Protecting the Personal Information of its clients and their patients is of paramount importance to the company and a part of its mission. Conscious of its leading position in the field of healthcare solutions and services, the organization has implemented best practices to comply with privacy laws (https://laws-lois.justice.gc.ca/eng/acts/p-8.6/) to the best of its expertise and as per applicable standards. Facturation.net’s Privacy and Personal Information Protection Policy outlines the responsibilities of Facturation.net, Facturation.net employees, consultants and temporary staff employed by Facturation.net who are given access to Personal Information for work purposes, whether it be information about its clients or their patients.
The scope and application of Facturation.net’s Privacy and Personal Information Protection Policy is as follows:
- it applies to the Personal Information of clients that is collected, used and/or disclosed by Facturation.net.
- it applies to all forms of Personal Information management, whether electronic, written or oral.
- it takes into account legal requirements and provisions.
Definition of Personal Information
When used in this Privacy and Personal Information Protection Policy, Personal Information means any information about an identifiable individual—this may include, for example, personal health information, but not aggregated information that cannot be associated with an identifiable person.
- contractual privacy and personal information agreements with its employees, consultants and temporary staff;
- employee training and education regarding privacy and personal information protection, including an annual review of the Privacy and Personal Information Protection requirements;
- the implementation of data security standards that set out security requirements for Facturation.net’s systems or network;
- Facturation.net’s contractual agreements with customers and third-party suppliers include appropriate privacy requirements when Personal Information is collected, used and/or disclosed;
- mechanisms to receive and respond to requests for information and complaints.
Facturation.net is responsible for the Personal Information it holds or manages, including information transferred to a third party for processing. Facturation.net shall use appropriate means to provide a comparable level of protection when information is shared with a third party.
Facturation.net may disclose, upon written request, the title of the person or persons designated to monitor its compliance with its Privacy and Personal Information Protection Policy.
How We Collect Personal Information
Facturation.net must determine the purposes for which Personal Information is collected prior to or at the time of collection.
Facturation.net collects Personal Information for the following purposes:
- to provide products and/or services to its customers in accordance with contractual obligations;
- to manage and develop its business and internal activities;
- to comply with legislative and regulatory requirements.
Facturation.net shall make reasonable efforts to inform clients of the specific purposes for which Personal Information will be used and/or disclosed. These will be explained in terms that can be reasonably understood by the clients.
Unless required by law, Facturation.net shall not use or share, for any purpose not previously specified, the Personal Information that was collected without first explaining and documenting the new purpose and obtaining the client’s consent (whether a corporate client or an individual).
Employees who collect Personal Information from corporate clients or individuals must ensure that the clients or individuals are informed of the purposes for which the Personal Information will be used or shared.
Consent for the Collection, Use or Disclosure of Personal Information
Individuals must be informed of and consent to the collection, use or disclosure of Personal Information, unless it is not appropriate to do so under applicable legislation.
Facturation.net obtains consent:
- from corporate clients when Personal Information is collected by those clients. In general, these are not the individuals with whom the Personal Information is associated, but clients who declare to Facturation.net that they have obtained such individuals’ consent to share their Personal Information with Facturation.net and third parties, if applicable.
- directly from individuals when Facturation.net collects Personal Information from these individuals.
Facturation.net undertakes to use/disclose the Personal Information it collects only for the purposes set out in the consent request agreed to at the time of collection.
Facturation.net may require clients to consent to the collection, use or disclosure of Personal Information as a condition to the supply of a product or service, when such collection, use or disclosure is required for the product or services to be provided.
When employees collect Personal Information, they must contact Facturation.net’s designated individual to obtain appropriate consent prior to the collection, use or disclosure of the information.
When determining the appropriate form of consent, Facturation.net must consider the sensitivity of the Personal Information, the context, and its clients’ reasonable expectations. Clients may withdraw their consent at any time, subject to legal or contractual restrictions, and with reasonable notice.
Limiting Use, Disclosure and Retention of Personal Information
Facturation.net shall not use or disclose Personal Information for any purpose other than the purpose for which it was collected unless the corporate client or individual consents to it or when required by law.
Facturation.net may disclose a client’s Personal Information only in cases permitted under the terms of the contractual agreement with that client or when required by law.
