Hole Medical Privacy Notice

Last updated: May 6, 2022

Hole Medical Inc., and its group companies and affiliates (collectively “Hole Medical”, “we”, “our”, “us”) respect your right to privacy.  This Privacy Notice applies to Hole Medical, and explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights.  This Privacy Notice applies to personal information that we process from your visit to our websites  https://www.holemedical.com

Hole Medical’s Products and Services

Hole Medical is in the virtual meetings business, and offers two subscription-based products:

Hole Medical Virtual Clinic

Hole Medical enables healthcare providers and clinics to add a virtual element to their clinical workflows so that they can offer virtual medicine to their patients in a streamlined and efficient manner.   Hole Medical Virtual Clinic meets HIPAA/PHIPA and Ontario Health security and privacy requirements to provide a safe and secure virtual healthcare platform.

Hole Medical Meet 

Designed for non-healthcare applications, Hole Medical Meet provides easy access to virtual meeting rooms for professionals.  If you are a healthcare provider, please do not use Hole Medical Meet as it does not meet HIPAA/PHIPA or Ontario Health security and privacy requirements.

Hole Medical also offers a virtual events production service:

Hole Medical Virtual Events

Hole Medical produces virtual events for healthcare and other industries. Capabilities include supporting sponsorship for events and incorporating virtual exhibit halls to engage with event attendees. Program content may be watched live or on demand.

This policy applies to the following users of Hole Medical:

  1. If you are a Provider or Meeting Host and therefore is a Customer of Hole Medical’s Virtual Clinic or the Hole Medical Meet platform
  2. If you are a Patient or someone who connects to a Provider (such as a family or friend of a patient) using the Hole Medical Virtual Clinic platform
  3. If you are a meeting participant of a Hole Medical Meet customer
  4. If you are browsing HoleMedical.com’s websites as a guest

Defining Roles & Responsibilities - Data Controller and Data Processor

A Data Controller is defined as the person, public authority, agency, or other body that determines the purposes and means of processing personal data, including the security measures concerning the operation and use of this application.  

A Data Processor is defined as the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, as described in this privacy notice.

For Hole Medical’s Virtual Clinic customers, patient data is collected for the purposes of conducting the Virtual Visit appointment on the Hole Medical platform. As such, Hole Medical’s Virtual Clinic customers are the Data Controllers while Hole Medical functions as the Data Processor.  

It is the responsibility of Hole Medical’s Virtual Clinic customers to transfer the relevant virtual visit data into their own electronic medical records after the appointment is completed. Virtual visit encounter data be securely deleted and will not be retrievable by Hole Medical’s Virtual Clinic customer after 30 days following any termination of the Virtual Clinic customer’s account with Hole Medical. Virtual Visit appointments are not recorded via audio or video or otherwise stored on Hole Medical servers after the Virtual Visit is terminated.

For Hole Medical’s Hole Medical Meet customers, they collect their meeting participants’ names for the purposes of knowing who has joined their meeting, and, if their room lock control is set up, they can use this information to decide whether or not to reject someone or allow them into their Hole Medical meeting room.  The Hole Medical Meet customer will not have access to any record of the virtual meeting once the session has ended.   The personal information collected of the meeting participant will be securely deleted at the end of the session  

For Hole Medical Meet, Hole Medical functions also as the Data Processor.

There are some pieces of information that are collected directly by Hole Medical to facilitate security, logging, and application performance. These items include IP address, name, email address, password and behavior within the Hole Medical platform. For these pieces of information, Hole Medical acts as the data controller and processor. Additionally, Hole Medical employs a variety of technologies and partners that periodically act as sub-processors. 

European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

If users have any questions or concerns about the processing and handling of their personal information, they may reach out to Hole Medical directly by email at privacy@HoleMedical.com.

Types of Data Collected

Hole Medical Virtual Clinic

If you are the Provider (Hole Medical Customer)

Personal Data

Hole Medical collects the following personally identifiable information in order for Hole Medical to contact you or identify you as a customer.  In addition, your first name and last name, title and clinic name are visible to your patient when they enter your virtual clinic.  Such information includes:

Your phone number is optionally required if you wish to be notified by SMS.

