MD VOICE AI PRIVACY POLICY
Effective Date: January 02, 2025
Introduction
MD Voice AI Inc. (“Company,” “we,” “us,” “our”) has a practice of protecting the privacy and security of customer, supplier and employee records. We are committed to meeting our obligations under Canadian data privacy laws, including the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (PIPEDA), and applicable provincial laws. We are also committed to meeting our obligations under the US Health Insurance Portability and Accountability Act (HIPAA). We adhere to the privacy principles set out below, which govern the way we collect, use, store and disclose personal information that is obtained in the course of development, sales, promotion and distribution of our products or in the course of employment.
“Personal information”, as used in this policy, means any information about an identifiable person, including but not limited to name, customer and supplier information, ID numbers, and employee files.
By using the MD Voice website or the application, you consent to the use of personal information as described in this Privacy Policy. The company’s customers are healthcare practitioners who are utilizing our artificial intelligence voice recording service application. If you are a patient of a healthcare practitioner and do not consent to your personal information being collected and used by the Application, you must inform your healthcare practitioner that you do not consent.
10 Principles for the Protection of Personal Information
We will collect, use, store and disclose personal information in accordance with the following 10 privacy principles:
1. Accountability
The overall responsibility for ensuring our compliance with data privacy laws and this privacy policy rests with our Privacy Officer, although other individuals within the Company have responsibility for the day-to-day collection and processing of personal information and may be delegated to act on behalf of the Privacy Officer.
We are responsible for personal information in our possession or custody, including personal information that we may transfer to third parties for processing. We will require our third parties to agree to contractual requirements or other means that provide a comparable level of protection while personal information is being processed.
Our Privacy Office will receive and respond to complaints and inquiries. If you would like to contact our Privacy Officer, please email the Company at: support@mdvoice.ai.
2. Identifying Purposes
Before or at the time of collection, we will identify the purposes for which we plan to use the personal information. Depending upon the way in which the personal information is collected, this can be done orally or in writing.
The Company may use the personal information we collect for the following purposes:
- to send email to users with a user account;
- to select and announce the winner of the monthly sweepstakes draw;
- to respond to customer inquiries about accounts and other services;
- to create user account profiles; and
- to meet legal requirements.
The Company will only collect personal information that is necessary for the above purposes. Unless required by law, we will not use personal information for a new purpose without the knowledge and consent of the individual to whom the information relates. The Company will maintain a record of all identified purposes and consents obtained.
3. Consent
Personal information will only be collected, used or disclosed with the express or implied consent of the individual, except in certain circumstances permitted or required by law. The way in which we seek consent may vary depending upon the sensitivity of the information. We will obtain consent in all cases where the personal information involved is considered sensitive, such as income or health information.
Typically, we will seek consent for the use or disclosure of personal information at the time of collection when a user accesses the Company’s website or application and thereby accepts the applicable terms and conditions. However, additional consent will be sought after the personal information has been collected if it is required for a new purpose other than that stated under the applicable Company terms and conditions. The terms and conditions allow users to withdraw consent of having their names disclosed in the event they win the monthly sweepstakes draw by emailing the Company at support@mdvoice.ai or adjusting their settings on their user account. The terms and conditions will also require that any and all users of the Company website and application are at least the age of majority and thus can provide meaningful consent for themselves.
In certain circumstances, obtaining consent would be inappropriate. The Canadian PIPEDA, US HIPAA, and provincial/state privacy laws provide for exceptions where it is impossible or impractical to obtain consent.
4. Limiting Collection
We will collect personal information by fair and lawful means and will limit the amount and type of personal information we collect to that which is necessary for our identified purposes. The personal information that will be required for users to create a user account are the following: name, email, and phone number. Users can optionally input more information onto their user accounts.
5. Limiting Use, Disclosure and Retention
We will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Any new purpose for using personal information shall be documented by the Company.
The Company may sell and/or trade customer lists to selected third-party companies and organizations that meet our requirement for security and confidentiality. These lists will not include any personal information and do not include credit or transaction information. Subject to any applicable business, legal, or regulatory requirements, we will ensure that the data is destroyed in a secure manner, erased or made anonymous.
The Company’s medical professional clients will access and share personal health information and patient records to and from the Electronic Medical Records via a Chrome extension. Any transfer of information or data to and from the Chrome extension shall require authorization from the Company’s medical professional clients using Section-Based Access credentials.
For clarity, by using the Chrome extension for data transfers, the Company’s medical professional clients agree to comply with all stipulated authorization procedures and safeguards established by the Company. Failure to comply with these guidelines may result in the suspension or termination of access to the Chrome extension and potential legal action to address any breach of this clause or related damages arising from such non-compliance.
The Company disclaims all liability for any unauthorized access to, or use of, personal health information that results from the failure of its medical professional clients to properly secure their Section-Based Access credentials or to follow the authorized data transfer procedures as outlined in this clause. It is the responsibility of the medical professional clients to ensure that their use of the Chrome extension for data transfers complies with this clause and protects the privacy and security of personal health information at all times.
Personal information will be retained for as long as necessary for the fulfillment of the purposes described in section 2.
Upon an employee’s resignation, retirement or termination of employment, the employee’s personal information will be destroyed in a secure manner and in accordance with applicable privacy legislation.
The Company may provide personal information to affiliates. Our affiliates are the family of companies that form our parent company and any/all sister companies. The full list of such companies can be found on our parent company website at support@mdvoice.ai.
6. Accuracy
We will use our best efforts to ensure that personal information that is used on an ongoing basis and information that is used to make a decision about an individual is as accurate, complete, and up-to-date as necessary for the purpose for which it is to be used. Any routine updates to personal information will only be conducted if necessary to fulfill the purposes for which the information was collected.
7. Safeguards
We will protect personal information with safeguards appropriate to the level of sensitivity of the information. Our safeguards protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. Our methods of protection include physical measures, organizational measures, and technological measures.
Personal information of users will be stored on a database on Google servers located in Canada; all personal information will remain in Canada. The personal information on the database will be protected by end-to-end encryption on a password-protected computer. The computer will be secured in a locked room. Only the Privacy Officer and senior management have authorization to access the database in which the personal information records are being retained. Personal information transferred via the Chrome extension between medical professionals and the Electronic Medical Records will require authorization from medical professionals using “Section-Based Access” credentials.
We will exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information. The Company’s employees will be made aware of the importance of maintaining confidentiality of personal information. We also require our outside service providers to provide a comparable level of protection to personal information that we may supply to them.
8. Openness
The Company will make readily available specific information about its personal information management policies and practices. To access more information about the Company’s policies and practices, please email support@mdvoice.ai.
9. Individual Access
Upon written request, we will inform an individual of the existence, use and disclosure of their personal information and give them reasonable access to that information. We may deny access for legally permissible reasons, such as situations where the information is prohibitively costly to provide, if it contains references to other individuals, or where it cannot be disclosed for legal, security or commercial proprietary reasons. We will advise the individual of any reason for denying an access request.
When an individual successfully demonstrates the inaccuracy or incompleteness of personal information held by us, we will correct or update the information as required.
10. Filing Inquiries and Complaints
We will investigate all written complaints and respond to all written inquiries. If we find a complaint to be justified, we will take appropriate measures to resolve it. If you would like to file a complaint with the Company, please contact the Privacy Officer by emailing support@mdvoice.ai.
To file an opt-out request, request access to your information, report incorrect information or file a complaint, please email support@mdvoice.ai.
Privacy Policy Changes
The Company may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. The Company will let you know via email and/or a prominent notice on our website or application, prior to the change becoming effective.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.