Ver 1.0 - January 14, 2019
NOTE: This policy is for the users in Canada, if you reside outside Canada, please refer to the relevant policy on our website.
Everyone’s a Caregiver® Learning Systems Ltd. “EACLS” (CareSay). (“Care”, “we”, “us” or “our”) is a secure platform (the “Platform”) that allows users to provide feedback on the quality healthcare services through our applications (the “App”) available on mobile devices and through a web browser.
For the purposes of this Policy, “personal information” or “PI” means information about an identifiable individual. “Personal health information” or “PHI” means information about an identifiable individual that relates to the individual’s physical or mental health, including name of patient, date of birth, medical history, medical treatment, medical test results, medication list, and health number. PHI may be entered by the use or found in medical records, treatment and examination notes and communications between patients and their healthcare professionals.
“EACLS” (CareSay) will collect not request personal information and PHI from you when you access and use our App, the Platform, the website CareSay.reviews (the “Website”) or our other software products (collectively referred to as the “Services”). HOWEVER, the user may volunteer some information to clarify his/her feedback.
“EACLS” (CareSay) will never disclose your personal information or PHI without your consent.
“EACLS” (CareSay) will never rent or sell the personal information or PHI that we collect.
“EACLS” (CareSay) has implemented industry standard physical, administrative and technological safeguards to protect personal information and PHI from unauthorized access.
“EACLS” (CareSay) complies with applicable privacy and personal health information legislation where it operates.
Information We Collect and Store
“EACLS” (CareSay) will collect the following information from you when you register for an account with “EACLS” (CareSay) (“Account”) or use the Services:
Registration and Information
When you register for an Account, in order to identify you properly and contact you when needed, we will collect identification and contact information, such as name, email address, and a phone number.
When you use the Platform, we will collect and store your information, and your feedback.
Log and Website Information
When you access and use the Services, we may automatically collect certain technical information about your visit, including the date, time, browser type, your internet service provider, your IP address, device information (including device identifiers), geo-location information, computer and network performance data, the URL that you are coming from and your navigation history in order to customize and personalize your experience on the Services, improve our Services and for statistical research purposes.
Use and Disclosure of Your Information
We will use the personal information and PHI that we may collect from you to schedule, administer, personalize and enhance your patient experience.
This information may be used to update your patient record and/or to provide you with healthcare services.
We may disclose your personal information, including PHI, to third-party healthcare professionals involved in providing you with healthcare services, such as a specialist physician, pharmacist, physiotherapist, psychologist, nutritionist or lab technician. When the disclosure is part of a care plan that you have agreed to, we will consider the agreed care plan to constitute implied consent. For all other disclosures to a third-party not associated with “EACLS” (CareSay), we will only make the disclosure after obtaining your express consent.
Only healthcare professionals and their delegates involved in providing you with healthcare services can access your PHI. All delegates who are not regulated healthcare professionals sign strict and durable confidentiality agreements.
Access to your information is logged and we perform regular audits in order to ensure that any access is authorized and that information is only accessed on a ‘need to know’ basis.
We may share with selected third-parties demographic and contact information about you (including but not limited to name, and any email addresses or phone numbers) by email, SMS, instant messaging or any other means necessary, for reasons including but not limited to: verifying your identity, immediate intervention, visitation follow-up, customer support and technical support.
Third-Party Service Providers
We may transfer your personal information, including PHI to a third-party service provider for processing and storage in Canada. Whenever we engage a third-party service provider, we ensure that the information is properly safeguarded at all times at a comparable level of protection the information would have received if it had not been transferred.
We may use your personal information to detect, investigate, address and prevent fraudulent or illegal activities. We reserve the right to disclose your personal information as required by law, when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal process served on us and to defend against legal claims.
These situations may include, but are not limited to, disclosing potentially life saving information during medical emergencies and reporting infectious diseases or fitness to drive.
We may disclose and share your personal information to explore and/or undertake a corporate transaction, including a merger, acquisition, amalgamation, IPO, reorganization or sale of CareSay. Your personal information relevant to the transaction can be used and disclosed solely for the purposes related to the transaction and will be protected by security safeguards appropriate to the sensitivity of the information.
Your PHI will not be disclosed and will remain confidential.
Accessing the PHI held by “EACLS” (CareSay)
Limitations on access
You may be temporarily denied access to your record if providing access would create a significant risk to your health. You will also be denied access to your record where disclosure would be likely to reveal personal information about a third person or the existence of such information and the disclosure may seriously harm that third person, unless the third person consents or in the case of an emergency that threatens the life, health or safety of the person concerned.
We use reasonable means to ensure that information in your record is accurate. If you identify any inaccuracies, you can request that a note be made on the file indicating the inaccurate information.
When conducting product development, research, advertising and marketing, we will only use anonymized, de-identified and aggregated information.
Retaining Your Information
We will retain any and all personal information that we are required to retain under any applicable laws and regulations for the full duration of time required under those laws and regulations. We may also retain any anonymized and de-identified information and continue to use this information in accordance with this Policy.
Safeguarding Your Information
“EACLS” (CareSay) is committed to information security and protects personal information and PHI through integrated, physical, technological and administrative safeguards:
Secure Storage: “EACLS” (CareSay) stores all personal information and PHI in an Amazon Web Services (“AWS”) or IBM data center in Canada. AWS and IBM Clouds are ISO 27001 certified and adheres to global privacy and data protection best practices.
Network Security: “EACLS” (CareSay) has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly-accessible systems.
End-to-End Encryption: “EACLS” (CareSay) encrypts all records. Data transmissions and communications on the Platform are end-to-end encrypted.
Privacy Policies and Training: “EACLS” (CareSay) has implemented written policies and procedures that specifically address the privacy and security of your PHI.
“EACLS” (CareSay) delivers privacy training to employees and contractors on how to safeguard personal information and mitigate operational risks. All “EACLS” (CareSay) employees and contractors are legally bound to confidentiality.
SOC2 Compliance: “EACLS” (CareSay)’s Information Security Policy and its related policies and processes are certified as compliant with ISO/IEC 27002:2013.
There is no guarantee against data breaches. However, “EACLS” (CareSay) has taken reasonable measures to prevent a breach, as described above. In the event of a data breach, “EACLS” (CareSay) will:
Notify users at the first reasonable opportunity of the breach; and Immediately apply remedial measures.
Changes To This Policy
If we decide to make material changes to the Policy, we will notify you and other users by placing a notice on our Website and App. You should periodically check the Website and the App for updates.
We understand your concern regarding your privacy. “EACLS” (CareSay) values and protects your privacy.
We’ve structured our web site so that, in general, you can visit “EACLS” (CareSay) on the web without identifying yourself or revealing any personal information. Once you choose to provide us personally identifiable information (any information by which you can be identified), you can be assured that it will only be used to support your customer relationship with “EACLS” (CareSay).
“EACLS” (CareSay) will not sell, rent or lease your personally identifiable information to others unless we have your permission or are required by law.
“EACLS” (CareSay) may use your contact information for any announcement regarding changes to our site, new products we introduce and special offers. If you prefer not to receive such information, please email our office and we will remove your contact information from our database.
If we are unable to resolve your issue to your satisfaction, you can file a complaint with the privacy commissioner in your province or territory, or with the Office of the Privacy Commissioner of Canada.