Data Protection

Updated Oct 27, 2022

Objectives and Guiding Principles

  1. The objective of these Data Protection Terms (“DPA”) is to establish the rules governing both Dr.Bill.ca’s and MDBilling.ca’s collection, use, storage, protection, and disclosure of Customer Data on your behalf to provide the Services to you.
  2. The guiding principles of this DPA are those found in applicable privacy laws, including the collection, use, and disclosure of the least amount of Personal Information necessary to provide the Services.

Appointment and Duties

  1. You hereby appoint Dr.Bill.ca and MDBilling.ca as your service provider for the purposes of providing you with the Services in accordance with the Terms, including this DPA, and we hereby accept such appointment.
  2. Dr.Bill.ca and MDBilling.ca may collect Customer Data from you, your employees and representatives, and Funders as necessary for the purposes of providing the Services.
  3. Dr.Bill.ca and MDBilling.ca acknowledge and agree that Customer Data shall remain in your control and that we acquire no independent right to the Customer Data.

Protection of Customer Data

  1. Dr.Bill.ca and MDBilling.ca agree that in respect of the Customer Data, we shall:
    1. Not use the Customer Data for any purpose other than as necessary to perform the Services;
    2. Not disclose the Customer Data to any person except as necessary to provide the Services, as expressly permitted or instructed you or as required by applicable laws;
    3. Use reasonable physical, organizational, and technological security measures in accordance with requirements of privacy laws to protect Customer Data against loss or theft and unauthorized access, use, or disclosure;
    4. Restrict access to Customer Data to only those authorized employees and permitted agents and subcontractors that require access to such information to fulfill their job requirements and that are subject to obligations of confidentiality and data protection consistent with those of this DPA; and
    5.  Inform you as soon as practical after becoming aware of any unauthorized access to, or use or disclosure of, Customer Data (“Incident”), provide you with relevant particulars of the Incident, and work with you to take reasonable steps to contain and remediate the Incident.

Accountability

  1. Dr.Bill.ca and MDBilling.ca will work with you to promote and demonstrate compliance with privacy laws and this DPA.
  2. Dr.Bill.ca and MDBilling.ca will provide reasonable information and cooperation to you and any regulatory or other governmental bodies or authorities with jurisdiction over you in connection with any investigations, audits, or inquiries.
  3. Dr.Bill.ca and MDBilling.ca will provide reasonable information and documentation to you to allow you to verify our compliance with this DPA.
  4. Dr.Bill.ca and MDBilling.ca will designate and identify to you an individual to be accountable for our compliance with this DPA.
  5. Dr.Bill.ca and MDBilling.ca will not subcontract, assign or delegate to any third party our obligations with respect to the processing of Customer Data in connection with the Services without obtaining written contractual commitments of such third party substantially the same as those of this DPA.

Data Subject Requests and Inquiries

  1. Dr.Bill.ca and MDBilling.ca will refer all requests for access, correction or consent withdrawal, or variation to you and will provide reasonable assistance to you to allow you to respond to such requests in accordance with the requirements of privacy laws.
  2. Retention and Destruction Of Customer Data
  3. Upon termination of the Agreement or upon your request, Dr.Bill.ca and MDBilling.ca will delete your account and dispose of your Customer Data unless you ask us to return it or we are required to retain it to satisfy legal, regulatory, or audit requirements.

General

  1. Dr.Bill.ca and MDBilling.ca will comply with privacy laws in providing the Services.
  2. To the extent of any inconsistency between a provision in the Terms and in the DPA in respect of Customer Data, the provision in this DPA shall prevail.
  3. This DPA shall survive termination of the Terms until the Customer Data is returned, disposed of, destroyed, or anonymized.