Last revision: August 2024
INTRODUCTION
This Privacy Policy (“Policy”) describes how Asepha (“we,” “our,” “us”) collects, uses, and discloses certain personal information obtained through our website (“Site”), which is available at https://www.asepha.ai/, as well as our website application (the “Platform”) available through the Site. This Policy also applies to any white-labelled application programming interface products (“API”) available through both the Site and the Platform. By using the Site, Platform, and API (collectively, the “Services”) and the features available to you on the Services, you are agreeing to the terms of this Policy.
IMPORTANT DISCLOSURE REGARDING THE PLATFORM
You are not permitted to record any protected health information of patients in the Platform. To ensure that you are not recording personal information about patients, all information entered into the platform should be de-identified. You should remove all direct identifiers of a patient (such as a name, address, email address, or other obvious identifiers), as well as any and all other details that could identify an individual. You can review a full list of data elements that should be removed here:
https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html#standard
ACCEPTANCE OF TERMS AND REVISIONS
By accessing the Site, submitting information to us (regardless of whether you register an account), or using any of the Services, you consent to becoming a Client of Asepha and agree to the collection and use of your Personal Information in accordance with this Privacy Policy. If you do not accept this Privacy Policy, you must not submit information to us, register an account, or use the Site and/or Services.
We reserve the right to revise this Privacy Policy at any time. Notice of such revisions will be provided by posting the updated Privacy Policy at https://www.asepha.ai/privacy. It is your responsibility to review the current Privacy Policy when accessing or using the Site and/or Services. Continued use of the Site and/or Services after any revisions are posted will be deemed acceptance of those revisions.
TYPES OF INFORMATION WE COLLECT
Asepha may collect two types of information from you as our Client through your use of our website, services, and software solutions:
(a)
“Personal Information” refers to any information about an identifiable individual, as defined by applicable privacy legislation such as the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and similar laws where applicable.
The Personal Information we collect is determined by the context of your interactions with Asepha, the services you access, and the features you use. This information may include, but is not limited to: your name, email address, residential address, geolocation information, phone number, date of birth, gender, occupation, and your username. This list serves as an example to illustrate the types of personal information we may collect and is not an exhaustive representation of all data collected by Asepha.
(b)
“Non-Personal Information” refers to data that does not identify you as an individual. This may include business activity or transaction data, as well as statistics derived from such data. Non-Personal Information can also result from Personal Information that has been de-identified, meaning any identifiable elements are removed to create generalized data such as age, postal code, or other demographic details, which may then be used for system optimization or usage pattern analysis.
De-identified data becomes Non-Personal Information under this definition, in compliance with applicable policies and legislation. Additionally, Non-Personal Information includes anonymous "Usage Data," such as data related to how you interact with Asepha’s software. This could include information about how long you use our services, what features you engage with, and technical details about your device and browser. Usage Data, in its non-identifying form, is gathered for improving our services and system troubleshooting.
At Asepha, Non-Personal Information is collected and used for internal purposes such as resource planning and optimizing service delivery, in compliance with relevant agreements and legislation. Non-Personal Information may be shared with third-party sub-contractors supporting our services, but it will never be used for marketing purposes or sold to third parties.
Providing Personal Information or Non-Personal Information (except Usage Data) is entirely voluntary. If you choose not to provide certain details, this may limit our ability to deliver certain features of the services. However, the decision to share or withhold information is always yours.
APPLICATION OF THIS PRIVACY POLICY
This Privacy Policy applies solely to the information that Asepha collects, uses, or receives from you through your access to and use of our website, services, and AI-driven solutions. Asepha is not responsible for the actions of any third parties, the content of their websites, or how they handle the information you provide to them. Any information you share with third parties is subject to the privacy policies of those third parties. We encourage you to review their privacy policies to understand how your information will be handled by these entities.
Asepha’s website and services may also contain links to third-party websites (“Linked Sites”) that are not controlled or operated by Asepha. These links are provided for your convenience and do not indicate Asepha’s endorsement, affiliation, or sponsorship of those third parties. Linked Sites are governed by their own privacy policies and terms of use. Asepha is not responsible for the information you disclose to, or that is collected by, these Linked Sites or for the privacy practices of the operators of those sites. To understand how your information will be treated when interacting with a Linked Site, please review the privacy policy applicable to that specific site.
CONSENT– PERSONAL INFORMATION
As a client, by providing Personal Information to Asepha, you consent that we may collect, use, disclose, and transfer your Personal Information in accordance with this Privacy Policy and as permitted or required by law.
Subject to legal and contractual requirements, you have the right to refuse or withdraw your consent to the collection, use, disclosure, and transfer of your Personal Information for specific purposes outlined in this policy. You may do so at any time by contacting Asepha using the contact details provided below. If you choose to refuse or withdraw your consent, please be aware that we may be unable to provide or continue providing certain services that may be beneficial to you.
