Data Protection Notice
It is necessary to collect and use your personal information in order for Orpyx® Medical Technologies Inc. (“Orpyx,” “we,” “us” or “our”) to provide services for you.
This Data Protection Notice tells you the basics of how we collect, use, share and protect your personal information when you are using the Orpyx® SI App ("App").
This App has been developed and is operated by Orpyx Medical Technologies in Alberta, Canada and the collection, use, and sharing of your data is governed by both Alberta's Personal Information Protection Act and the federal Personal Information Protection and Electronic Documents Act.
For individuals in the United States, information that is transmitted through the App, relates to health care and is created or received by a health care provider may be protected under the Health Insurance Portability and Accountability Act, as amended, and related regulations (“HIPAA”).
The Device, The App, and The Cloud
The App is a mobile application that can be installed on a smart phone, a tablet, or a specialized device.
The App works together with the Orpyx® SI sensory insole (the “Device”). The Device is designed to help identify areas of excessive foot pressure and variances in foot temperature to help decrease the risk of foot injury in individuals at risk of foot wounds.
The custom-made Device senses pressure, foot temperature, and movement; collects data about the mobility and health of the patient’s feet (“Patient Data”) and wirelessly communicates Patient Data to the App. The App collects the Patient Data and sends it to a secure cloud-based health management system (the "Orpyx Cloud") for remote monitoring purposes.
Patient Data is encrypted when it is sent from the Device to the App, when it is on the App, when it is sent from the App to the Orpyx Cloud, and when it is stored in the Orpyx Cloud.
Encryption helps protect data privacy by changing data to a secret code. A private key is needed to convert the secret code back to readable data.
Please read this Data Protection Notice before creating a cloud account and explicitly consenting and agreeing to the upload your personal information, including health-related information.
Using the Orpyx App
Collection and processing of personal information is necessary for use of the Device and the App.
An account in the Orpyx Cloud is necessary to use the Device and the App. Information collected to open an Orpyx Cloud account may include:
A password for the Orpyx Cloud account
Treating physician information;
Facility/physician office information; and
Any other personal information that you include in a user profile or in other submissions to us.
By providing this information and by clicking on the “I Agree” button below, you expressly agree that we can collect and process personal and health information as described in this Data Protection Notice.
Once you have created the Orpyx Cloud Account, your personal information will be stored locally on your smartphone and in the Orpyx Cloud. To access your personal data on your mobile devices or the Orpyx Cloud, you will be required to sign in and authenticate with your username and password.
You will be able to access the data stored in your Orpyx Cloud account, including your user progress, on multiple devices. Data that is available in the Orpyx Cloud Account may include aggregate timestamped sensor data, device usage, and app interaction and usage data.
Cloud Account – Personal Data Submission and Collection
Orpyx will collect and process your personal information when you submit it in the following ways:
Collection of Device Data: Device data that will be collected and uploaded to your Orpyx Cloud account includes:
Authentication details, including your chosen password for an Orpyx Cloud account;
Plantar pressure, gait and balance,
Indications of pressure, temperature and other conditions indicating risk of wound development;
Diet and exercise regime;
Information regarding healthcare providers;
Hospital attendance dates;
Health care practitioner reports;
Gait or balance assessments.
Device data will be used to:
Provide information to your healthcare provider to assist in your treatment
After anonymization, to improve performance of the Device and the App
We keep a record if you contact us about the App, your Orpyx Cloud account or for any other reason.
You may also provide us with personal information: by completing forms, as part of an order for products or services, where you have enquiries or requests; or when you report a problem with the App and similar situations where you choose to provide us with your personal information.
Customer service data will be used to improve the service that we provide to all of our customers. We will not use personally identifiable data except where it is necessary to address the service concerns. We delete customer service records as soon as possible, unless we are required by law to retain such records.