Invitations

You may invite Patients to a Virtual Appointment by the following methods:

Any information (such as an email) is used to create the appointment in Hole Medical’s scheduler which notifies the patient of the appointment. This information is stored to allow the provider to identify past visits by patients.

Screen Share functionality

Hole Medical provides a feature whereby any participant may share their screen.  It is up to the participant to ensure that no sensitive or confidential information is viewable during the screen sharing session.

Session Privacy

At any time during the Session, you may disable your audio, video or both.  However, doing so may prevent effective communication with the patient. You may terminate the Session at any time.

Photo Capture

The Hole Medical platform will capture a photo of your Patient at the start of the Virtual Visit.  That photo is captured when your Patient grants permission to Hole Medical to turn on their device’s camera and audio.   This photo capture provides the Provider with the ability to visually identify their patient before starting the Virtual Visit.  Upon completion of the Virtual Visit session, this photo is saved in the patient’s session history.   This data is stored for 30 days after the customer terminates their account with Hole Medical, so that Hole Medical’s customer (Provider) can refer back to the appointment.  After that 30 days, this photo will be securely and permanently deleted.

Chats

Hole Medical provides the Provider with the ability to text chat with their Patient, or with other members of their Clinic on the Hole Medical Platform.   Any chat conversations between the Provider and Patient, or between Provider and other Clinic staff are temporarily stored on the Firebase database.   This information is stored as part of a patient’s session history. This data is stored for 30 days after termination of the customer’s account so that Hole Medical’s customer (provider) can refer back to the appointment.  After that 30 days, this chat information will be securely and permanently deleted.

Video Meeting with Other Clinical Staff

The Hole Medical platform also provides the ability for Clinic Staff members to conduct video meetings with each other.   These video meetings cannot be recorded and no PII is stored on Hole Medical’s servers.

Transferring of Virtual Visit Information into Provider’s EMR

Upon completion of the virtual visit, it is the responsibility of Hole Medical’s Customer (Provider) to transfer the relevant PHI into their own Electronic Medical Records.

Service Payment Information

If you choose to upgrade to the paid plan after the free trial period, you have the option to pay via the Stripe third-party credit card payment system.  All credit card transactions are handled by Stripe.  Hole Medical does not capture or utilize any information entered in the Stripe payment screens but does receive payment information from Stripe when the transaction is completed.

If you are the Patient

A patient does not need to have an account or be registered with Hole Medical to use the Service.  A patient who receives a Clinic URL by their Provider and wishes to conduct a Virtual Visit with that Provider may use the Hole Medical video conferencing Service by typing in the Clinic URL on their web-enabled device.

Personally Identifiable Information (PII) and Personal Health Information (PHI)

Hole Medical collects the following Personally Identifiable Information (PII) and Personal Health Information (PHI) for the purposes of providing our Customer (Provider) with useful information in which to conduct a Virtual Visit Appointment with their Patients.  This information is used by Hole Medical’s Customer (Provider) for the purposes of facilitating the Clinic’s Check-In process as well as optionally streamlining the Virtual Visit workflow.  All PII and PHI relevant to check in a patient is mandatory while other PII is optional.  

All optional data is denoted by an * (asterisk).

Session History

All mandatory and optional PII is captured by Hole Medical for the purpose of conducting the Virtual Visit.   Your Provider may also capture additional visit related information during the appointment.  

Chats

Hole Medical provides the Patient with the ability to text chat with their Provider, or with other members of their Clinic on the Hole Medical Platform.   Any chat conversations between the Provider and Patient are temporarily stored on the Firebase database. This information is stored as part of a patient’s session history. This data is stored so that Hole Medical’s customer (provider) can refer back to the appointment. 

Photo Capture

A snapshot of the patient is taken by the patient’s computer for the purposes of confirming the identity of the patient to the provider.   Patients are notified of this photo capture at the start of their virtual visit session.  This is a mandatory requirement to ensure the provider is conducting the virtual appointment with the correct patient.   The photo is kept as part of the patient record.  This data is stored so that Hole Medical’s customer (provider) can refer back to the appointment. 

Screen Share functionality

Hole Medical provides a feature whereby either the Patient may choose to share one’s screen.  It is up to the patient to ensure that no sensitive or confidential information is viewable during the screen sharing session.

