Privacy Policy
Last Updated June 18, 2025
Meditech International Inc. (“Meditech,” “we,” or “us”) respects the privacy of individuals who visit our websites and of our customers. We are committed to the fair and lawful processing of your “personal information” (which includes “personal data,” “personal health information,” “protected health information,” or “PHI”) in accordance with this Privacy Policy, the Personal Information Protection and Electronic Privacy Documents Act (Canada) (“PIPEDA”), Personal Health Information Protection Act (Ontario) (“PHIPA), Health Insurance Portability and Accountability Act (U.S.) (“HIPAA”), Health Information Technology for Economic and Clinical Health Act (U.S.) (“HITECH”), General Data Protection Regulation (EU/UK) (“GDPR”), and all other applicable privacy laws.
By submitting your personal information to us through the websites or when purchasing Meditech products or services (our “offerings”), you acknowledge that we will process it as described below. If you do not agree, please do not use our websites or offerings.
Policy Changes
We reserve the right, at our sole discretion, to modify this Privacy Policy at any time. Changes to this Privacy Policy will be posted on this page. Your continued access or use of our offerings constitutes your acceptance of the Privacy Policy in effect at the time of that access or use.
Personal Information
In this Privacy Policy, personal information means information about an identifiable individual. Personal information may include, but is not limited to, your name, mailing address, email address, Internet Protocol (IP) address, unique personal identifiers, geolocation data, account name, medical information, health insurance information, commercial information, and telephone number. Personal information does not include business contact information that is solely used to communicate with you in relation to your employment, business, or profession, such as your name, title, business address, or telephone number of an employee of an organization. Personal information also does not include information that has been deidentified, anonymized, or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information.
Legal Bases & Purposes of Processing
| Purpose | Legal Basis |
|---|---|
| Order fulfilment & shipping | Reasonable purpose under PIPEDA s.5(3); “Payment & Health care Operations” under HIPAA if PHI is involved Contract performance (Art. 6 (1)(b)) |
| Customer support, repairs, and warranty service | Same as above; HIPAA “Health care Operations” Contract performance; Legitimate interests (Art. 6 (1)(f)) |
| Regulatory compliance, safety recalls, recordkeeping | Compliance with PIPEDA, PHIPA, HIPAA, HITECH, FDA / Health Canada requirements Legal obligation (Art. 6 (1)(c)) |
| Service related communications (non marketing) | Compliance with PIPEDA, PHIPA, HIPAA, HITECH, FDA / Health Canada requirements Contract performance |
| Optional direct marketing emails/SMS | Opt in consent; you may withdraw at any time Consent (Art. 6 (1)(a)); CASL (Canada) |
We do not use automated decision‑making that produces legal or similarly significant effects.
Collection
We may collect your personal information in one or more of the following ways:
- IP Address: We may collect your IP address and other information to identify your device or certain website preferences. Examples of the type of information that can be collected using your IP address include your type of internet browser, the type of operating system you are using, and your general geographic area. We may also use your IP address to collect and report aggregate information on how the website is being used and ways in which it can be improved.
- Cookies: Our website may use or enlist third-parties which use cookies capable of storing many types of data. Your use of the website constitutes your consent to our use of cookies. Cookies help provide additional functionality to the website, save your preferences for use of the website, or help us analyze the website usage more accurately. Non‑essential cookies (analytics or marketing) are set only after you provide explicit opt‑in consent via our cookie banner. You should be aware that third-party websites linking to or linked from our website may also collect your personal information using cookies. Meditech, its affiliates and any directors, officers, employees, agents, contractors, subcontractors, or agents of the foregoing shall not be responsible for how such third-parties collect, use, or disclose your personal information. You need to contact these third-parties directly for information on their data collection, use, and disclosure policies. Your navigation to a third-party website is entirely at your own risk and subject to the terms and conditions of such websites.
- Voluntary Contact: If you interact with us, whether in person, by phone, email, social media or otherwise, including if you are interested in acquiring our products or services, sign up to receive newsletters or other communications, or respond to surveys and questionnaires, we may collect personal information that you provide to us during these interactions. If you voluntarily choose to provide personal information to us, we assume that you consent to the collection, use, and disclosure of your personal information as outlined in this Privacy Policy. Ways in which this might happen may include, without limitation, the creation of an account, the completion of a contact or comment form, or providing your contact and address information for the purchase of products or services. In all cases, you will be prompted to provide or input the required information. If you provide personal information about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use, and disclose their information as described in this Privacy Policy.
