🎉 The College of Dental Surgeons of Saskatchewan (CDSS) has partnered with Sowingo!

Schedule A - Privacy Policy

Last updated: July 5, 2024

 

OUR COMMITMENT TO PRIVACY

This Privacy Policy (this “Policy”) sets out the key elements of how we address the privacy and security of information entrusted to us by our customers through their access and use of the Sowingo Practice Management System and Inventory Management System (the “Services”), as well as the privacy of information entrusted to us by business partners, prospects and others who seek information and/or contact us through www.Sowingo.com, (including any subdomains, the “Site”). The Site can be used and accessed by the public as a source of general information about Sowingo. Our customers and business partners also can access the Services via the Site.

As privacy laws and practices evolve, we will amend this Policy from time to time. While we will endeavor to give reasonable notice of such changes, we do reserve the right, where necessary, to do so without prior notice.

This Policy also contains information on your rights regarding your personal data, and how you can exercise them.

If you believe your Personal Information has been used in a way that is inconsistent with this Policy or your specified preferences, if you have further questions related to our privacy practices, or otherwise to exercise your rights, please contact us electronically or by mail at the address below:

Sowingo.com Corp.
Attention: Privacy Officer
146 Thirtieth St Suite 100
Etobicoke, ON
M8W 3C4, Canada
Phone: 1-888-997-3133
E-mail: privacy@sowingo.com 

Do not include any PHI (defined below) in your message to us.

 

WHEN DOES THIS POLICY APPLY?

This policy applies to all personal information collected, used or disclosed, whether in the course of our Services.

The website may contain hyperlinks to sites, services or applications including social network sharing widgets. We provide these hyperlinks as a convenience and have no control over the privacy and confidentiality practices of third-party sites. Therefore, any personal information shared via these sites is not covered by this privacy policy but is subject to their own privacy policies. It is your responsibility to read these policies to protect your personal information.

Please be aware that this Policy only covers information manually submitted to, or automatically collected by, us through use of the Site and/or the Services. If you contact or exchange information with another Sowingo customer or business partner in person or through a means other than through the Site or Services, such activity is not covered by this Policy. 

For more information on how our customers handle personal information, please refer to their own privacy policy.

 

WHAT IS PERSONAL INFORMATION?

Personal information is any information about a natural person that enables that person to be identified, either directly or indirectly. It is information that, alone or in combination with other data, makes it possible to identify you as an individual.

This information may include, without limitation, information that is used by a government authority, financial institution or insurance carrier to distinguish a person from other individuals (e.g., social security number, social insurance number, credit card information, or insurance policy number) is private. Such information can be used to identify an individual (e.g., a person who works at a healthcare facility, or a resident or patient in a healthcare facility). Certain information may be used to contact a person directly (e.g., an email address, home mailing address or telephone number). Depending on the jurisdiction, the above identifiers are Personal Information (“PI”), Personally Identifiable Information (“PII”), Sensitive Personal Information (“SPI”) or a similar term, and it is private. An individual’s business contact information and business title generally are exempt from privacy laws. Information about an individual’s health, including insurance and billing information, is also considered – depending on the jurisdiction – to be PI, Protected Health Information (“PHI”), Personal Health Information (also known as “PHI”), Individually Identifiable Health Information (“IIHI”) or a similar term, and it also is private. In Canada and the United States, the laws that primarily govern how we deal with the PI, PII, SPI, PHI and IIHI which you provide to us in relation to the Services are listed in Table 1.

For the remainder of this Policy, we will refer to all PI, PII, SPI, PHI, IIHI, and “Health Information” as “Personal Information” unless we specifically note otherwise. If we wish to refer only to information about a specific individual’s health but not to other forms of Personal Information, we will refer to “PHI.”

This Policy also will apply to non-personal information if such information can be used in combination with other PI or non-personal information to identify an individual.

 

WHAT PERSONAL INFORMATION DO WE COLLECT AND WHY?

