AERCS Privacy Policy

When you access and browse our Services, we collect information about how you are accessing our Services, such as your internet or mobile network connection, your browser or the type of mobile device you are using (if applicable). We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used. This information is not used to market or send promotions at an individual user level.

Our website uses cookies. Cookies are small data files that are downloaded to your computer or device by a website. Your web browser lets you manage cookies through its “settings” or “options” menus. You can change your browser settings to display a warning before accepting a cookie or to refuse all cookies. You can also delete cookies at any time; however, please note that certain cookies must remain in order to use certain portions of the Services. We also use web beacons, which are tiny graphic objects embedded in a web page or an email which allows us to determine if a user has viewed the web page or email.

We use cookies and web beacons:

•  To learn about use of our websites, such as user traffic patterns and the effectiveness of our navigational structure
• To identify email open rates in order to gauge the effectiveness of certain communications or marketing campaigns to clinics
• To allow you to login to secure areas of our Services
• To store your login credentials for easy access to our Services

For more information about cookies, see our Cookie Policy.

If you login to our Services using a third-party sign-in service, such as Google, Facebook Connect or Twitter, we will receive personal information from those services, such as your name and email address in order to pre-populate our online forms. We also include social media “Like” and “Share” buttons on our websites. These features may collect your IP address and the page you are visiting on our website. They may also set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of each of the third parties who provide them.

For personal information that is subject to the General Data Protection Regulation (GDPR), we rely on the following legal bases for collecting and using your personal information:

• Your consent
• Our legitimate interests (which are not overridden by your privacy rights), such as operating our business, understanding and improving our Services, direct marketing related to our Services, communicating with our Subscribers and users about our Services, events or related resources, improving our websites and protecting our legal rights and interests.

You may withdraw your consent at any time. Where we are using your personal information for our legitimate interests, you have the right to object to that use. See below under Your Rights for how to withdraw consent or object.

If you are a patient of one of our Subscriber clinics, please contact your clinic or practitioner if you have any questions about the legal basis for collecting and using your personal information. Our Subscribers may have a different legal basis for collecting and using a patient’s personal information, such as providing health care or treatments as a regulated healthcare professional.

Subscribers use our clinic management platform to collect personal information from their patients and create patient records. These records may include a patient’s name, address, health insurance and billing information, medical charts, appointment history and other patient data (“Patient Data”). This information is sometimes referred to as “personal health information”, “protected health information”, “data concerning health” or “sensitive data” depending on the location of the Subscribers and the privacy laws applicable to them. If you are a patient, Patient Data is collected from you when you visit your Subscriber clinic or practitioner and when you set up an account with the Subscriber clinic through our online booking website.

Subscribers retain sole control over Patient Data and may be referred to as a “health information custodian”, a “covered entity” or a “controller” depending on their location and the privacy laws applicable to them.
Subscribers determine:

• What Patient Data to collect;
• How the Subscriber will use the Patient Data;
• How long the Subscriber will store Patient Data; and
• On what basis the Subscriber may delete Patient Data.

Subscribers are responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use.

Jane is a service provider to Subscribers and may be referred to as an “agent”, “business associate” or “processor” of the Subscriber. Jane stores Patient Data in its secure data centers and makes it available to Subscribers and their users through our clinic management platform. Jane otherwise has no control over Patient Data. Jane will only access Patient Data on the instructions of the Subscriber or its practitioners or staff or, in rare cases, where needed in order to prevent or address technical problems or if required by law or court order.

Patient Data is stored in the regional data centre for the location chosen by the Subscriber during the sign-up process. We currently have regional data centres in Canada, the United States, UK, and Australia, though this may change from time to time. If we do not have a data centre in the Subscriber’s region, Patient Data will be stored in our Canadian data centre, unless otherwise requested by the Subscriber. Please note that we use US-based service providers for appointment reminders sent by email or SMS and, therefore, Patient Data contained in appointment reminders will go through and may be stored temporarily in the United States. All our data centres and service providers maintain a high level of security and are compliant with applicable privacy laws.

Patients have certain rights with respect to their Patient Data, which may include knowing what information your Subscriber clinic has about you, correcting any inaccurate Patient Data, obtaining a record of your Patient Data and, in certain circumstances, deleting or removing your Patient Data. Please note that Subscribers have strict legal and regulatory obligations around Patient Data and may not always be permitted to delete or remove Patient Data.

We do not sell or distribute personal information to third parties for their own commercial or marketing purposes. We will only share personal information we collect in the following circumstances:
Suppliers and Service Providers. In order to operate our business and provide the Services to our Subscribers and their users, we may need to share a limited amount of personal information, including Patient Data, with our third-party suppliers and service providers. Before sharing personal information, we ensure that the third parties receiving the personal information have provided appropriate safeguards, and that privacy rights are protected and preserved. Some of the areas where we use third-party suppliers and service providers include:

• Our data centers where all platform data is stored
• Customer support services to help us collect feedback and manage our support services
• Communication services to send out email and SMS notices or reminders
• Payment processors

We will make reasonable efforts to ensure that the personal information we collect from you is accurate and complete. You may update, correct or delete your account information at any time by logging into your user account and modifying your personal information, including your preferences to receive messages from us. You may also update, correct or delete your personal information by contacting us as noted below.

In certain limited circumstances, individuals in the EU may request that we restrict our use of their personal information and, where we rely on legitimate interests as the legal basis for using your personal information, you have the right to object to such use. In these cases, we can be required to no longer use your personal information; however, this may mean that certain components of our Services cannot be made available to you. If you wish to exercise your right to restrict or object, please contact us.

You have the right to lodge a complaint with a supervisory authority (i.e., the independent public authority responsible for monitoring data protection laws in your country). You may also contact the Information and Privacy Commissioner of British Columbia (for British Columbia matters) ( http://www.oipc.bc.ca/ ) or the Privacy Commissioner of Canada (for international matters and inter-provincial matters) ( http://www.priv.gc.ca/ ).