- Other Sources: We may also collect your personal information with your consent or as permitted or required by law. How we obtain your consent will depend on the circumstances as well as the sensitivity of the information collected.
Children’s Privacy
Unless otherwise specified, our offerings are intended for adult use. No information should be submitted to or posted to any of our offerings by users under 18 years of age without the consent of their parent or legal guardian. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal information without their permission. Please contact us if you have reason to believe that a child under the age of 18 has provided personal information to us without the consent of their parent or legal guardian. Please contact us if you have reason to believe that a child under the age of 18 has provided personal information to us without the consent of their parent or legal guardian, and we will endeavor to delete that personal information from our records.
Use
We may use your personal information (i) to respond to your questions or requests for additional information; (ii) to provide you with the product or service that you have specifically requested, or that we may ask you if you would like to receive; (iii) to personalize any tools to better facilitate your use of the website; (iv) to develop future e-newsletter topics; (v) to conduct research and analysis to improve the website; (vi) to understand how we can improve our offerings; (vii) to contact you relating to our offerings; (viii) to collect opinions and comments in regard to our offerings; and (ix) to investigate legal claims. You may opt out of some of these purposes by contacting us at the information below. Any marketing communication shall require you to opt in prior to you receiving them. No PHI is used for marketing.
Disclosure
We do not sell your personal information to third parties. We do not disclose your personal information unless the disclosure is permitted or required by applicable law or required for us to provide our offerings. In the event of a change of ownership, sale, merger, liquidation, reorganization, or acquisition of our company, in whole or in part, your personal information may be transferred as part of the transaction. We may also use aggregate information that does not contain personal information to track and monitor visitor use of the website and disclose aggregated information that does not include personal information to third parties. Where a service provider will handle PHI on our behalf, we first execute a HIPAA‑compliant Business Associate Agreement (BAA) requiring the provider to implement the safeguards mandated by the HIPAA Privacy, Security, and Breach Notification Rules. By providing or transmitting any comments, ideas, concepts, know-how, techniques, or other similar information to us, whether in person, by phone, email, social media or otherwise, you grant to Meditech and all of its affiliates, an unrestricted, irrevocable licence to use, reproduce, display, modify, transmit, distribute, publish, broadcast, or post this information for any purpose and without compensation to you or your prior approval. However, we will not release your name in connection with such information unless: (a) you grant us permission to do so; (b) we first notify you that the information you submit will be published or otherwise used with your name on it; or (c) we are required to do so by law.
Consent to Other Purposes
We will seek your prior consent when we want to use your personal information for a purpose not previously identified to you at the time of collection unless we are otherwise permitted or required by law.
California Do Not Track Disclosure
In accordance with the California Online Privacy Protection Act (CalOPPA) Amendment of 2013, we inform you that Meditech does not respond to Do Not Track signals.
Personal Health Information
Personal or protected health information (PHI) constitutes any information concerning your physical or mental health or healthcare identification. We do not collect, store, manage, or sell any PHI. PHI is collected, stored, and/or managed solely by you, and you assume full responsibility for the necessary protections and consent(s) required for such activities. We will only access PHI if required and with your consent for customer service or product repairs. This access is limited strictly to the information necessary for diagnosing or repairing the product. By requesting service from us, you consent to granting us the minimum PHI access necessary to service your product.
Information Security
We have implemented physical, organizational, contractual, and technological security measures with a view to protecting your personal information and other information from loss or theft, unauthorized access, disclosure, copying, use, or modification. The only personnel who are granted access to your personal information are those whose duties reasonably require such information. To the maximum extent permissible under applicable law, Meditech, its affiliates and any directors, officers, employees, agents, contractors, subcontractors, or agents of the foregoing do not represent, warrant, or guarantee that personal information will be protected against misuse, loss or modification, nor do such parties accept liability for the security of a user’s personal information submitted on, via, or in connection with the website.
