Select Your Country or Region

You are now at Canada (English)
Home / About us / Legal / Privacy Policy

Privacy Policy

Arjo Canada Inc. and ArjoHuntleigh Magog Inc. Privacy Policy

Arjo Canada Inc. and ArjoHuntleigh Magog Inc. recognizes the importance of privacy and the sensitivity of personal information. This Privacy Policy describes how we manage your personal information and protect your privacy for our customers, suppliers, prospective customers and users of the Arjo Academy platform. The information is also relevant to our employees, but there is also a specific privacy notice for employees which is available from our local human resources department if required.

As indicated above, the data controller for the processing of most of our processing activities is Arjo Canada Inc. or ArjoHuntleigh Magog Inc. To make this notice easier to read, Both legal entities are referred to as Arjo for the rest of this document. As the data controller, if you have any questions, comments or queries about your personal data, we can be contacted using the details below:

Arjo Canada Inc.                               ArjoHuntleigh Magog Inc.

350-90 Matheson Blvd W.               2001 rue Tanguay

Mississauga, ON L5R 3R3               Magog, QC, J1X 5Y5

+1 905-238-7880                             +1 819-868-0441

dataprivacy@arjo.com.                   dataprivacy@arjo.com.

 

Arjo aims to be compliant in everything we do. As such, we invite you to contact us whenever you feel it is necessary so we can partner with you in addressing any comments or concerns you might have.

 

Your Privacy Rights

In Canada, organizations engaged in commercial activities must comply with the Personal Information Protection and Electronic Documents Act (the “Act”). Additionally, ArjoHuntleigh Magog Inc. is also governed by the Quebec Privacy Law. Arjo is responsible for the personal information we collect, use, maintain and disclose. To ensure this accountability, we have developed this policy, and trained our staff about our policies and practices. Under data protection law and depending upon where you are and which organisation is processing your data, you may have rights including:

Right

Applicable to residents of:

AB

BC

MB

NB

NL

NT

NS

NU

ON

PE

QC

SK

YT

Right of access – You have the right to ask us for copies of your personal information.

x

x

x

x

x

x

x

x

x

x

x

x

x

Right to rectification – You have the right to ask us to rectify information you think is inaccurate.

x

x

x

x

x

x

x

x

x

x

x

x

x

Right to erasure – You have the right to ask us to erase your personal information when the information is no longer necessary to fulfil the purpose of processing the information or keeping it or if you retract your consent.

 

 

 

 

 

 

 

 

 

 

x

 

 

Right to data portability – You have the right to ask that we transfer the information you gave us to another organisation.

 

 

 

 

 

 

 

 

 

 

x

 

 

Right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

x

x

x

x

x

x

x

x

x

x

x

x

x

Right not to be subject to automated decision-making – You have the right to request that a review of any profiling that is undertaken using your personal data to be undertaken by a human.

 

 

 

 

 

 

 

 

 

 

x

 

 

Right to withdraw consent – You have the right to withdraw consent where this is the lawful basis established for the processing of your personal data.

x

x

x

x

x

x

x

x

x

x

x

x

x

Your right to challenge compliance and to complain to us and to a data protection authority

x

x

x

x

x

x

x

x

x

x

x

x

x

 

Additional information about particular data protection rights

 

  • Your right to rectification – You also have the right to ask us to complete any information that you consider incomplete. This right applies in conjunction with one of the data protection principles. Any request for rectification of your personal data will also be transferred to and processed by any processor with whom your personal data has been shared. This process is managed by us and will not require any further action on your part in order for you to fully exercise your right.
  • Your right to erasure – Arjo is obliged to keep extensive records in accordance with our legal obligations. As such, Arjo may not be able to delete every record that is processed about you, however this will be explained where relevant. Any request to be forgotten will also be managed by Arjo with any processor that is processing your personal data on our behalf.
  • Your right to data portability – This enables you to transfer it in a machine-readable format to another recipient. The right to data portability applies to personal data that is processed based on your consent or to perform a contract. It applies only to such personal data that you have provided.

 

What personal information do we collect?

Personal information is any information that identifies you, or by which your identity could be deduced.

Customers of Arjo

This includes contacts at Arjo customer facilities and homecare patients. The processing of your personal data could include the following:

  • Identifiers –
    • Name
    • Job title
  • Contact data –
    • Phone number
    • Email address
  • Location data –
    • Address
  • Biographical data –
    • Date of birth / age
    • Gender
  • Financial data –
    • Banking details
    • Payment card details
    • Financial / credit status
  • Sensitive data
    • Health data

Please note, the contact, location and financial information processed relates to data used in a professional capacity and may come directly from individuals or from the facility they are working for.