Facturation.net shall retain Personal Information for the period required to fulfill the purpose for which it was collected, or as may be required by law.
Accuracy of Personal Information
The Personal Information used by Facturation.net must be sufficiently accurate, complete and up-to-date to minimize the possibility of inappropriate information being used for the procurement of goods and services.
However, it is the corporate client’s responsibility to verify the accuracy of Personal Information that it provides to Facturation.net when such information is not provided directly by individuals.
Facturation.net relies on the corporate client to provide information that is accurate, complete and up-to-date.
Facturation.net shall, where appropriate and when possible, update its clients’ Personal Information when asked to do so.
In accordance with its security policies and Data Security Policy, Facturation.net will take all reasonable precautions to safeguard Personal Information against risks such as loss or theft, as well as unauthorized access, disclosure, copying, use, modification, or destruction, with security safeguards that are appropriate to the sensitivity level of the information.
Facturation.net will protect Personal Information disclosed to third parties through contractual requirements that provide for, among other things, information confidentiality, the intended purposes, and the retention time. The retention period is usually defined based on the purpose for which the information was collected.
All Facturation.net employees who have access to Personal Information are required to handle Personal Information with utmost confidentiality. Employees who fail to comply with Facturation.net’s Privacy and Personal Information Protection Policy may be subject to disciplinary action up to and including termination of employment.
Facturation.net shall protect Personal Information by using security safeguards that are appropriate to the sensitivity level of the information.
Transparency of Facturation.net’s policies and practices
Facturation.net makes its policies and practices accessible to all on its website.
Facturation.net shall provide, upon written request to email@example.com, the title and e-mail address of the person(s) responsible for monitoring Facturation.net’s compliance with this Policy.
Facturation.net shall make available to its clients the information necessary to assist them in making choices about the use of their Personal Information, when applicable.
Access to Personal Information
Upon written request, Facturation.net shall inform clients of the existence, use and disclosure of their Personal Information, and give them reasonable access to it. Personal Information must be provided in an understandable form within a reasonable period and at a reasonable cost to process the request or at no charge.
Clients may challenge the accuracy or completeness of their information and have it corrected as necessary.
Facturation.net shall promptly correct or complete any Personal Information deemed inaccurate or incomplete. Any unresolved dispute about accuracy or completeness will be recorded in the person’s file. Where necessary, Facturation.net shall transmit to third parties with access to the Personal Information in question any information that has been modified or inform them of the existence of an unresolved dispute.
In some cases, Facturation.net may not be able to give clients access to their Personal Information. Facturation.net cannot, for example, give access to information if such access:
- is requested by a corporate client, individual or legal institution whose identity could not be verified or confirmed with certainty, or whose identity does not give it the right to access the information;
- is the responsibility of a corporate client (e.g. Facturation.net cannot modify patient data because it is confidential, and the patient’s clinic is the one responsible for making any corrections);
- presents a reasonable risk of a third party’s Personal Information being revealed;
- is reasonably likely to endanger the life or safety of another person;
- is available through other, more appropriate means, or if it requires exorbitant effort or cost.
Facturation.net may not be able to provide access to information if its communication:
- is the responsibility of a corporate client (e.g. Facturation.net cannot share patient data because it is confidential, and the patient’s clinic is the one responsible for sharing it);
- presents a reasonable risk of confidential corporate information being revealed;
- risks compromising the security of other information;
- is protected by solicitor-client privilege;
- contravenes the fact that the information was obtained as part of a formal dispute resolution procedure or if the information was collected as part of an investigation into a breach of a contract or contravention of a federal or provincial law.
If Facturation.net cannot give access to Personal Information, it will provide the reasons for its refusal upon written request sent at firstname.lastname@example.org.
Challenging Policy Compliance
Facturation.net shall have a mechanism in place to receive, process and log its clients’ information requests and complaints. Facturation.net may seek external advice before proceeding with various requests or complaints.
Facturation.net shall investigate any complaints related to its compliance with this Policy. If a complaint is found to be valid, Facturation.net shall take appropriate action to remedy the situation—including, if necessary, making changes to its policies and practices. Clients will be kept informed of the progress and outcome of the investigation of their complaints.