Privacy Policy
Arjo Canada Inc. Privacy Policy
Arjo Canada Inc. (referred to as “Arjo”) recognizes the importance of privacy and the sensitivity of personal information. This Privacy Policy outlines how we manage your personal information and safeguard your privacy.
As indicated above, the data controller for the processing of most of our processing activities is Arjo Canada Inc. To make this notice easier to read, Arjo Canada Inc. is referred to as Arjo for the rest of this document. As the data controller, if you have any questions, comments or queries about your personal data, we can be contacted using the details below:
Arjo Canada Inc.
350-90 Matheson Blvd W.
Mississauga, ON L5R 3R3
+1 905-238-7880
Arjo aims to be compliant in everything we do. As such, we invite you to contact us whenever you feel it is necessary so we can partner with you in addressing any comments or concerns you might have.
Your Privacy Rights
In Canada, organizations engaged in commercial activities must comply with the Personal Information Protection and Electronic Documents Act (the “Act”).
Arjo is responsible for the personal information we collect, use, maintain and disclose. To ensure this accountability, we have developed this policy, and trained our staff about our policies and practices. Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
- Your right to withdraw consent – You have the right to withdraw consent where this is the lawful basis established for the processing of your personal data.
- Your right to challenge compliance and to complain to us and to a data protection authority.
What personal information do we collect?
Personal information is any information that identifies you, or by which your identity could be deduced.
Customers of Arjo
This includes contacts at Arjo customer facilities and homecare patients. The processing of your personal data could include the following:
Identifiers |
· Name |
· Job title |
|
Contact data |
· Phone |
|
|
Location data |
· Address |
Biographical data |
· Date of birth / age |
· Gender |
|
Financial data |
· Banking details |
· Payment card details |
|
· Financial / credit status |
|
Sensitive data |
· Health data |
Please note, the contact, location and financial information processed relates to data used in a professional capacity and may come directly from individuals or from the facility they are working for.
Commercial leads and prospects
Before becoming Arjo customers, we may obtain personal data from you when you subscribe to receive marketing materials, sign-up for webinars or education sessions or show an interest in Arjo, its products or services. Arjo may process the following data:
Identifiers |
· Name |
· Job title |
|
Contact data |
· Phone |
|
|
Location data |
· Address |
Suppliers
When providing services or products to Arjo, the processing of your personal data could include the following:
Identifiers |
· Name |
· Job title |
|
Contact data |
· Phone |
|
|
Location data |
· Address |
Financial data |
· Banking details |
Why do we collect personal information from you?
We collect personal information from you:
- to create and manage your account;
- to offer and provide products and services to you
- to communicate with you about, and administer your participation in, surveys, events, programs, webinars, product information, newsletters, promotions and other offers;
- to respond to and communicate with you about your inquiries and requests and provide information you request;
- to process claims we receive in connection with our products and services;
- to operate, evaluate and improve our business (including developing new products and services; enhancing and improving our services; managing our communications; analyzing our products; performing data analytics; and performing accounting, auditing, billing reconciliation and collection activities and other internal functions);
- to perform data analyses and processing (including market and consumer research, trend analysis, financial analysis, anonymization, encryption and tokenization of Personal Information);
- to protect against, identify and prevent fraud and other criminal activity, claims and other liabilities;
- to comply with and enforce applicable legal requirements, relevant industry standards and our policies;
- as may be required or permitted by applicable law;
- information collected online through cookies, web beacons and other automated means is used for purposes such as customizing our users’ visits to our sites; delivering content (including advertising) tailored to our users’ interests and the manner in which our users browse our sites; managing our business; diagnosing technical and service problems; administering our sites; identifying users of our sites; gathering demographic information about our users; determining how much time users spend on web pages of our sites, how users navigate through our sites, and how we may tailor our sites to better meet the needs of our users; using third party web analytics services on the sites, such as those of Google Analytics;
- in other ways for which we provide specific notice at the time of collection.
We mayprocess your personal data s to ensure that our regulatory and statutory requirements are fulfilled. This is important in order to maintain the quality of the service and products that many stakeholders rely on.
We may be contractually required to process personal data for transactions with our customers or suppliers. With our strong commitment to quality, we take our contractual obligations very seriously.
There may also be times when legitimate interests justify processing your personal data. In this situation, we have conduted an assessment where the needs, expectations, rights and freedoms of all parties have been considered. The only acceptable outcome of this assessment is for the legitimate purpose, necessity and your rights are balanced.
How do we collect your personal information?
We collect information only by lawful and fair means and not in an unreasonably intrusive way. Wherever possible we collect personal information directly from you.
Consent
We ask you to provide explicit consentto collect, use, or disclose your personal information. Normally, we ask for your consent in writing, but in some circumstances, we may accept your verbal consent. Sometimes, your consent may be implied through your conduct with us.
Use of Your Information
If you tell us that you no longer wish to receive information about our services, we will not send any further material.
Arjo does not disclose your personal information to any third party for marketingtheir products and services.