We collect personal information through various means, including but not limited to, manual submission (“Manual Submission”), surveys and direct interactions (“Automatic Submission”) triggered by any interaction with the Site through a computer, mobile device, or tablet.

The following table shows the personal information collected and the purposes for which it is collected.

Purpose of Data Collected Types of Personal Information

To register accounts

Registration & Marketplace Data: Full Name, Email, Office Type Office Specialty Office Name Office Address Association Membership Number Phone Number Credit Card information Medical License information Vendor / Supplier Account Numbers
To contact customers or prospective customers
Registration & Marketplace Data: Full Name, Email, Office Type Office Specialty Office Name Office Address Association Membership Number Phone Number Credit Card information Medical License information Vendor / Supplier Account Numbers
To provide our cloud-hosted SaaS Services
Registration & Marketplace Data: Full Name, Email, Office Type Office Specialty Office Name Office Address Association Membership Number Phone Number Credit Card information Medical License information Vendor / Supplier Account Numbers. Sowingo Link (referral module) Data: Patient Info and PHI (name, date of birth, phone number, address, email address, medical records, insurance details, appointment dates) Patient area of concern Referring Doctor Information (name, specialty, practice address, phone number, email address) Patient Reasons for referral
To operate, maintain, manage, and administer the Services, including processing registrations and payments, and diagnosing technical problems
Registration & Marketplace Data: Full Name, Email, Office Type (e.g. Dentistry / Medical / Vet) Office Specialty (e.g. Perio, Oral Surgeon, General) Office Name Office Address Association Membership Number (e.g. Ontario dental association membership number) Phone Number Credit Card information Medical License information Vendor / Supplier Account Numbers. Sowingo Link (referral module) Data: Patient Info and PHI (name, date of birth, phone number, address, email address, medical records, insurance details, appointment dates) Patient area of concern Referring Doctor Information (name, specialty, practice address, phone number, email address) Patient Reasons for referral
To respond to questions and communications
Registration & Marketplace Data: Full Name, Email, Office Type, Office Specialty, Office Name, Office Address, Association Membership Number, Phone Number, Credit Card information, Medical License information, Vendor / Supplier Account Numbers
To make service or administrative announcements to customers about unscheduled downtime or new features, services, products, functionality, terms, or other aspects of the Services.
Registration & Marketplace Data: Full Name, Email, Office Type, Office Specialty, Office Name, Office Address, Association Membership Number, Phone Number, Credit Card information, Medical License information, Vendor / Supplier Account Numbers
To perform audits, research, measurements, and analyses in an effort to maintain, administer, support, enhance and protect the Services, including determining usage trends and patterns and measuring the effectiveness of content, advertising, features or services.
Registration & Marketplace Data: Full Name, Email, Office Type, Office Specialty, Office Name, Office Address, Association Membership Number, Phone Number, Credit Card information, Medical License information, Vendor / Supplier Account Numbers, Sowingo Link (referral module) Data: Patient Info and PHI (name, date of birth, phone number, address, email address, medical records, insurance details, appointment dates), Patient area of concern, Referring Doctor Information (name, specialty, practice address, phone number, email address), Patient Reasons for referral
To create new features, products, or services
Registration & Marketplace Data: Full Name, Email, Office Type, Office Specialty, Office Name, Office Address, Association Membership Number, Phone Number, Credit Card information, Medical License information, Vendor / Supplier Account Numbers, Sowingo Link (referral module) Data: Patient Info and PHI (name, date of birth, phone number, address, email address, medical records, insurance details, appointment dates), Patient area of concern, Referring Doctor Information (name, specialty, practice address, phone number, email address), Patient Reasons for referral
To provide benchmarking and performance tracking solutions
Registration & Marketplace Data: Full Name, Email, Office Type, Office Specialty, Office Name, Office Address, Association Membership Number, Phone Number, Credit Card information, Medical License information, Vendor / Supplier Account Numbers, Sowingo Link (referral module) Data: Patient Info and PHI (name, date of birth, phone number, address, email address, medical records, insurance details, appointment dates), Patient area of concern, Referring Doctor Information (name, specialty, practice address, phone number, email address), Patient Reasons for referral

HOW DO WE USE COOKIES?

