Privacy Policy

PRIVACY POLICY
Version 1.0 – Revised: February 8, 2019

Overview

Who We Are. The websites, social media websites, software, (provided online or otherwise), applications and/or plug-ins and associated services of Cortree including the URLs: “Cortree.com”, “Cortree.com/learn”, and any other webpages, subdomains, variants that link or refer to this Privacy Policy (collectively, “Cortree”) are owned and operated by Spinal Cord Injury Ontario (“SCIO”).

Cortree is a platform for providing information, including online learning courses in the field of personal health and well-being for people with disabilities and family members. Visitors to Cortree including people with disabilities, families, health care providers, and others (collectively, “Users”) can obtain and share information, and purchase content created or provided by SCIO (collectively, the “Services”). This Privacy Policy (the “Privacy Policy”) is to inform you of SCIO’s policies and procedures regarding the collection, use and disclosure of certain personally identifiable information in connection with providing individuals (“Users”) access to the Services.

SCIO is committed to protecting the privacy of all personally identifiable information provided by Users in connection with their accessing or using the Services. By visiting Cortree, or otherwise taking advantage of the Services in any form, you acknowledge that you have read, understood and agreed to be bound to all the terms of this Privacy Policy and the Terms of Use which can be found at here and which are hereby incorporated in their entirety. If you do not agree to the terms of this Privacy Policy, do not access or use the Services.

Exclusions

Personal Information Provided to Others. This Privacy Policy does not apply to any Personal Information that you provide to another User or visitor through the Services or through any other means, including information posted by you to any public areas of Cortree.

Types of Information Collected And How We Use It

User Accounts. Through Cortree, you may be able to register and create a User Account. A User Account is stored information that we keep on individual Users that details their viewing preferences, activities, and interactions. When you decide to register a User Account, we ask for some basic contact information, such as your full name and email address. We may also collect, and store a profile picture and other biographical information that you provide. You may review and edit your User Account information, or delete your User Account, at any time.

To open a User Account, or purchase items through Cortree, your name and email address will be required.

User Information. We do not collect any personally identifiable information without your consent. When you access Cortree, create a User Account, or otherwise use the Services, we ask you for certain personally identifiable information that can be used to contact or identify you (herein called “User Information”). This User Information includes your name and email address. We do not collect any financial or payment information as User Information.

All payment is processed and handled through third party payment processors; to complete a payment transaction, you will be required to leave Cortree. You can elect to provide all or only some of the User Information requested and at any time, you may decide to remove some of the User Information that you previously provided. However, if you decline to provide any of the above information, you may not be able to register for, access, or otherwise use certain benefits of the Services, which may be conditioned upon certain eligibility requirements, such as age.

In addition to using your User Information to provide the Services, we may also use this information to troubleshoot, resolve disputes, accomplish administrative tasks, contact you, enforce our agreements with you, including this Privacy Policy, comply with applicable law, cooperate with law enforcement activities, and to prevent duplicate User Accounts from being created with the same information.

Updating and Correcting Information. You may change any of your User Information or update Third Party Information directly through Cortree, by sending us an email at [email protected] or writing to us at Spinal Cord Injury Ontario 520 Sutherland Drive Toronto, ON M4G 3V9, Canada. Please indicate your name, address and email address, and what information you would like to update when you contact us.

Log Data. When you use the Services, our servers may automatically record information of the sort that web browsers and servers typically make available, such as browser type, language preference, referring site, and the date and time of each visitor/customer request through Cookies, Pixel Tags, Local Shared Objects, Web Storage and other similar technologies (herein called “Log Data”). This Log Data may include information such as browser, mobile device type, Internet Protocol (“IP Address”), information you search for on our Services, access times and dates, metadata concerning the files you upload, unique device identifier, approximate geographic location, time zone, and other statistics and information. In the case of potentially personally-identifying information like IP Addresses, SCIO does not use such information to identify its Users and does not disclose such information, other than under the same circumstances that it uses and discloses Personal Information, as described in this Privacy Policy

Cookies. A cookie is a string of information that a website stores on a visitor/customer’s computer, and that the visitor/customer’s browser provides to the website each time the visitor/customer returns. Cookies help us identify and track visitors, their usage of any websites associated with Cortree, their website access preferences, and to better understand how visitors use the website. Users who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before accessing these websites, with the drawback that certain features of the website may not function properly without the cookies. By continuing to use the website, you are giving consent to our use of cookies with that website.

Aggregate Information and Non-Identifying Information. Non-Identifying Information is information that does not identify a specific user. This type of information may include occupation, language, and other statistics. We may disclose aggregated information that does not include Personal Information and we may disclose Non-Identifying Information and Log Data to third parties for industry analysis, demographic profiling, analytics, or research. Any information or Log Data shared in these contexts will not contain Personal Information. The limitations and requirements in this Privacy Policy concerning Personal Information do not apply to Non-Identifying Information.

Release of Personal Information

Service Providers. To provide the Services, SCIO may employ certain trusted contractors and individuals (“Service Providers”) to facilitate our Services, to provide the Services on our behalf, to perform Services-related services (e.g., maintenance services, database management, analytics and improvement of the Services’ features, marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others) or to assist us in analyzing how our Services are used. However, we do not grant these entities any rights to use, and contractually restrict them from using, any Personal Information for any purpose other than facilitating the Services.