Information About Your Device:
When you use the App, we will automatically receive technical information, about your device, including:
The type of mobile device you use,
A unique device identifier (such as your device IMEI number, MAC address of the device's wireless network interface, or the mobile phone number used by the device),
Mobile network information,
Your mobile operating system and software version number,
The type of mobile browser you use,
The country and language code and time zone setting,
We will also collect information about your use of the App, such as any meter errors, log files and administration data so that we can ensure good operation of the App,
The serial number of your Device (the sensory insole),
The date and time Patient Data is collected,
The date and time Patient Data is sent to the Orpyx data repository,
Data on advertisements or links on which you click, and the websites that you visit before or after you visit the App, and
Analytic data, such as the number of people who have visited the App, what times they visited, which App pages they looked at, how long they spent visiting the App, and similar information.
We use information about your device to evaluate how the App is functioning, to understand our customers better, and to identify ways to improve our service. We do not attempt to correlate personal information with technical device information.
We do not collect location data about your device.
The Reasons for Processing your Personal Information
In addition to the specific processing purposes noted above, we process your personal information, including health-related information, in the following ways:
to provide you with the App and its services and functionalities, and to notify you of any changes;
to provide you with cloud-based health management services if you choose to set up an Orpyx Cloud account;
to respond to any request we may receive from you, such as requests for App or account support;
to continue to develop, test and improve the App, including to offer new functionality and features;
to better understand how you interact with the App, including its functionality and features, as well as to ensure that content is presented in the most effective manner;
to support, maintain and troubleshoot, or fix any issues with the App, including as part of our efforts to keep the App effective safe and secure;
to conduct data and statistical analysis, testing, research, as part of our efforts to keep the App safe and secure;
to allow you to participate in interactive features of the App, when you choose to do so;
to invite you to participate in surveys, opinion groups or promotional and marketing activities related to your operation and use of the App, your Orpyx Cloud account or our products and services, including in conjunction with selected third parties;
as necessary if we need to issue a safety notice or corrective action related to the App, our technology or your Orpyx Cloud account; and
to make suggestions and recommendations about products or services that may interest you, as described in the "Marketing" section below.
We may use and disclose to third parties that are related to us (subsidiaries and affiliates) and third-party researchers statistical, aggregated, anonymized or de-identified information for the purposes of:
providing support services, including maintenance of the App and operation of Orpyx’s data repository;
determining and improving the effectiveness of disease management techniques, therapies, treatments and costs;
researching and evaluating how the App and the Orpyx Cloud account services are provided and used;
evaluating the performance, impact and experience of the App and Orpyx Cloud account on users (including based on user demographics, such as geography);
evaluating the performance and interface of the App with our different wearable technology;
enhancing the functionality and features of the App and the Orpyx Cloud account services;
testing and validating App upgrades; and
Orpyx may also collect and use technical information about your devices and related software, hardware and peripherals that are internet-based or wireless to improve our products and services and to provide you with the various functionalities of the App.
Orpyx will store your personal information only for as long as it is necessary for the purpose it is collected, and as mandated by Applicable Law. Where there is no legal limit mandated on such storage, we will only store your personal information for as long as we need it as described in this Data Protection Notice.
YOU AGREE THAT BY CREATING AN ORPYX CLOUD ACCOUNT AND BY ACCEPTING THIS DATA PROTECTION NOTICE, YOU CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION, INCLUDING SENSITIVE HEALTH-RELATED INFORMATION, AS DESCRIBED IN THIS NOTICE.
We may contact you to tell you about products and services that we feel may be of interest to you or that are similar to those that you have already purchased or inquired about.
Unless you have chosen not to receive our marketing communications, you may be contacted by us, your local Orpyx company, a distributor of Orpyx products, or one of our selected partners, in each case where you have consented to receive these communications.
You may opt out of receiving our marketing communications at any time by contacting us at email@example.com or by using the unsubscribe link in any of our marketing communications.
We will continue to contact you for non-marketing related purposes where we need to send you information about the App, your Orpyx Cloud account or where we need to issue a field corrective or safety notice. We may send information to you via App notifications, reminders or alerts to inform you of new developments. You can manage push notifications in your mobile device settings.