COLLECTION OF INFORMATION We may collect information from you in the following ways:
(a)
Information You Provide to Us. When you engage with Asepha as our Client to receive a Service that requires submitting information, we collect the minimum information necessary, as per this privacy policy, to deliver the requested Service. This information may be necessary for verifying your identity, fulfilling your orders, contacting you regarding the Service, or other actions required to provide and protect your information.
(b)
Your Location. In certain cases, we may collect precise or approximate geolocation information as part of delivering requested Services. This data is collected only when necessary, is securely deleted after use, and is not stored for any other purpose. Location-based data is also aggregated from de-identified Client information for resource management but does not include any identifying details.
(c)
Information You Submit to Us. If you voluntarily submit Personal Information for any other reason, we will collect and use it for the purpose for which it was submitted.
(d)
Visiting Our Site. We do not collect any Personal Information simply by virtue of your visiting our Site. However, we collect Non-Personal Information, such as Usage Data, to improve our platform. This data is not combined with Personal Information unless you choose to provide such information.
(e)
Where Permitted by Law. We may also collect information, including Personal Information, as otherwise permitted by law.
(f)
Do Not Track (DNT). Do Not Track (DNT) is a privacy setting available in most web browsers. As there are currently no universal standards by the World Wide Web Consortium (W3C) for recognizing DNT signals, Asepha does not recognize DNT at this time.
(g)
Cookies. We may use "cookies" or similar technologies when you access our Site or Services. Cookies are small files that are stored on your computer by your web browser. A cookie allows the Services to recognize whether you have visited before and may store user preferences and other information. If you do not wish to accept cookies, you can block or disable them, but some aspects of our Site and Services may not function properly as a result.
(h)
Third-Party Advertising Partners. Asepha is not engaged with any third-party advertising partners and does not collect Client Personal Information for advertising purposes. We do not engage in advertising activities within our system.
(i)
Aggregated or deidentified information. We may also collect and share aggregated or deidentified information about users of the Services, including any deidentified or aggregated information collected through the Platform. Such aggregated or deidentified information will not identify you personally.
(j)
Server logs. Server logs automatically record information and details about your online interactions with us. For example, server logs may record information about your visit to our Services at a particular time and day and collect information such as your device ID or IP address.
USE OF YOUR INFORMATION
As a Client of Asepha, we may use your Personal Information for administrative, analytical, optimization, security, and other purposes, including, but not limited to, the following:
(a) To develop, enhance, market, sell, or otherwise provide information, products, services, and functionality that you, as our Client, have requested, including the Services;
(b) To improve our Site and/or Services and inform the development of future Services;
(c) To improve your user experience by tracking your access to and usage of our Site and/or Services, helping us learn more about your preferences and tendencies so we can personalize your experience with our Site and/or Services;
(d) Improve our artificial intelligence and machine learning;
(e) Benchmark results for our customers;
(f) To send you information related to our Site and/or Services and other topics that are likely to be of interest to you, including including newsletters, updates, promotional emails, technical notices, security alerts, and support or administrative messages;
(g) To engage in analysis, auditing, research, and reporting. These third parties may use pixels or server logs, and they may set and access device IDs and IP addresses from your device. In particular, the Site and/or Services use
Google Analytics to help collect and analyze certain information for the purposes discussed above. You may opt-out of the use of cookies by Google Analytics
here.
(h) To manage your account with Asepha, respond to customer service inquiries and/or troubleshoot problems with the Site and/or Services;
(i) To compile usage statistics; and
(j) For any other purpose to which you consent or that is otherwise permitted or required by law.
By providing Personal Information through your access to, or use of, our Site and Services, you acknowledge and agree that we may use the Personal Information for the purposes outlined in this Privacy Policy. By accessing, using, or installing any of our Site and/or Services, or submitting information to us, you also agree that we may use Non-Personal Information for the purposes set out in this Privacy Policy.
DISCLOSURE OF INFORMATION
Asepha will not transfer your Personal Information to third parties, except to our subsidiaries, subcontractors, and business partners who are engaged to provide services on our behalf, such as (but not limited to) web hosting, software providers, and order fulfillment companies. These third parties are required to comply with legally mandated privacy standards and may only use your Personal Information for the purposes disclosed at the time of collection or for a use consistent with that purpose. Asepha will only share the minimum necessary Personal Information required to deliver the Services you requested from Asepha or that third parties provide on Asepha’s behalf in accordance with this Privacy Policy.
