Effective: February 18, 2024

Privacy Policy

Last updated: February 18, 2024

At CARM&A Health Inc. (the “Company”, “we” and “us”), we are strongly committed to transparency, and we want you (“you” or “your”) to understand how we collect, use, disclose and protect your Information

(as defined below).

This Privacy Policy describes:

  • The types of Information we may collect or that you may provide to us when you access or use carmahealth.net (the “Website”) or mobile application (the “App” together with the Website, “Platform”).
  • The types of Information we collect or that you may provide to us offline.
  • Our practices for collecting, using, maintaining, protecting, and disclosing that Information.

We will only use your Information in accordance with this Privacy Policy unless otherwise required by applicable law. We take steps to ensure that the Information that we collect about you is adequate, relevant, not excessive, and used for limited purposes.

This Privacy Policy applies to information we collect, use or disclose about you offline, on the Platform and in email, text, and other electronic communications sent through or in connection with our services.

Please read this Privacy Policy carefully to understand our policies and practices for collecting, processing and storing your Information. By using our services, you are accepting the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the services. If you do not understand, or if you have questions about, this Privacy Policy, please contact us at info@carmahealth.net before using, or continuing to use, the services.

The date on which the Privacy Policy was last amended is indicated above. We reserve the right to change our Privacy Policy from time to time. We will display a prominent notice that the Privacy Policy has been amended on our Website for a period of thirty (30) days. The amended Privacy Policy is effective when posted. Your use of the services after we have made changes to our Privacy Policy will mean that you have accepted those changes.

Please refer to the following sections to learn more about our Privacy Policy.

1. INFORMATION

Personal information means information about an identifiable individual (collectively, “personal information”). It also includes data points that when combined with other information could identify an individual. Personal information does not include information that cannot be attributed to an identifiable individual, such as information of an aggregate or anonymous nature (collectively, “non-personal information”).

Health information refers to diagnostic, treatment and care information, and/or registration information, as defined in Alberta’s Health Information Act (the “HIA”) and includes, without limitation, information about the physical health of an individual, information about a health service provided to an individual, and related billing information (collectively, “health information” and together with personal information, “Information”).

We are not a “custodian”, as that term is defined in the HIA. A custodian includes, as it relates to our business, without limitation, physicians and nurses. We are an “information manager” under the HIA, as we provide information management or information technology services in a manner that, at times, requires the use of health information. Accordingly, we have entered into information manager agreements (each, an “IMA”) with custodians in accordance with the HIA and its regulations relative to our provision of these services. As such, the health information referenced in this Privacy Policy is subject to the applicable IMA.

2. CONSENT

We will obtain your express consent prior to or when collecting, using, or disclosing your Information for any purpose not described in this Privacy Policy, or for a purpose that was not identified to you nor reasonably expected at the time of collection, unless we are required or permitted by law not to obtain your consent.

We may rely on your implied consent in certain circumstances, after taking into account factors such as the sensitivity of the Information and your reasonable expectations. We will only use your Information to provide you with our services and in accordance with this Privacy Policy unless otherwise required by applicable law. We will limit the collection, use, and disclosure of your Information to only that which is necessary for the purposes identified, unless you have otherwise consented, or when such collection, use, and/or disclosure is permitted or required by law.

You can always refuse to provide your Information, except that it may prevent you from using our services or receiving responses to your inquiries or other information of interest.

3. TYPES OF INFORMATION WE COLLECT

We may collect various types of Information from you, depending upon how you interact with us or use or interact with our services. This Information includes your:

(a) Contact/Location Information. Name, email address, postal address, phone number.

(b) Demographic Information. Age, gender, date of birth.

(c) Health Information. Healthcare number, family and social history, medical history, prescription medications, health status, treatment and care information, medical diagnoses, immunization history, allergies, health service provider information (e.g. name, provider identification number, referring physician name, referring physician identification number).

(d) Photographic Information. Photographs, electronic images and/or x-rays.

(e) Device Information. IP address, operating system and platform, device type and device identifiers.

(f) Technical Information. Geo-location information, computer and connection information, statistics on page views, traffic to and from the Platform, referring URL, advertising data and standard web log information.

(g) Automatic Technologies or Interactions: Information collected through cookies, web beacons, and other tracking technologies.