We also use cookies (sometimes referred to as “web beacons” or “server logs”). Cookies are files that web browsers place on a computer’s hard drive that tell us whether customers or visitors have been to the Site previously, and they often include an anonymous unique identifier. 

Browser Cookie Categories Usage

Essential

Essential cookies are used to ensure the basic operation of our website in order to provide you with a smooth and secure user experience. They are essential to enable you to access the main functionalities of our website.
Analytical
Analytical cookies are used to collect anonymous data about user activity on our website, providing us with valuable information to analyse and optimise website performance. For example, we use Google Analytics 4 cookies to obtain information such as the number of visitors, where they come from, the pages visited, and the time spent on our website. We only see the data provided by Google Analytics 4 in aggregate. Additionally, we use Amplitude and Hotjar for analytics and their cookies.
Performance
We use Google Analytics 4 performance cookies. These performance cookies aim to improve the efficiency and speed of a website by storing temporary information on the user's device, which helps to personalise the experience, optimise page loading and reduce server load. They help to provide users with smoother browsing and an improved user experience by minimising loading times.

For more information about cookies, and how to disable cookies, visit www.allaboutcookies.org. 

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser. For greater clarification, while our data collection practices won’t be altered, they also won’t be applied in situations where you have prevented the tracking from occurring.

For information on how to turn your cookies off, please click here. For information on the types of Google cookies used, please access Google’s privacy policy.

We will never sell your Personal Information (or non-personal information if it can be used in any way to identify you).

We may update this Policy from time to time in order to reflect, for example, changes to our practices or for operational, statutory/regulatory or other legal reasons.

 

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

Sowingo will retain your information for as long as necessary to achieve the purposes identified at the time of collection. However, the retention period for personal information may be extended even after the purposes have been achieved, in particular for legal or regulatory reasons.

After all applicable retention periods have expired, we will delete or destroy your Personal Information in a manner designed so that it cannot be reconstructed or read. If, at any time, it is not feasible for us to delete or destroy your Personal Information, we will continue using the same safeguards of protection and security outlined in this Policy and related subordinate policies, for as long as it cannot be destroyed.

If you have any questions about the retention of your personal information, please contact us using the contact information in section 1.

 

DO WE SHARE YOUR PERSONAL INFORMATION OUTSIDE CANADA?

Unless otherwise specified, Sowingo provides the Services from its headquarters in Toronto, Ontario, Canada and hosts the customer’s production database in the customer’s country of residence. 

In the case of American customers, Sowingo may access a customer’s data from Canada for purposes of, for example: 

  • responding to support requests; 
  • fixing software issues; or, 
  • providing services to a customer on the back end of the platform (e.g., correcting errors in a resident record [subject to the conditions set forth above], adding/removing a facility’s data to/from a customer’s database in the event of a purchase/sale/change in management, or performing simulation testing of our disaster recovery plan).

In the event of a disaster affecting Sowingo’s American data center, we will host American customers’ data in another American data center until the disaster is addressed.

In the case of Canadian customers, backup data may be hosted in the United States in encrypted form, and within an encrypted environment.

 

HOW DO WE PROTECT YOUR PERSONAL INFORMATION? 

Our Services have physical, administrative, and technical security measures in place to protect against the loss, misuse, unauthorized access and alteration of data and Personal Information under our direct control. When the Services are accessed using current browser technology, Secure Socket Layer (“SSL”) technology protects information using both server authentication and data encryption to help ensure that data is safe, secure, and available only to you. Sowingo also implements an advanced security methodology based on dynamic data and encoded session identifications and hosts the Services in a secure server environment which uses a firewall and other advanced technology to prevent interference or access from outside intruders. Unique usernames and passwords also are required and must be entered each time a customer logs into the Services.

