Privacy Policy (Canada)

Effective upon: 28 September, 2022 
Last updated: 28 September, 2022

At OraQ AI Inc. (“we” and “us”), we are strongly committed to transparency, and we want you (“you” or “your”) to understand how we collect, use, disclose and protect your personal information, as well as how you can manage the information we collect from you. 

This Privacy Policy applies to your use of our software and all associated services (collectively, the “Services”). By using the Services, you are accepting the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Services. If you do not understand, or if you have questions about, this Privacy Policy, please contact us before using, or continuing to use, the Services. 

The date on which the Privacy Policy was last amended is indicated above. We reserve the right to change our Privacy Policy from time to time. We will display a prominent notice that the Privacy Policy has been amended on our software for a period of thirty (30) days. The amended Privacy Policy is effective when posted. Your use of the Services after we have made changes to our Privacy Policy will mean that you have accepted those changes.  

Nothing contained in this Privacy Policy is intended to create a contract or agreement between us and you.  

Please click on the following sections to learn more about our Privacy Policy. 

Personal information means information about an identifiable individual (collectively, “personal information”), and does not include information that cannot be attributed to an identifiable individual, such as information of an aggregate or anonymous nature (collectively, “non-personal information”). 

Health information refers to diagnostic, treatment and care information, and/or registration information, as defined in Alberta’s Health Information Act (the “HIA”) and includes, without limitation, information about the physical health of an individual, information about a health service provided to an individual, and related billing information (collectively, “health information” and together with personal information, “Information”). 

We are not a “custodian”, as that term is defined in the HIA. A custodian includes, as it relates to our business, without limitation, dentists and dental hygienists. We are an “information manager” under the HIA, as we provide information management or information technology services in a manner that, at times, requires the use of health information. Accordingly, we have entered into information manager agreements (each, an “IMA”) with custodians in accordance with the HIA and its regulations relative to our provision of these services.  As such, the health information referenced in this Privacy Policy is subject to the applicable IMA. 

We will only collect, use, and disclose the Information that we need in order to provide you with the Services. 

We will obtain your express consent prior to or when collecting, using, or disclosing your Information for any purpose not described in this Privacy Policy, or for a purpose that was not identified to you nor reasonably expected at the time of collection, unless we are required or permitted by law not to obtain your consent.  

We may rely on your implied consent in certain circumstances, after taking into account factors such as the sensitivity of the Information and your reasonable expectations. We will limit the collection, use, and disclosure of your Information to only that which is necessary for the purposes identified, unless you have otherwise consented, or when such collection, use, and/or disclosure is permitted or required by law. 

You can always refuse to provide your Information, except that it may prevent you from using our Services or receiving responses to your inquiries or other information of interest.  

We may collect various types of Information from you and/or your dental clinic, depending upon how you and/or your dental clinic interact with us or use or interact with our Services. This Information may include your:

• Contact/Location Information. Name, email address, postal address, phone number, and other contact information. 
• Demographic Information. Date of birth, gender, marital status, and occupation. 
• Information Relating to Health and Habits. History of and details about smoking and alcohol consumption, history of mouth-related issues such as bleeding gums, grinding teeth, and clenching jaw, details about sleep habits, and details about medical history, medical examinations, allergies, and medications. 
• Photographic Information. Photographs, electronic images, and/or x-rays of facial features, mouth, and teeth. 
• Insurance/Billing Information. Insurance provider, insurance group/plan number, insurance ID number, credit card information, and account number. 
• Device Information. IP address, operating system and platform, device type and device identifiers. 

We need to collect Information from you and/or your dental clinic in order to provide you and/or your dental clinic with our Services, as well as to improve your experience and/or your dental clinic’s experience using our Services. You and/or your dental clinic may provide us with Information in several ways, including, for example when you and/or your dental clinic: 

• use our Services; 
• create an account or profile; 
• correspond with us, including through surveys; 
• sign up to receive our newsletter or promotional information; 
• ask for customer service, support or other assistance; or 
• interact with us in any other way, online or offline, including through our Services. 

We may also collect Information from other sources (such as from third party service providers) to, among other things, enable us to complete, verify, or update Information contained in our records and to better customize the Services we provide. 

Unless otherwise consented by you in advance, or as may be permitted or required by law, we will only use and disclose your Information to fulfill the purposes for which it was collected (and in accordance with this Privacy Policy). 

We use Information to: 

• provide you and your dental clinic and/or your insurance provider with our Services; 
• maintain and improve our Services; 
• administer our relationship with you, including creating and managing your patient portal; 
• respond to your requests and communications; 
• measure performance (such as our customer care interactions with you); 
• develop new products and services; 
• conduct surveys and research to better understand the preferences of our customers like you; 
• respond to legally binding demands from law enforcement, regulatory authorities or other third parties; 
• defend, protect or enforce our rights or applicable terms of service; 
• to prevent fraud or the recurrence of fraud; 
• assist in the event of an emergency; and 
• comply with applicable law. 

In many cases, we de-identify your Information as soon as we collect it. In these cases, your Information is non-personal information. We may use non-personal information for any legitimate business purpose. 

We are concerned about ensuring the security of your Information, and we have taken appropriate measures to ensure its security and confidentiality. We exercise great care in providing secure transmission of your Information from your browser or device to our servers. For example, we use an encrypted channel(s) between our front-end web service and our APIs, and we store encrypted Information that we have collected in secure operating environments. We will only retain your Information for the period of time reasonably required to fulfill the purposes for which it was collected. We may retain non-personal information for as long as we have a business need to do so. 

