Gesrisk privacy statement (DPA)
UPDATE JANUARY 26, 2023

EFFECTIVE DATE JANUARY 26, 2023

(Take note that translation from French to English of these conditions was carried out using translation software. It is possible that this translation does not transcribe the exact meaning of these conditions from the original French version. Only the version in French Canada will serve as a reference in the context of a possible dispute settlement.)


Gesrisk is a portal for integrated risk management in health care and social services. The trust and partnership of our customers is at the heart of this privacy statement. We live in an era where the privacy of hosted data is becoming a major issue in the success of a platform like Gesrisk. This privacy statement describes how Gesrisk processes your data. If you have any questions about the way Gesrisk processes your data or about this privacy statement, you can contact us by email at any time by writing to privacy@optimumconseil.com

User account management

Gesrisk can be used by establishments, companies or by individual users. In all cases, Gesrisk is responsible for the associated accounts and may restrict, suspend or terminate: your access to the services or your ability to use the services, the data concerning you, the modification or deletion of the data associated with your use of our products and services.

Data we process

Are not affected by this Privacy Statement

- The clinical and administrative data provided by Gesrisk and used for the basic configuration of the portal

- Any data processed by third parties through the use of third-party functionalities available in Gesrisk


Are affected by this Privacy Statement

- the data necessary for the creation and management of your user account

- billing data

- financial data

- data related to your subscription

- data that we obtain directly from you through the use of our portal.

- your complete requests being sent to us by means of forms or by email

Data processed automatically (website, desktop application, mobile)

We may collect metadata and inferred data relating to your use of Gesrisk and our website and third-party integrations. We record some of the actions you do when using Gesrisk: printing a confidential document, modifying and deleting a recording. We can also record the number of Gesrisk workspaces where you work, the type of device you are working on, the IP address including data derived from the geolocation of the device, the version of the operating system. We analyze the data collected when you interact with our business website: where you click, the time you spend on a page, your browsing and other data that helps us improve your user experience.

How we use your data

Gesrisk uses your data to operate our products and services, communicate with you, process transactions related to your subscription, for security and fraud prevention, as well as to comply with the law. We may process your data to: maintain, provide and improve our products and services, help us better understand user needs and interests, personalize Gesrisk. Analyze and conduct research on how you interact with our website and portal. Protect you and Gesrisk by securing our systems and products against fraud and unauthorized activity. Identify and correct bugs and errors. Comply with international laws and regulations. Conduct good faith investigations into alleged violations of our Terms of Service and our Gesrisk Terms of Service. We use account data (including your email address and name) as well as data relating to third-party integrations to communicate with you by phone, text, email, or chat. To share important notices and updates, product changes and other necessary notices, advertise or market products and services. Provide assistance and obtain your feedback.

Sharing your data

We only share your data to carry out our activities under the following conditions:


Service providers and subcontractors

We may provide access to your data or share it with certain third parties who use this data on our behalf to assist in the provision of services related to the operation of Gesrisk. All so-called sensitive data (first name, last name, etc.) are encoded before being transmitted and stored on the hosting server.


Advertising and Marketing

We may provide data collected when you visit the Gesrisk business website (see section Automatically processed data (website, desktop application, mobile) to service providers as part of one-off web marketing campaigns. No data from the Gesrisk portal is not transmitted for advertising and marketing purposes.


In accordance with your subscription

The data you submit in Gesrisk can be viewed by other users associated with your workspace. It could be your team, your department, your organization. The visualization of shared information is done on the basis of the parameters that your local administrator has defined in your environment.


Business transfer

If the ownership of all or substantially all of our business changes, or if all or part of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your data to new owner so that the services can continue to operate. In such case, your data will remain subject to the promises and commitments contained in this Privacy Statement until the transferee party updates them. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Gesrisk will comply with such restrictions.

Protection and storage of your data

Gesrisk has implemented a comprehensive data privacy program to comply with Quebec privacy legislation (LQ 2021, c. 25 or « Law 25 »).


Security

Gesrisk takes technical and organizational measures to protect your data against accidental or unlawful destruction, accidental loss, alteration, disclosure or unauthorized access. Based on the GIGO concept, Gesrisk limits so-called sensitive hosted data to the strict minimum. No information used in the identity theft (for example: social insurance number) is entered in your database. In addition, personal and private data are encoded before being sent to the hosting server. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and therefore we cannot ensure or guarantee the security of such data.


Storage

When you use Gesrisk, your data is stored in Canada.


Retention of your data

We will retain your data for the period necessary to fulfill the purposes described in this Privacy Statement, to make our products and services available to you, or as directed by you, unless a longer retention period is required or permitted by the law.

Privacy rights

Regardless of your country of residence, we respect your ability to know, access, correct, export, restrict processing and delete your data, and we have extended these rights globally. We will not discriminate against you for exercising your privacy rights.


Information about your rights

At your request and subject to applicable legal exceptions, we will provide access to and / or a copy of certain data that we hold about you; prevent the processing of your data for promotional purposes; update data that is outdated or incorrect; delete certain data we hold about you; restrict the way we process and disclose some of your data; transfer your data to a third-party service provider; cancel your consent to data processing. Gesrisk does not sell your data.


Exercise of your rights

We will need to verify your identity and we may need to verify your relationship with Gesrisk for security and to prevent fraud. We may take additional steps to verify that you are authorized to make the request. If you are an end user of Gesrisk's services and not a direct customer of Gesrisk (for example, if your company uses Gesrisk and if you are an employee or authorized representative of said company), you should address requests relating to your data to the administrator of your company's Gesrisk account. We will redirect you to your administrator or notify them directly. To exercise your privacy rights, please contact us by email at privacy@optimumconseil.com.


Please note, however, that certain data may be exempt from such requests in certain circumstances, for example: if we need to continue to process your data for our legitimate interests or to comply with a legal obligation.

Modification of our privacy statement

We will update this Privacy Statement to ensure that it accurately reflects our data collection and use practices, extraordinary features, technological advancements or in accordance with applicable law. We will comply with applicable legal requirements with respect to the information we provide to you and / or your consent when we make such changes, depending on the type of change made. We also provide information on how our Privacy Statement has changed over time below.

Contact us and privacy questions

Gesrisk is a product published by Optimum Conseil whose head office is located at 26, rue des Colibris Sainte-Clotilde, Quebec, J0L 1W0, Canada. If you would like to contact us or have any questions or complaints regarding this notice, please contact us at privacy@optimumconseil.com. To contact our Data Protection Officer, please email dpo@optimumconseil.com.

Previous privacy statement

June 24, 2022