Last update: December 2021
Click here to access previous versions of this Privacy Policy (French Only)
Thank you for your visit!
This Privacy Policy (the “Policy”) contains information about the processing of personal data by Petal Solutions Inc., Xacte (Zone3W Inc.) and Petal Solutions Europe B.V. as well as all its affiliates (“Petal”; “we”; “us”) and about how you may exercise your rights with respect to that personal data. If you have any additional questions, please do not hesitate to contact our Personal Information Protection Officer at the following address :
Personal Information Protection Officer
Privacy Officer
privacy@petalmd.com
350 Charest Blvd East, Suite 300
Quebec City, Quebec G1K 3H5
If you are located in Europe, please note that we act as a “subcontractor” for our customers in the provision of our professional services (as defined below). Our customers are the data controllers for the personal data under their control. They therefore decide on the legitimate bases for the processing of personal data and respond to your requests regarding your personal data. We process your personal data according to their instructions. We encourage you to review the privacy policies of these entities if you need more information
This Policy applies in connection with our services and products, such as our medical appointment or healthcare productivity management platforms (our “professional services”). We provide professional services to our customers, including hospitals, healthcare professionals, and public and government agencies. Here are some examples of our professional services:
This Policy applies only to the processing of “personal” data. By “personal data” we mean any data that allows us to identify you directly or indirectly, including cookies. Some of the personal data indicated in this Policy may not be protected under the laws that apply to you. This Policy is for transparency purposes.
This Policy does not apply in the following cases:
In these cases, we are the data controller, and the Privacy Policy applicable to our website and these activities can be found by clicking here.
This Privacy Policy does not apply to the activities of third parties, including integration partners and social networks, or to the activities of our customers, who are responsible for their own policies.
We collect personal data necessary for the delivery of our professional services, which may include health data (related to appointments with professionals, for example), as well as data pertaining to the business conducted by healthcare professionals. The personal data we collect in the provision of our professional services is not resold or used for marketing purposes. We have contracts with our customers and follow their instructions regarding the processing of your personal data. Our customers determine the lawful basis for such processing.
We collect personal information directly from users about their use of our professional services. However, healthcare professionals using our professional services may also provide us with personal data about their patients, mainly for billing purposes.
In the provision of our professional services, we collect the types of personal data listed below for the purposes identified. If you have any questions, please do not hesitate to contact us
We share your personal information with third parties in order to provide our professional services, including with our subcontractors, with government entities, or with integration partners as directed by our customers. Our subcontractors may also share some of your personal information with their own subcontractors. We have contracts with our subcontractors to protect your personal data.
Our customers may also disclose your personal data in accordance with their policies, including for the provision of healthcare services and to comply with applicable laws.
We’ll also disclose your personal data in the following situations:
Category |
Explanations |
Subsidiaries |
In the provision of our professional services, some personal data may be transferred between our subsidiaries. For example, if our customer is located in the European Union, our Canadian subsidiary may access personal data when responding to technical support requests. We share your personal information as required for the delivery and management of professional services. |
Government Authorities |
Under the laws in force, we may be required to share your personal information with government authorities, including on behalf of healthcare professionals who use our professional services. For example, as required by the Régie de l’assurance maladie du Québec, certain aggregate statistics on the billing of healthcare professionals must be disclosed. These disclosures are required by the applicable laws, and vary from region to region. |
Technology Suppliers |
We use the services of data centres and other providers to offer you professional services online. We also use security service providers. We disclose only the personal data they need to perform their services, and we have contracts that prevent secondary use. |
Secure Digital Payment Provider |
We use trusted third parties to process your credit card payments. Our payment processing provider is Stripe, which is PCI DSS level 1 certified. Stripe may share your payment information as necessary to complete your payments, in particular with banking institutions or credit card companies. |
Feature Providers |
We work with subcontractors for some of the features of our services. For example:
• We use Intercom to provide context-specific help to users and a chat service with the Xacte support team. You can view their privacy policy by clicking here. |
We are located in Canada and in the European Union. However, some of our subcontractors are located outside these regions. For example, we use Chargebee to manage our subscriptions. Chargebee uses subcontractors located in the United States. You can consult the list of these subcontractors and their locations by clicking here.
When we transfer your personal data outside your country of residence, we ensure that appropriate safeguards are in place to provide it with protection similar to that of your country of residence. For example, in the European Union, we can use the standard model clauses, available here.
’We retain your personal data for as long as necessary for the purposes of collection, or longer if required by the applicable law. Our customers may maintain copies of your personal data for longer periods of time, depending on their privacy policies.
If you are a platform user, you may delete your account at any time, subject to the requirements of your employer, by sending an email to privacy@petalmd.com. Any personal data pertaining to you will then be deleted.
The security of your data is important to us, but please keep in mind that no method of transmission over the web or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. For example, some of our subcontractors, such as Stripe, comply with PCI DSS, the global standard for financial information processing.
That said, Petal has administrative, technological and physical measures and practices in place to protect your personal data. For example, we restrict access to your personal data to those who need it in order to perform their duties. We train our staff on privacy issues and sign confidentiality agreements with our third parties.
You have certain rights regarding your personal data. Your rights vary depending on the laws that apply to you and the specific circumstances of your request.
To exercise your rights, it’s best to go directly to the organization that provided you with access to professional services, a healthcare facility or a level of government. We have contracts with our customers that contain obligations to collaborate with them in responding to your requests. Consequently, if you submit a request to us, we may need to share it with the institution that gave you access to our professional services.
Your rights may include, for example, the right to access your personal data, to modify it or even to obtain a copy of it in certain cases. For security reasons and to prevent fraud, we may ask you to provide proof of identity with your request. Once the request is processed, we will securely delete this personal data.
To exercise your rights or ask about how we process your personal data, you can contact us:
:
Personal Information Protection Officer
Privacy Officer
privacy@petalmd.com
350 Charest Blvd East, Suite 300
Quebec City, Quebec G1K 3H5
We will help you at no extra charge. However, if you request a transcription, reproduction or transmission of your personal data, we may charge you a reasonable fee to process your request, subject to the applicable laws. In that case, we will contact you about the fee before processing your request.
If your request is denied, we will notify you in writing, providing detailed reasons and information on how to challenge our decision. We will retain the relevant personal data until you have exhausted your remedies.
If you have any comments about how we responded to your request, please let us know by writing to us at privacy@petalmd.com. We’ll do our best to improve our processes so that it does not happen again. We’ll also provide you with additional information about our practices if you wish. If you’re not satisfied with our handling of your request, you may file a formal complaint with the Office of the Privacy Commissioner of Canada by completing this form, or by addressing the local authorities in your country of residence.
We may update this Privacy Policy as needed and to reflect our privacy obligations. The date of the last update appears at the top of the Policy. Upon written request, we will send you a copy of the previous versions.
Quebec City (Head Office)
350 Charest Blvd. E., Suite 300
Quebec City (QC) G1K 3H5
1-888-949-8601
Montreal
5455 de Gaspe Ave., Suite 470
Montreal (QC) H2T 3B3
1-888-949-8601
©Zone3W inc. 2024. All rights reserved. | Privacy Policy