a review of the refusal in accordance with applicable privacy legislation.
To submit a request to access your personal information or designate an authorized agent to make a request to access your personal information, please contact us. Our security procedures mean that we may request proof of identity before we disclose your personal information to you.
Please note that we can provide access to health information only as an “information manager” in accordance with instructions to do so issued by a custodian in accordance with the HIA.
Updating your Information
The accuracy of the Information we have about you is very important. To submit a request that we update your Information, please contact us.
On your request, we will make every reasonable effort to correct outdated Information, or errors or omissions in your Information where that Information is in our custody or control. Such request must be in writing, signed by you, and include sufficient detail to enable us to identify any Information in our custody or control in relation to the request.
We will, as soon as reasonably practical and not later than thirty (30) days from our receipt of your request, or within such additional time as permitted or required by law, either correct the Information and, if applicable and reasonable to do so, send correction notifications to any third party to whom we disclosed the incorrect Information, or decide not to correct the Information, but we will annotate the Information under our control to indicate that a correction was requested but not made.
We will inform you of the action that we have taken in response to your request for correction, the contact information of the Privacy Officer who can answer your questions about your request for correction, and that you may ask for a review of the action taken in accordance with applicable privacy legislation.
You may have the opportunity to receive certain communications from us related to our Services. If you provide us with your e-mail address in order to receive communications, you can opt-out of marketing emails at any time by following the instructions at the bottom of our emails and adjusting your email preferences. Please note that certain emails may be necessary for the operation of our Services. You will continue to receive these emails, if appropriate, even if you unsubscribe from our optional communications.
If you have questions, concerns, or would like to update/change your personal information, you can contact us in the following ways:
Attention: Wayne Madhlangobe, Privacy Officer
For your protection, we may need to verify your identity before assisting with your request, such as verifying that the information used to contact us matches the information that we have on file.