We are committed to educating our staff about the protection of Personal Information, and the importance of compliance with relevant privacy legislation and company policies. Employees and contractors are required to sign confidentiality agreements.

These safeguards help prevent unauthorized access, maintain data accuracy, and the appropriate use of Personal Information; however, it is important to remember that no system can guarantee 100% security at all times. In the event that we detect a threat to security or a security vulnerability, we may attempt to contact you to recommend protective measures. Additionally, incidents of suspected or actual unauthorized handling of Personal Information are always directed to Sowingo’s Legal & Compliance team, which is responsible for determining escalation and response procedures, depending on the severity and nature of the incident. Incidents involving unauthorized handling of PHI will be governed by relevant legislation and, where applicable, the provisions of a BAA, IMA, or similar agreement with a customer. If Sowingo determines that Personal Information has been misappropriated or otherwise wrongly acquired, Sowingo will report such misappropriation or acquisition to you promptly.

For customers who purchase Third Party Services, it is important to note that the third-party vendors that provide Third Party Services to you may have different procedures in place to protect your Personal Information than the standards Sowingo has implemented. We cannot be responsible for their policies or their compliance with them, regardless of whether we have integrated their solutions with our Services and/or made them available to you.

HINP Notice (Ontario)

Sowingo is a health information network provider (HINP) in Ontario. Health information custodians and individuals can read more about Sowingo’s role and obligations as a HINP in our HINP Notice.

 

DO WE SHARE YOUR PERSONAL INFORMATION WITH THIRD PARTIES?

  • Third-Party Websites, Software and Services

Our Site contains links to third-party websites, software and services. Customers and visitors who access a linked website via the Site may be disclosing Personal Information. It is the responsibility of the user to keep Personal Information private and confidential. Additionally, we allow third-parties to offer services to our customers through integration with the Sowingo cloud-based healthcare software provider (“Third Party Services”). Customers’ use of Third Party Services is optional. Customers that choose to use a Third Party Services acknowledge and authorize the transmission of Personal Information to a third party. We are not responsible for, nor can we control, the privacy practices of third parties. A third party’s use, storage and sharing of your Personal Information is subject to its own privacy policies and not this Policy. 

  • Business Reorganizations or New Management

There are two situations where we will need to share your Personal Information with a third party as a result of a business reorganization. The first situation concerns the acquisition of Sowingo by a third party, and the second concerns the acquisition of our customers. A reorganization involves a sale, merger, transfer, exchange or other disposition of all or part of a business. If such a transaction occurs, be aware that your Personal Information may be made available to the acquiring party. If the reorganization concerns one of our customers, Sowingo requires the parties participating in the sale to show written evidence of the completed transaction, or some alternate form of written authorization (by both the buyer and the seller), to transfer Personal Information hosted by the Services from the seller to the buyer. A change in management of a customer facility could involve similar authorization requirements if data must be transferred from the prior management company to the new management company (or to the owner). We will not disclose your Personal Information to a party without sufficient and proper authorization from you, unless required by law.

  • Legal Procedures

We may need to preserve, use, or disclose your Personal Information in response to a court order, subpoena, search warrant, judicial proceeding or other legal process, if we have a good faith belief that the law requires us to do so, or to otherwise protect our rights. Some legal procedures may prohibit or prevent us from notifying users, other individuals or entities identified in such procedures or may compel us to take measures otherwise in violation of this Policy or a written agreement you have with us.

Personal Information preserved as a result of legal procedures can be maintained for an indefinite period of time and for as long as we have a good faith belief that it is necessary and appropriate under the circumstances. These procedures may also involve your information; for example, if your contractual relationship with us has been terminated or disabled.

 

WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

You have fundamental rights when it comes to your personal information.