4. HOW WE COLLECT INFORMATION

We need to collect Information from you in order to provide you with our services, as well as to improve your experience using our services. You may provide us with Information by paper, verbally or electronically, including, for example when you:

(a) use our services;

(b) create an account;

(c) correspond with us, for example, by filling in forms or corresponding with us by

phone, email or otherwise;

(d) sign up to receive our newsletter or promotional information;

(e) ask for customer service, support or other assistance; and/or

(f) interact with us in any other way, including through our services.

With your permission, we may also collect Information from other sources (such as from third party service providers and healthcare professionals), to, among other things, enable us to complete, verify, or update Information contained in our records and to better customize the services we provide.

Automatic Information Collection and Tracking Technologies on our Platform

When you access and use our Platform, we may automatically collect certain information about your browsing actions and patterns including:

(a) Usage Details. When you access and use the Platform, we may automatically collect certain details of your access to and use of the Platform, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through the Platform.

(b) Device Information. We may collect information about your device and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number.

(c) Stored Information and Files. The Platform also may access metadata and other information associated with other files stored on your device. This may include, for example, photographs, audio and video clips, personal contacts, and address book information.

The technologies we use for this automatic data collection may include cookies, flash cookies, web beacons, and/or similar log files. These are small text files that are stored on your computer browser or device when you visit certain online pages, images on web pages that track user activity on the Platform, or similar.

The information we collect automatically is statistical information and may include Information, and we may maintain it or associate it with Information we collect in other ways or receive from third parties. It helps us to improve our Platform and to deliver a better and more personalized service in order to better your online experience, including by enabling us to:

(a) estimate our audience size and usage patterns;

(b) store information about your preferences, allowing us to customize our Platform according to your individual interests;

(c) speed up your searches; and

(d) recognize you when you return to our Platform.

The technologies we use for this automatic data collection may include:

(a) Cookies (or browser cookies). You can set your browser or device to refuse all cookies or to indicate when a cookie is being sent. Setting your browser or device to decline cookies will prevent cookies from tracking your activity. If you delete your cookies or if you set your browser or device to decline these technologies, some of our services may not function properly. Our services do not currently change the way they operate upon detection of a “do not track” or similar signal.

(b) Flash Cookies. Certain features of our Platform may use local stored objects (or flash cookies) to collect and store information about your preferences and navigation to, from, and on our Platform. flash cookies are not managed by the same browser that are used for browser cookies.

(c) Web Beacons. Pages of our Platform and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related Platform statistics (for example, recording the popularity of certain Platform content and verifying system and server integrity).

We also use various types of online analytics, including Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on our services. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use our services, compile reports on the related activities, and provide other services related to the Platform activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or application. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google click here.

Third-Party Information Collection

Some content or applications on the Platform are served by third-parties, including community service providers, advertisers, advertising networks and servers, content providers, and application providers.These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Platform. The information they collect may be associated with your Information or they may collect information, including Information, about your online activities over time and across different websites, applications and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

5. HOW WE USE INFORMATION

Unless otherwise consented by you in advance, or as may be permitted or required by law, we will only use and disclose your Information to fulfill the purposes for which it was collected (and in accordance with this Privacy Policy).

We use Information to:

(a) provide you with information or other services that you request from us;

(b) provide your healthcare professionals with our services including a recommended care plan;

(c) present our Platform and its contents to you;

(d) provide you with notices about your account;

(e) verify your eligibility for our services;

(f) fulfill the purposes for which you provided the information or that were described when it was collected, or any other purpose for which you provide it;

(g) understand your needs and the suitability of our services;

(h) evaluate and enhance our Platform performance, user experience and functionality;

(i) respond to your communications and investigate complaints;

(j) administer our relationship with you, including creating and managing your account;

(k) personalize, measure and improve our services;

(l) conduct surveys and research to better understand the preferences of our customers like you;

(m) notify you about changes to our Platform or any services we offer or provide though our Platform;

(n) develop new services;

(o) maintain and improve our Platform, services, marketing or customer relationships and experiences;

(p) notify you of any community services which may be relevant to your care plan;

(q) improve internal business processes;

(r) measure engagement and performance (such as our customer care interactions with you);

(s) carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection or to comply with legal requirements;

(t) enforce our Terms and Conditions of Use

(u) respond to legally binding demands from law enforcement, regulatory authorities or other third parties;

(v) defend, protect or enforce our rights or any terms and conditions;

(w) prevent fraud or the recurrence of fraud;

(x) assist in the event of an emergency; and

(y) comply with applicable law.

