Effective Date: July 5, 2022
AKITU (“AKITU”, “we” or “us”) respect your privacy! Below are the steps we take to protect Personal Information provided by our users (collectively “User”, “you”, or “your”).
US and Canadian Privacy laws generally define “Personal Information” as any information about an identifiable individual, which includes information used on its own or combined with other information to identify, contact, or locate a single person. Personal information does not include business contact information, including your name, title, or business contact information. Personal Health Information (“PHI”) relates to specific health, medical, biometric, genetic, or other data, including but not limited to, all health information and personal health information as defined under Health Privacy Legislation, or under Health Insurance Portability and Accountability Act of 1996 (US) (“HIPAA”) as applicable.
DATA WE COLLECT
Personally Identifiable Information: When you use our website, Software, Services or enter information on our website we may ask for your name, date of birth or age, gender, email or mailing address, phone number, or other information to provide our Services and improve your user experience.
Personal Health Information: We acknowledge and agree that you are “health information custodians” as defined in applicable health privacy legislation, including the Personal Health Information Protection Act, 2004 (“PHIPA”) and “covered entities” under the Health Insurance Portability and Accountability Act, 1996 (US) (“HIPAA”). Therefore, to the extent that any Personal Health Information (“PHI”) is transmitted to us, we are bound by the confidentiality and security requirements related to the disclosure of personal health information contained in PHIPA and HIPAA, and the respective regulations with respect to all Data shared under TOU and Software license. We commit that we shall meet or exceed the confidentiality and security practices required by PHIPA and HIPPA and the respective regulations thereunder.
To the extent AKITU is provided with any PHI, AKITU acknowledges and agrees that, when accessing PHI, we do so solely on behalf of you while performing or delivering the Services and for no other purpose whatsoever. AKITU is your “agent” as defined in PHIPA, or your “business associate” as defined in HIPAA, and with all the responsibilities of an agent imposed by PHIPA, and those assigned to a business associate under HIPAA. Regardless of these obligations, we shall not have any contact with your patients for any purpose whatsoever, unless expressly authorized by you.
Payment Data: We do not collect personal information for payment. We use third-party processors for payment processing, financing, email services, etc. to provide our Services. They may collect Personal Information, so you should check their respective Privacy Policies.
Usage Data: We may collect data about your use of our Software and Services such as the values of your searches, previous purchases, etc. to improve your experience and our Software and Services.
Automatically Collected Data: We collect some data automatically when you interact with us by using our Services. We may receive and store information such as an IP address, device ID, geographic, demographic and your activities on our websites or blog. We may store this information, or it may be stored in databases owned and maintained by affiliates, agents, or service providers. We may use this data or combine it with other data to track the number of users and referral sources for customers and purchase of our products.
We also may use third-party analytic tools such as Google Analytics that employ cookies to collect information about your use of our Services. You can disable cookies at any time by changing your browser or device settings. Further information about how to disable cookies check your Internet browser provider’s website via your help screen.
WHERE YOUR INFORMATION IS PROCESSED
We are based in Canada. No matter where you are located, by using this website or our Services you consent to processing and transfer of your information in and to Canada and other countries. Please understand that Canadian laws and those of other countries governing data collection and use may differ from those of your location.
HOW WE USE YOUR PERSONAL INFORMATION
OWNERSHIP AND TREATMENT OF PERSONAL INFORMATION.
You are and shall remain the sole and exclusive owner of all right, title, and interest in and to Information. Without limiting any other representation, warranty, condition, or obligation of AKITU under Customer Terms, we represent, warrant, and covenant that:
– We will promptly notify you if and when we become aware of any unauthorized access, use or other act respecting Personal Information or if we become the subject of any government, regulatory, or other investigation or proceeding relating to our privacy, data security, or handling practices.
OUR LEGAL BASIS FOR HANDLING OF YOUR PERSONAL INFORMATION
Laws in some jurisdictions require us to explain the legal basis we rely on to use or disclose your Personal Information. To the extent those laws apply, our legal basis includes:
– Consent: We may handle your data based on your implied or express consent to do so. Where legally permitted or required we handle Personal Information based on your implied or express consent.
