Physiotec Privacy Notice – Home Exercise Program

At Physiotec, we are aware of our privacy obligations and those of our clients. In this privacy statement, we have disclosed information about the way in which we handle personal data.

Should you have any further questions or concerns regarding protection of personal data, please contact our Data Protection Officer.

This privacy notice will explain how Physiotec processes the personal data we collect from you. There are different situations in which Physiotec might obtain personal information:

  • A. you are a user of our website
  • B. you are a client/licensee of our Home Exercise Program (HEP) software
  • C. you are a user of our Home Exercise Program software
  • D. you contact our support staff by email or by phone

For each of these situations, this privacy notice answers the following questions:

  • What data do we hold?
  • How do we acquire your data?
  • How will we use your data?
  • How do we store your data?
  • What are your data protection rights?
  • How can you contact us?
  • How can you contact the appropriate privacy authorities?

A. You are a user of our website

This section explains Physiotec’s processing of your personal data if you interact with us via our website, other than logging in as an existing user.

On our website you will not only find information regarding Physiotec and its products and services. We also enable our online visitors to interact with us, to request information or file a complaint, to register for a free trial of our software or to obtain access as a student.

Messages, requests and complaints

If you send us a message, request, or complaint via the contact forms on our website, we ask you to provide some information to be able to answer you promptly, timely, and personally. We record the following personal data:

  • your first and last name
  • the company you represent
  • your email address
  • your phone number
  • your country
  • the message you send us (in a free text field)

We record this data in our cloud-based Customer Relationship Management (CRM) system to be able to follow up on your message, and to be able to efficiently support you in case of additional communication. We retain this data for 3 years after completion of your initial communication.

Application for free trial or student access

If you apply for a free trial of our software, or apply for a student’s license, we ask you to provide information to be able to assess and handle your request. We record the following personal data:

  • your first and last name
  • the company you represent
  • whether you are a professional or a patient (in case of free trial)
  • your school name (in case of student access)
  • your email address
  • your phone number
  • your country
  • any personal data in the message you send us (free text) (in case of free trial)

We record this data in our cloud-based CRM system to be able to check whether you are eligible for a trial or student license of our software, and to provide you with a personal account. We retain this data for the duration of the license.

B. You are a client/licensee of our Home Exercise Program software

This section explains Physiotec’s processing of your personal data if you are an existing client of Physiotec and a licensee of our Home Exercise Program software. In that case, we might obtain personal data when you contact our customer service/support staff by email or by phone, or by third-party tools that Physiotec uses for contacting and billing purposes.

The personal data we collect are:

  • your first and last name
  • the company you represent
  • your email address
  • your physical address
  • your phone number
  • your country
  • payment information (e.g. credit card, bank account details, PayPal account details)
  • any personal data in the message(s) you send us

If you decide to authorize additional users to access your Physiotec license, you can choose to add personal information about the new user or request a user to be added by providing personal information to Physiotec support staff. Controlled by a user interface this will be limited to name, email address, phone number and work location of the additional user.

We process these data to be able to live up to our agreement with you as a licence holder and to define user accounts as requested by you. We retain this information for the duration of your license.

C. You are a user of our Home Exercise Program software

This section explains Physiotec’s processing of your personal data if you – as a client or patient of one of our licensees - use our Home Exercise Program software.

As a starting point, we point out that we only process personal data on the instruction of our licensees, who are health/care institutions, health professionals or any kind of practice. They determine the objective and means of the processing and are the primary collectors of your personal data1.Physiotec develops, provides and maintains the Home Exercise Program software and hosts the exercise data, including your personal data. Please also refer to the privacy notices of the institution or practice that provided you with access to our software (our licensees).

What data do we hold?

If you use our Home Exercise Program via one of our licensees, Physiotec will hold the following personal data:

  • Personal identification information (Name, email address, phone number)
  • The name and email address of your health professional
  • The health/care institution where you are registered as a patient
  • Your exercise program
  • Progress data on your exercise program (that you as a user enter into the application)
  • Any additional personal data included in documents, pictures, or videos that you or your health professional chooses to upload into your account.

The Home Exercise Program software has the option to pseudonomize your personal identification information. Whether this option is activated is a choice to be made by our licensee. Please contact your health professional for more information.

How do we acquire your data?

The Home Exercise Program is designed for you and your health professional to agree on a tailored exercise program and to be able to monitor progress. By using our software you provide your health professional with information for treatment support. We acquire personal data when:

  • Your health professional creates a user account for you in our software and enters your personal data
  • You update your account (e.g. email address, phone number) or provide progress information
  • Your health professional stores documents, pictures or videos with personal information to your account
  • You upload documents, pictures or videos with personal information to your account

How will we use your data?

Physiotec processes your data so that we can:

  • Enable you to use our software and manage your account.
  • Enable you to register your progress information in your account.
  • Enable you and your health professional to establish a tailored exercise and treatment approach and monitor progress.
  • Deliver our services as agreed with our licensees.

Physiotec will not use your personal data for any other reason.

Physiotec will not share your personal data with other third parties, except for subcontractors that we have contracted to provide usage of our software and storage of data:

  • AWS
  • Google Cloud
  • Zoho CRM
  • Calendly online booking system

With these service providers, Physiotec has data protection agreements in place.

If your health/care institution decides to use Physiotec integrated into their Electronic Medical Records system (EMR), it is possible that some personal data (e.g. a PDF of an exercise program with your name on it) is being stored into that system as part of your medical file. Please also refer to the Privacy Statement of your health/care institutions’s EMR software.