We may also disclose your Personal Information to third-party vendors whose products or services you have requested as our Client to deliver those products and services. Such third parties may retain and use your Personal Information even if you do not purchase their products or services. Your Personal Information will be subject to their privacy policies, and you should contact them directly to inquire about or address any concerns with their policies.
Notwithstanding the above, we reserve the right to disclose Personal Information if required by law or legal process or upon the request of a law enforcement officer or agency acting under proper authority. Additionally, we reserve the right to disclose Personal Information and Non-Personal Information to: (a) enforce our Terms of Use; (b) investigate or take action against unlawful activity, suspected misuse of our Site and Services, or unauthorized use; (c) protect and defend the rights or property of Asepha; or (d) act in urgent situations, including medical emergencies, to protect the safety or security of the public or yourself.
Subject to applicable privacy laws, we may also disclose information, including Personal Information, in connection with a corporate reorganization, merger, or sale of all or part of Asepha’s assets, as permitted by applicable federal and provincial commercial privacy legislation. Such disclosure is allowed only if the receiving entity continues to use the information for the purposes allowed under this Privacy Policy. If such a transaction occurs, we will notify you as required by applicable legislation that your Personal Information has been transferred.
We may also share aggregated or anonymized information, including de-identified Personal Information, with service providers, business partners, and third parties, as permitted by law.
Additionally, we may share Non-Personal Information, such as Client Usage Data, device IDs, and approximate geolocation data, with third parties who assist us with operations like administration, analytics, planning, optimization, and security, either directly or through services provided on Asepha’s behalf.
PROTECTION OF YOUR INFORMATION In accordance with applicable privacy laws, Asepha has implemented reasonable administrative, physical, and technical safeguards, including system audit logs, to protect the information we collect or receive from unauthorized access, loss, misuse, or alteration by third parties. While we strive to maintain the integrity and security of our network and systems, no method of transmission over the Internet or electronic storage is entirely secure, and we cannot ensure or warrant the security of any information you transmit to the Services or to us, and you transmit such information at your own risk. We do not warrant or represent that your information will be completely protected against loss, misuse, or alteration by third parties.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY FOR YOUR PERSONAL INFORMATION.
If you have questions or require further details on how we safeguard the information we collect or receive, please contact us at support@asepha.ai.
EXTERNAL LINKS
This Site and/or Services may contain links to third-party websites. If you use these links, you will leave the Site and/or Services. We have not reviewed these third-party sites and do not control and are not responsible for any of these sites, their content, or their privacy policy. Thus, we do not endorse or make any representations about them, or any information, software, or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites listed on our website, you do so at your own risk.
DATA RETENTION The data and information we collect from you (including Personal Information) will be stored and maintained by Asepha or our third-party service providers until you request its deletion or you delete it directly. We do not retain personal information longer than is necessary for us to achieve the purposes for which we collected it. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
INTERNATIONAL USERS
The information that we collect through or in connection with the Site and/or Services is transferred to and processed in Canada or the United States of America (USA) for the purposes described above. Some third-party service providers may store limited contact information (including Personal Information) outside of Canada or the USA for specific services that you have requested or accessed. In certain jurisdictions, courts, law enforcement agencies, regulatory bodies, or security authorities may be entitled to access such information. We will always inform you when and what information is being shared outside of Canada or the USA, and you will have the option to opt-out of sharing this information and using the associated services.
If you are a resident of the EU, UK, or another jurisdiction with an applicable privacy law, you may have certain rights available to you. These rights may include: (a) The right to be informed about our data collection practices; (b) The right to access and rectify your data; (c) The right to erase or delete your data; (d) The right to data portability; (e) The right to restrict and object to the processing of your data (including for direct marketing purposes); (f) The right to opt-out of the sale of your information; (g) The right to opt-out of marketing emails and text messages; (h) The right to limit our use of any automated decision-making processes; (i) The right to lodge a complaint to your local data protection authority; and (j) The right to withdraw consent (to the extent applicable).
ACCOUNT SECURITY As a Client accessing our Site and/or using any of our Services, you are responsible for maintaining the confidentiality of your account password and account information, and for restricting access to your computer, device, or media platform. You agree to take responsibility for all activities that occur under your account. Please notify us immediately if you suspect a breach or misuse of your account.
ACCESS AND ACCURACY As our Client, Asepha remains responsible for any Personal Information you disclose to us and will use commercially reasonable efforts to provide you access to your Personal Information (to the extent we are in possession of any). To request access, please contact us at support@asepha.ai. Subject to applicable laws, Asepha reserves the right to deny access to your Personal Information on any of the following grounds: (a) when denial of access is required by law; (b) when granting access is reasonably likely to negatively impact the privacy of others; (c) when granting access is, in our judgment and acting reasonably, cost prohibitive; or (d) when we have reason to believe that such requests are frivolous or made in bad faith.