Transfer of Personal Information to Service Providers
We may have service providers perform services relating to the development, operation, and maintenance of the website or relating to other services including, but not limited to, e-commerce providers, payment card processors, telephone and technical support providers, order fulfillment, hosting, and research and analytics providers. These service providers may have access to your personal information, as is reasonably necessary, for the purpose of providing their services to Meditech. If we provide your information to a service provider, then we require that the service provider maintains the confidentiality of your personal information and keeps it secure. We also require that they only use your personal information for the limited purposes for which it is provided. In some circumstances, we may permit a service provider to retain aggregated, deidentified, anonymized, or statistical information that does not identify you. We do not authorize any service provider to disclose your personal information to unauthorized parties or to use your personal information for their direct marketing purposes. Canada benefits from an EU Adequacy Decision, which states that transfers from the EU/UK to the United States or any other country lacking an adequacy decision are protected by Standard Contractual Clauses or other lawful safeguards. For PHI transferred from the United States, our BAAs require downstream subcontractors to comply with HITECH breach‑notification, encryption, and audit‑trail requirements.
Third-Parties
This Privacy Policy applies only to our offerings. This Privacy Policy does not extend to any websites, products, or services provided by third parties. We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third-party privacy policies prior to using third-party websites, products, or services.
Retention of Personal Information
We may retain your personal information in the servers of our service providers which are in the United States. As we are a Canadian entity, your personal information may be transferred outside your country of residence, including to Canada. As a result, your personal information may be subject to the laws of those foreign jurisdictions, and may be subject to disclosure to the governments, courts or law enforcement, or regulatory agencies of that other country, pursuant to that country’s laws. We will use, disclose, or retain your personal information only as permitted or required by law. We will keep your personal information for as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we consider our legal obligations as well as the amount of time necessary for us to maintain records for analysis and audit purposes. We may also retain records to investigate or defend potential legal claims and to deal with any complaints raised. We will not retain your personal information longer than is permitted by applicable law. The maximum retention time is ten (10) years after the last contact for PHI from residents in Ontario; six (6) years from the date of its creation or the date when it was last in effect, whichever is later, for PHI from residents in the USA; and only while necessary for the purposes stated in this Privacy Policy for PHI all other personal information, after which the personal information is then securely destroyed or anonymized.
Your Rights
We will take steps to ensure that your personal information is kept as accurate, complete, and up-to-date as reasonably necessary. However, we will not routinely update your personal information, unless such a process is necessary. If we hold personal information about you, you may request to:
- Canadian residents: Under PIPEDA and PHIPA, you have the right to access and request corrections to your personal information held by us, and to challenge our compliance with applicable privacy laws. You may contact us directly, or file a complaint with the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario if your concerns relate to personal health information.
- USA residents: Under HIPAA and HITECH, you have the right to inspect, access, amend, and receive an accounting of disclosures of your PHI. You may also request restrictions on certain uses or disclosures and request confidential communications. If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights.
- EU/UK residents: Under the GDPR, you have the right to access, rectify, erase (right to be forgotten), restrict or object to processing of your personal data, and to receive your data in a portable format (data portability). You also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may lodge a complaint with the appropriate Data Protection Authority in your country.
We may require that you provide sufficient identification to fulfill your request. Any such identifying information will be used only for this purpose.
Withdrawal of Consent
You may withdraw your consent to our collection, use, or disclosure of your personal information at any time. In some cases, withdrawal of your consent may mean that we will no longer be able to provide our offerings to you.
Hardcopy of this Privacy Policy
You have a right to obtain a paper copy of this Privacy Policy, upon request, even if you have agreed to accept this policy electronically.
Controller and Contact Information
| Role | Contact |
|---|---|
| Data Controller |
Meditech International Inc 411 Horner Ave Unit 1 Toronto, ON M8W 4W3 Canada |
| Privacy Officer/Data Protection Officer | |
| Director of Quality and Regulatory Affairs | info@bioflexlaser.com |
| Office of the Privacy Commissioner of Canada | priv.gc.ca |
| Information and Privacy Commissioner of Ontario | ipc.on.ca |
| US Department of Health and Human Services | hhs.gov |
