Information We Collect
a. Personal Information
Personal information is any information recorded in any form that identifies or can identify an individual and includes any information provided to Us by you or your Users in using our Site and Services. Personal information includes, but is not limited to, the following:
• registration information and user profile information that you provide to Us in creating an account to purchase our products and use our services (e.g. name, address, post code, email address and telephone number);
• financial and billing information (such as credit card number and expiration date);
• information from other sources, such as companies that help Us to update our records; and
• information that we collect automatically when you visit our website, such as information about your browser settings, your computer’s Internet Protocol (IP) address, and other information collected through cookies;
• information collected from third party services that you connect to our Services; and
• any information that CpapSpace collects from you is intended to improve and personalize your service experience.
b. Personal Health Information
CpapSpace also collects the following information that is considered Personal Health Information under the PHIPA:
• Prescription information that you submit to Us when purchasing a CPAP or Oxygen Concentrator; and
• Any other required health information disclosed as part of purchasing a product from our website or store location
• Sleep Therapy data that is collected and stored by enabled CPAP devices, and which may be monitored from time to time by sleep clinicians at CpapSpace
c. Non-Personally Identifiable Information
Personal information does not include information that is aggregated or anonymized in such a manner that it cannot be connected to you or any User. Such information by itself or together cannot be tracked to a specific individual’s personally identifiable information.
How do we use Personal Information?
CpapSpace collects Personal Information and Personal Health Information for the following purposes:
• to provide Services to you and Users to support your treatment and care;
• to establish and maintain responsible commercial relations and to communicate with you in order to provide service. This includes, but is not limited to, communications relating to billing, advertising, promotion and account verification;
• to conduct quality improvement activities, such as completing surveys;
• to respond to any correspondence you may direct to Us;
• to conduct research and compile statistics;
• to understand, research, and improve our Services;
• to understand customer and User needs and preferences;
• to direct advertisements to you about Our company and our products and services that may be of interest to you;
• to enforce our Terms of Service;
• to provide you with system or administrative messages;
• to meet legal and regulatory requirements; and
• for any other reasonable purposes for which you may have provided your express consent or in which your consent can be reasonably implied.
How do we use Non-Personally Identifiable Information?
We respect your privacy and, unless otherwise required by law, we will not collect, use or disclose your Personal Information or Personal Health Information without your prior consent. Your consent may be expressed or implied. You may expressly give your consent in writing, verbally or through any electronic means. In certain circumstances, your consent may be implied by your actions. For example, providing Us Personal Information to purchase a CPAP machine and register for our Services is implied consent to use such information to provide you the associated services.
Where appropriate, CpapSpace will generally seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when CpapSpace wants to use information for a purpose other than those identified above). In obtaining consent, CpapSpace will use reasonable efforts to ensure that a customer is advised of the identified purposes for which Personal Information collected will be used or disclosed.
The form of consent sought by CpapSpace will be implied consent, or as explicitly outlined elsewhere in the Policy.
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. In order to withdraw consent, you must provide notice to CpapSpace in writing.
Limiting Use, and Disclosure
Unless required by law, or in connection with a business transaction, CpapSpace shall not use or disclose or transfer Personal Information for any purpose other than those described above without first identifying and documenting the new purpose and obtaining your consent, where such consent may not reasonably be implied.
Our store is hosted on Shopify Inc. They provide Us with the online e-commerce platform that allows Us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They sore your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
b. Third Parties
c. Personal Health Information
Personal health information is collected and retained to ensure appropriate application of therapy, and to monitor progress and manage therapy over time. We will only disclose this Personal Health Information to care providers and others related to our organization who are required to have access to the information for purposes outlined above.
Other uses and disclosures of Personal Health Information not covered by this policy and applicable laws will be made only with your express written consent.
d. Internal Disclosure
Subject to the foregoing, only CpapSpace and our Affiliates’ employees with a business need to know, or whose duties reasonably so require, are granted access to Personal Information and Personal Health Information about our Users. All such employees will be required as a condition of employment to contractually respect the confidentiality of Personal Information.
CpapSpace will retain Personal Information and Personal Health Information for only as long as required to fulfill the identified purposes or as required by law. Personal Information and Personal Health Information that is no longer required to fulfill the identified purposes will be destroyed, erased or made anonymous according to the guidelines and procedures established by CpapSpace.