You are responsible for ensuring that all information created through your access to and use of the Site and/or Services is accurate, reliable, and complete, and you acknowledge and accept that the use of such information is at your own risk. You represent and warrant that all Personal Information you provide is true and accurate, and that it pertains to you and not any other individual.
If you believe, as a Client, that the Personal Information maintained by Asepha is inaccurate or incomplete, you may notify us by detailing any inaccuracies or omissions via email at support@asepha.ai. Upon receiving a submitted request, we will, within a reasonable time period and acting at our discretion, use commercially reasonable efforts to either: (a) amend or correct your Personal Information to reflect the corrected or additional information you provide, or (b) note any claimed inaccuracies or omissions as reported in your request.
CHILDREN Asepha recognizes the privacy interests of children, and our Site and/or Services are not intended for individuals under the age of majority in your jurisdiction. We do not target our Site or Services to children under the age of majority. Asepha does not knowingly collect or use any Personal Information from children under the age of majority unless provided by a parent or guardian using the Site and/or Services on behalf of such minors. If a parent or guardian becomes aware that their child has provided us with information without their consent, please contact us at support@asepha.ai. We will take steps to delete such information from our files within a reasonable time.
GOVERNING LAW Those who choose to access or use the Site and/or Services from outside Canada do so on their own initiative and are responsible for compliance with local laws, if and to the extent such laws are applicable. Notwithstanding this, and in recognition of the global nature of the Internet, each individual shall comply with all local rules regarding online conduct and submission of acceptable materials. This Privacy Policy is governed by and will be interpreted pursuant to the federal laws of Canada.
PERSONAL HEALTH INFORMATION PRIVACY
For the purpose of this section of the Privacy Policy:
“Affiliate” or “Agent” refers to any person or entity directly employed by or performing a service for a Health Service Provider under contract or agency relationship.
“Health Service” refers to any health-related service provided to a Patient by a Health Service Provider, whether utilizing Asepha software or otherwise.
“Health Service Provider” refers to any provider of Health Services, such as pharmacists and doctors, utilizing Asepha to deliver Health Services. It can also refer to groups of Health Service Providers under a single entity, like a pharmacy or clinic.
“Patient Representative” means a person authorized to act on behalf of the Patient in managing the Patient’s Health Services. When you receive Health Services from a Health Service Provider using Asepha, you are consenting to their services and their privacy policies. Asepha, when assisting the Health Service Provider, acts as an Affiliate and follows the privacy policies of the Health Service Provider and relevant legislation. Asepha’s Privacy Policy applies to Personal Health Information only when its provisions are stricter than those of the Health Service Provider.
In providing Health Services, your Health Service Provider may collect Personal Health Information through Asepha’s platform. "Personal Health Information" refers to information collected when you engage a Health Service Provider under applicable legislation (e.g., Personal Health Information Protection Act in Ontario).
The collection, use, and protection of your Personal Health Information are the responsibility of your Health Service Provider. For any inquiries regarding this information, please contact your Health Service Provider directly. Alternatively, you may contact Asepha's Privacy Officer using the contact information in this Privacy Policy, and we will forward your inquiry to your Health Service Provider on your behalf.
Asepha may also use Non-Personal Information to support services, such as geographic data or payment processing. De-identified Personal Health Information may only be used as Non-Personal Information if directed by the Health Service Provider.
Providing your Health Service Provider or Asepha with Personal Health Information is voluntary. By doing so, you consent to the collection, use, disclosure, and transfer of your Personal Health Information to facilitate the delivery of Health Services, in accordance with the Health Service Provider’s policies and applicable law. Subject to statutory and contractual requirements, you may refuse or withdraw consent to the collection or use of your Personal Health Information at any time. However, withdrawal of consent may limit the ability of the Health Service Provider to deliver Health Services.
In certain circumstances, your Patient Representative may provide Personal Health Information and consent on your behalf. Proof of authorization may be required by the Health Service Provider or Asepha before accepting information from a Patient Representative.
Asepha uses or discloses Personal Health Information only in the manner and for the purposes authorized and directed by the Health Service Provider. Asepha does not use Personal Health Information for other purposes unless directed by the Health Service Provider. Any requests to access, amend, or correct your Personal Health Information should be directed to your Health Service Provider. Asepha will forward such requests to the relevant Health Service Provider and inform you of the action.
We retain Personal Health Information only as directed by your Health Service Provider and in compliance with applicable law. Asepha does not use cookies for Health Service delivery. No advertising occurs within our platform, nor does our system provide for this capacity.
CONTACT US
We welcome questions or comments regarding this Policy. Please direct inquiries to support@asepha.ai.