Privacy Policy

Purpose

In this Privacy Policy we describe how we collect, use, and disclose information obtained about visitors
to our website, users of our application, and how we ensure compliance with applicable legislative
privacy requirements in the areas we provide services.

What We Do

Ortech offers an application for healthcare providers who have subscribed to our services to achieve
evidence-based care based on data. Capturing data across the care path and bringing it together in a
meaningful way to enable all stakeholders to make decisions, discover efficiencies and have a
transparent view of their quality of care.

What Information Do We Collect?

Our Public Website:

  • We may collect information provided by you that you have voluntarily entered into a contactform when requesting a demo or further information about our services. In this form we ask foryour First and Last name as well as an email address or telephone number depending on yourpreferred method of contact.
  • We may gather certain information on your visit such as information about the device used to access the site, your IP address, geolocation information, browser type and version as well ashow you were directed to our site if available.

Our Subscription Services:

  • Processing of data received from our customers is governed by executed contracts and BusinessAssociate Agreements as required by applicable legislative policy

How We Use Your Information

We use collected information for the following purposes:

Our Public Website:

  • Tracking the number of visitors to our site and which pages they visit to identify the greatestareas of interest
  • Identifying the types of devices used to improve and optimize our services
  • Assessing ways that visitors become aware of our website to monitor effectiveness ofadvertising methods

Note: By continuing to use our website, you consent to the use of cookies. If you provide
information through a form requesting to learn more about our products, we will use that
information to reach out to you relating to your request. If you provide an email address, we may
also include you in our marketing and promotional announcements and newsletters in which you
can unsubscribe from at any time.

Our Subscription Services:

  • Documenting all transactions and activity to adhere to privacy law
  • Tracking number of concurrent users and activities to continually optimize our systems and services
  • Ortech does not own or sell subscriber data. Data belongs to the subscriber and Ortech is a Custodian only. If you subscribe to our SOAR benchmarking feature, de-identified aggregate data will be included in benchmarking reports.

Ortech takes reasonable and appropriate administrative, physical, and technical security safeguards to
protect your information from loss, theft, misuse or disclosure.

Ways We May Share Your Personal Information

We engage certain service providers and third parties to process information for business purposes such as traffic analytics. We may also share information with other entities in the following situations:

  • Where you have given us consent to share or use your personal information;
  • At your request or direction;
  • If we are required by law or other legal process to disclose your information according to law enforcement requirements;
  • To an actual or potential buyer, its agents and advisers under a Non-Disclosure Agreement in connection with any actual or proposed purchase, merger or acquisition of all or any part of our business, provided we inform them they must adhere to our privacy policies

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law.

Privacy Program

  • Ortech implements and maintains a Privacy Program to assure compliance with all applicable laws and practices and policies protecting the privacy of individually identifiable health information and personal data.
  • All employees, students, and individuals working on behalf of Ortech in any capacity (including: Board members, medical staff, business associates, independent contractors, and volunteers) are obliged to conduct themselves and their activities in a manner so as to protect the confidentiality of patients’ individually identifiable information.

Requirements:

a . Ortech’s Privacy Program consists of the following elements:

i. Privacy Officer

  1. The Privacy Officer oversees the development, implementation andmaintenance of the privacy program.

ii. External Compliance Experts

  1. External Compliance Experts are consulted to ensure thorough review of compliance of Ortech operations and applications.

iii. Change Control Board

  1. All new systems design and requested changes to existing systems undergo Security Impact Analysis procedures by Ortech Change Control Board prior to approval.

b. The Privacy Officer, with the assistance from appropriate departments and units, assures
that the following elements are developed, implemented and maintained in conformance
with all applicable regional legislative requirements:

i. Protecting the confidentiality of all access, use and disclosure of Personal
Identifiable Information (PII) and Personal Health Information (PHI), including
requiring appropriate authorizations, and/or opportunities to agree or object to said
uses, except where mandated by law;

ii. Implementing appropriate and reasonable administrative, technical, and physical
safeguards to protect the privacy of PII and PHI from unauthorized access, use or
disclosure;

iii. Assuring that information security processes are in place that restrict access to
information, where appropriate. Ortech, however, is not responsible for Ortech
systems users’ compliance with such requests;

iv. Assuring that processes are in place for Ortech systems users’ that allows individuals
to access, inspect and/or obtain a copy their health information;

v. Assuring that processes are in place for Ortech systems users’ that allows individuals
to add, edit, or delete their health information. Ortech, however, is not responsible
for Ortech systems users’ compliance with such requests;

vi. Designating a contact person or office and establishing a process for individuals to
make complaints concerning Ortech and its compliance with health information
privacy laws or policies and rights and for providing further information.

vii. Will maintain a Privacy Program including policies and procedures concerning PII
and PHI, including implementation, training, and assessing any future recommended
changes or amendments.
viii. Will immediately notify Ortech Management of any complaints or issues of noncompliance with Ortech Compliance and Privacy policies.

c. Ortech will promptly amend its policies and procedures related to the Privacy Program as
discussed above as necessary and appropriate to comply with changes in the law. All
policies and procedures will be reviewed periodically to assure compliance with the laws, as
well as for operational effectiveness.

d. All notices to Ortech systems users’ concerning Ortech’s privacy practices will state that
Ortech reserves the right to make changes in its privacy practices at any time.

Education and Training

a. The Privacy Officer will implement a comprehensive training plan for all members of its
workforce with respect to the Privacy Program and related Ortech -wide information privacy
and security policies and procedures.

b. Each member of the workforce will receive the training on an annual basis;

c. Retraining of the workforce, whose functions are affected by a material change in the
information privacy and security policies and procedure, will occur within a reasonable
period of time after said change becomes effective.

Monitoring and Evaluation

a. Ortech Privacy Officer is responsible for overseeing the evaluation and monitoring
of the Privacy Program and will review compliance issues.

b. The Privacy Officer, in cooperation with the Directors, will periodically request
audits to be conducted to ensure compliance with this policy.

Sanctions for Non-Compliance

a. Ortech will apply appropriate sanctions to have any member of the workforce who
fails to comply with Ortech privacy policies and procedures.

b. Ortech will document all sanctions applied and actions taken

Updates To This Policy

Ortech reserves the right to make updates and revisions to this Policy at our discretion and at any time.
When changes are made to this Policy, we will post the updated notice on our website and the Updated
Date will become the effective date. Your continued use of our website following the posting of any
changes constitutes your acceptance of such changes.

Contact

For questions or comments regarding this policy, please email us at:

privacy@ortechsystems.com