– Contractual obligations: To meet our contractual obligations to you or respond to your requests in anticipation of entering a contract for purchasing our Services. As an example, we may handle your Personal Information to create a subscription to our Services.
– Legitimate interests: We may handle your Personal Information on the basis that it furthers our legitimate interests in a manner that is not overridden by your fundamental rights and freedoms, such as:
* Providing you with a safe and enjoyable user experience;
* Customer service;
* Marketing, such as email announcing new features of our Services;
* Protecting you, our users, and our personnel and property;
* Analyzing and improving our Services by collecting data about how you use our Services so we may improve design and features;
* Processing job applications; or
* Manage and respond to legal issues.
– Legal compliance: If required to use or disclose Personal Information to comply with legal, regulatory or government requirements.
– To protect your vital interests: To share your data to help resolve an urgent medical or emergency situation.
We will not cause or permit any Information to be Processed in any manner or for any purpose other than the performance of the Services in compliance with the obligations and restrictions set forth in the TOU and all applicable Laws
DISCLOSURE OF YOUR INFORMATION
– We do not sell your information because we consider it a vital part of your relationship with us.
– Consent: If you provide us with consent to transfer your data we may do so.
– There may arise circumstances when we may share your data with third parties, such as in a Business Transfer. If we sell or buy a business or assets or corporation, merger, reorganization, bankruptcy, dissolution or similar business event, the related transfer of assets may include your Personal Information.
– Developers: If we utilize contracted developers for our website, Software or Services, they may have access to user data as part of their services. We would require any developers to limit use of Personal Information only to what necessary to provide their services to us.
– Related Third Parties: In the event we hire agents, consultants or other companies or individuals to perform services for us. For example, use of a third-party payment processor for purchases.
– Legal compliance: We may disclose your Personal Information if required by law or believe in good faith we are required to for compliance with a legal obligation, to protect our rights, property, and intellectual property, defend against legal liability, or protect Users’ or other’s personal safety, including fraud protection and credit risk reduction.
– To fulfill the purpose for which you provide it and any other purpose disclosed by us when you provide the information.
– Aggregated Data: We may share non-personally identifiable data (“Aggregated Data”) with third parties for our business purposes.
TRANSFERRING YOUR PERSONAL INFORMATION
We may transfer Information that we collect or you provide as described in this policy to contractors, service providers, and other third parties we use to support our business and who are contractually obligated to keep such information confidential, use it only for the purposes for which we disclose it to them, and to process the Information with the same standards set out in this policy.
You may voluntarily provide us with “Unsolicited Information” such as new product ideas or communicate with us without our request. By sending any Unsolicited Information you agree that it is non-confidential, and we may share, use, reproduce, disclose, and distribute it without limitation or attribution to you. You acknowledge that you bear sole responsibility and release us from all liability related to any Personal Information you willingly provided in any open or public forums to us, other Users, or the public. You also may provide information when you publish or displayed information on any public areas of our website if available, Services or our social media accounts or other third parties (“User Contributions”). Your Unsolicited Information and User Contributions are posted and transmitted at your own risk. Even if we may limit access to certain pages, you acknowledge and understand that security measures are not perfect or impenetrable. We cannot control the actions of other users of our Website or Services with whom you choose to share Unsolicited Information or User Contributions. Therefore, there is NO guarantee that unauthorized persons will not view your Unsolicited Information or User Contributions.
HOW WE USE PERSONAL HEALTH INFORMATION
The Personal Health Information you provide may be used or accessible to AKITU for one or more of the following specific purposes:
– to convert your patient data into a format compatible for use with the Software;
– to provide support services on an as-needed basis, and assist you with any technical difficulties they may experience when using the Software;
– to securely host and maintain patient data on your behalf, if hosting services are offered or required;
– to provide secure back-up services to you as requested;
– to meet any legal and regulatory requirements that are imposed upon AKITU from time to time, or to bring or defend against legal actions;
– if we reasonably believe disclosure is necessary or appropriate to protect the rights, property, or safety of AKITU, our customers, or others; or
– For such other reasonable purposes for which you provide consent or as permitted or required by law.
