Privacy Policy

This privacy notice discloses the privacy practices for Sleep Therapeutics. This privacy notice applies solely to information collected by Sleep Therapeutics. It will notify you of the following:

What personally identifiable information is collected from you,
How it is used and with whom it may be shared.
What choices are available to you regarding the use of your data.
The security procedures in place to protect the misuse of your information.
Information Collection, Use, and Sharing.

Personal Information We Collect

We only collect information that you voluntarily and directly give us via email, orally, webform, or other direct contacts from you. We will not sell, rent, or give this information to anyone.

This information can include:

Personal Information – names, genders, height, weight, dates of birth, countries of birth, residential addresses, telephone numbers, email addresses, a person’s emergency contacts, health insurance numbers, and patient treatment notes and records, information about your sleep condition
Medical Information – diagnosis, test results, directions or comments from the health professionals involved in your care, medical conditions and medical history
Transaction History – the type of equipment you purchased and use

Our goal is to only collect the data we need to provide you with the service and care we offer. Participation in our intake forms which we use for the sole purpose of providing the best care possible to you is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Although digital forms are provided for ease of collection, you may choose to complete a hard copy of the intake form in person at one of our offices.

We collect your information for the following purposes:

To identify you individually
To respond to you regarding the results of the assessment you have taken
To interact with other healthcare professionals and insurance companies to provide continuity of care
To meet professional, legal and regulatory requirements

security

Internal Security Measures

We take precautions to protect your information and have implemented security, technical, physical and administrative measures to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, modification or destruction measures as required by the Personal Information Protection and Electronic Documents Act (“PIPEDA”) to protect your data.

Sleep Therapeutics has appointed an internal Data Security Officer to help with any requests or questions you have about your data. They can be reached at [email protected]

External Security Measures

We do use other third-party software platforms that allow us to provide the services we do. Our EMR system is provided by Cliniko who operates with best in class security processes and procedures. Whenever your data is sent between us, it’s encrypted using HTTPS (end-to-end encryption). They use a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm. With their security measures and the consent provided by you for data collected, used and storage we are PIPEDA compliant.

To be transparent, data stored in Cliniko currently resides outside Canada, hosted in state-of-the-art data center facilities. Physical access is controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means.

For more information on Cliniko’s security and privacy please visit:

Cliniko also has a dedicated Data Protection Officer to help you with any requests or questions you have about your data. They can be reached at [email protected]

Sleep Therapeutics uses a combination of TeleMedicine services through Doxy.me and the TeleMedicine functionality built directly in Cliniko, both platforms designed and developed from the ground up specifically for telemedicine electronic communication between patient and practitioner. Both Platforms are PEPIDA compliant with all the required security precautions for conducting these types of communications. Further information about each can be found as follows:

Doxy.me – https://help.doxy.me/en/articles/95909-can-i-use-doxy-me-in-canada
Cliniko – https://help.cliniko.com/en/articles/3821275-telehealth-security-explained

Additional service providers including Microsoft and Google are also used for day to day business operations which use highly secure data centers in Canada provided and the same state-of-the-art security protocols for data transmission and storage. These corporations, for redundancy and reliability purposes, may store the encrypted data outside of Canada.

Right to Request Corrections to Data

Sleep Therapeutics provides individuals with the right to request correction or amendment of health information about themselves. Correction refers to the process of removing a mistake or error in a health record and replacing it with what is correct or accurate. An amendment refers to the process of changing or varying something in your health record. If you believe there is an error or omission in the individual’s health information you may make a written request to whom you believe has the information in its custody or under its control to correct or amend the information.

Right to Access Data

As custodians of your data we are authorized and in some cases, required to refuse access to a record or to a portion of a record. However, the basic principle of the Health Information Act is to give individuals access to their own health information. Any exceptions to this right of access will be applied in a limited and specific way to provide individuals as much access to their information as possible. Refusal to disclose all or part of a record will occur only where there is a specified exception to the disclosure that is supported by a provision of the Act.

Data Collection, Use, Storage Risks

We believe we have used reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure.

