At Physiotec, we are aware of our privacy obligations and those of our clients. In this privacy statement, we have disclosed information about the way in which we handle personal data.
Should you have any further questions or concerns regarding protection of personal data, please contact our Data Protection Officer.
This privacy notice will explain how Physiotec processes the personal data we collect from you. There are different situations in which Physiotec might obtain personal information:
For each of these situations, this privacy notice answers the following questions:
This section explains Physiotec’s processing of your personal data if you interact with us via our website, other than logging in as an existing user.
On our website you will not only find information regarding Physiotec and its products and services. We also enable our online visitors to interact with us, to request information or file a complaint, to register for a free trial of our software or to obtain access as a student.
Messages, requests and complaints
If you send us a message, request, or complaint via the contact forms on our website, we ask you to provide some information to be able to answer you promptly, timely, and personally. We record the following personal data:
We record this data in our cloud-based Customer Relationship Management (CRM) system to be able to follow up on your message, and to be able to efficiently support you in case of additional communication. We retain this data for 3 years after completion of your initial communication.
Application for free trial or student access
If you apply for a free trial of our software, or apply for a student’s license, we ask you to provide information to be able to assess and handle your request. We record the following personal data:
We record this data in our cloud-based CRM system to be able to check whether you are eligible for a trial or student license of our software, and to provide you with a personal account. We retain this data for the duration of the license.
This section explains Physiotec’s processing of your personal data if you are an existing client of Physiotec and a licensee of our Home Exercise Program software. In that case, we might obtain personal data when you contact our customer service/support staff by email or by phone, or by third-party tools that Physiotec uses for contacting and billing purposes.
The personal data we collect are:
If you decide to authorize additional users to access your Physiotec license, you can choose to add personal information about the new user or request a user to be added by providing personal information to Physiotec support staff. Controlled by a user interface this will be limited to name, email address, phone number and work location of the additional user.
We process these data to be able to live up to our agreement with you as a licence holder and to define user accounts as requested by you. We retain this information for the duration of your license.
This section explains Physiotec’s processing of your personal data if you – as a client or patient of one of our licensees - use our Home Exercise Program software.
As a starting point, we point out that we only process personal data on the instruction of our licensees, who are health/care institutions, health professionals or any kind of practice. They determine the objective and means of the processing and are the primary collectors of your personal data1.Physiotec develops, provides and maintains the Home Exercise Program software and hosts the exercise data, including your personal data. Please also refer to the privacy notices of the institution or practice that provided you with access to our software (our licensees).
What data do we hold?
If you use our Home Exercise Program via one of our licensees, Physiotec will hold the following personal data:
The Home Exercise Program software has the option to pseudonomize your personal identification information. Whether this option is activated is a choice to be made by our licensee. Please contact your health professional for more information.
How do we acquire your data?
The Home Exercise Program is designed for you and your health professional to agree on a tailored exercise program and to be able to monitor progress. By using our software you provide your health professional with information for treatment support. We acquire personal data when:
How will we use your data?
Physiotec processes your data so that we can:
Physiotec will not use your personal data for any other reason.
Physiotec will not share your personal data with other third parties, except for subcontractors that we have contracted to provide usage of our software and storage of data:
With these service providers, Physiotec has data protection agreements in place. If your health/care institution decides to use Physiotec integrated into their Electronic Medical Records system (EMR), it is possible that some personal data (e.g. a PDF of an exercise program with your name on it) is being stored into that system as part of your medical file. Please also refer to the Privacy Statement of your health/care institutions’s EMR software.
How do we process and store your data?
If you are a client of a health/care institution in the UK, data is stored at London, England vm instance(gcloud). If you are a client of a health/care institution in any other location in the European Economic Area, data is stored at Frankfurt, Germany in a ec2(aws) instance.If you are a client of a health/care institution in Australia, data is stored at Sydney, Australia, in a google sql(gcloud).If you are a client of a health/care institution in North America or any other country not specifically listed above, data is stored at Councill Bluff, Iowa, USA in a google sql(gcloud) instance.For reasons of support or troubleshooting, Physiotec staff in Canada in Europe can access your data in the Home Exercise Program. Physiotec staff in Europe is limited to accessing licenses with personal information from European clients only. All our staff are bound to confidentiality and non-disclosure. Physiotec will keep your personal data for a time period that is based on instructions of our licensees. We will delete your data once our licensee has instructed us to do so.
