PRIVACY POLICY

Welcome to the Privacy Policy of FACETEC. This policy outlines how we collect, use, disclose, retain and protect personal information provided by individuals who interact with our organization.

Scope  

This Privacy Policy applies to all personal information collected, processed, and stored by FACETEC in the course of our operations and interactions with individuals, whether online or offline.  

Purpose  

The purpose of this Privacy Policy is to inform individuals about the types of personal information we collect, how we use and disclose it, how we safeguard it, and the rights individuals have regarding their personal information.  

Use of Website  

FACETEC’s website collects certain information such as internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of FACETEC’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. FACETEC has a legitimate interest in understanding how members, customers and potential customers use our website. This assists us with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.  

Cookies and tracking technologies  

FACETEC uses cookies and similar tracking technologies to improve your browsing experience on our website. Cookies are small pieces of text sent by your web browser. This cookie file is then stored in your web browser and allows us to recognize this small piece of text to help us understand our customers needs. Specifically, FACETEC uses these cookies to analyze website traffic through Google Analytics. By accepting this Privacy you understand and accept the use of these technologies in accordance with this notice. If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.  

Types of Personal Information Collected  

We may collect various types of personal information, which may include but are not limited to:

  • Contact Information (first name, last name, phone number, email)  
  • Company Information (company name, professional designation)  
  • Financial Information (billing address, payment information)  
  • Online Identifiers (e.g., IP address, cookies, device information) 

FACETEC provides software as a service (SaaS) tailored for medical professionals. FACETEC itself does not collect personal health information (PHI). Instead, the medical professional or healthcare organization utilizing the software is the collecting party responsible for the handling and storage of PHI. FACETEC serves as a provider of software solutions designed to facilitate the collection, storage, and management of PHI by the medical professional or healthcare organization. FACETEC is strictly limited to providing the platform and tools necessary for the efficient operation of healthcare services and does not access or process PHI.  

Purposes of Data Collection and Use  

We collect and use personal information for the following purposes:  

  • To provide and deliver our software as a service  
  • To process and fulfill requests  
  • To communicate with individuals  
  • To personalize user experiences  
  • To conduct research and analytics  
  • To comply with legal obligations  
  • To protect the rights and safety of individuals and our organization  

Third Parties  

FACETEC may engage third-party organizations for cloud hosting (AWS), marketing/data analysis (Google Analytics), and customer relationship management (CRM) tools (Zoho). These third parties only have access to your personal data to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. All three of the third-parties listed are SOCII and ISO27001 compliant – meaning they have undergone extensive auditing to ensure their security and privacy controls comply with high global standards.   

Consent and Consent Withdrawal  

By using our services, you consent to the collection and use of your personal data as outlined in this Privacy Policy. You have the right to withdraw your consent at any time. To do this, please email info@facetec.ca. Please note that withdrawing consent may affect the functionality of our services.  

FACETEC software is not intended to be purchased by those under 18 years of age. FACETEC software and services are only to be purchased by qualified professionals in the medical/dental industries.

Disclosure of Personal Information  

We may disclose personal information to third parties in the following circumstances:  

  • With consent from the individual  
  • With service providers or business partners involved in providing our products/services  
  • When required by law or to comply with legal obligations  
  • In connection with a merger, acquisition, or business transaction  

Data Retention and Destruction  

We retain personal information only for as long as necessary to fulfill the purposes stated in this Privacy Policy unless a longer retention period is required or permitted by law, to resolve disputes, and enforce legal agreements. When personal information is no longer needed, we securely destroy or anonymize it.  

Data Security Measures  

We implement appropriate technical and organizational measures to safeguard personal information against unauthorized access, loss, or alteration. These measures include but are not limited to data encryption, access controls, and regular security assessments.   The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement and (ii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein.   As mentioned previously, all third-party organizations are SOCII and ISO27001 certified, so their security controls comply with global security standards.  

Data Transfers  

Your information, including personal data, may be transferred to — and maintained on — cloud servers located outside of your province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Currently, FACETEC operates within Canada and therefore data stored in AWS is also stored in Canada. As FACETEC expands into other regions, new AWS instances will be created to store information in that region. We abide by the Canadian federal privacy legislation (PIPEDA).  

Individuals’ Rights  

Individuals have certain rights regarding their personal information, which may include the right to access, rectify, restrict processing, object to processing, erase their personal information, and request the portability of your personal information (subject to legal requirements). To exercise these rights, please contact us at info@facetec.ca. We will respond to your request within a reasonable timeframe.  