Disclosure of your Personal Information
Under certain circumstances, Arjo will disclose your personal information:
- when we are required or authorized by law to do so, for example if a court issues a subpoena;
- when you have consented to the disclosure;
- when the services we are providing to you require us to give your information to a third party your consent will be implied, unless you tell us otherwise;
- where it is necessary to establish or collect amounts owed to us;
- if we engage a third party to provide administrative services to us (such as computer back-up services or archival file storage) and the third party is bound by our privacy policy;
- if the information is already publicly known.
We use a number of systems and platforms to manage the data we process and a list of the key data processors are listed below:
- Avaya
- Docebo
- Infor
- Pardot
- Qualtrics
- Remedy
- SalesForce
- Sparta Systems
- Syspro
Additionally, we use a wide range of Microsoft Office storage and productivity tools to process personal data in the course of our commercial, production, logistical, operational, research and administrative activities.
We may on occasion transfer your personal data outside of the region in which the data is collected through the use of a particular processor. When this occurs, we will aim to only transfer and process personal data in countries where an adequacy agreement has been established. This means that the legal framework in the third country provides the same level of data protection. There are occasions where this isn’t possible. In these instances we have undertaken privacy impact assessments and transfer impact assessments to identify appropriate additional measures to implement, prior to establishing data processing agreements including approved standard contractual clauses. In the event that the contractual and organisational measures are still inadequate, we will seek consent to conduct the proposed processing.
Updating Your Information
Since we use your personal information to provide services to you, it is important that the information be accurate and up-to-date.
If any of your information changes, please inform us so that we can make any necessary changes.
Is My Personal Information Secure?
Arjo has adopted the following standards to enable secure and compliance towards handling and processing data:
- Arjo has an IT policy, Information Security Directive, Data Privacy and Acceptable Use of IT Devices Directive.
- Access management is based on giving the least access possible for the role performed,with access reviews conducted on a quarterly basis, additionally each user will have unique and individual usernames where none are shared.
- Administrative access is only given to system and database owners who have the correct skills and training, normally senior IT staff.
- Robust change management process.
- All data and systems are encrypted at rest and in transit, where the systems/data can only be accessed via our VPN solution for each named user.
- All third-parties that host or work on Arjo systems are subject to a risk assessment on a yearly basis.
- Arjo also has an overall Incident management process which is run by our Service Management team.
- Patch management; as part of our service management.
- Pen testing and vulnerability management.
- IT audits performed annually by a third-party
As indicated above, we use a number of systems, platforms and resources to process your personal
Additionally, we may also share personal data with partners and in line with our regulatory or statutory obligations. In all instances, data will only be shared when there is an appropriate lawful basis for processing. Data sharing is frequently undertaken following a privacy impact assessment and a transfer risk assessment to ensure the necessary safeguards and control measures are in place prior to any data sharing.
No automated decision making is undertaken, with the exception of monitoring the success of marketing activities. This includes generating a profile based on the use of our online resources which performs an evaluation. This information is only used to better inform how Arjo can support you. The information is only used for this purpose and no individual data protection or statutory rights are infringed in this process. Any evaluation is subject to human review. If you have any questions or concerns about the potential use of automated decision making, please contact dataprivacy@arjo.com.
Access to Your Personal Information
You may ask for access to any personal information we hold about you.
Summary information is available on request. More detailed requests which require archive or other retrieval costs may be subject to our normal professional and disbursement fees.
Correcting Errors
If Arjo holds information about you and if you can establish that it is not accurate, complete and up-to-date, Arjo will take reasonable steps to correct it.
Can I be Denied Access to My Personal Information?
Your rights to access your personal information are not absolute.
We may deny access:
- When denial of access is required or authorized by law;
- When granting you access would have an unreasonable impact on other people’s privacy;
- To protect our firm’s rights and property;
- Where the request is frivolous or vexatious.
If we deny your request for access to, or refuse a request to correct information, we will explain why.
Credit Bureaus
To help us make credit decisions about our customers, prevent fraud, check the identity of new customers and prevent money-laundering, we may request information about you from the files of consumer reporting agencies.
How Long do you Keep my Personal Information?
We keep your personal information as long as is reasonably necessary for us to complete our dealings with you, or as may be required by law, whichever is longer.
Changes to this Privacy Policy
Since Arjo regularly reviews all of its policies and procedures, we may change our Privacy Policy from time to time.
Request for Access
If you have any questions, or wish to access your personal information, please contact our Privacy Officer by phone +1 905-238-7880 or email dataprivacy@arjo.com or you can write to us at:
Arjo Canada Inc.
Attn: Privacy Officer
350-90 Matheson Blvd W.
Mississauga, ON L5R 3R3
Web Site
Our website contains links to other sites, which are not governed by this privacy policy.
On our website, like most other commercial websites, we may monitor traffic patterns, site usage and related site information in order to optimise our web service. We may provide aggregated information to third-parties, but these statistics do not include any identifiable personal information.