Our Services may utilize third party systems, programs, websites, solutions, and/or applications, including without limitation Google (which hosts OraQ’s web application), Sikka AI (which offers dental automation software and practice management services), Redis Enterprise (which provides cache management services), Prefect (which provides data workflow automation services),  and Confluent Kafka (which offers data processing solutions). 

An organization must protect personal information that is in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. All of our service providers and contractors are contractually obligated to employ appropriate data security measures with respect to your Information and to collect/use/disclose/retain it only within the scope required for the provision of our Services. However, we are not responsible for the actions and privacy policies of these third parties and their systems, programs, websites, solutions and/or applications. Check the privacy policies of these third parties for information on their privacy practices, e.g. Google, Sikka AI, Redis Enterprise, Prefect, Confluent Kafka. 

We try our best to safeguard Information once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your information, please contact us as soon as possible. 

Except as set forth in this Privacy Policy, or as required or permitted by law, we do not disclose your Information to any parties other than to your dental clinic and/or your insurance provider, our service providers (including third party research and development entities) and our affiliates, and their respective directors, officers, employees, agents, consultants, advisors or other representatives that have a need to use your Information to provide or improve our Services, to legal or regulatory authorities, or for other purposes for which you have provided your consent. In no event will we sell or rent your Information. 

We may disclose Information: 

• to your dental clinic, your insurance provider, and/or our third party service providers to help us with the uses described in the How We Use Information section above; 
• to comply with your directions or any additional consent you have provided us; 
• to other parties where we are under a duty to disclose your Information in order to comply with any applicable legal obligation including a regulatory process, or an order of a government institution, investigative body, regulatory body or judicial authority of competent jurisdiction; 
• where we transfer or are considering transferring control of any or all of our assets, operations or services to a third party acquirer of all or substantially all of our assets, including our rights and obligations relating to our Services, to a third party. The third party may continue to retain and use the Information that you provided to us. We will act in a reasonable manner, including by contractual or other means, to ensure that the third party agrees to similarly be bound by this Privacy Policy or a privacy policy that provides substantially similar measures to those employed by us to protect the privacy and security of your Information and to similarly comply with applicable privacy legislation with respect to your Information, but we cannot guarantee such latter compliance by the third party acquirer; and 
• where we merge, consolidate, or amalgamate with a third party, the merged, consolidated, or amalgamated entity may continue to use and disclose your Information. We will use our best efforts to ensure that the merged, consolidated, or amalgamated entity agrees to similarly be bound by this Privacy Policy or a privacy policy that provides substantially similar measures to those employed by us to protect the privacy of your Information and to similarly comply with applicable privacy legislation with respect to your Information, but we cannot guarantee such compliance.  

We disclose non-personal information to third parties as reasonably necessary to meet our business needs. We do not disclose your Information to third parties for their own direct marketing purposes without your consent.  

We offer you certain choices in connection with our Services. 

Access to your personal information 

On your reasonable written request, we will provide you, not later than thirty (30) days from our receipt of your request, or such additional time as required by law, with access to or information about your personal information (if any) under our custody or control, and the names of persons to whom, and any circumstances in which, your personal information has been and is being disclosed by us. You must provide sufficient information in your request to allow us to verify your identity and identify the information you are seeking. 

If you request a copy of your personal information and the personal information can reasonably be reproduced, we will provide you with a copy of the personal information, or, if applicable, we will give you reasons for any delay in providing a copy of the requested personal information. All requests may be subject to minimal costs, in accordance with applicable privacy legislation. 

We reserve all rights not to disclose personal information, in whole or in part, in certain circumstances permitted or required by law, including but not limited to where:  

• the personal information is protected by any legal privilege; 
• the disclosure of the personal information would reveal confidential commercial information; 
• the disclosure could reasonably be expected to threaten the life or security of another individual;  
• the personal information was generated in the course of a formal dispute resolution process; or 
• the personal information was collected by us without your knowledge and consent for reasonable purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.   

If access to your personal information is refused, in whole or in part, we will provide you with the reasons for the refusal, the provision of applicable privacy legislation on which the refusal is based, and the contact information of the Privacy Officer who can answer your questions about the refusal, and will inform you that you may ask for a review of the refusal in accordance with applicable privacy legislation.   

To submit a request to access your personal information or designate an authorized agent to make a request to access your personal information, please contact us. Our security procedures mean that we may request proof of identity before we disclose your personal information to you.  

Please note that we can provide access to health information only as an “information manager” in accordance with instructions to do so issued by a custodian in accordance with the HIA. 

Updating your Information 

The accuracy of the Information we have about you is very important. To submit a request that we update your Information, please contact us. 

On your request, we will make every reasonable effort to correct outdated Information, or errors or omissions in your Information where that Information is in our custody or control. Such request must be in writing, signed by you, and include sufficient detail to enable us to identify any Information in our custody or control in relation to the request. 

We will, as soon as reasonably practical and not later than thirty (30) days from our receipt of your request, or within such additional time as permitted or required by law, either correct the Information and, if applicable and reasonable to do so, send correction notifications to any third party to whom we disclosed the incorrect Information, or decide not to correct the Information, but we will annotate the Information under our control to indicate that a correction was requested but not made. 

We will inform you of the action that we have taken in response to your request for correction, the contact information of the Privacy Officer who can answer your questions about your request for correction, and that you may ask for a review of the action taken in accordance with applicable privacy legislation. 

Email communications 

You may have the opportunity to receive certain communications from us related to our Services. If you provide us with your e-mail address in order to receive communications, you can opt-out of marketing emails at any time by following the instructions at the bottom of our emails and adjusting your email preferences. Please note that certain emails may be necessary for the operation of our Services. You will continue to receive these emails, if appropriate, even if you unsubscribe from our optional communications.