Data protection notice
It is necessary to collect and use your personal information in order for Orpyx® Medical Technologies Inc. (“Orpyx,” “we,” “us” or “our”) to provide services for you.
- This Data Protection Notice tells you the basics of how we collect, use, share and protect your personal information when you are using the Orpyx® SI App ("App").
- This App has been developed and is operated by Orpyx Medical Technologies Inc. in Alberta, Canada and the collection, use, and sharing of your data is governed by both Alberta's Personal Information Protection Act and the federal Personal Information Protection and Electronic Documents Act.
- For individuals in the United States, information that is transmitted through the App, relates to healthcare and is created or received by a healthcare provider may be protected under the Health Insurance Portability and Accountability Act, as amended, and related regulations (“HIPAA”).
The Device, The App, and The Cloud
- The App is a mobile application that can be installed on a smart phone, a tablet, or a specialized device.
- The App works together with the Orpyx® SI sensory insole (the “Device”). The Device is designed to help identify areas of excessive foot pressure and variances in foot temperature to help decrease the risk of foot injury in individuals at risk of foot wounds.
- The custom-made Device senses and may store pressure, foot temperature, data about the mobility and health of the patient’s feet, and generates summary data (“Patient Data”) and wirelessly communicates Patient Data to the App. The App collects the Patient Data, may store the Patient Data, and sends the encrypted Patient Data to a secure cloud-based health management system (the "Orpyx Cloud") for remote monitoring purposes.
- Patient Data is encrypted when it is sent from the App to the Orpyx Cloud, and when it is stored in the Orpyx Cloud.
- Encryption helps protect data privacy by changing data to a secret code. A private key is needed to convert the secret code back to readable data.
Please read this Data Protection Notice before creating a cloud account and explicitly consenting and agreeing to the upload of your personal information, including health-related information.
Using the Orpyx App
Collection and processing of personal information is necessary for use of the Device and the App.
- An account in the Orpyx Cloud is necessary to use the Device and the App. Information collected to open an Orpyx Cloud account may include:
- Your name
- Your birthdate
- Email address
- A username
- A password for the Orpyx Cloud account
- Telephone number;
- Insurance information;
- Treating physician information;
- Facility/physician office information; and
- Any other personal information that you include in a user profile or in other submissions to us.
- By providing this information and by clicking on the “I Agree” button below, you expressly agree that we can collect and process personal and health information as described in this Data Protection Notice.
- Once you have created the Orpyx Cloud Account, your personal information will be stored on the App and in the Orpyx Cloud.
Cloud Account – Personal Data Submission and Collection
Orpyx will collect and process your personal information, including health-related information when you submit it in the following ways:
- Collection of Device Data: Device data that may be collected and uploaded to your Orpyx Cloud account includes:
- Authentication details, including your chosen password for an Orpyx Cloud account;
- Plantar pressure, plantar temperature, gait, and balance,
- Rehabilitation progress,
- Health conditions;
- Indications of pressure, temperature or other conditions indicating risk of wound development;
- Health history;
- Diet and exercise regime;
- Information regarding healthcare providers;
- Hospital attendance dates;
- Healthcare practitioner reports;
- Gait or balance assessments.
- Orpyx Device data may be used to:
- Provide information to your healthcare provider or Orpyx Medical Care to assist in your treatment;
- After anonymization, to improve performance of the Device, the App and Orpyx Cloud Account.
- Customer Services:
- We keep a record if you contact us about the App, your Orpyx Cloud account or for any other reason.
- You may also provide us with personal information: by phoning us; by completing forms; as part of an order for products or services; where you have enquiries or requests; when your healthcare provider sends us prescription details or other relevant health information associated to your care plan and medical history; or when you report a problem with the App and similar situations where you choose to provide us with your personal information.
- Customer service data will be used to improve the service that we provide to all of our customers. We will not use personally identifiable data except where it is necessary to address the service concerns. We will delete customer service records as soon as possible unless we are required by law to retain such records.
- Information About Your Mobile Device:
- When you use the App, we will automatically receive technical information, about your mobile device, which may include:
- The type of mobile device you use,
- A unique device identifier (such as your device IMEI number, MAC address of the device's wireless network interface, or the mobile phone number used by the device),
- Mobile network information,
- Your mobile operating system and software version number,
- IP address,
- The type of mobile browser you use,
- The country and language code and time zone setting,
- We may also collect information about your use of the App, such as any meter errors, log files and administration data so that we can ensure good operation of the App,
- The serial number of your Device (the sensory insole),
- The date and time Patient Data is collected,
- The date and time Patient Data is sent to the Orpyx data repository,
- Device location data,
- Data on advertisements or links on which you click, and the websites that you visit before or after you visit the App, and
- Analytic data, such as the number of people who have visited the App, what times they visited, which App pages they looked at, how long they spent visiting the App, and similar information.
