PETALMD privacy notice for the website - PIPEDA, GDPR and ePrivacy compliant version
At PETALMD we are committed to the protection of your privacy. In this notice we will explain why and how we in the capacity as a data processor for our customers, collect, use, disclose, retain and protect your personal data. We understand your rights and will explain how you can exercise those rights.
When we refer to PETALMD, ‘we’, ‘us’ or ‘our’, we mean PETALMD a company registered in Quebec City under the number 1166685017. Our registered office is located at Address: 350 boul. Charest Est, office 300 Quebec, Quebec G1K 3H5.
When we refer to ‘you’ we mean end users utilizing the standalone messaging service or a physician as part of a physician group.
If you have any questions about how we process your personal data, or have questions about your data subject rights, please email us at security@PetalMD.com.
What personal data do we collect and for what purposes?
We collect three types of information about you:
- Core service information (information required to provide the core services);
- Voluntary information (information required for additional services);
- Optional information (information required for analytics and marketing).
Account registration (direct collection, core service)
- Contact information and: first name, last name, address, email, phone number;
- Workplace information: profession or medical specialty, license number, hospital department or hospital affiliation, or place of work.
Building a profile (direct collection, voluntary)
- Profile information and: first name, last name, city, account type, language, email and phone number. Specialty, province where the license is valid and license number (specific to the account types "Physician" and "Fellow”).
Purchase of Services (direct collection, core service)
- payment information: credit card data or other payment instruments information;
- confirmation of contact information and workplace information.
Interaction with our staff and postings (direct collection, voluntary)
- correspondence and communications, with us such as enquiries or request for information (including but not limited to first name, last name, email address, medical specialty, workplace information);
- information you might provide through email, in the online support chat room or over the phone (including but not limited to first name, last name, email address, medical specialty, workplace information);
- posts on our social media channels, information that is publicly available on your Facebook wall, comments you leave on our website;
- details surrounding your attendance at our office including CCTV footage when you visit our office or during an event hosted by us or an industry event that we attend.
Contests and surveys (direct collection, voluntary)
- first name, last name, email address, address
Newsletter registration (direct collection, voluntary)
- first and last name;
- email address.
Website or mobile application usage – demographic, geographic and technical information (indirect collection, optional)
- websites visited;
- devices used;
- user preferences;
- device ID and GPS location;
- what advertisements have been placed for users.
- device ID and GPS location;
- Type of mobile device you are using;
- The operating system version of your mobile device;
- Frequency with which you use the application.
How and when do we process your personal data?
We collect and process your personal data when:
- You open an account with us;
- You build your profile;
- You use one of our services;
- You visit our website;
- You use the mobile application;
- You visit our social media sites;
- You participate in contests and surveys
- You get in touch with customer service (phone, email or online chat);
- You contact us through email;
- You provide us with a testimonial;
- You apply for a job;
- We receive a referral to you;
- You visit our office;
- You attend events hosted by us or industry events that we attend.
What is the legal basis for the personal data collection?
For your and our legitimate interest: we use your personal contact information and workplace specifics to enable you to utilize our services. We use your payment information to process a transaction when you buy additional services. We assume that you understand that we need your contact, workplace and payment information to provide this service. We therefore will not ask for explicit consent at the time when you place an order and/or when you open an account.
To comply with legal obligation: in certain circumstances we will have to disclose your personal data in response to an inquiry from a regulatory authority, the police or other government bodies.
We do not have a legal basis other than consent to collect demographic, geographic and technical information for analytics and marketing purposes. We will therefore ask for your expressed consent before we start the collection.
- We can use such information to provide you with offers of our products or offers or products from our partners that we think you would find interesting;
- We can subscribe you to our newsletter when you buy products through our partners;
- We can deliver incentives offered in exchange for your participation in our surveys and competitions.
Who do we share personal data with?
We may share your personal information with:
- Our staff;
- Our subsidiaries and sister companies;
- Other professionals registered on the platform;
- Third parties that help us facilitate the provision of our services.
Transborder Data Flows (data collected in Canada transferred to locations outside of Canada) and Restricted Transfers (personal data transfers outside of the EEA)
- All our partners that help us delivering our services reside and operate in the US and Australia. All our US based partners are Privacy Shield certified and therefore were able to evidence that sufficient safeguards are in place to protect your personal data;
- We will not ask for your expressed consent and we cannot offer you alternatives as the IT infrastructure in the cloud service provider platform and our partner services are integral to the delivery of our services.
How long do we keep your personal data?
We keep your personal data for as long as you have an account with us and 3 years after the last activity or when you tell us to delete information we have about you. In case of inactivity, we will contact you before we delete your account.
Right to access:
You can access your account any time through the website or the mobile application
Right to rectify:
You can make changes to your account information at any time
Right to be forgotten:
Standalone messenger - You can delete your account, which will automatically delete all personal data (core service information, voluntary information and optional information proportionate to the sensitivity of the information held) associated with the account. We will instruct all third parties we have shared your data with to delete your data.
Part of a physician group – In this case the controller (e.g. a hospital) is responsible for your data. It is up to the controller to instruct us to delete what they see as appropriate.
Right to restrict processing:
You can change your preferences at any time through your account settings or your browser settings.
Right to data portability:
You can request a copy of the data we have about you and we will provide the information through email. Please contact our support team.
Right to object:
You have full control over your account. Deleting your account will delete all associated data and consequently we will stop processing your personal data with us and all third parties we have shared your data with. While you have an account with us you can, at any time, change your preferences which will stop collection and processing of optional information.
- essential and functional cookies;
- analytics cookies;
- and advertising, marketing and social media cookies.
The essential and functional cookies will be used without your explicit consent as they are necessary to make our services work. Analytics, advertising, marketing and social media cookies on the other hand are optional. They are provided and managed by our service provider HubSpot. They will ask for your express consent at the time of your first visit or login. Should you opt-in for those cookies, they will live for 13 months on your computer, unless you clean the browsing data. Each time you use a different device, or you visit or login in incognito, the cookie banner will again ask for your consent. Should you at any time within the 13 months live span of the cookies decide to opt-out, you can do so by deleting your browsing data, either selectively or entirely and then opt-out when the banner appears again at your next visit.
We may update this privacy notice from time to time. The most up-to-data version can be found on PetalMD.com.