1. CUSTOMER PRIVACY STATEMENT
Noterro Inc. (“Noterro”) knows that you care about how Personal Information (as defined in section 3(2)) is used and shared. This notice describes how we treat that information. We are committed to the important goal of protecting privacy and personally identifiable information. This privacy notice is applicable to any and all services provided on noterro.com including our Noterro software as a service (the “SaaS”) and any other domain name that may be operated and/or owned by Noterro. By visiting and using the SaaS, you agree to the terms of this Privacy Statement.
2. OUR COMMITMENT TO PRIVACY
(1) Noterro is committed to controlling the storage, use and disclosure of the Personal Information (as defined in section 3(2)) provided by its customers.
3. WHAT IS PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION?
(2) Personal Information is stored by Noterro only when you specifically and knowingly choose to provide it to us such as when you input or upload information through the SaaS. When users of our SaaS provide Personal Information through our SaaS they are confirming that they have the consent of the person to whom the Personal Information belongs and refers to use it with the SaaS.
(3) Publicly available information, such as a public directory listing of a name, address, telephone number and electronic address, is not considered Personal Information.
4. STORAGE AND USE OF PERSONAL INFORMATION
(1) Noterro stores and uses Personal Information only when you provide such information to us and when you transmit such information into and by way of the SaaS. Noterro stores and uses Personal Information solely for the purpose of permitting you to use our SaaS in accordance with our SaaS agreement. By requesting that we store, or by providing to us, Personal Information via the SaaS, you are consenting to our storage and use of such Personal Information in accordance with the SaaS agreement. Personal Information will not be used for any other purpose without your consent.
(2) We may also receive non-personally identifiable information (e.g. functions and features of the SaaS that have been used, etc.) from your interaction with our SaaS.
(3) Our SaaS does not limit the amount and type of information you may submit to it.
(4) Noterro will not sell, lease or trade Personal Information to other third parties.
(5) Anonymous or information that is not Personal Information gathered by Noterro through our SaaS may be used for technical, research and analytical purposes.
(6) Noterro will only ask for information about you that we need and will only ask for it when we need it. When we ask you for the information, we will explain to you why we need it and what we are going to do with it.
(7) Personal Information is stored on servers and computers located inside of Canada, which are managed by companies that meet the security requirements for Noterro and its customers.
Noterro shall not disclose Personal Information except: (i) as may be required to provide the SaaS; (ii) as you may direct; (iii) via the SaaS as a result of your actions; and (iv) as the law may require.
Noterro will try to ensure that any information is accurate, complete and up-to-date. However, please inform Noterro of any change in the information. In the event you have questions about the accuracy of factual information we store, you will have access to that information in order to verify and update it. If we have disclosed inaccurate information about you to a third party, we will be pleased to contact the third party in order to correct the information.
(1) Noterro may permit you to access the Personal Information in those circumstances permitted or required by applicable privacy legislation. If Noterro refuses access to you, it will provide you with the reasons for its refusal upon request. Exceptions may include information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. Noterro will respond to your requests for access in accordance with applicable privacy legislation.
10. QUESTIONS OR CONCERNS
(2) Noterro has procedures in place to receive and respond to complaints or inquiries about its handling of Personal Information. They will describe the complaint procedures to anyone who makes inquiries or lodges complaints.
(3) If you are not satisfied with the response from us after making a complaint, you may have recourse to additional remedies under applicable privacy legislation. For further information, please contact the federal Privacy Commissioner or your provincial Privacy Commissioner, as applicable.
(1) The foregoing policies are effective as of the “Last Update” date stated above. Noterro reserves the right to change this policy at any time with reasonable notice to users posted on the Website of the existence of a new Privacy Statement. This statement and the policies outlined here are not intended to and do not create any contractual or other legal rights in or on behalf of any party.
DEFINITION OF “PERSONAL HEALTH INFORMATION”
“Personal health information” has the meaning ascribed to it under the Personal Health Information Protection Act, 2004, S.O. 2004, ch. 3 (“PHIPA”), as such statute may be amended from time to time.
For ease of reference the following is section 4 of PHIPA.
4 (1) In this Act,“personal health information”, subject to subsections (3) and (4), means identifying information about an individual in oral or recorded form, if the information,
(a) relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,
(b) relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,
(c) is a plan of service within the meaning of the Home Care and Community Services Act, 1994 for the individual,
(d) relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the individual,
(e) relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance,
(f) is the individual’s health number, or
(g) identifies an individual’s substitute decision-maker.
(2) In this section,
“identifying information” means information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual. 2004, c. 3, Sched. A, s. 4 (2).
(3) Personal health information includes identifying information that is not personal health information described in subsection (1) but that is contained in a record that contains personal health information described in that subsection. 2009, c. 33, Sched. 18, s. 25 (3).
(4) Personal health information does not include identifying information contained in a record that is in the custody or under the control of a health information custodian if,
(a) the identifying information contained in the record relates primarily to one or more employees or other agents of the custodian; and
(b) the record is maintained primarily for a purpose other than the provision of health care or assistance in providing healthcare to the employees or other agents.