PROTECTION OF YOUR PERSONAL HEALTH INFORMATION
The Software includes numerous built-in controls to protect Personal Health Information. Specifically, we are obligated to provide the following safeguards:
Secure Hosting: The Software is hosted in a secure environment with effective security safeguards in place in compliance with industry best practices.
– Users’ identities are verified before they are granted access to the Software. Users’ access to the Software must be authorized by you in accordance with an established user management process.
– Authentication: All Users are authenticated through an enhanced authentication mechanism prior to accessing the Software. Strong password policy is enforced in the Software.
– Data Security: Software data is encrypted in storage and in transit. Software data cannot be changed or modified by any external users. Data retention and disposal policies and procedures are in place to ensure the availability and confidentiality of Software data.
– Logging: Privacy and security related events and activities such as access to Personal Health Information and administrative actions may be logged. AKITU’s Audit logs are reviewed by AKITU’s privacy officer on a regular basis to detect suspicious activities or potential Privacy/Security Breaches. We recommend that you maintain and review logs on a regular basis to detect suspicious activities or potential privacy breaches.
– Security Assessment: Threat Risk Assessments (TRAs) are conducted to identify security gaps and deficiencies which we mitigate appropriately to ensure compliance. Penetration testing is performed to prevent any unauthorized access and modification to the Software and the data.
– Privacy: Privacy Impact Assessments (PIAs) are conducted to identify privacy gaps and deficiencies which are mitigated appropriately to ensure compliance. AKITU has implemented and followed information practices that comply with PHIPA and HIPAA and their respective regulations regarding the collection, use and disclosure of Personal Health Information.
ACCESSING AND CORRECTING YOUR PERSONAL HEALTH INFORMATION
It is important that the Personal Health Information we hold about your Patients is accurate and current. By law you have the right to request access to and correct the Personal Health Information that we hold about your patients. You can review and change your Patients’ Personal Health Information from within the Software. If you experience any technical difficulties in doing so, you may contact our offices at email@example.com.
We only offer our Services to Users over 18 years of age. We do not intentionally or knowingly collect Personal Information from anyone under the age of 13. Of course, the parent or legal guardian of children under 18 may use our website and services on behalf of their children. If you are a parent or guardian of a child under 13 and believe they disclosed Personal Information to us, please contact us immediately at firstname.lastname@example.org. If you are a resident of the European Economic Area (“EEA”) which requires consent to processing Personal Information, we will not knowingly process Personal Information for Users under the age of consent established by EEA data protection law. If we discover that we processed any Personal Information covered by these laws, we will cease such processing and take prompt reasonable measures to remove it from our records. If in the future we plan to collect personally identifiable information from children under 13, such collection and use, to the extent applicable be done in compliance with the Children’s Online Privacy Protection Act (“COPPA”) and any other applicable law with appropriate consent sought from the child’s parent or legal guardian where required.
We value the security of your Personal Information. We use physical, electronic, and administrative measures to secure your Information from accidental loss, unauthorized access, use, alteration, and disclosure. As explained in out TOU, we store a 30-day backup of our principal server on a separate secure server and store all information you provide to us behind firewalls on our secure servers. Any payment transactions and Personal Information will be encrypted using SSL technology.
Please note that the safety and security of your information also depends on you. When you have the option to set a password for access to the Software, you are responsible for keeping this password confidential and secure. We ask you not to share your password with anyone.
AKITU follows reasonably prudent best practices and provide a secure way to transmit information, but as with all electronic data storage, flaws may be discovered. While no company, including AKITU, can guarantee the security of information sent over the Internet, we are committed to keeping up with evolving standards and keeping your information as secure as possible. For this reason, any transmission of information is always at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in the Software.
YOUR DATA RIGHTS
We treat all users equally regardless of location. You may unsubscribe from emails by clicking the “unsubscribe” link or edit your profile setting if applicable. You may cancel any Subscription at any time in accordance with our Terms of Service and applicable subscription agreement. You may opt out from cookie-related processing as explained in the “Cookies” explanation under “Data We Collect” above. If you are in Canada, EEA, Costa Rica, or other jurisdictions, you may have legal rights to obtain confirmation of whether we hold your Personal Information, access your Personal Information (including in portable form), and to correct, update, amend or delete your Personal Information. You may have the right to object to our use or disclosure, request restrictions on processing, or withdraw your consent for us to use your Personal Information. These rights do not apply retroactively and may not affect our ability to continue processing data as those laws allow.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
It is important that your Personal Information is accurate and current. Please notify us if your Personal Information changes. By law you have the right to request access to and to correct the Personal Information that we hold about you. You can review and change your Personal Information by contacting our offices at Privacy@AkituOne.com.
