Last updated: July 31, 2023
Banty Inc., and its group companies and affiliates (collectively “Banty”, “we”, “our”, “us”) respect your right to privacy. This Privacy Notice applies to Banty, and explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice applies to personal information that we process from your visit to our websites https://banty.com and https://banty.org
Banty is in the virtual meetings business, and offers two subscription-based products:
Banty Virtual Clinic
Banty enables healthcare providers and clinics to add a virtual element to their clinical workflows so that they can offer virtual medicine to their patients in a streamlined and efficient manner. Banty Virtual Clinic meets HIPAA/PHIPA and Ontario Health security and privacy requirements to provide a safe and secure virtual healthcare platform.
Banty also offers a virtual events production service:
Banty Virtual Events
Banty produces virtual events for healthcare (often Continuing Medical Education, or CME, events) and other industries. Capabilities include supporting sponsorship for events and incorporating virtual exhibit halls to engage with event attendees. Program content may be watched live or on demand.
This policy applies to the following users of Banty:
A Data Controller is defined as the person, public authority, agency, or other body that determines the purposes and means of processing personal data, including the security measures concerning the operation and use of this application.
A Data Processor is defined as the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, as described in this privacy notice.
For Banty’s Virtual Clinic customers, patient data is collected for the purposes of conducting the Virtual Visit appointment on the Banty platform. As such, Banty’s Virtual Clinic customers are the Data Controllers while Banty functions as the Data Processor.
It is the responsibility of Banty’s Virtual Clinic customers to transfer the relevant virtual visit data into their own electronic medical records after the appointment is completed. Virtual visit encounter data be securely deleted and will not be retrievable by Banty’s Virtual Clinic customer after 30 days following any termination of the Virtual Clinic customer’s account with Banty. Virtual Visit appointments are not recorded via audio or video or otherwise stored on Banty servers after the Virtual Visit is terminated.
For Banty’s Banty Meet customers, they collect their meeting participants’ names for the purposes of knowing who has joined their meeting, and, if their room lock control is set up, they can use this information to decide whether or not to reject someone or allow them into their Banty meeting room. The Banty Meet customer will not have access to any record of the virtual meeting once the session has ended. The personal information collected of the meeting participant will be securely deleted at the end of the session
For Banty Meet, Banty functions also as the Data Processor.
There are some pieces of information that are collected directly by Banty to facilitate security, logging, and application performance. These items include IP address, name, email address, password and behavior within the Banty platform. For these pieces of information, Banty acts as the data controller and processor. Additionally, Banty employs a variety of technologies and partners that periodically act as sub-processors.
European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
If users have any questions or concerns about the processing and handling of their personal information, they may reach out to Banty directly by email at privacy@banty.com.
Personal Data
Banty collects the following personally identifiable information in order for Banty to contact you or identify you as a customer. In addition, your first name and last name, title and clinic name are visible to your patient when they enter your virtual clinic. Such information includes:
Your phone number is optionally required if you wish to be notified by SMS.
Invitations
You may invite Patients to a Virtual Appointment by the following methods:
Any information (such as an email) is used to create the appointment in Banty’s scheduler which notifies the patient of the appointment. This information is stored to allow the provider to identify past visits by patients.
Screen Share functionality
Banty provides a feature whereby any participant may share their screen. It is up to the participant to ensure that no sensitive or confidential information is viewable during the screen sharing session.
Session Privacy
At any time during the Session, you may disable your audio, video or both. However, doing so may prevent effective communication with the patient. You may terminate the Session at any time.
Photo Capture
The Banty platform will capture a photo of your Patient at the start of the Virtual Visit. That photo is captured when your Patient grants permission to Banty to turn on their device’s camera and audio. This photo capture provides the Provider with the ability to visually identify their patient before starting the Virtual Visit. Upon completion of the Virtual Visit session, this photo is saved in the patient’s session history. This data is stored for 30 days after the customer terminates their account with Banty, so that Banty’s customer (Provider) can refer back to the appointment. After that 30 days, this photo will be securely and permanently deleted.
