Privacy Notice
Last Update: May 21, 2020
INTRODUCTION
This Privacy Notice is part of the Terms of Use posted by GOrendezvous, located at 1176 Bishop Street, Montreal, Canada. Hereinafter called the "Company".

If the Professional or the Client does not wish to have their personal data collected and processed under the conditions of this Privacy Notice, they must refrain from using the Services offered by the Company.
ARTICLE 1. PURPOSE
The Company has developed a Software as a Service solution to manage and book patient and client (the “Client”) appointments and reservations online, as well as manage Client records (the “Services”), for professionals from different professions (the "Professional").
ARTICLE 2. CONTROLLER AND PROCESSOR
The entity responsible for the processing of the personal data of the Professional and its Clients is the Company. The controller of the personal data is the Professional, the Company having, in the latter case, the quality of “Service Provider”.
ARTICLE 3. COLLECTION OF PERSONAL DATA
The Company collects personal data directly from the Professionals and their Clients via the Services offered via its website, applications or other means.

Personal data may also be collected from third party applications used by the Professionals to perform their duties. These third party applications may be connected to the Company’s application to feed the personal data required to offer the Company’s Services to Professionals and their Clients. Once this external personal data has been entered into the Company’s application, it is subject to this Privacy Notice. For information on how personal data is handled by these third party applications, Professionals and Clients should consult the privacy notices of those third parties.
ARTICLE 4. PROCESSING OF PERSONAL DATA
The Company processes and stores the personal data provided by the Professionals and their Clients only for the strict execution and use of the Services it offers. The Company will not collect any other personal data without the explicit consent of the Professional or their Clients. The Company informs its Professionals and Clients that all personal data is generally stored and processed in Canada, but that some specific third party services may involve the storage and processing of personal data in other countries, including the United States of America.
ARTICLE 5. COMPLIANCE
The Company, concerned about the personal data of the Professional and its Clients, undertakes to ensure the conformity of the processes, people and technology, in its role of processor and Service Provider respectively, under the Terms of Use, in accordance with applicable privacy laws, including PIPEDA (Canada), PHIPA (Ontario), LPRPSP (Québec) and the GDPR (Europe). To do this, the Company has put in place strict internal Privacy and Security Policies, in order to guarantee an optimal level of protection of the personal data collected by the Professional.
ARTICLE 6. PROFESSIONAL PERSONAL DATA
To benefit from the Services offered by the Company, the Professional must log in to the GOrendezvous website by creating an account. When registering, the Professional must communicate some information, which in some jurisdictions may be considered personal data, including: last name and first name, email, profession, name of the business of the Professional, business address of the professional and business phone Number.

All answers are required, including at the time of account activation, in order to enable the strict performance of the Company's Services. The Professional agrees to communicate accurate, complete, and updated data on their identity and personal information.

The Professional is informed that the Company uses a payment provider (the "Payment Provider") to process all financial transactions related to the Services. The Company does not collect, process, store or house any personal data of a banking nature, which are collected, processed and hosted directly and solely by the Payment Provider on behalf of the Company. The Professional is informed that the current Payment Provider is Stripe, located in San Francisco, in the United States of America. The Company has ensured compliance of the Payment Provider with applicable privacy requirements.
ARTICLE 7. CLIENT PERSONAL DATA
To book an appointment with a listed Professional, the Client must visit the GOrendezvous website or interact with a provided web interface (“Booking Widget”) hosted on a third party website and communicate certain personal data, including their name, email address, phone number, date of birth and other personal data the Professional may need to perform their duties. The Professional may also collect personal data directly from their Client during the appointments or over the phone.

In their capacity as primary data controller, the Professional undertakes to collect only the personal data needed from the Client to perform their professional activity.

As the data controller, the Professional agrees to comply with all applicable privacy laws and regulations regarding personal data and, in particular, will allow their Clients to exercise their rights of access, rectification, objection, restriction, portability, and deletion or anonymization of data concerning them at any time. The Company will assist the Professional to the best of its ability in fulfilling these Client rights.
ARTICLE 8. CONSENT
Because the Professional’s data collection and the Company’s data processing may involve health information, hence sensitive personal data, explicit consent is required, both by the Professional and their Clients, prior to the collection and processing of personal data.

This consent for personal data collection and processing may be revoked at any time by the Professional, temporarily by requesting a suspension of their account or permanently by closing their account with the Company.

Clients may revoke their consent to personal data collection and processing by contacting their Professional directly.
ARTICLE 9. COOKIES AND SIMILAR TECHNOLOGIES
A cookie is a small text file, subject to the choices of Professional and the Client, placed on their computer or other device when visiting a web page. Its purpose is to collect information related to their navigation on the website and to send them services adapted to their device (computer, mobile or tablet).

The Company informs the Professional and their Clients that it uses cookies or similar technologies to track and collect certain data, including IP (Internet Protocol) address, version of the browser of the device used and Website navigation data. The processing of the data collected via cookies as well as the management of cookies are for the purpose of delivering the service and improving both the content of the website and the experience of the Professional and their Clients. Cookies may be used to identify Professionals or Clients to manage sessions. The Company also uses cookies or similar technologies for the purpose of measuring the audience of the website by means of a calculation of statistics on the pages consulted by the Professional and the Clients to determine the most used Services.