The Reasons for Processing your Personal Information or Personal Health Information
In addition to the specific processing purposes noted above, we process your personal information, including health-related information, in the following ways:
- to provide you with the Device and its services and functionalities;
- to provide you with the App and its services and functionalities, and to notify you of any changes;
- to provide you with cloud-based health management services for your Orpyx Cloud account;
- to provide you with remote patient monitoring services or to provide your healthcare provider with access to your remote patient monitoring information;
- to respond to any request we may receive from you, such as requests for App or account support;
- to continue to develop, test and improve the App, including to offer new functionality and features;
- to better understand how you interact with the App, including its functionality and features, as well as to ensure that content is presented in the most effective manner;
- to support, maintain and troubleshoot, or fix any issues with the App, including as part of our efforts to keep the App effective safe and secure;
- to conduct data and statistical analysis, testing, research, as part of our efforts to keep the App safe and secure;
- to allow you to participate in interactive features of the App, when you choose to do so;
- to invite you to participate in surveys, opinion groups or promotional and marketing activities related to your operation and use of the App, your Orpyx Cloud account or our products and services, including in conjunction with selected third parties;
- to establish a candidate profile in our application tracking system for Orpyx job applicants;
- as necessary if we need to issue a safety notice or corrective action related to the App, our technology or your Orpyx Cloud account; and
- to make suggestions and recommendations about products or services that may interest you, as described in the "Marketing" section below.
We may use and disclose to third parties that are related to us (subsidiaries and affiliates) and third-party researchers statistical, aggregated, anonymized or de-identified information for the purposes of:
- providing support services, including maintenance of the App and operation of Orpyx’s data repository;
- determining and improving the effectiveness of disease management techniques, therapies, treatments and costs;
- researching and evaluating how the App and the Orpyx Cloud account services are provided and used;
- evaluating the performance, impact and experience of the App and Orpyx Cloud account on users (including based on user demographics, such as geography);
- evaluating the performance and interface of the App with our wearable technology;
- enhancing the functionality and features of the App and the Orpyx Cloud account services;
- testing and validating App upgrades; and
- product development.
Orpyx may also collect and use technical information about your devices and related software, hardware and peripherals that are internet-based or wireless to improve our products and services and to provide you with the various functionalities of the App.
Orpyx will store your personal information only for as long as it is necessary for the purpose it is collected, and as mandated by Applicable Law. Where there is no legal limit mandated on such storage, we will only store your personal information for as long as we need it as described in this Data Protection Notice.
YOU AGREE THAT BY CREATING AN ORPYX CLOUD ACCOUNT AND BY ACCEPTING THIS DATA PROTECTION NOTICE, YOU CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION, INCLUDING SENSITIVE HEALTH-RELATED INFORMATION, AS DESCRIBED IN THIS NOTICE.
We may contact you to tell you about products and services that we feel may be of interest to you or that are similar to those that you have already purchased or inquired about.
Unless you have chosen not to receive our marketing communications, you may be contacted by us, your local Orpyx company, a distributor of Orpyx products, or one of our selected partners, in each case where you have consented to receive these communications.
You may opt out of receiving our marketing communications at any time by contacting us at email@example.com or by using the unsubscribe link in any of our marketing communications.
We will continue to contact you for non-marketing related purposes where we need to send you information about the App, your Orpyx Cloud account or where we need to issue a field corrective or safety notice. We may send information to you via App notifications, reminders, or alerts to inform you of new developments. You can manage push notifications in your mobile device settings.
Sharing your Personal Information
Orpyx may share your personal information with:
- your healthcare provider directly or through the Orpyx Dashboard;
- our onboarding platform service provider, for onboarding the Device, App, and your Orpyx Cloud Account;
- our service providers, involved in the development, troubleshooting or fixes relating to support, testing and maintenance of the App;
- distributors of our products, if you live in a country where we use a distributor;
- our selected partners where you have chosen to participate in surveys, opinion groups or other marketing-related initiatives relating to your use of our products and services, including the App or your Orpyx Cloud account;
- our applicant tracking system provider, to track, communicate and keep you up to date on your Orpyx job candidacy if you have applied for a position; or
- a prospective seller or buyer in the event of a sale or purchase of any Orpyx business or asset so that the buyer can continue to provide you with information and services.
