Privacy Statement

Updated: April 29, 2020

Cyno knows that you care about how information about you is used and shared, and we appreciate the trust that you place in us. At Cyno, our core mission is to remove the barriers to better health for everyone. A necessary part of that mission is to set a high standard for protecting the privacy of your information. We want to be clear about how we collect, use, protect, and share your information, including your Personal Information, and the rights and choices you have about the ways in which you can help us protect your privacy.

This Privacy Statement explains:

  • What information we collect and why we collect it.

  • How we use that information and when we disclose it.

  • Your rights regarding that information, including how to access and update your information.

  • The steps we take to protect your information.

 

Scope: This Privacy Statement applies to the information that we obtain through your use of Cyno services and process as a data controller, which may include information processed in connection with our website (https://app.cyno.ca), our Platform, social media, communications, and web-based tools (collectively, our “Services”).

If you have any questions or concerns about this Privacy Statement or about our privacy or data security practices, please contact us at privacy@cyno.ca

What We Mean by Personal Information

For purposes of this Privacy Statement, “Personal Information” means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.

“Sensitive Personal Information” includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.

Information that We Collect from and About You

Information that You Provide to Us Voluntarily Cyno collects and uses Information only as necessary to provide our Services, including to develop, assess, and improve our Services. We only collect Personal Information if non-identifying information will not suffice. We minimize our collection and use of Personal Information to what is needed for these purposes. We collect the Health Service Consumer and Health Service Provider account information for the purpose of supplying Services to each individual or entity, respectively.

Health Service Providers are responsible for their collection, use, disclosure, retention, destruction and protection of Information. They are subject to privacy legislation and professional requirements that govern their management of Information, including Information they collect through the Cyno Platform. As a result, the following description is an overview only of the procedures applicable to data processed by Cyno as a controller to provide services through the Cyno Platform.

Account and Profile Information:We collect information about you and/or your company when you register for an account, create or modify your profile, and make purchases through our Services. You may provide this information directly through our Services or in some cases through another user (such as a company account administrator) creating an account on your behalf may provide it. If you provide information (including Personal Information) about someone else, you represent that you have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy on any such individual’s behalf.

 

This information may include:

 

Health Service Consumer

  • First and Last Name

  • Date of Birth

  • Province of residence

  • Email address

  • Telephone numbers

  • User IDs and passwords (passwords are stored in salted-hash form only)

  • Personal information that you choose to share during your interactions with Health Service Providers

  • Identifiers of devices used to access our Services

 

Health Service Provider, Account Administrators, Staff Administrators

  • First and Last name

  • Phone Number (cell or landline)

  • Email Address

  • Liability Policy Holder

  • Liability Policy Number

  • GST/HST Number

  • License Number

  • Certification Title(s)

  • Certification Suffix(s)

  • Expertise (specialty in practice, example: Knee Rehabilitation)

  • Public Bio

 

Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any Personal or other Sensitive Personal Information submitted using our Services, such as HIPAA Protected Health Information under the US’ Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), personal data under the EU’s General Data Protection Regulation (“GDPR”), and other information such as source code or regulatory compliance materials.

Other submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites.

Information that We Collect Automatically When You Use Our Services:

 

Web Logs: We record certain information and store it in log files when you interact with our Services. This information may include Internet Protocol (IP) or other device addresses or ID numbers, browser type, Internet Service Provider information, URLs of referring/exit pages, operating system type, date/time stamp information, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information.

Cookies: We use various technologies to collect information, including through cookies that we save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to authenticate you when using our Services – these cookies are ‘strictly necessary’, and essential for the website to function. We may also associate the information we store in cookies with Personal Information you submit through our Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit by changing your browser options. If you do not accept cookies, however, you may affect how our Website and Services function.

Information that We Collect from Other Sources

Information Provided by Other Individuals: While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about you. When one individual provides us with information (including Personal Information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of your Personal Information as described in this Privacy Statement. Please contact us immediately at privacy@cyno.ca if you become aware of an individual providing us with Personal Information about another individual without being authorized to do so.

Why We Collect Information from and About You

We will not use your Personal Information for anything other than the following purposes:

 

To establish and maintain contractual relationships with our customers:

  • To fulfill our obligations to current customers

  • To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages

  • To enable individuals to access and use our Services.