Session Privacy

At any time during the Session, you may disable your audio, video or both.  However, doing so may prevent effective communication with your provider. You may terminate the Session at any time.

Children’s Privacy

This Service is not intended to be used by anyone under the age of 18. As Hole Medical’s Service is self administered and not monitored by Hole Medical, it is up to both the Provider and Patient to ensure only adults over 18 use this Service.

If you are the guest of the Patient or Provider

Hole Medical collects the following information only for the purposes of facilitating an email invitation for an in-progress virtual visit appointment.   Once the virtual visit appointment ends, the email address will be permanently deleted.

Hole Medical Meet

If you are the Meeting Host (Hole Medical Customer)

Hole Medical collects the following personally identifiable information in order for Hole Medical to contact you or identify you as a customer.  In addition, your first name, last name and company name are visible to your meeting participants when they enter your Virtual Waiting Room. Information collected includes:

Invitations

You may invite meeting participants to your Hole Medical Virtual Meeting room by the following methods:

Any information (such as an email) is used to create the appointment in Hole Medical’s scheduler which notifies the patient of the appointment.  Once that task is complete, the meeting participant(s)’ email information is no longer used and is permanently deleted.

Screen Share functionality

Hole Medical provides a feature whereby either the Meeting Host may choose to share one’s screen.  It is up to both the Meeting Host to ensure that no sensitive or confidential information is viewable during the screen sharing session.

Session Privacy

At any time during the Session, you may disable your audio, video or both.  However, doing so may prevent effective communication with your meeting participants. You may terminate the Session at any time.

Chat

Users of the Hole Medical Meet platform may communicate with each other via text chat while in the virtual meeting room.  The chat information, which could include confidential and PII will be permanently deleted at the end of the session.

Service Payment Information

If you choose to upgrade to the paid plan after the free trial period, you have the option to pay via the Stripe third-party credit card payment system.  All credit card transactions are handled by Stripe.  Hole Medical does not capture or utilize any information entered in the Stripe payment screens but does receive payment information from Stripe when the transaction is completed.

If you are the Meeting Participant

Meeting participants do not need to register or create an account on Hole Medical’s platform.   To participate in a meeting, a meeting participant can either type in the Hole Medical Room personal URL provided by the Meeting Host via email, or click on the email link.   Meeting participants will be asked by their Meeting Host to provide their name and potentially additional personal information for the purposes of informing the Meeting Host who has joined their meeting, and for them to safely allow a meeting participant in.

Personal Data:

Screen Share functionality

Hole Medical provides a feature whereby either the Meeting Host may choose to share one’s screen.  It is up to both the Meeting Host to ensure that no sensitive or confidential information is viewable during the screen sharing session.

Session Privacy

At any time during the Session, you may disable your audio, video or both.  However, doing so may prevent effective communication with your meeting participants.

You may terminate the Session at any time.

If you are browsing this website as a guest

The Hole Medical web application may collect personal data that the user may freely provide, or, in case of usage data, collect when using this website, the Hole Medical web application, and its supporting applications.

Specific data is required for the Hole Medical web application and supporting applications to provide services. If data is mandatory, it is noted throughout the website and Hole Medical web application. If the Hole Medical website or Hole Medical web application specifically states that data is not mandatory, users are free to not share this data without consequences to the availability or the functioning of the service.

Users who are uncertain about which personal data is mandatory are welcome to contact Hole Medical at privacy@HoleMedical.com.

Any use of cookies–or other tracking tools–by the Hole Medical website, the Hole Medical web application, and its supporting applications serves the purpose of providing the service for which Hole Medical has been engaged, in addition to any other purposes described in the present document and the Cookie Policy.

How We Secure Information

At Hole Medical, security is our highest priority. We design our systems with your security and privacy in mind. Hole Medical works toward compliance programs that validate our security controls.

Hole Medical protects the security of your information during transmission to and from the Hole Medical website, products, or services by using encryption protocols and software.

Our customer data is encrypted at rest.

Hole Medical delegates the handling of credit card data and does not retain any data related to credit cards.

Through access controls, we maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information.