Chats
Banty provides the Provider with the ability to text chat with their Patient, or with other members of their Clinic on the Banty Platform. Any chat conversations between the Provider and Patient, or between Provider and other Clinic staff are temporarily stored on the Firebase database. This information is stored as part of a patient’s session history. This data is stored for 30 days after termination of the customer’s account so that Banty’s customer (provider) can refer back to the appointment. After that 30 days, this chat information will be securely and permanently deleted.
Transferring of Virtual Visit Information into Provider’s EMR
Upon completion of the virtual visit, it is the responsibility of Banty’s Customer (Provider) to transfer the relevant PHI into their own Electronic Medical Records.
Service Payment Information
If you choose to upgrade to the paid plan after the free trial period, you have the option to pay via the Stripe third-party credit card payment system. All credit card transactions are handled by Stripe. Banty does not capture or utilize any information entered in the Stripe payment screens but does receive payment information from Stripe when the transaction is completed.
A patient does not need to have an account or be registered with Banty to use the Service. A patient who receives a Clinic URL by their Provider and wishes to conduct a Virtual Visit with that Provider may use the Banty video conferencing Service by typing in the Clinic URL on their web-enabled device.
Personally Identifiable Information (PII) and Personal Health Information (PHI)
Banty collects the following Personally Identifiable Information (PII) and Personal Health Information (PHI) for the purposes of providing our Customer (Provider) with useful information in which to conduct a Virtual Visit Appointment with their Patients. This information is used by Banty’s Customer (Provider) for the purposes of facilitating the Clinic’s Check-In process as well as optionally streamlining the Virtual Visit workflow. All PII and PHI relevant to check in a patient is mandatory while other PII is optional.
All optional data is denoted by an * (asterisk).
Session History
All mandatory and optional PII is captured by Banty for the purpose of conducting the Virtual Visit. Your Provider may also capture additional visit related information during the appointment.
Chats
Banty provides the Patient with the ability to text chat with their Provider, or with other members of their Clinic on the Banty Platform. Any chat conversations between the Provider and Patient are temporarily stored on the Firebase database. This information is stored as part of a patient’s session history. This data is stored so that Banty’s customer (provider) can refer back to the appointment.
Photo Capture
A snapshot of the patient is taken by the patient’s computer for the purposes of confirming the identity of the patient to the provider. Patients are notified of this photo capture at the start of their virtual visit session. This is a mandatory requirement to ensure the provider is conducting the virtual appointment with the correct patient. The photo is kept as part of the patient record. This data is stored so that Banty’s customer (provider) can refer back to the appointment.
Screen Share functionality
Banty provides a feature whereby either the Patient may choose to share one’s screen. It is up to the patient to ensure that no sensitive or confidential information is viewable during the screen sharing session.
Session Privacy
At any time during the Session, you may disable your audio, video or both. However, doing so may prevent effective communication with your provider. You may terminate the Session at any time.
Children’s Privacy
This Service is not intended to be used by anyone under the age of 18. As Banty’s Service is self administered and not monitored by Banty, it is up to both the Provider and Patient to ensure only adults over 18 use this Service.
If you are the guest of the Patient or Provider
Banty collects the following information only for the purposes of facilitating an email invitation for an in-progress virtual visit appointment. Once the virtual visit appointment ends, the email address will be permanently deleted.
At Banty, security is our highest priority. We design our systems with your security and privacy in mind. Banty works toward compliance programs that validate our security controls.
Banty protects the security of your information during transmission to and from the Banty website, products, or services by using encryption protocols and software.
Our customer data is encrypted at rest.
Banty delegates the handling of credit card data and does not retain any data related to credit cards.
Through access controls, we maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information.
If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at privacy@banty.com.
Banty takes appropriate security measures to prevent unauthorized access, disclosure, modification, or data destruction.
Data is processed using computers or tech-enabled tools, following organizational policies and procedures strictly related to the purposes indicated. In some cases, data may be accessible to Banty employees involved with the Banty website’s operation, the Banty web application (platform), and supporting applications. Data may also be accessible to external parties appointed, if necessary, as data processors or sub-processors by Banty. External parties may include third-party technical service providers, hosting providers, and IT companies.