If you contact us by phone or email, you will be serviced by our support staff. Depending on the nature of your message or request, you will be asked to provide information that we need to optimally support you. This data may pertain (but is not limited) to:
The information you are requested to provide only serves the purpose to provide you with the best support possible. We will record this information in our cloud-based CRM system, and we will retain the information for 1 year after completion of your request. If you are an existing customer, we will retain the information for the duration of the license agreement.
How is personal data secured?
Physiotec securely processes your data. We have implemented appropriate technical and organisational measures to ensure confidentiality, integrity and availability of the information we hold. Our staff has been trained in sound privacy principles, and we have taken technical and organisational security measures to safeguard the information of our clients. We take privacy matters seriously and maintain solid practices in data security and privacy protection. All employees have signed confidentiality and non-disclosure agreements.We make sure your data is stored on servers of trusted partners located in Canada, the US, the UK or in the EU. We are based in Canada, and comply to federal and provincial privacy laws (notably the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as to the General Data Protection Regulation (GDPR) which is applicable for our clients in the European Economic Area.
What are your data protection rights?
Physiotec would like to make sure you are fully aware of all of your data protection rights.In situations B and C as mentioned above, Physiotec is the processor of personal data. If you want to exercise any of the rights mentioned below, please contact the health/care institution, health professionals or the health practice (our licensees) that provided you with access to our software. As a controller of your personal data, they are the first point of contact and responsible to respond to your request. When instructed to do so by the institution, Physiotec will assist in handling your request.In situations A and C, Physiotec is the controller of your personal data, and as such responsible to adequately handle your request if you exercise your data subject’s rights. You can contact our support desk to assist you in this.Every data subject (the person personal data belongs to) is entitled to the following:
The right to access – You have the right to request the controller for copies of your personal data.
The right to rectification – You have the right to request that the controller correct any information you believe is inaccurate. You also have the right to request the controller to complete the information you believe is incomplete.
The right to erasure – You have the right to request that the controller erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that the controller restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to the controller’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that the controller transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Cookies
We use cookies to make visiting our website attractive and to enable the use of certain functions.
What are cookies?
Cookies are tiny text files that are placed and stored on your device when you visit our website. Physiotec’s website uses the following types of cookies:
Function cookies are required for a proper functioning of the website during your session. We use marketing cookies to be able to provide you with messages and service offerings. Measurement cookies are used to obtain statistics and quantitative information regarding the usage of our website, and to subsequently improve user experience on the basis of this data.For all cookies except Function cookies, your prior consent is required. You can give or withhold your consent (‘opt-in’) in the cookie banner that pops-up when you visit our site for the first time. After that initial choice, you can change your preferences at any time in our cookie consent management system. There, you will also find more detailed information on:
You can also configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website if you choose to refuse certain cookies.Social Media links, and links to other websites.Our website uses 'buttons' to connect to social media channels (LinkedIn, Facebook, Twitter, Instagram, Pinterest). On clicking these buttons you will be redirected to the Physiotec presence on the social medium in question. These buttons, for which the code was developed by the social media companies themselves, can place third party cookies. For more information about these cookies, please refer to the privacy policies of the specific social media channel.For informational purposes, our website may contain links to third party websites. We have no influence on the way in which the owner of these sites handle your data, should you leave personal information there. We would like to refer you to the privacy policy of the organisation in question for more information.
Changes
This privacy notice is subject to change. Please check our website regularly to obtain the latest version.
How to contact us
If you have any questions, suggestions or complaints regarding the protection of your personal data, please contact our Data Protection Officer:
Karen Goyette
9082-5902 Quebec Inc dba Physiotec
110 Boulevard Springer
Chapais, Québec, G0W 1H0
Canada
001-866-301-3439
How to contact the appropriate authorities
You might also want to get in touch with local supervisory authorities regarding questions or complaints regarding the protection of your personal data, such as Office of the Privacy Commissioner (Canada) or the Information Commissioner's Office (ICO) in the UK.
1 In privacy legal terms, Physiotec is a processor, our licensees are controllers.