Electronic Communications

Risks of using electronic communication:

Although we take reasonable means to protect the security and confidentiality of information sent and received using electronic communications, because of the risks outlined below, the Service Provider cannot guarantee the security and confidentiality of electronic communications:

The use of electronic communications such as video conferencing, email, text messages, and instant messages to discuss sensitive information can increase the risk of such information being disclosed to third parties.
Despite reasonable efforts to protect the privacy and security of electronic communication, it is not possible to completely secure the information.
Employers and online services may have a legal right to inspect and keep electronic communications that pass through their system.
Electronic communications can introduce malware into a computer system, and potentially damage or disrupt the computer, networks, and security settings.
Electronic communications are subject to disruptions beyond the control of the Service Provider that may prevent the Service Provider from being able to provide services.
Electronic communications can be forwarded, intercepted, circulated, stored, or even changed without the knowledge or permission of the Service Provider or the patient.
Even after the sender and recipient have deleted copies of electronic communications, back-up copies may exist on a computer system.
Electronic communications may be disclosed in accordance with a duty to report or a court order.
Video conferencing using no cost, publicly available services may be more open to interception than other forms of video conferencing
There may be limitations in the services that can be provided through electronic communications, dependent on the means of electronic communications being utilized
Email, text messages, and instant messages can more easily be misdirected, resulting in an increased risk of being received by unintended and unknown recipients.
Email, text messages, and instant messages can be easier to falsify than handwritten or signed hard copies. It is not feasible to verify the true identity of the sender or to ensure that only the recipient can read the message once it has been sent.

Conditions of Using Electronic Communications

While the Service Provider will endeavor to review electronic communications in a timely manner, the Service Provider cannot provide a timeline as to when communications will be reviewed and responded to.
Electronic communications will not and should be used for medical emergencies or other time-sensitive matters.
Electronic communication may not be an appropriate substitute for some services that the Service Provider offers.
Other individuals authorized to access your clinical charts, such as staff and billing personnel, may have access to those communications.
The Service Provider may forward electronic communications to staff and those involved in the delivery and administration of your care.
The Service Provider will not forward electronic communications to third parties, including family members, without your prior written consent, except as authorized or required by law.
Prior to the commencement of the provision of services by the Service Provider through electronic communications, the TheService Provider is not responsible for information loss due to technical failures associated with your software or internet service provider.
The Patient will inform the Service Provider of any changes in the patient’s email address, mobile phone number, or other account information necessary to communicate electronically.
The Patient will take precautions to preserve the confidentiality of electronic communications, such as using screen savers and safeguarding computer passwords.
If the Patient no longer consents to the use of electronic communications by the Service Provider, then the Patient will provide notice of the withdrawal of consent by email or other written communication.

I acknowledge that I have read and fully understand the risks, limitations, conditions of use, and instructions for use of the selected electronic communications as described above. I understand and accept the risks outlined above to this consent form, associated with the use of the electronic communications with the Service Provider and the Service Provider’s staff.

Implied Consent for the Provision of Care

By virtue of seeking care from us, consent is implied (assumed) for information to be used by the company to provide care and to share information with others involved in your circle of care.

We are committed to protecting the privacy, confidentiality, and security of all personal health information used and collected to carry out our services.

The only people with access to your health information are the ones in your circle of care. Your circle of care includes physicians, clinicians, technicians, administrators, or other staff members assigned to your care during your stay or visit as a patient.

Disclosure to Other Health Care Providers

Relevant information is shared with other providers that may be involved in a patient’s care including, but not limited to, other physicians and specialists, pharmacists and lab technicians, your insurance company.

Disclosures Authorized by Law

There are limited situations where we are legally required to disclose personal information without your consent. These situations include, but are not limited to, billing provincial health plans, infectious disease control, fitness to drive or by court order.

Purchases through the Sleep Therapeutics Website

Section 1 – What we do with your information?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing (if applicable): With your permission, we may send you emails about our store, new products, and other updates.

Section 2 – Consent

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at [email protected]

Section 3 – Disclosure

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

Section 4 – Woocommerce

Our store is hosted on Woocommerce. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Woocommerce data storage, databases, and the general Woocommerce application. They store your data on a secure server behind a firewall.

Payment:

If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Stripe’s Terms of Service or Privacy Statement.

Section 5 – Third-Party Services

In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Section 6 – Security

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Section 7 – Links

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Section 8 – Cookie Policy

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We use Woocommerce cookies to keep track of cart data, our e-commerce platform,

WooCommerce makes use of 3 cookies:

woocommerce_cart_hash
woocommerce_items_in_cart
Wp_woocommerce_session_

The first two cookies contain information about the cart as a whole and help WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.

Section 9 – Age of Consent

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

Changes to this privacy policy

The Sleep Therapeutics reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Sleep Therapeutics remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data Sleep Therapeutics has about Users.

Contact Us

Have questions? Get in touch.