Here are some examples of rights you may have:

  • The right to be informed about the collection, use and disclosure of your personal information.
  • Right of access to your personal information and to know its origin.
  • Right of rectification for inaccurate or obsolete personal information.
  • Right to erasure of your personal information. Note that this right is not absolute and is subject to specific situations.
  • Right to data portability or the right to request a copy of your personal information.
  • Right to withdraw consent previously given for the processing of your personal information, depending on the context.

You may contact our Privacy Officer by e-mail or post to exercise your rights, explaining the relevant circumstances.

Sowingo.com Corp.
Attention: Privacy Officer
146 Thirtieth St Suite 100
Etobicoke, ON
M8W 3C4, Canada
Phone: 1-888-997-3133
E-mail: privacy@sowingo.com

We may ask you for additional personal information in order to identify you. If we are unable to comply with your request, we will inform you of the reasons why.

Any concerns not resolved with our Privacy Officer may be brought to the attention of the Information and Privacy Commissioner of Ontario. They can be reached at: 

Phone: (416) 326-333 (Toronto Office) or 1-800-387-0073 (toll-free)

Email: info@ipc.on.ca | Website: www.ipc.on.ca

Any concerns not resolved with our Privacy Officer may be brought to the attention of the Office of the Privacy Commissioner of Canada. They can be reached at:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, QC K1A 1H3
Toll-free line: 1-800-282-1376

However, we invite you to contact us at any time if you are not satisfied with our handling of your personal information.

 

HOW WILL THIS POLICY BE UPDATED?

This policy may be amended to reflect changes in our personal information collection, use and disclosure practices or changes in the laws applicable to us. In the event of such a change, we will notify you and indicate the last update date at the top of this page.

Table 1: Privacy Laws Applicable to the Services

Applicable Law Type of Personal Information Governed by the Law Jurisdiction

Personal Information Protection and Electronic Documents Act, SC 2000, c. 5

“An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions….” Note that Personal Health Information is expressly excluded from Part 1 (“Protection of Personal Information in the Private Sector”).
Canada
Digital Privacy Act, SC 2015, c. 32 (amends PIPEDA)
Personal Information
Canada
Canada’s Anti-Spam Legislation S.C. 2010, c. 23
Canada’s Anti-Spam Legislation S.C. 2010, c. 23
Canada
Personal Health Information Protection Act, SO 2004, c. 3, Sch. A
Personal Health Information
Ontario
Personal Information Protection Act, SBD 2003, c. 63
Personal Information (including that relating to the mental or physical health of individuals)
British Columbia
Health Information Act, RSA 200, c. H-5
Health Information
Alberta
Health Information Protection Act, SS 1999, c. H-0.021
Personal Health Information
Saskatchewan
Personal Health Information Act, CCSM, c. P33.5
Personal Health Information
Manitoba
Personal Health Information Act, SNL 2008, c. P-7.01
Personal Health Information
Newfoundland and Labrador
Health Information Act, RSPEI 1988, c. H-1.41
Personal Health Information
Prince Edward Island
Personal Health Information Act, SNS 2010, c. 41
Personal Health Information
Nova Scotia
Health Information Privacy and Management Act, SY 2013, c. 16
Personal Health Information
Yukon
Health Insurance Portability and Accountability Act of 1996, P.L. 104-191 *
Personal Health Information
United States
Health Information Technology for Economic and Clinical Health Act of 2009, P.L. 111-5, Title XIII (amends HIPAA)
Health Information and Individually Identifiable Health Information
United States

* Note: HIPAA is a federal law and is the default law that applies in each state. A state can choose to make stricter laws about one or more aspects of protecting PHI. In that case, the state law will apply. Where it is less protective, HIPAA will apply.

Additional questions? Contact us

Select your currency
CAD Canadian dollar

This website uses cookies

We only use essential cookies to personalize our service and continue to make refinements to provide the best possible experience. If you’d like to learn more, please read about cookies in our Privacy Policy