This privacy notice discloses the privacy practices for Sleep Therapeutics. This privacy notice applies solely to information collected by Sleep Therapeutics. It will notify you of the following:
We only collect information that you voluntarily and directly give us via email, orally, webform, or other direct contacts from you. We will not sell, rent, or give this information to anyone.
This information can include:
Our goal is to only collect the data we need to provide you with the service and care we offer. Participation in our intake forms which we use for the sole purpose of providing the best care possible to you is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Although digital forms are provided for ease of collection, you may choose to complete a hard copy of the intake form in person at one of our offices.
We collect your information for the following purposes:
Internal Security Measures
We take precautions to protect your information and have implemented security, technical, physical and administrative measures to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, modification or destruction measures as required by the Personal Information Protection and Electronic Documents Act (“PIPEDA”) to protect your data.
Sleep Therapeutics has appointed an internal Data Security Officer to help with any requests or questions you have about your data. They can be reached at [email protected]
External Security Measures
We do use other third-party software platforms that allow us to provide the services we do. Our EMR system is provided by Cliniko who operates with best in class security processes and procedures. Whenever your data is sent between us, it’s encrypted using HTTPS (end-to-end encryption). They use a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm. With their security measures and the consent provided by you for data collected, used and storage we are PIPEDA compliant.
To be transparent, data stored in Cliniko currently resides outside Canada, hosted in state-of-the-art data center facilities. Physical access is controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means.
For more information on Cliniko’s security and privacy please visit:
Cliniko also has a dedicated Data Protection Officer to help you with any requests or questions you have about your data. They can be reached at [email protected]
Sleep Therapeutics uses a combination of TeleMedicine services through Doxy.me and the TeleMedicine functionality built directly in Cliniko, both platforms designed and developed from the ground up specifically for telemedicine electronic communication between patient and practitioner. Both Platforms are PEPIDA compliant with all the required security precautions for conducting these types of communications. Further information about each can be found as follows:
Additional service providers including Microsoft and Google are also used for day to day business operations which use highly secure data centers in Canada provided and the same state-of-the-art security protocols for data transmission and storage. These corporations, for redundancy and reliability purposes, may store the encrypted data outside of Canada.
Right to Request Corrections to Data
Sleep Therapeutics provides individuals with the right to request correction or amendment of health information about themselves. Correction refers to the process of removing a mistake or error in a health record and replacing it with what is correct or accurate. An amendment refers to the process of changing or varying something in your health record. If you believe there is an error or omission in the individual’s health information you may make a written request to whom you believe has the information in its custody or under its control to correct or amend the information.
Right to Access Data
As custodians of your data we are authorized and in some cases, required to refuse access to a record or to a portion of a record. However, the basic principle of the Health Information Act is to give individuals access to their own health information. Any exceptions to this right of access will be applied in a limited and specific way to provide individuals as much access to their information as possible. Refusal to disclose all or part of a record will occur only where there is a specified exception to the disclosure that is supported by a provision of the Act.
Data Collection, Use, Storage Risks
We believe we have used reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure.
Risks of using electronic communication:
Although we take reasonable means to protect the security and confidentiality of information sent and received using electronic communications, because of the risks outlined below, the Service Provider cannot guarantee the security and confidentiality of electronic communications:
Conditions of Using Electronic Communications
I acknowledge that I have read and fully understand the risks, limitations, conditions of use, and instructions for use of the selected electronic communications as described above. I understand and accept the risks outlined above to this consent form, associated with the use of the electronic communications with the Service Provider and the Service Provider’s staff.
Implied Consent for the Provision of Care
By virtue of seeking care from us, consent is implied (assumed) for information to be used by the company to provide care and to share information with others involved in your circle of care.
We are committed to protecting the privacy, confidentiality, and security of all personal health information used and collected to carry out our services.
The only people with access to your health information are the ones in your circle of care. Your circle of care includes physicians, clinicians, technicians, administrators, or other staff members assigned to your care during your stay or visit as a patient.
Disclosure to Other Health Care Providers
Relevant information is shared with other providers that may be involved in a patient’s care including, but not limited to, other physicians and specialists, pharmacists and lab technicians, your insurance company.
Disclosures Authorized by Law
There are limited situations where we are legally required to disclose personal information without your consent. These situations include, but are not limited to, billing provincial health plans, infectious disease control, fitness to drive or by court order.
Section 1 – What we do with your information?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products, and other updates.
Section 2 – Consent
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at [email protected]
Section 3 – Disclosure
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
Section 4 – Woocommerce
Our store is hosted on Woocommerce. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Woocommerce data storage, databases, and the general Woocommerce application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Section 5 – Third-Party Services
In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Section 6 – Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Section 7 – Links
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
We use Woocommerce cookies to keep track of cart data, our e-commerce platform,
WooCommerce makes use of 3 cookies:
The first two cookies contain information about the cart as a whole and help WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
Section 9 – Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
Have questions? Get in touch.