Sharing your Personal Information
Orpyx may share your personal information with:
our service providers, involved in the development, troubleshooting or fixes relating to support, testing and maintenance of the App;
distributors of our products, if you live in a country where we use a distributor;
our selected partners where you have chosen to participate in surveys, opinion groups or other marketing-related initiatives relating to your use of our products and services, including the App or your Orpyx Cloud account; or
a prospective seller or buyer in the event of a sale or purchase of any Orpyx business or asset so that the buyer can continue to provide you with information and services.
We may also share your personal information with our distributors, business partners, or service providers, including for marketing purposes or where you have chosen to share your personal information through various features and functionality provided via the App. In each case, we will only share your personal information with third parties so that we may provide, maintain, host and support the App and Orpyx Cloud accounts. We require our business partners and service providers to process data only as needed to provide services to us, and to comply with law.
Risks of Sharing Personal Information
Please note that any sharing of your personal information is wholly at your own risk and Orpyx is not responsible for securing or protecting the information that you choose to send to other persons via the App. You should be aware that there are risks involved in sharing information over the Internet, including the potential for such information to be intercepted by unauthorised third parties. We recommend that you exercise caution when choosing to share your personal information with anybody.
Storing your Personal Information
Residents of the United States and Canada: Personal information in your Orpyx Cloud account will be stored on servers located in the United States of America and Canada. Our data processor for the hosting of Orpyx Cloud accounts is Microsoft Azure. While outside of Canada, your personal information will be subject to applicable foreign laws, which may permit government and national security authorities to access information in certain circumstances.
We have implemented appropriate safeguards to protect your personal information when it is transferred, including the execution of data transfer agreements with recipients of the information. For access to copies of these agreements please contact Orpyx by email at firstname.lastname@example.org. We will process any request in line with any local laws and our policies and procedures.
BY SUBMITTING YOUR PERSONAL INFORMATION TO ORPYX OR DOWNLOADING AND USING THE APP, YOU EXPLICITLY CONSENT TO THIS TRANSFER, STORING AND PROCESSING OF YOUR PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION.
Keeping your Personal Information Secure
Orpyx implements appropriate administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of your personal information. We use strict procedures and security features, including cryptographic techniques, and take all steps reasonably necessary to ensure your personal information is processed securely and in accordance with this Data Protection Notice.
You are also responsible for protecting against unauthorised access to the App and your Orpyx Cloud account. Orpyx recommends that you use strong password security, by using a mix of letters, numbers and symbols, and a different password for your Orpyx Cloud account than you use for any other accounts that you may have. You should keep your account information password confidential and not share it with anyone. Orpyx is not responsible for any lost, stolen or compromised passwords or for any access to your Orpyx Cloud account from unauthorised users where caused by you. If you think your account has been compromised, please contact us as soon as you can at email@example.com.
Exercising your Rights
Subject to Applicable Law, you have the right to request access to your personal information, to have it rectified or erased, to object to its processing or to have access to it restricted. We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you.
To exercise any of your rights in connection with your personal information, please contact Orpyx by email at firstname.lastname@example.org. We will process any request in line with Applicable Law and our policies and procedures.
Do Not Track
We do not collect personal information about your online activities over time and across third-party websites or online services. We also do not allow third parties to collect personal information about your online activities over time and across other websites or online services when you use the App. We do respond to website browser "Do Not Track" signals. We do not respond to app “Do Not Track” signals.
Changes to this Data Protection Notice
Any changes to this Data Protection Notice in the future will be posted on this page and, at our discretion, provided to you by e-mail or via a push notification on the App.
Questions, comments and requests regarding this Data Protection Notice are welcomed and should be sent to email@example.com. If you contact us, we will do our utmost to address any concerns you may have about our processing of your personal information.
Effective Date: October 16, 2019
Last Updated: October 16, 2019