Banty may process personal data relating to users if one of the following applies:
In any case, Banty will gladly help clarify the specific legal basis that applies to the processing, mainly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.
The data is processed at Banty’s operating offices, hosting facilities, and, for some data, third-party sub-processors. All personal data is stored and processed within Canada. In some cases, some non PII data may be stored within the US via third-party sub-processors.
Personal data is processed and stored for as long as required to fulfill the purpose for which it is collected.
Therefore:
The data concerning the user is collected to allow Banty to provide its services, as well as for the following purposes: analytics, user database management, managing contacts and sending messages, handling payments, interaction with external social networks and platforms, remarketing and behavioral targeting, contacting the user, displaying content from external platforms, hosting and backend infrastructure, interaction with live chat platforms, and spam protection.
Users can find further detailed information about such purposes of processing and the specific personal data used for each purpose in the respective sections of this document.
Personal data is collected for the following purposes and using the following services and third parties:
The services contained in this section enable Banty to monitor and analyze web traffic and can be used to keep track of user behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of this application, to prepare reports on its activities, and to share the reports with other Google services.
Google may use the data collected to contextualize and personalize the ads of its own advertising network.
Personal data collected: cookies and usage data.
Place of processing: US – Privacy Policy
Google Ads Conversion Tracking (Google Inc.)
Google Ads conversion tracking is an analytics service provided by Google Inc. that connects data from the Google Ads advertising network with actions performed on this application.
Personal data collected: cookies and usage data.
Place of processing: US – Privacy Policy. Privacy Shield participant.
Google Tag Manager (Google Inc.)
Google Tag Manager is an analytics service provided by Google Inc.
Personal Data collected: cookies and usage data.
Place of processing: US – Privacy Policy.
Mailing List or Newsletter (The Banty Web Application)
By registering on the mailing list or for the newsletter, the user’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning the Banty web application. The user’s email address may also be added to this list due to signing up via the Banty website or the Banty web application, or after making a purchase.
Personal data collected: city, company name, cookies, country, email address, first name, last name, phone number, job role, province, state, usage data.
Phone Contact (The Banty Web Application)
Banty only collects phone numbers for the purposes of providing optional SMS notifications
Users that provide their phone number might be contacted for commercial or promotional purposes related to the Banty web application or for fulfilling support requests.
Personal Data collected: phone number.
Contact Form (The Banty Web Application)
By filling in the contact form with their data, users authorize the Banty web application to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.
Personal data collected: email address, first name, last name, phone number
This type of service has the purpose of hosting data and files that enable the Banty website and the Banty web application to run and be distributed. Additionally, these services provide the infrastructure to run specific features or parts of the application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.
Amazon Web Services (AWS) (Amazon)
Amazon Web Services is a hosting and backend service provided by Amazon.com Inc.
Personal data collected: various types of data as specified in the privacy policy of the service.
Place of processing: See the Amazon privacy policy – Privacy Policy.
Webflow.com
Webflow is a website builder that hosts the banty.org website.
See Webflow’s privacy policy - https://webflow.com/legal/privacy
This type of service makes it possible to manage a database of email contacts, phone contacts, or any other contact information to communicate with the user.
These services may also collect data concerning the date and time when the message was viewed by the user and when the user interacted with it, such as by clicking on links included in the message.
Intercom Email & Chat Widget (Intercom Inc.)
Intercom is a customer management and communications service provided by Intercom Inc.
Personal data collected: first name, last name, email, city, country, IP address
Place of processing: United States
https://www.intercom.com/legal/privacy
For Banty CME - Mailchimp (Intuit Group)
Mailchimp is an email marketing platform provided by Intuit. Personal data collected: first name, last name, email
Place of processing: United States
https://www.intuit.com/privacy/statement/
AdWords Remarketing (Google Inc.)
Google Ads, formerly known as Google AdWords, is a remarketing and behavioral targeting service provided by Google Inc. that connects the activity of this application with Google’s advertising network and the DoubleClick cookie.
Personal data collected: cookies and usage data.
Place of processing: US – Privacy Policy – Opt Out.