Applicable Privacy Legislation   

General Data Protection Regulation (GDPR)  

FACETEC acknowledges the importance of the General Data Protection Regulation (GDPR) as it pertains to the processing of personal data of individuals within the European Economic Area (EEA)/European Union (EU). FACETEC is compliant with GDPR in providing transparent information about data processing activities, obtaining valid consent for data processing where necessary, implementing appropriate security measures to protect personal data, honoring individuals’ rights regarding their personal data, and notifying relevant supervisory authorities and affected individuals in the event of a data breach. This policy addresses each of those items and FACETEC encourages those with further questions and concerns to email: info@facetec.ca   

Personal Information Protection and Election Documents Act (PIPEDA)  

As a Canadian-based organization, FACETEC adheres to the Personal Information Protection and Electronic Documents Act (PIPEDA) concerning the collection, use, and disclosure of personal information in the course of commercial activities. This includes obtaining individuals’ consent for the collection, use, or disclosure of their personal information, limiting the collection of personal information to what is necessary for the purposes identified, implementing appropriate safeguards to protect personal information, providing individuals with access to their personal information, and offering recourse for individuals who have concerns about our handling of their personal information.

California Consumer Privacy Act (CCPA)  

FACETEC complies with the California Consumer Privacy Act (CCPA) in relation to the collection, use, and disclosure of personal information of California residents. This includes providing California residents with the right to know what personal information is being collected about them, the right to access their personal information, the right to request deletion of their personal information, the right to opt-out of the sale of their personal information, and the right to non-discrimination for exercising their privacy rights under the CCPA. This policy addresses each of those items and FACETEC encourages those with further questions and concerns to email info@facetec.ca.   

Health Insurance Portability and Accountability Act (HIPAA)

FACETEC does not directly handle personal health information (PHI) in connection with the provision of healthcare services. FACETEC implements appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of the information we do collect. FACETEC ensures that the contractual agreements with FACETECs (the medical professionals or healthcare organizations) clients include provisions related to HIPAA compliance, such as requirements for the covered entities to use the software in a manner consistent with HIPAA regulations and to safeguard PHI appropriately.  

Breach Reporting  

In the event of a data breach that affects your personal data, FACETEC will notify you and the appropriate regulatory authorities within the time frame required by applicable law and the FACETEC Incident Response Policy. We will also take necessary steps to mitigate the breach and prevent similar incidents in the future.  

Details of the breach notification to individuals impacted will include:  

  • Description of the breach  
  • When the breach occurred  
  • Description of the PI that has been compromised  
  • Description of steps taken to reduce risk of harm to individuals  
  • Description of what individuals can do to reduce risk of harm  
  • Contact information of the organization and how the individual can obtain further information

Details of the breach notification to applicable legal authorities will include:  

  • Name/location/contact information of FACETEC  
  • Number of individuals affected by breach, or approximate number  
  • When the breach occurred  
  • Description of organizations involved in breach  
  • How and why the breach occurred   
  • When the breach was discovered  
  • Where the breach occurred  
  • List of those who have had access to Personal Information  
  • List of relevant safeguards in place during time of breach  
  • Description of Personal Information compromised  
  • Information regarding the notification of those individuals impacted  

Complaints and Inquiries  

Individuals may contact us with any inquiries, concerns, or complaints regarding the handling of their personal information at info@facetec.ca. We will address and respond to such communications promptly and in accordance with applicable privacy laws. 

Privacy Officer   

The Data Protection Officer (DPO) is the founder of FACETEC and shall have the responsibilities set forth in this Policy. The DPO is tasked with daily and ongoing oversight and management of FACETEC Compliance Program, which includes the following responsibilities: 

  • Monitoring FACETEC’s internal compliance with privacy legislation 
  • Providing guidance at the earliest stage possible on all aspects of data protection 
  • Keeping FACETEC stakeholders appraised of changes to applicable privacy legislation and other relevant laws and regulations 
  • Assisting the controller or processor in monitoring internal compliance with the Regulation, including: 
  • Collecting information to identify processing activities 
  • Analyzing and checking the compliance of processing activities 
  • Informing, advising and issuing recommendations to the controller or the processor 
  • Acting in an independent manner, and ensuring there is no conflict of interest in other roles or interests that the DPO may hold 
  • Maintaining inventories of all personal data stored on behalf of the data controller or processor 
  • Responding to security, privacy, and data access requests and complaints from data subjects 
  • Managing data security and critical business continuity issues that could impact personal data 
  • Providing guidance, as requested, to the data controller to complete a data protection impact assessment (“DPIA”) 
  • Providing guidance on responding to accidental or malicious activity that could impact personal data 
  • Cooperate with the supervisory authority as needed 
  • To act as the contact point for the supervisory authority on issues relating to processing, and to consult, where appropriate, with regard to any other matter 

Policy Updates and Communication  

FACETEC may update this Privacy Policy from time to time to reflect changes in the practices or legal obligations. FACETEC will communicate any material changes through appropriate channels and obtain any necessary consents when required.