 

To comply with our legal obligations:

  • To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements

  • To demonstrate compliance with applicable privacy and data security laws and regulations, such as HIPAA and GDPR

  • To comply with incident monitoring, reporting, assessment, and notification requirements under applicable law

  • To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law

To provide services and information that you request:

  • To provide customer service and support

  • To communicate with you, including responding to your comments, questions, and requests regarding our Services

  • To provide direct marketing, email, and other distributed information distribution.

    To fulfill our legitimate interests as a business:

  • To administer, operate, maintain, and secure our website and Services

  • To monitor and analyze trends, usage, and activities in connection with our Services

  • To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities

  • To verify compliance with our internal policies and procedures

  • For accounting, recordkeeping, backup, and administrative purposes

  • To customize and improve the content of our communications, websites, and social media accounts

  • To educate and train our workforce in data protection and customer support

  • To provide, operate, maintain, improve, personalize, and promote our Services

  • To develop new products, services, features, and functionality

 

When possible, we will use anonymized data for these purposes. When use of anonymized data is not possible or would be insufficient for Cyno’s needs, or if we combine it with Personal Information we will treat any such Personal Information in accordance with the procedures outlined in this Privacy Statement.

We will only process your Personal Information where we have a legal basis for doing so, and this will be determined by the purpose for which your Personal Information is processed. Typically, we process your Personal Information on one of the following legal bases:

  • Because it is necessary to fulfil a contract we have with you or to take steps at your request prior to entering into a contract;

  • Because you have provided your consent; or

  • Because it is in our legitimate interests to do so (and these are not overridden by the impact on your privacy or other rights). Our legitimate interests include the provision of our Service, the operation of our website, enhancing our profile and reputation and raising our customers’ and prospective customers’ awareness of our Services.

 

When and Why We Share or Disclose Personal Information

We generally do not share Personal Information that we collect from or about you with third parties. However, Personal Information may be shared with third parties where one of the following circumstances applies:

With Your Express Consent: We will share your Personal Information with companies, organizations, or individuals outside of Cyno when we have your consent to do so.

As a Health Service Provider or Health Service Company Administrator, When Your Account Is Accessed by One of Your Organization’s Designated Account Administrators:  Your Cyno account administrators may be able to:

 

  • Access information in and about your Cyno account;

  • Disclose, restrict, or access information that you have provided or that is made available to you when using your Cyno account, including your content; and

  • Control how your Cyno account may be configured, accessed, or deleted.

 

With our vendors and business partners, to accomplish our business purposes: We may share your information with the Health Service Providers and other third parties listed in our Subvendor Directory who perform services on our platform. We provide your payment information to our service providers for payment processing and verification. Cyno shares Personal Information with its vendors and other parties performing services on our platform only after they have agreed in writing to implement appropriate protections with respect to your Personal Information.

When Necessary to Comply with Laws and Law Enforcement Requests, or Otherwise to Protect Our Rights or Those of Individuals: We may disclose your information (including your Personal Information) to a third party if:

  • We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;

  • To enforce our agreements, policies and terms of service;

  • To protect the security or integrity of Cyno’s products and services;

  • To respond to an incident involving personal data for which Cyno may have direct or indirect responsibility

  • To protect the property, rights, and safety of Cyno, our customers or the public from harm or illegal activities;

  • To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious injury of any person; or

  • To investigate and defend ourselves against any third-party claims or allegations.

 

As the result of a business transition: We may share or transfer your information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website. We may limit our disclosure or use of any Personal Information that is considered Protected Health Information in the event that Cyno undergoes a business transition in order to comply with HIPAA.

Sharing aggregated, anonymized, deidentified, or otherwise non- personal data: We may share aggregated, anonymized, deidentified, or otherwise non-Personal Information that does not directly or indirectly identify you and that cannot, with reasonable effort, be used to reidentify you in order to improve the overall experience of our Services. Such Personal Information will be aggregated, anonymized, deidentified, or otherwise rendered not re-identifiable in accordance with applicable law such that the resulting information is not considered Personal Information within the scope of this Privacy Statement.

Your Control Over Your Personal Information

You have certain rights in relation your Personal Information. Depending on your geographic location, these may include the right to:

  • Update or correct your Personal Information at any time by accessing the account settings page on the website or within our platform.

  • Decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionality of our Services or fulfill your requests. For example, we need your email address to authenticate you and perform account services such as password resets, or to provide you with customer support.

  • Decline to accept cookies, but that decision may affect the functionality and performance of our Services.