Remarketing with Google Analytics (Google Inc.)
Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Inc. that connects the tracking activity performed by Google Analytics and its cookies with the Google Ads advertising network and the DoubleClick cookie.
Personal data collected: cookies and usage data.
Place of processing: US – Privacy Policy – Opt Out. Privacy Shield participant.
This type of service analyzes the traffic of the Banty website and the Banty application, potentially containing users’ personal data, with the purpose of filtering it from parts of traffic, messages, and content that are recognized as spam. Banty uses WAF, a web application firewall to prevent spam.
This type of service allows Banty to build user profiles by starting from an email address, a personal name, or other information that the user provides to this application and then tracking user activities through analytics features. This personal data may also be matched with publicly available information about the user (such as social networking profiles) and used to build private profiles that the Banty can display and use for improving this application.
Some of these services may also enable sending timed messages to the user, such as emails based on specific actions performed on the Banty website and Banty web application.
Intercom Email & Chat Widget (Intercom Inc.)
Intercom is a customer management and communications service provided by Intercom Inc.
Personal data collected: first name, last name, email, city, country, IP address
Place of processing: United States
https://www.intercom.com/legal/privacy
The personal data collected is used to provide the user with access to Banty’s video meeting solution for our customers to use with their patients, healthcare team and other meeting participants. The personal data collected to complete the payment may include the credit card information.
Users may exercise certain rights regarding their data processed by Banty.
In particular, users have the right to do the following:
Where personal data is processed for the public interest, in the exercise of an official authority vested in Banty or for the legitimate interests pursued by Banty, users may object to such processing by providing a ground related to their particular situation to justify the objection.
However, users must know that should their personal data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the Banty is processing Personal Data for direct marketing purposes, users may refer to the relevant sections of this document.
Any requests to exercise user rights can be directed to Banty through the contact details provided in this document (privacy@Banty.com). These requests can be exercised free of charge and will be addressed by Banty as early as possible and always within one month.
The Banty website and Banty web application use cookies.
To learn more and for a detailed cookie notice, the user may consult the Cookie Policy.
Users’ personal data may be used for legal purposes by Banty in court or the stages leading to possible legal action arising from improper use of this application or the related services. The users declare they are aware that Banty may be required to reveal personal data upon request of public authorities.
In addition to the information contained in this privacy notice, this application may provide users with additional and contextual information concerning particular services or the collection and processing of personal data upon request.
For operation and maintenance purposes, this application and any third-party services may collect files that record interaction with this application (e.g., system logs) using other personal data (e.g., IP Address) for this purpose.
More details concerning the collection or processing of personal data may be requested from Banty at any time. Users may use the contact information at the beginning of this document.
This application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor “Do Not Track” requests, users should read their privacy policies.
Banty reserves the right to make changes to this privacy notice at any time by giving notice to users on this page and possibly within this application or–as far as technically and legally feasible–sending a notice to users via any contact information available to Banty. Users are strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on the users’ consent, Banty shall collect new consent from the user where required.
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information—including a personal identification number—allows for the identification or identifiability of a natural person.
Usage Data
Information collected automatically through this application (or obtained by services employed in this application)can include: the IP addresses or domain names of the computers utilized, the Uniform Resource Identifier (URI) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the users’ browser and operating system, the various time details per visit (e.g., the time spent on each page within the application), and the information on the path followed within the application with particular reference to the sequence of pages visited, and other parameters about the device operating system or the users’ IT environment.
User
The individual using this application who, unless otherwise specified, coincides with the data subject.
Data Subject
The natural person to whom the personal data refers.
Data Processor
The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, as described in this privacy notice.
Sub-Processor
This refers to any additional third party who processes personal data on behalf of the data processor in fulfilling contractual obligations and services.
Data Controller
The person, public authority, agency, or other body that determines the purposes and means of processing personal data, including the security measures concerning the operation and use of this application.
This Application
The information technology system that collects and processes the personal data of the user.
Service
The service provided by the Banty platform or Banty team.
Cookies
Small piece of data stored on the user’s device.
This privacy notice has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy notice relates to the Banty website, application, and supporting services unless otherwise stated within this document.