Commercial leads and prospects

Before becoming Arjo customers, we may obtain personal data from you when you subscribe to receive marketing materials, sign-up for webinars or education sessions or show an interest in Arjo, its products or services. Arjo may process the following data:

  • Identifiers –
    • Name
    • Job title
  • Contact data –
    • Phone number
    • Email address
  • Location data –
    • Address

Suppliers

When providing services or products to Arjo, the processing of your personal data could include the following:

  • Identifiers –
    • Name
    • Job title
  • Contact data –
    • Phone number
    • Email address
  • Location data –
    • Address
  • Financial data –
    • Banking details

Users of the Arjo Academy platform

  • Identifiers –
    • Name
    • Job title
  • Contact data –
    • Email address
  • Location data –
    • Address
    • IP address
  • Audio / visual data –
    • Photos (only when provided by the platform user).

 

Why do we collect personal information from you?

We collect personal information from you:

  • To create and manage your account.
  • To offer and provide products and services to you.
  • To communicate with you about, and administer your participation in, surveys, events, programs, webinars, product information, newsletters, promotions and other offers.
  • To respond to and communicate with you about your inquiries and requests and provide information you request.
  • To process claims we receive in connection with our products and services.
  • To operate, evaluate and improve our business (including developing new products and services; enhancing and improving our services; managing our communications; analyzing our products; performing data analytics; and performing accounting, auditing, billing reconciliation and collection activities and other internal functions).
  • To perform data analyses and processing (including market and consumer research, trend analysis, financial analysis, anonymization, encryption and tokenization of Personal Information).
  • To protect against, identify and prevent fraud and other criminal activity, claims and other liabilities.
  • To comply with and enforce applicable legal requirements, relevant industry standards and our policies.
  • As may be required or permitted by applicable law.
  • Information collected online through cookies, web beacons and other automated means is used for purposes such as customizing our users’ visits to our sites; delivering content (including advertising) tailored to our users’ interests and the manner in which our users browse our sites; managing our business; diagnosing technical and service problems; administering our sites; identifying users of our sites; gathering demographic information about our users; determining how much time users spend on web pages of our sites, how users navigate through our sites, and how we may tailor our sites to better meet the needs of our users; using third party web analytics services on the sites, such as those of Google Analytics.
  • In other ways for which we provide specific notice at the time of collection.

We may process your personal data s to ensure that our regulatory and statutory requirements are fulfilled. This is important in order to maintain the quality of the service and products that many stakeholders rely on. We may be contractually required to process personal data for transactions with our customers or suppliers. With our strong commitment to quality, we take our contractual obligations very seriously. There may also be times when legitimate interests justify processing your personal data. In this situation, we have conducted an assessment where the needs, expectations, rights and freedoms of all parties have been considered. The only acceptable outcome of this assessment is for the legitimate purpose, necessity and your rights are balanced.

 

How do we collect your personal information?

We collect information only by lawful and fair means and not in an unreasonably intrusive way. Wherever possible, we collect personal information directly from you.

As indicated below, often the processing of personal data is necessary in order to comply with our regulatory and legal obligations. In cases where we are not subject to legal obligations to document a process (e.g. quality or regulatory compliance record keeping or CNESST challenge files) we will ask you to give your express consent to the collection, use or disclosure of your personal information. Normally, we ask for your consent in writing, but in certain circumstances we may accept your verbal consent. Sometimes your consent may be implied in your relationship with us.

Use of Your Information

If you tell us that you no longer wish to receive information about our services, we will not send any further material.

Arjo does not disclose your personal information to any third party for marketing their products and services.

Disclosure of your Personal Information

Under certain circumstances, Arjo will disclose your personal information:

  • When we are required or authorized by law to do so, for example if a court issues a subpoena.
  • When you have consented to the disclosure.
  • When the services we are providing to you require us to give your information to a third party your consent will be implied, unless you tell us otherwise.
  • Where it is necessary to establish or collect amounts owed to us.
  • If we engage a third party to provide administrative services to us (such as computer back-up services or archival file storage) and the third party is bound by our privacy policy.
  • If the information is already publicly known.

We use a number of systems and platforms to manage the data we process and a list of the key data processors are listed below:

  • Advanced Applications.
  • Avaya.
  • AWS.
  • BMC Remedy.
  • Digital Space.
  • Docebo.
  • Folks.
  • Nethris.
  • Salesforce.
  • SAP.
  • SuccessFactors.
  • Survey Monkey.
  • Syspro.
  • Tech Mahindra.

Additionally, we use a wide range of Microsoft Office storage and productivity tools to process personal data in the course of our commercial, production, logistical, operational, research and administrative activities.