  • Opt out of receiving promotional communications from Cyno by using the unsubscribe link within each email or otherwise request that we communicate with you in a confidential manner. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.

  • Request information about, and access to, the personal data that we collect from you.

  • Ask questions or make complaints about our privacy and data security practices with regard to your personal data.

  • Request that we delete information that we have collected about you.

  • Ask us for a copy of the information that we collected from you.

  • Request restrictions on how we use or disclose your Personal Information. Request a paper copy of this Privacy Statement.

  • Withdraw your consent to the processing of Personal Information, where we are processing Personal Information on that basis.

 

To exercise any of these options, or for additional information about our privacy and data security practices, contact us at privacy@cyno.ca.

You may also have the right to contact the relevant data protection authority if you think we have processed your Personal Information in a manner which is unlawful or breaches your rights. If you have such concerns, we request that you initially contact us at the email address above so that we can investigate, and hopefully resolve, your concerns.

Security

We employ a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the Personal Information you trust us with.

To that end, we manage our data protection program consistent with ISO 27001, SOC 2, HITRUST, and legal and regulatory requirements such as HIPAA, PIPEDA and GDPR, as they may be applicable to our services.

Cyno protects Personal Information under its control, and obligates its service providers in writing to also protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.

If you have concerns about the security of your information with Cyno, please contact us immediately at security@cyno.ca to report an issue.

Data Retention & Disposal

We retain your Personal Information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, we securely dispose of your Personal Information promptly after any such business, legal, or contractual need has lapsed.

Unless we otherwise give you notice, we will retain your Information on the Cyno Platform on your behalf until such times as you or we terminate your Health Service Consumer or Health Service Provider Account. Health Service Providers may exercise any authority they have to withhold Personal Information they compile in connection with Services from Health Service Consumers as permitted under applicable the law. You will be required to request any access to notes made by the Health Service Providers about your consultation from the Health Service Provider.

Cyno is not the Health Information Custodian (HIC) or Covered Entity (CE) with respect to Protected Health Information, of Personal Information held on the Cyno Platform; rather it holds and/or processes Personal Information on behalf of Health Service Consumers and Health Service Providers. On termination of your Health Service Consumer Account, we will delete the Personal Information associated with your Account, except Information that a Health Service Provider advises us he or she requires in connection with a consultation. As mentioned above, Health Service Providers are governed by privacy legislation and professional requirements that govern their management of Personal Information, including Information they collect through Cyno. In such circumstances, Cyno will destroy the Personal Information when the Health Service Provider has obtained a copy or terminates his/her account with Cyno. Cyno may also have different legal obligations with respect to Personal Information from those imposed on Health Service Providers.

Children’s Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect Personal Information from children under 16. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us at privacy@cyno.ca.

California Privacy Rights

California Civil Code Section 1798.83 permits Cyno customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. If you require more information about it please contact privacy@cyno.ca

Data Storage and Location of Data

Cyno is a Canadian-based company that offers its Services to domestic and international business customers. As a result, information that we collect, including Personal Information, may be transferred to our Canadian offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may provide information to third- party service providers in Canada and in other countries as described above. Thus, Personal Information may be transferred to and stored on servers located in Canada and in countries different from the country in which that information was initially collected, including out of the European Union. Similarly, information we collect may be accessed by Cyno and our third-party service providers and business partners from countries other than the ones in which the information is stored.

If you are a resident in the European Union, please note that wherever we transfer and store information outside the European Union, we will take legally required steps to ensure that appropriate safeguards are put in place to protect your Personal Information. You may contact us for an explanation of the basis on which we have transferred your Personal Information and, where relevant, to request a copy of the legal safeguards which we have put in place.

If we engage a third party to process Personal Information on our behalf, we contractually require them to handle your Personal Information appropriately.

Changes to this Privacy Statement

We may change this Privacy Statement from time to time or amend this Privacy Statement to comply with changes in applicable law. If we make any changes, we will notify you by revising the version and date at the top of this Privacy Statement and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the log-in screen or sending you an email notification). You can also follow the changes to this document here.

Your continued use of our Services after the revised Statement has become effective indicates that you have read and understood the current version of this Statement.

Contact Information

Please contact us with any questions or comments about this Statement, your Personal Information, our use and disclosure practices, or your consent choices by email at privacy@cyno.ca.

Our Data Protection Officer is:
Joni Barbour, Privacy Officer (Data Protection Officer)

privacy@cyno.ca