We may also share your personal information with our distributors, business partners, or service providers, including for marketing purposes or where you have chosen to share your personal information through various features and functionality provided via the App. In each case, we will only share your personal information with third parties so that we may provide, maintain, host, and support the App and Orpyx Cloud accounts. We require our business partners and service providers to process data only as needed to provide services to us, and to comply with the law. Information that is to be considered Personal Health Information (PHI), as defined by the US Department of Health and Human Services, will only be shared with third parties who assert to be compliant with the Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. § 1320d et seq. (1996). We will receive assurance of their compliance through a Business Associate Agreement.
If your authorized agent or your healthcare provider wishes to access your personal information, they may do so by contacting us at firstname.lastname@example.org. The party requesting access may be required to provide details about what data is required. Authentication may be required before the information is released to the requesting entity. These requests will be treated as PHI in compliance with HIPAA. Upon confirmation of their eligibility to receive such information and the dispensation thereof, Orpyx is not responsible for their handling of the provided Personal Health Information and does not bear any liability for any ensuing mishandling, leaks, or malfeasance.
Risks of Sharing Personal Information
You should be aware that there are risks involved in sharing information, including the potential for such information to be intercepted by unauthorized third parties. We recommend that you exercise caution when choosing to share your personal information with anybody.
Storing your Personal Information
Residents of the United States and Canada: Personal information in your Orpyx Cloud account will be stored on servers located in the United States of America, Canada, or both. Our data processor for the hosting of Orpyx Cloud accounts is Microsoft Azure, and all data within the Orpyx Cloud is encrypted at rest. While outside of your jurisdiction of residence, your personal information will be subject to applicable foreign laws, which may permit government and national security authorities to access information in certain circumstances.
We have implemented appropriate safeguards to protect your personal information when it is transferred, including the execution of data transfer agreements with recipients of the information. We will process any information request in line with any local laws and our policies and procedures.
BY SUBMITTING YOUR PERSONAL INFORMATION TO ORPYX OR DOWNLOADING AND USING THE APP, YOU EXPLICITLY CONSENT TO THIS TRANSFER, STORING AND PROCESSING OF YOUR PERSONAL INFORMATION, INCLUDING HEALTH-RELATED INFORMATION.
Keeping your Personal Information Secure
Orpyx implements appropriate administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of your personal information. We use strict procedures and security features, including cryptographic techniques, and take all steps reasonably necessary to ensure your personal information is processed securely and in accordance with this Data Protection Notice.
You are also responsible for protecting against unauthorized access to the App and your Orpyx Cloud account. Orpyx recommends that you use strong password security, by using a mix of letters, numbers and symbols, and a different password for your Orpyx Cloud account than you use for any other accounts that you may have. You should keep your account information password confidential and not share it with anyone. Orpyx is not responsible for any lost, stolen or compromised passwords or for any access to your Orpyx Cloud account from unauthorized users due to user negligence, or the negligence or malfeasance of external entities that are not related to Orpyx. Users are responsible for securing their own means of access to Orpyx services. If you think your account has been compromised, please contact us as soon as you can at email@example.com.
Exercising your Rights
Subject to Applicable Law, you have the right to request access to your personal information, to have it rectified or erased, to object to its processing or to have access to it restricted. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the information you requested ..
To exercise any of your rights in connection with your personal information, please contact Orpyx by email at firstname.lastname@example.org. We will process any request in line with Applicable Law and our policies and procedures.
Do Not Track
We do not collect personal information about your online activities over time and across third-party websites or online services. We also do not allow third parties to collect personal information about your online activities over time and across other websites or online services when you use the App. We do respond to website browser "Do Not Track" signals. We do not respond to app “Do Not Track” signals.
Changes to this Data Protection Notice
Any changes to this Data Protection Notice in the future will be posted on this page and, at our discretion, provided to you by e-mail or via a push notification on the App.
Questions, comments and requests regarding this Data Protection Notice are welcomed and should be sent to email@example.com. If you contact us, we will do our utmost to address any concerns you may have about our processing of your personal information.
Effective Date: October 16, 2019
Last Updated: July 4th, 2023