In this Policy, we use the word “user” to refer to anyone who has subscribed to and paid for use of our dispensary management platform (for example, an Enterprise Dispensary, Clinic Dispensary or in some cases a health care practitioner). We use the term ‘Practitioner” to refer to any customer of the user, and “Patient’ to refer to any person who is associated with the practitioner in a patient/practitioner relationship.
Notice to Patients
If you are a patient of one of our user clinics, dispensaries, or practitioners, your clinic or practitioner controls your information, including your contact information, billing details and patient records. Please contact your clinic or practitioner for any questions about your patient information.
We collect personal contact information from users and store medical information entered by healthcare practitioners and their patients. Some of this information can be considered sensitive.
Contact Information from Users
Basic Account Information: We ask for basic information from users in order to access certain files or resources. For example, we require individuals who sign up for our newsletter to provide their name and email address. To register for a dispensaryTree account, users will be asked to provide First Name, Last Name, Email, Address, Website, and payment information, but not limited to this information only. We use your contact information to activate your user account, give you access to the Services, and to send you notices about your user account. We may also use your contact information for marketing purposes, such as promotional emails, direct mail and sales contacts. You can opt-out of our marketing communications at any time by unsubscribing or contacting us.
If you buy something from us, you will provide additional personal and payment information that is required to process the transaction and your payment, such as your name, credit card information, and contact information. We will also keep track of the date you purchased. Credit card information is provided directly to our payment processor and is processed in a PCI-compliant manner. Note that when credit card information is referred to as being “stored”, this means we have a “token”. The token replaces sensitive information and acts as a non-sensitive placeholder that can be used by the payment processor to reference your credit card information when payments need to be processed.
You may also provide us information when you respond to surveys, emails, communicate with our team about our content or post a question about your business in comments.
How We Use Information
We use information about you as mentioned above and as follows:
- To provide our Services–for example, to access content, receive regular emails or charge you for any of our paid Services;
- To further develop our Services–for example by adding new features that we think our users will enjoy or will help them to achieve their goals in business;
- To monitor and analyze trends and better understand how users interact with our Services, which helps us improve our Services and make them easier to use and better for you;
- To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of DispensaryTree
- To communicate with you about offers and promotions offered by our web properties and others we think will be of interest to you, solicit your feedback, or keep you up to date on our services and our products; and
- To personalize your experience using our Services, provide quality content and serve relevant advertisements.
Log and Device Information.
When you access and browse our Services, we collect information about how you are accessing our Services, such as your internet or mobile network connection, your browser or the type of mobile device you are using (if applicable). We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used. This information is not used to market or send promotions at an individual user level.
Cookies and Tracking Information.
We collect information about your usage of our Services. For example, we collect information about the actions that are taken on our site and what happens when you use our site (e.g., page views, resource downloads, button clicks) along with information about your device (e.g., mobile screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.
We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
Practitioners use our dispensary management platform to collect personal information from their patients and create patient records. These records may include a patient’s name, address, and billing information, and other patient data (“Patient Data”). If you are a patient, Patient Data is collected from you when you visit your clinic or practitioner. Practitioners or Doctors retain sole control over Patient Data
Dispensary Tree is a service provider to Subscribers and may be referred to as an “agent”, “business associate” or “processor” of the Subscriber. Dispensary Tree stores Patient Data in its secure data servers and makes it available to Users and their Practitioners through our Dispensary management platform. Dispensary Tree has no control over Patient Data. Dispensary Tree will only access Patient Data on the instructions of the User or its practitioners or staff or, in rare cases, where needed in order to prevent or address technical problems or if required by law or court order.
Why do we collect data?
We collect and store this information as a service to health care providers so that they can effectively fulfill their responsibilities to their patients. A health care provider’s role is to collect information from their patients in order to assess their condition and provide a treatment plan. We provide a service to help store limited information, and allow health care providers as well as patients the ability to retrieve this information as necessary.
How do we collect it?
We collect this information through a cloud-based service called DispensaryTree. www.dispensary-tree.com and/or any subdomain of dispensarytree.com
How is it secured?
The physical databases are secured by 24/7 security by reputable third-party hosting providers. The service itself uses SSL-based security to protect data entered into our service via the web-based application.
Who has access to or uses it?
Users have access to the data within their account from their own users and patients. Healthcare practitioners have access to all the data they have entered, and any data that has been share with them by other practitioners. Patients have access to their data and any other data that has been shared with them by the practitioners. Third party vendors have access to the data when necessary.
When is it disposed of?
Data on servers will not be disposed of unless a subscription is terminated or closed. The customer will have an option to relocate their data within 30 days of termination.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
This guideline requires us to obtain informed consent for the collection of personal data. As we do not collect medical data, we do not obtain consent from patients – this is the responsibility of the practitioner. However we do collect personal information for the purpose identified above, and we use this information as described above. As the process of opening an account for online services is not a novel use of personal data, we assume that the individual creating an account on our service is implying consent that we use this personal information for the purposes of opening an account.
Our information collection methods are tested and do accurately store the right information in association with the right individual. If ever an error does occur, we are available to discuss the error and remedy it upon request.
This guideline requires us to allow individuals to have access to any personal information we store about them. Any medical information stored on our servers is always accessible to the practitioner who collected and authored the information. Should a patient request information from us regarding personal data that has been entered into our system by a practitioner, the practitioner will be contacted immediately and informed of this request. The practitioner will then be given an appropriate amount of time to respond to the patient’s request. Patients must make their request for personal information through a practitioner.
Information You Provide to Us
We do not sell our users’ private personal information. We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
- Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information) and those that help us understand and enhance our Services (like analytics providers). We require vendors to agree to privacy commitments in order to share information with them.
- As Required by Law: We may disclose information about you in response to a subpoena, court order, or other governmental request.
- To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of 1591660 Ontario Corp, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so, such as the social media services that you connect to your site to comment on our blog feature.
- Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
Information Shared Publicly
Information that you choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like your comments that you make public on our websites are all available to others.
We protect your personal information, including Patient Data stored in our platform, by:
Using industry standard security controls such an encryption and an SSL (Secured Sockets Layers) certificate to ensure information is transmitted over a secured connection between your browser and our web server.
Using state-of-the-art data centres with appropriate security and compliance certifications, such SOC 2 and EU-US Privacy Shield that are HIPAA compliant.
Requiring password protection of your user account with a password set by you. We cannot access or identify your password. The only way to recover a password is for you to initiate a reset via the email address or mobile phone number you use for the Services.
While we employ industry standard measures to protect your information, no electronic communication can ever be completely secure. You share responsibility for protection of your personal information by setting a strong password and by keeping your username and password confidential.
1591659 Ontario Corp
9 Allaura Blvd, Unit 1A
Aurora, On, L4E4Y5