If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at privacy@HoleMedical.com.

Mode, Place, and Methods of Processing the Data

Hole Medical takes appropriate security measures to prevent unauthorized access, disclosure, modification, or data destruction.

Data is processed using computers or tech-enabled tools, following organizational policies and procedures strictly related to the purposes indicated. In some cases, data may be accessible to Hole Medical employees involved with the Hole Medical website’s operation, the Hole Medical web application (platform), and supporting applications. Data may also be accessible to external parties appointed, if necessary, as data processors or sub-processors by Hole Medical. External parties may include third-party technical service providers, hosting providers, and IT companies.

Legal Basis of Processing

Hole Medical may process personal data relating to users if one of the following applies:

In any case, Hole Medical will gladly help clarify the specific legal basis that applies to the processing, mainly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.

Place

The data is processed at Hole Medical’s operating offices, hosting facilities, and, for some data, third-party sub-processors. All personal data is stored and processed within Canada. In some cases, some non PII data may be stored within the US via third-party sub-processors.

Retention Time

Personal data is processed and stored for as long as required to fulfill the purpose for which it is collected.

Therefore:

The Purposes of Processing

The data concerning the user is collected to allow Hole Medical to provide its services, as well as for the following purposes: analytics, user database management, managing contacts and sending messages, handling payments, interaction with external social networks and platforms, remarketing and behavioral targeting, contacting the user, displaying content from external platforms, hosting and backend infrastructure, interaction with live chat platforms, and spam protection.

Users can find further detailed information about such purposes of processing and the specific personal data used for each purpose in the respective sections of this document.

Detailed Information on the Processing of Personal Data

Personal data is collected for the following purposes and using the following services and third parties:

Analytics

The services contained in this section enable Hole Medical to monitor and analyze web traffic and can be used to keep track of user behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of this application, to prepare reports on its activities, and to share the reports with other Google services.

Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy

Google Ads Conversion Tracking (Google Inc.)

Google Ads conversion tracking is an analytics service provided by Google Inc. that connects data from the Google Ads advertising network with actions performed on this application.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy. Privacy Shield participant.

Google Tag Manager (Google Inc.)

Google Tag Manager is an analytics service provided by Google Inc.

Personal Data collected: cookies and usage data.

Place of processing: US – Privacy Policy.

Contacting the User

Mailing List or Newsletter (The Hole Medical Web Application)

By registering on the mailing list or for the newsletter, the user’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning the Hole Medical web application. The user’s email address may also be added to this list due to signing up via the Hole Medical website or the Hole Medical web application, or after making a purchase.

Personal data collected: city, company name, cookies, country, email address, first name, last name, phone number, job role, province, state, usage data.

Phone Contact (The Hole Medical Web Application)

Hole Medical only collects phone numbers for the purposes of providing optional SMS notifications

Users that provide their phone number might be contacted for commercial or promotional purposes related to the Hole Medical web application or for fulfilling support requests.

Personal Data collected: phone number.

Contact Form (The Hole Medical Web Application)

By filling in the contact form with their data, users authorize the Hole Medical web application to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.

Personal data collected: email address, first name, last name, phone number

Hosting and Back-End Infrastructure

This type of service has the purpose of hosting data and files that enable the Hole Medical website and the Hole Medical web application to run and be distributed. Additionally, these services provide the infrastructure to run specific features or parts of the application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.

Amazon Web Services (AWS) (Amazon)

Amazon Web Services is a hosting and backend service provided by Amazon.com Inc.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: See the Amazon privacy policy – Privacy Policy.

Webflow.com

Webflow is a website builder that hosts the HoleMedical.com website.

See Webflow’s privacy policy - https://webflow.com/legal/privacy

Managing Contacts and Sending Messages

This type of service makes it possible to manage a database of email contacts, phone contacts, or any other contact information to communicate with the user.

These services may also collect data concerning the date and time when the message was viewed by the user and when the user interacted with it, such as by clicking on links included in the message.

Spam Protection

This type of service analyzes the traffic of the Hole Medical website and the Hole Medical application, potentially containing users’ personal data, with the purpose of filtering it from parts of traffic, messages, and content that are recognized as spam. Hole Medical uses WAF, a web application firewall to prevent spam.