6. HOW WE DISCLOSE INFORMATION

Except as set forth in this Privacy Policy, or as required or permitted by law, we disclose your Information to our service providers and affiliates, and their respective directors, officers, employees, agents, consultants, advisors or other representatives that have a need to use your Information to provide or improve our services, to legal or regulatory authorities, or for other purposes for which you have provided your consent. In no event will we sell or lease your Information.

We may disclose Information:

(a) to our affiliates or other related companies;

(b) to our employees and any third-party service providers to help us with the uses described in the How We Use Information section above, including community service providers, marketing agencies and technical support;

(c) to comply with your directions or any additional consent you have provided us;

(d) to your healthcare professionals for the purposes of creating a care plan;

(e) to other parties where we are under a duty to disclose your Information in order to comply with any applicable legal obligation including a regulatory process, or an order of a government institution, investigative body, regulatory body or judicial authority of competent jurisdiction;

(f) where we transfer or are considering transferring control of any or all of our assets, operations or services to a third-party acquirer of all or substantially all of our assets, including our rights and obligations relating to our Services, to a third party. The third party may continue to retain and use the Information that you provided to us. We will act in a reasonable manner, including by contractual or other means, to ensure that the third party agrees to similarly be bound by this Privacy Policy or a privacy policy that provides substantially similar measures to those employed by us to protect the privacy and security of your Information and to similarly comply with applicable privacy legislation with respect to your Information, but we cannot guarantee such latter compliance by the third party acquirer; and

(g) where we merge, consolidate, or amalgamate with a third party, the merged, consolidated, or amalgamated entity may continue to use and disclose your Information. We will use our best efforts to ensure that the merged, consolidated, or amalgamated entity agrees to similarly be bound by this Privacy Policy or a privacy policy that provides substantially similar measures to those employed by us to protect the privacy of your Information and to similarly comply with applicable privacy legislation with respect to your Information, but we cannot guarantee such compliance.

We do not disclose your Information to third parties for their own direct marketing purposes without your consent. We only disclose non-personal information to third parties as reasonably necessary to meet our business needs.

7. TRANSFERRING INFORMATION

We may transfer Information that we collect or that you provide as described in this Privacy Policy to contractors, service providers, and other third parties we use to support our business (such as technical support) and who are contractually obligated to keep Information confidential, use it only for the purposes for which we disclose it to them, and to process the Information with the same standards set out in this Privacy Policy.

We may process, store, and transfer your Information in and to a location outside of your province or country, including on or in computing systems or cloud-based servers located outside of your province or country. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that province or country may be able to obtain access to your Information through the laws of the other province or foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this Privacy Policy and applicable Canadian privacy legislation. Your consent to this Privacy Policy followed by your disclosure of your Information represents your agreement to such processing, storing and transferring of your Information.

8. HOW WE PROTECT INFORMATION

The security of your Information is very important to us. We use physical, electronic, and administrative measures designed to secure your Information from accidental loss and from unauthorized access, use, alteration, and disclosure.

We use end-to-end encryption, and we store encrypted Information that we have collected on secure servers within a secure data centre with disaster recovery procedures such as redundancy and automated nightly backups. We store all Information you provide to us behind firewalls on our secure servers and other host-based protections. We limit access to Information to individuals who are authorized to handle the Information to perform their duties and use passwords, two-factor authentication and unique authentication to protect Information. We use anti-malware and maintain up-to-date and patched software and operating systems, system logging and access to Information logging. We also use Intrusion Detection System (IDS), and Intrusion Prevention System (IPS) to detect and prevent unauthorized access or malicious activities on our computer network.

We will only retain your Information for the period of time reasonably required to fulfill the purposes for which it was collected. We may retain non-personal information for as long as we have a business need to do so.

Our services may utilize third party systems, programs, websites, solutions, and/or applications.