We may on occasion transfer your personal data outside of the region in which the data is collected through the use of a particular processor. When this occurs, we will aim to only transfer and process personal data in countries where an adequacy agreement has been established. This means that the legal framework in the third country provides the same level of data protection. There are occasions where this isn’t possible. In these instances we have undertaken privacy impact assessments and transfer impact assessments to identify appropriate additional measures to implement, prior to establishing data processing agreements including approved standard contractual clauses. In the event that the contractual and organisational measures are still inadequate, we will seek consent to conduct the proposed processing.

Updating Your Information

Since we use your personal information to provide services to you, it is important that the information be accurate and up-to-date.

If any of your information changes, please inform us so that we can make any necessary changes.

Is My Personal Information Secure?

Arjo has adopted the following standards to enable secure and compliance towards handling and processing data:

  • Arjo has an IT policy, Information Security Directive, Data Privacy and Acceptable Use of IT Devices Directive.
  • Access management is based on giving the least access possible for the role performed, with access reviews conducted on a quarterly basis, additionally each user will have unique and individual usernames where none are shared.
  • Administrative access is only given to system and database owners who have the correct skills and training, normally senior IT staff.
  • Robust change management process.
  • All systems for which the hosting solution is determined by Arjo can only be accessed via our VPN solution. In all cases, all data and systems are encrypted at rest and in transit, and require a unique username and password to access the data each user is authorised to access.
  • All third-parties that host or work on Arjo systems are subject to a risk assessment on a yearly basis.
  • Arjo also has an overall Incident management process which is run by our Service Management team.
  • Patch management; as part of our service management.
  • Pen testing and vulnerability management.
  • IT audits performed annually by a third-party.

As indicated above, we use a number of systems, platforms and resources to process your personal data.

Additionally, we may also share personal data with partners and in line with our regulatory or statutory obligations. In all instances, data will only be shared when there is an appropriate lawful basis for processing. Data sharing is frequently undertaken following a privacy impact assessment and a transfer risk assessment to ensure the necessary safeguards and control measures are in place prior to any data sharing.

No automated decision-making is undertaken, with the exception of monitoring the success of marketing activities and when using the MyArjo portal. This includes generating a profile based on the use of our online resources which performs an evaluation. This information is only used to better inform how Arjo can support you and manage the layout of the MyArjo portal. The information is only used for these purposes and no individual data protection or statutory rights are infringed in this process. Any evaluation is subject to human review. If you have any questions or concerns about the potential use of automated decision-making, please contact dataprivacy@arjo.com.

 

Access to Your Personal Information

You may ask for access to any personal information we hold about you.

Summary information is available on request. More detailed requests which require archive or other retrieval costs may be subject to our normal professional and disbursement fees.

Correcting Errors

If Arjo holds information about you and if you can establish that it is not accurate, complete and up-to-date, Arjo will take reasonable steps to correct it.

Can I be Denied Access to My Personal Information?

Your rights to access your personal information are not absolute.

We may deny access:

  • When denial of access is required or authorized by law.
  • When granting you access would have an unreasonable impact on other people’s privacy.
  • To protect our firm’s rights and property.
  • Where the request is frivolous or vexatious.

If we deny your request for access to, or refuse a request to correct information, we will explain why.

Credit Bureaus

To help us make credit decisions about our customers, prevent fraud, check the identity of new customers and prevent money-laundering, we may request information about you from the files of consumer reporting agencies.

 

How Long do you Keep my Personal Information?

We keep your personal information as long as is reasonably necessary for us to complete our dealings with you, or as may be required by law, whichever is longer.

Information regarding representatives of customers and contacts:

  • Most commercial, customer or financial information, relating to e.g. purchase, order and order history, is retained for five years.
  • As a global organisation in a highly regulated field, we need to retain information relating to production, distribution, quality, or performance of any of our products for 15 years in accordance with strict European and global regulatory obligations. The personal data contained to these records is usually limited to low risk personal data where there is any personal data at all.
  • Information relating to a customer service case is saved until the matter is resolved and retained in a de-identified format for 15 years.
  • Information collected after consent is saved for as long as it is relevant or no later than within six months after consent is revoked.

Changes to this Privacy Policy

Since Arjo regularly reviews all of its policies and procedures, we may change our Privacy Policy from time to time.

Request for Access

If you have any questions, or wish to access your personal information, please contact our Privacy Officer by phone +1 905-238-7880 or email dataprivacy@arjo.com or you can write to us at:

Arjo Canada Inc.                        or               ArjoHuntleigh Magog Inc.

Attn: Privacy Officer                                     Attn: Privacy Officer

350-90 Matheson Blvd W.                           2001 rue Tanguay                                      

Mississauga, ON L5R 3R3                            Magog, QC, J1X 5Y5

 

Web Site

Our website contains links to other sites, which are not governed by this privacy policy.

On our website, like most other commercial websites, we may monitor traffic patterns, site usage and related site information in order to optimize our web service. We may provide aggregated information to third parties, but these statistics do not include any identifiable personal information.