Our website may use cookies and similar technologies so that you will be recognized when you visit other websites where our third-party ad management providers may show you interest-based advertisements from us based on your visit to our website. There are various ways to opt out of or block interest-based advertising online, which you may find by searching the Internet.

Furthermore, the Professional and the Client may at any time change their consent to receiving cookies by configuring their browser to receive a notification, when a Cookie is sent, or to refuse specific or all cookies. Keep in mind however, that some of the features of the Services may not work if you block cookies.
ARTICLE 10. PERSONAL DATA PROTECTION
The Company, as data processor and Service provider, in accordance with applicable privacy laws and regulations, agrees to implement appropriate technical and organizational measures to ensure the security and privacy of the Professional’s and Client's personal data in a reasonable manner. More specifically, the Company and all its personnel undertake to respect the following obligations:

- To only process personal data in compliance with the current Privacy Notice;
- To respect the confidentiality of the personal data collected;
- To restrict access to personal data only to persons duly authorized to perform their tasks;
- To make no copies of the collected personal data, except to ensure safeguarding and continuity of the Services;
- To not use or process the collected personal data for purposes other than the primary purpose identified above, including accessing personal data of the Professional and their Clients to help the Professional with a specific platform issue, following the Professional’s request, or for account diagnostic purposes;
- To not disclose the personal data to an unauthorized third party;
- To adopt all necessary measures to avoid the misuse or fraudulent use of the personal data collected via the Services;
- To take all security measures to ensure the confidentiality, integrity and availability of the data collected and processed via the Services;
- To provide the Professional with all assistance and information necessary to demonstrate compliance with their privacy obligations;
- To keep a record of all changes to personal data performed on the application;
- To sensitize and train internal staff on privacy requirements and personal data protection.
ARTICLE 11. PERSONAL DATA SHARING
The Company, in order to provide the Services to our Professionals and their Clients, may share their personal data with our service providers. Before sharing personal data with these third parties, we ensure that they have the appropriate protection measures in place and that they comply with the Company’s Privacy Notice and applicable privacy laws.

Upon request by the Professional, the Company may also share personal data with third party applications used by the Professionals to perform their duties. These third party applications may be connected to the Company’s application to receive the personal data required to offer their own services to Professionals and their Clients. Once this personal data has been shared with the third party application, the shared data is subject to the privacy notice of the third party. For information on how personal data is handled by these third party applications, Professionals and Clients may consult the privacy notices of those third parties.

The Company may share the Professional’s personal data, which is already available to the public via the Company’s website and Services, as well as aggregated and anonymized Client personal data with partners to promote their services or the Professional’s services. In this case, the Company will ensure that none of the data that it shares could be used to identify the Professional’s Clients.

To assist in the development and improvement of its services, and for research and analysis purposes, the Company may share aggregated and anonymized personal data of its Professionals and their Clients with third parties. In this case, the Company will ensure that none of the data that it shares could be used to identify its Professionals and their Clients.
ARTICLE 12. PERSONAL DATA DISCLOSURE
The Company may transfer personal data, without consent of the person, in connection with a merger, reorganization or sale, involving all or part of our business, including transfers made as part of insolvency or bankruptcy proceedings.

The Company may also disclose personal data without the consent of and with or without notification to the Professional or the Client, if we receive a subpoena or other legal requirement, issued by a court or other person with jurisdiction to compel disclosure, or if the personal data is urgently required to prevent serious bodily injury or serious damage to personal property.
ARTICLE 13. PERSONAL DATA BREACH
The Professional agrees to immediately inform the Company in case of unauthorized or malicious use of their login to their account by a third party.

If the Company becomes the victim of a personal data breach, the Company will notify the affected Professionals with (i) the nature of the breach, (ii) its likely consequences and (iii) the proposed measures to remedy the breach, within the notification delay established by applicable privacy laws. A breach presenting a significant risk of harm to Professionals and Clients will be communicated to the appropriate authorities. The Company will also provide to the Professional the required assistance to notify their Clients, taking into account the risk of harm, within the notification delay established by applicable privacy laws.
ARTICLE 14. PERSONAL DATA RETENTION
How long we retain your personal data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required by law.

Clients who wish to have their personal data deleted may contact their Professional directly. Clients should keep in mind however that some professional orders may require their Professionals to keep their patient or client records for a certain number of years.
ARTICLE 15. CHANGES TO THIS PRIVACY NOTICE
Any change to this Privacy Notice, which may impact the personal data of Professionals or their Clients or their privacy rights, will be communicated via email and our website to Professionals and via our website to their Clients. If this change requires us to obtain consent, Professionals and their Clients will be notified accordingly via our website.
ARTICLE 16. CONTACT
For any information, comment or request concerning this Privacy Notice, you may contact the Company:

GOrendezvous
1176 Bishop Street, Montreal, Canada

Telephone: +1 (844) 480-1010
Email: [email protected]

Click here to view our Terms of Use.