User Database Management

This type of service allows Hole Medical to build user profiles by starting from an email address, a personal name, or other information that the user provides to this application and then tracking user activities through analytics features. This personal data may also be matched with publicly available information about the user (such as social networking profiles) and used to build private profiles that the Hole Medical can display and use for improving this application.

Some of these services may also enable sending timed messages to the user, such as emails based on specific actions performed on the Hole Medical website and Hole Medical web application.

Intercom Email & Chat Widget (Intercom Inc.)

Intercom is a customer management and communications service provided by Intercom Inc.

Personal data collected:  first name, last name, email, city, country, IP address

Place of processing:  United States
https://www.intercom.com/legal/privacy

Selling Goods and Services Online

The personal data collected is used to provide the user with access to Hole Medical’s video meeting solution for our customers to use with their patients, healthcare team and other meeting participants.  The personal data collected to complete the payment may include the credit card information.

Further Information about Personal Data

The Rights of Users

Users may exercise certain rights regarding their data processed by Hole Medical.

In particular, users have the right to do the following:

Details About the Right to Object to Processing

Where personal data is processed for the public interest, in the exercise of an official authority vested in Hole Medical or for the legitimate interests pursued by Hole Medical, users may object to such processing by providing a ground related to their particular situation to justify the objection.

However, users must know that should their personal data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the Hole Medical is processing Personal Data for direct marketing purposes, users may refer to the relevant sections of this document.

How to Exercise These Rights

Any requests to exercise user rights can be directed to Hole Medical through the contact details provided in this document (privacy@HoleMedical.com). These requests can be exercised free of charge and will be addressed by Hole Medical as early as possible and always within one month.

Cookie Policy

The Hole Medical website and Hole Medical web application use cookies.

To learn more and for a detailed cookie notice, the user may consult the Cookie Policy.

Additional Information about Data Collection and Processing

Legal Action

Users’ personal data may be used for legal purposes by Hole Medical in court or the stages leading to possible legal action arising from improper use of this application or the related services. The users declare they are aware that Hole Medical may be required to reveal personal data upon request of public authorities.

Additional Information About Users’ Personal Data

In addition to the information contained in this privacy notice, this application may provide users with additional and contextual information concerning particular services or the collection and processing of personal data upon request.

System Logs and Maintenance

For operation and maintenance purposes, this application and any third-party services may collect files that record interaction with this application (e.g., system logs) using other personal data (e.g., IP Address) for this purpose.

Information Not Contained in This Notice

More details concerning the collection or processing of personal data may be requested from Hole Medical at any time. Users may use the contact information at the beginning of this document.

How “Do Not Track” Requests are Handled

This application does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor “Do Not Track” requests, users should read their privacy policies.

Changes to This Privacy Notice

Hole Medical reserves the right to make changes to this privacy notice at any time by giving notice to users on this page and possibly within this application or–as far as technically and legally feasible–sending a notice to users via any contact information available to Hole Medical. Users are strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on the users’ consent, Hole Medical shall collect new consent from the user where required.

Definitions and Legal References

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information—including a personal identification number—allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this application (or obtained by services employed in this application)can include: the IP addresses or domain names of the computers utilized, the Uniform Resource Identifier (URI) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the users’ browser and operating system, the various time details per visit (e.g., the time spent on each page within the application), and the information on the path followed within the application with particular reference to the sequence of pages visited, and other parameters about the device operating system or the users’ IT environment.

User

The individual using this application who, unless otherwise specified, coincides with the data subject.

Data Subject

The natural person to whom the personal data refers.

Data Processor

The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, as described in this privacy notice.

Sub-Processor

This refers to any additional third party who processes personal data on behalf of the data processor in fulfilling contractual obligations and services.

Data Controller

The person, public authority, agency, or other body that determines the purposes and means of processing personal data, including the security measures concerning the operation and use of this application.

This Application

The information technology system that collects and processes the personal data of the user.

Service

The service provided by the Hole Medical platform or Hole Medical team.

Cookies

Small piece of data stored on the user’s device.

Legal Information

This privacy notice has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy notice relates to the Hole Medical website, application, and supporting services unless otherwise stated within this document.