If you want to review, verify, correct, or withdraw consent to the use of your Personal Information you may also send us an email at Privacy@AkituOne.com to request access to, correct, or delete any Personal Information that you provided. We may not accommodate a request to change Personal Information if we reasonably believe the change may violate any law or legal requirement or cause the information to be incorrect.
For your protection, we may request specific information from you to confirm your identity your right to access, change or provide you with your Personal Information that we hold about you or make your requested changes. Applicable Law may allow or require us to refuse to provide you with access to some or all of the Personal Information that we hold about you, or we may have destroyed, erased, or made your Personal Information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your Personal Information, subject to exceptions set out in applicable privacy legislation, including but not limited to:
– Information protected by solicitor/attorney-client privilege.
– Information that is part of a formal dispute resolution process.
– Information relating to another individual that would reveal their Personal Information or confidential commercial information.
– Information that is prohibitively expensive to provide.
If you are concerned about our response or would like to correct the information provided, you may contact our Privacy Officer at email@example.com. If you provided consent to collect, use, and transfer your Personal Information, you may have the legal right to withdraw your consent in certain circumstances. To withdraw your consent please contact us at firstname.lastname@example.org. Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain this to you at the time to help you with your decision.
GDPR, California Online Privacy Protection Act, and other specific privacy laws.
– Users can visit our site anonymously.
– You can change your personal information by emailing or calling us or logging into your account.
California law also permits minors under 18 to request removal of their User Contributions, subject to statutory exceptions. If you are under 18 years of age and reside in California, please contact us in writing by email at email@example.com or Akitu One, Attn: Privacy, 2010 Winston Park Drive, Oakville, ON L6H 5R7, with the subject “California Eraser Law Request” or by phone at 1 (855) 254-8866. We may not remove your User Contributions that we must retain under applicable Federal or provincial law or that was provided by a third party. If you are a minor, we will do our best to remove your information upon your valid request. We cannot guaranty the complete or comprehensive removal of your User Contributions from our website or Services, or any information that has been republished, copied, downloaded, or reposted by any third party, and we cannot guarantee that any such information may not be accessible to users of the Internet in the future. We do not advertise or market any of our services or products identified in California Business and Professionals Code Section 22580(i) to users that we have actual knowledge are under 18 years of age.
California Consumer Privacy Act (CCPA) also provides additional options to remove your data when the collecting company meets certain minimum requirements. If you reside in California, please see our CCPA policy.
Fair Information Practices. Should a data breach occur we will notify you via email within 7 business days. We also agree to the Individual Redress Principle which provides that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
ACCESSING, CORRECTING OR REMOVING YOUR PERSONAL INFORMATION.
To submit a request to access, correct, update, amend or delete your Personal Information, please email us at firstname.lastname@example.org and using “Personal Information Request” in the subject line and include an explanation of which Data right you are exercising. On receipt of your request, we verify your identity for your protection prior to initiating any action. Once verified, we begin processing your request and respond within 30 days. You have the right to request us to stop or limit use of your Personal Information if you believe we lack a lawful basis to use or believe it is inaccurate. If you are in the EEA, you have the right to opt-out of all Personal Information processing for direct marketing. To do so, please select “unsubscribe” in any marketing email or your Profile, if applicable. You may also email us at email@example.com with the subject line “Unsubscribe.” Applicable law may limit or provide exceptions to your rights and options related to your Personal Information. You also have the right to file a complaint to the relevant supervisory authority in your location. We hope you allow us the opportunity to address your concerns about Personal Information first.
firstname.lastname@example.org or send physical mail to us at: Akitu One, Attn: Privacy, 2010 Winston Park Drive, Oakville, ON L6H 5R7.