An organization must protect Information that is in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. All of our service providers and contractors are contractually obligated to employ appropriate data security measures with respect to your Information and to collect/use/disclose/retain it only within the scope required for the provision of our services. However, we are not responsible for the actions and privacy policies of these third parties and their systems, programs, websites, solutions and/or applications.

We try our best to safeguard Information once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your Information, please contact us at info@carmahealth.net as soon as possible.

9. YOUR CHOICES

We offer you certain choices in connection with our services.

Access to your Information

On your reasonable written request, we will provide you, not later than thirty (30) days from our receipt of your request, or such additional time as required by law, with access to or information about your Information (if any) under our custody or control, and the names of persons to whom, and any circumstances in which, your Information has been and is being disclosed by us. You must provide sufficient information in your request to allow us to verify your identity and identify the information you are seeking.

If you request a copy of your Information and the Information can reasonably be reproduced, we will provide you with a copy of the Information, or, if applicable, we will give you reasons for any delay in providing a copy of the requested Information. All requests may be subject to minimal costs, in accordance with applicable privacy legislation.

We reserve all rights not to disclose Information, in whole or in part, in certain circumstances permitted or required by law, including but not limited to where:

(a) the Information is protected by any legal privilege;

(b) the disclosure of the Information would reveal confidential commercial information;

(c) the disclosure could reasonably be expected to threaten the life or security of another individual;

(d) the Information was generated in the course of a formal dispute resolution process; or

(e) the Information was collected by us without your knowledge and consent for reasonable purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or any province in Canada.

If access to your Information is refused, in whole or in part, we will provide you with the reasons for the refusal and the provision of applicable privacy legislation on which the refusal is based. You may contact us at info@carmahealth.net if you have any questions about the refusal, and we will inform you that you may ask for a review of the refusal in accordance with applicable privacy legislation.

To submit a request to access your Information or designate an authorized agent to make a request to access your Information, please contact us at info@carmahealth.net. Our security procedures mean that we may request proof of identity before we disclose your Information to you.

Please note that we can provide access to health information only as an “information manager” in accordance with instructions to do so issued by a custodian in accordance with the HIA.

Updating your Information

The accuracy of the Information we have about you is very important. To submit a request that we update your Information, please contact us at info@carmahealth.net.

On your request, we will make every reasonable effort to correct outdated Information, or errors or omissions in your Information where that Information is in our custody or control. Such request must be in writing, signed by you, and include sufficient detail to enable us to identify any Information in our custody or control in relation to the request.

We will, as soon as reasonably practical and not later than thirty (30) days from our receipt of your request, or within such additional time as permitted or required by law, either correct the Information and, if applicable and reasonable to do so, send correction notifications to any third party to whom we disclosed the incorrect Information, or decide not to correct the Information, but we will annotate the Information under our control to indicate that a correction was requested but not made.

We will inform you of the action that we have taken in response to your request for correction. You may contact us at info@carmahealth.net if you have any questions about your request for correction, and you may ask for a review of the action taken in accordance with applicable privacy legislation.

Withdrawing your Consent

Where you have provided your consent to the collection, use, and transfer of your Information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, please contact us at info@carmahealth.net. Please note that if you withdraw your consent, we may not be able to provide you with our Services. We will explain the impact to you at the time to help you make your decision.

Tracking Technologies and Advertising

You can set your browser or device to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies or block the use of other tracking technologies some parts of our Platform may not be accessible or may not function properly.

Email communications

You may have the opportunity to receive certain communications from us related to our services. If you provide us with your e-mail address in order to receive communications, you can opt-out of marketing emails at any time by following the instructions at the bottom of our emails and adjusting your email preferences. Please note that certain emails may be necessary for the operation of our services. You will continue to receive these emails, if appropriate, even if you unsubscribe from our optional communications.

10. CONTACT US

If you have questions, concerns, or would like to update/change your Information, you can contact us in the following ways:

info@carmahealth.net

We have procedures in place to receive and respond to complaints or inquiries about our handling of Information, our compliance with this Privacy Policy, and with applicable privacy laws. To discuss our compliance with this Privacy Policy please contact our Privacy Officer using the contact information listed above.

carma logoCARM&A

Copyright © 2024 CARM&A Health Inc. All Rights Reserved.