How do we process and store your data?

If you are a client of a health/care institution in the UK, data is stored at London, England vm instance(gcloud).

If you are a client of a health/care institution in any other location in the European Economic Area, data is stored at Frankfurt, Germany in a ec2(aws) instance.

If you are a client of a health/care institution in Australia, data is stored at Sydney, Australia, in a google sql(gcloud).

If you are a client of a health/care institution in North America or any other country not specifically listed above, data is stored at Councill Bluff, Iowa, USA in a google sql(gcloud) instance.

For reasons of support or troubleshooting, Physiotec staff in Canada in Europe can access your data in the Home Exercise Program.
Physiotec staff in Europe is limited to accessing licenses with personal information from European clients only. All our staff are bound to confidentiality and non-disclosure.

Physiotec will keep your personal data for a time period that is based on instructions of our licensees. We will delete your data once our licensee has instructed us to do so.

D. You contact our support staff by email or by phone

If you contact us by phone or email, you will be serviced by our support staff. Depending on the nature of your message or request, you will be asked to provide information that we need to optimally support you. This data may pertain (but is not limited) to:

  • your first and last name
  • the company you represent
  • your email address
  • your phone number
  • your country
  • details of your request/question

The information you are requested to provide only serves the purpose to provide you with the best support possible. We will record this information in our cloud-based CRM system, and we will retain the information for 1 year after completion of your request. If you are an existing customer, we will retain the information for the duration of the license agreement.

How is personal data secured?

Physiotec securely processes your data. We have implemented appropriate technical and organisational measures to ensure confidentiality, integrity and availability of the information we hold.

Our staff has been trained in sound privacy principles, and we have taken technical and organisational security measures to safeguard the information of our clients.We take privacy matters seriously and maintain solid practices in data security and privacy protection. All employees have signed confidentiality and non-disclosure agreements.

We make sure your data is stored on servers of trusted partners located in Canada, the US, the UK or in the EU. We are based in Canada, and comply to federal and provincial privacy laws (notably the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as to the General Data Protection Regulation (GDPR) which is applicable for our clients in the European Economic Area.

What are your data protection rights?

Physiotec would like to make sure you are fully aware of all of your data protection rights.

In situations B and C as mentioned above, Physiotec is the processor of personal data. If you want to exercise any of the rights mentioned below, please contact the health/care institution, health professionals or the health practice (our licensees) that provided you with access to our software. As a controller of your personal data, they are the first point of contact and responsible to respond to your request. When instructed to do so by the institution, Physiotec will assist in handling your request.

In situations A and C, Physiotec is the controller of your personal data, and as such responsible to adequately handle your request if you exercise your data subject’s rights. You can contact our support desk to assist you in this.

Every data subject (the person personal data belongs to) is entitled to the following:

The right to access – You have the right to request the controller for copies of your personal data.

The right to rectification – You have the right to request that the controller correct any information you believe is inaccurate. You also have the right to request the controller to complete the information you believe is incomplete.

The right to erasure – You have the right to request that the controller erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that the controller restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to the controller’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that the controller transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Cookies

We use cookies to make visiting our website attractive and to enable the use of certain functions.

What are cookies?

Cookies are tiny text files that are placed and stored on your device when you visit our website. Physiotec’s website uses the following types of cookies:

  • Function Cookies
  • Marketing Cookies
  • Measurement Cookies

Function cookies are required for a proper functioning of the website during your session. We use marketing cookies to be able to provide you with messages and service offerings. Measurement cookies are used to obtain statistics and quantitative information regarding the usage of our website, and to subsequently improve user experience on the basis of this data.

For all cookies except Function cookies, your prior consent is required. You can give or withhold your consent (‘opt-in’) in the cookie banner that pops-up when you visit our site for the first time. After that initial choice, you can change your preferences at any time in our cookie consent management system. There, you will also find more detailed information on:

  • the cookies Physiotec uses and (if applicable) the third parties involved
  • which cookies require your consent and how to give or revoke your consent
  • what purpose the cookies serve
  • how long cookies are retained

You can also configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies.Please note that you may not be able to use all functions of this website if you choose to refuse certain cookies.

Social Media links, and links to other websites.

Our website uses 'buttons' to connect to social media channels (LinkedIn, Facebook, Twitter, Instagram, Pinterest). On clicking these buttons you will be redirected to the Physiotec presence on the social medium in question. These buttons, for which the code was developed by the social media companies themselves, can place third party cookies. For more information about these cookies, please refer to the privacy policies of the specific social media channel.

For informational purposes, our website may contain links to third party websites. We have no influence on the way in which the owner of these sites handle your data, should you leave personal information there. We would like to refer you to the privacy policy of the organisation in question for more information.

Changes

This privacy notice is subject to change. Please check our website regularly to obtain the latest version.

How to contact us

If you have any questions, suggestions or complaints regarding the protection of your personal data, please contact our Data Protection Officer:

Dr. Clemens W. Janssen
9082-5902 Quebec Inc dba Physiotec
4830 Montee St. Hubert
St. Hubert, QC J3Y 1V1
Canada
001-866-301-3439

How to contact the appropriate authorities

You might also want to get in touch with local supervisory authorities regarding questions or complaints regarding the protection of your personal data, such as Office of the Privacy Commissioner (Canada) or the Information Commissioner's Office (ICO) in the UK.

1 In privacy legal terms, Physiotec is a processor, our licensees are controllers.