Using the Site
Each time a User accesses our Site, CpapSpace automatically receives and stores certain types of non-personally identifiable information about users including IP address, web pages viewed, and date and time. The non-personally identifiable information collected through your use of Site is used to do monitor website traffic and conduct internal research on our Users’ demographics, interests and behaviour to better understand and serve our customers. For example, we may collect information such as the length of time a user visited the site, the pages he or she visited, the type of browser used to access our site as well as to track the number of visitors to the site.
Here is a list of cookies that We use on our Site. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not:
• _session_id, unique token, sessional - allows Shopify to store information about your session (referrer, landing page, etc).
• shopify_visit, no data held -persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
• _shopify_uniq, - no data held, expires midnight (relative to the visitor) of the next day. Counts the number of visits to a store by a single customer.
• cart, unique token - persistent for 2 weeks, Stores information about the contents of your cart.
• _secure_session_id, unique token, sessional , storefront_digest - unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
How can I Access my Personal Information?
Upon request, CpapSpace will provide information to a User regarding the existence, use and disclosure of his or her Personal Information and Personal Health Information. You have the right to inspect and copy Personal Health Information that may be used to make decisions about your medical care. CpapSpace will respond to an application for individual access to Personal Information within a reasonable time and at minimal or no cost to the individual. A User may challenge the accuracy and completeness of the information and have it amended as appropriate.
NOTE: In certain circumstances, CpapSpace may not be able to provide access to all the Personal Information or Personal Health Information it holds about a User. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. CpapSpace will provide the reasons for denying access upon request.
Third Party Links
When you click on links on our Site, they may direct you away from our Site. CpapSpace is not responsible for the privacy practices of other sites and encourage you to read their privacy policies or notices.
CpapSpace protects your Personal Information and Personal Health Information by security safeguards appropriate to the sensitivity of the information. CpapSpace will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.
Our methods of protection include:
• Physical measures, such as filing cabinets which are kept locked when not in use and restricted access, both to CpapSpace’s place of business in general and to internal offices as well;
• Organization measures, such as security clearances and limited access on a need to know basis; and
• Technological measures, such as the use of passwords, firewalls and encryption. If you provide Us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Age of Consent
By using our Site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given Us your consent to allow any of your minor dependents to use this site.
CpapSpace will maintain procedures for addressing and responding to all inquiries or complaints from Users about CpapSpaces’s handling of Personal Information and Personal Health Information. CpapSpace shall investigate all complaints. All inquiries or complaints involving CpapSpace’s handling of Personal Information or compliance with this policy or with PIPEDA or PHIPA, shall be directed to CpapSpace’s Privacy Officer.
The Privacy Officer will respond to all such inquiries or complaints within 14 business days of receipt. The Privacy Officer will make reasonable efforts to resolve all such complaints within 30 days of receipt of the initial complaint. If CpapSpace finds a complaint to be justified, it will take appropriate measures, including, if necessary, amending its policies and procedures.
For more information, please contact our Privacy Officer as follows:
Right to Request Restrictions
You have the right to request a restriction or limitation on the Personal Health Information we use or disclose about you. To request restrictions, you must make your request in writing to the Privacy Officer. In your request, you must tell Us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply.
Right to Receive Notice of a Breach
We are required to notify you by first class mail or e-mail, of the following breaches of the privacy of Personal Health Information as soon as possible, but no later than the time period prescribed by privacy regulations:
• Personal Health Information was used or disclosed without authority;
• Personal Health Information was stolen or if after an initial loss or unauthorized use or disclosure, the Personal Health Information was or will be further used or disclosed without authority; or
• the loss or unauthorized use or disclosure of Personal health information is part of a pattern of similar losses or unauthorized uses or disclosures.
The notice is required to include the following information:
• a brief description of the breach, including the date of the breach and the date of its discovery, if known;
• a description of the type of unsecured protected health information involved in the breach;
• steps you should take to protect your customers from potential harm resulting from the breach;
• a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches; and
• contact information, including a toll-free telephone number, e-mail address, website or postal address to permit you to ask questions or obtain additional information.