Release of Personal Information. We may share certain Personal Information with service providers such as our business partners and authorized agents in order to provide the Services. We provide these service providers with the minimum information required to complete the service or transaction and the service providers are not permitted to use this information for any purpose other than completing the requested service. Note that we do not collect or store payment information, nor do we process credit card or financial transactions. Account information, payment information and credit card holder data may be transferred, processed and stored outside Canada by the service providers you use to complete subscription or other payments and are subject to the privacy policies of these service providers.

Third Party Links. This Privacy Policy applies only to the Services including those provided through Cortree. Cortree may contain links to other websites not operated or controlled by us. The policies and procedures we describe here do not apply to these websites. The links from the Services do not imply that we endorse or have reviewed these websites. We suggest contacting those sites directly for information on their privacy policies.

No Release for Marketing Purposes. SCIO will not share, sell, rent, trade, or disclose Personal Information to any third parties for marketing or commercial purposes, unless you have granted us permission in writing to do so.

Release Required by Law. SCIO may collect and share Personal Information and any other information available to us in order to investigate, prevent or take action regarding illegal activities, or as otherwise required by law.

Business Transfer. SCIO may sell, divest, transfer, assign, share or otherwise engage in a transaction that involves, some or all of our assets, including any or all of the information described in this Privacy Policy, in the course of a corporate divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding. In such event, Personal Information obtained and maintained by SCIO, may be transferred to a successor entity or affiliate.

SCIO may share Personal Information to meet its obligations in connection with any sale or transfer of SCIO’s business. Personal Information submitted prior to any such transfer would remain subject to the terms of this Privacy Policy. However, Personal Information submitted after a transfer may be subject to a new privacy policy adopted by the successor entity.

Parent Companies, Subsidiaries and Affiliates. We may also share Personal Information with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies, subsidiaries and affiliates will be bound to maintain that Personal Information in accordance with this Privacy Policy

Registration with Outside Account. We may permit you to register for a User Account, download, or otherwise use the Services by logging in with an account you have established with certain third party sites (including, Facebook, LinkedIn, Google, and PayPal) (hereafter, the “Outside Account”). By logging in via the Outside Account, you are granting us the right to access, use and store (if applicable) information (including User Information) on the Outside Account you choose (and your privacy settings on that Outside Account). The information you make accessible via your Outside Accounts will be available to through your User Account.

Miscellaneous

Data Retention. We will retain Personal Information for as long as your User Account is active or as long as needed to provide you with the Services. If you wish to cancel your User Account or request that we no longer use your information to provide you any services, you may delete your User Account by contacting us at [email protected]. We may retain and use Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will endeavor to delete Personal Information as quickly as practicable upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist for a period after deletion. In addition, we do not delete from our servers files containing Non-Identifying Information that you have in common with other Users. Absent your request to delete your information, we will retain Personal Information for a minimum of one year. We will destroy or anonymize your Personal Information within three years after it is no longer required to provide the Services.

Information Security. The security of your information is very important to us. We use commercially reasonable security standards to protect the information collected and maintained through the Services and take appropriate measures to protect against any unauthorized access to Personal Information. We have put in place appropriate physical, managerial and technical procedures to safeguard and secure the information we store. Access to Personal Information stored on SCIO’s servers or servers operated by service providers on our behalf is restricted to authorized personnel, including SCIO employees and contractors employed to provide the Services. Any individuals having access to the information stored on such servers are bound by confidentiality agreements. However, no data transmission over the Internet is completely secure. As such, we cannot guarantee the security of any information you provide to us or guarantee that information may not be accessed, disclosed, altered, or destroyed by unauthorized persons.

Breach Notification. We will make any legally required disclosures of any breach or unauthorized disclosure that compromises the security, confidentiality, or integrity of Personal Information to you via email, through Cortree, or other means without unreasonable delay, insofar as such notification is consistent with or required by (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system or (iii) any applicable breach notification requirements.

International Transfer. Personal Information may be transferred to and maintained on computers located outside your state, province, country or other governmental jurisdiction where the information may be subject to different laws regarding foreign government’s access to that information. SCIO may transfer and process the information within Canada. SCIO may subsequently transfer and store Personal Information outside Canada. Any transfer of personal information to or from Canada will be done in accordance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and any other applicable laws. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Our policy towards children’s information. We do not collect personally identifiable information from children under 13 without the consent of their parents or guardians. If a parent or guardian becomes aware that personally identifiable information of their children has been provided to us without the parents or guardians’ consent, they should contact us at [email protected]. If we become aware that Personal Information of children under 13 has been provided to us without parental or guardian consent, we will delete such information subject to and in compliance with applicable laws.

Modifications to our Privacy Policy. This Privacy Policy may be modified from time to time at our sole discretion. We will notify you of any changes by posting a new Privacy Policy and corresponding “last modified” date. If we make a change to this Privacy Policy that we believe materially affects our collection, use and disclosure of Personal Information we will provide you with direct notice (for example, by email). We may provide notice of changes in other circumstances as well. By continuing to use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

How to Contact us. If you have any questions about this Privacy Policy, about our compliance with applicable privacy laws, would like access to or wish to correct your personal information, please contact our privacy compliance officer as provided below:

E-mail: [email protected]

Mailing Address:
Privacy Officer
Spinal Cord Injury Ontario
520 Sutherland Drive
Toronto, ON M4G 3V9