Last updated: March 23, 2020
Medimap Systems Inc. (“Medimap” or “we”) is committed to protecting your privacy through compliance with this Policy.
This Policy describes how we collect, use, disclose, and protect the personal information of our customers and users in the course of providing the Services, and applies to personal information we collect, use, or disclose about you:
- through the Website;
- in email, text, and other electronic messages between you and Medimap; and
- through Medimap’s mobile and desktop applications (the “Applications”);
This Policy does not apply to the collection, use, disclosure and protection of your personal information by:
- Authorized Physicians or Authorized Clinics; and
- Third-party websites, plug-ins, services, or applications which you access through the Website or in the course of the Services.
In this Policy, “personal information” means any information that can reasonably be used to identify you, either by itself or when combined with information available from other sources. “Personal health information” means information that relates to your physical health or any health service provided to you, unless otherwise defined in applicable law.
By using the Website, Applications, Services, or otherwise submitting personal information to Medimap, you consent to Medimap’s collection, use, and disclosure of your personal information in accordance with this Policy. You may refuse or withdraw your consent to certain practices described in this Policy by contacting our Privacy Officer at email@example.com or by following the instructions below, but this may impact our ability to provide you with the Services.
This Policy may be updated from time to time. Your continued use of this Website after we make changes indicates that you accept and consent to those changes, so please check periodically for updates.
Information We Collect and Why
We may collect and use several types of information from and about you, depending on which Services you use. We only collect the information necessary to provide the Services and operate the Website and our business. We will not sell your personal information.
The information that we may collect, and the primary purpose we collect it for, is described below.
If you access the Website, we may collect:
- Technical information, including your browser type, time zone, browser plug-ins, operating system and platform, internet connection, and your device type for the purpose of operating our website and optimizing your experience;
- Non-personal information about your use of the Website, including which pages you viewed, any searches you performed, page response times, download errors, how long your visit was, and any links you clicked. We only collect this information across Website users in aggregate, so it cannot directly identify you. This information is collected to allow us to improve the Website and understand how users are interacting with the Services;
- Personal information including your IP address and location, for the purpose of customizing the Services displayed on our home page; and
- Personal information including your name, email address, and phone number if you submit this information to us by email, our contact form, or our live chat, for the purpose of responding to your requests and inquiries.
If you use the Wait Time Service, we may also collect:
- Your IP address and location, to identify Authorized Clinics in your area;
- Your phone number and preferred clinic, if you enable the “Set an Alert” feature, to notify you when wait times at your preferred clinic change; and
- Any other information you provide to us if you submit feedback about a clinic’s wait time, for the purpose of improving the accuracy of the Wait Time Service.
If you use the Online Check-In Service, we may also collect:
- A unique Medimap user ID which is assigned to you;
- Personal health information, including your name, date of birth, personal health number and previous clinic visits, to allow the Authorized Clinic to check you in remotely; and
- Your phone number and email address, so we can notify you when your wait time is almost over.
If you use the Virtual Care Service, we may also collect:
- A unique Medimap user ID which is assigned to you;
- Personal health information, including your name, date of birth, personal health care number, and the general medical reason for your visit, for the purpose of creating your account and scheduling the Virtual Care Service;
- Your phone number and email address, so we can create your account and connect you with an Authorized Physician;
- If you do not have a valid personal health number in a province that covers telehealth services, a third party processor will process your payment for the Virtual Care Service – Medimap does not retain your credit card information; and
- Your location and preferred pharmacy, to allow Authorized Physicians to prescribe you medication remotely.
Medimap does not collect or store any notes, recordings, videos, or transcripts related to the Virtual Care Service. The only medical details that Medimap collects or uses are those that you submit through the Website.
Medimap is not the custodian or trustee of your personal health information in most provinces. Medimap collects your personal health information to enable Authorized Physicians and Authorized Clinics to collect and use that information electronically.
If you use the Clinic Services, we may also collect certain information about employees, physicians, and other individuals who interact with us, including:
- Employees’ names, email addresses, phone numbers, workplace, and job titles; and
- Authorized Physicians’ names, email address, phone number, workplace, and availability.
How We Collect Your Information
We use different methods to collect your information, including:
- Direct interactions with you when you provide it to us, for example, by filling in forms on the Website or corresponding with us by phone, email, or otherwise;
- Automated technologies, such as cookies, web beacons, and third-party analytics software, which collect certain kinds of data when you navigate the Website;
- Through Authorized Clinics, to inform us whether you attended an appointment scheduled through our Services; and
- Third parties or publicly available sources, for example, our business partners.
Automated Data Collection
The information we collect automatically is statistical information but may include personal information such as your IP address and location. We may also associate this information with personal information that you provide or that we receive from third parties. This helps us improve our Website and deliver a better and more personalized service, including by allowing us to review usage patterns, store information about your preferences, speed up searches, and recognize when you return to our Website.
The technologies we use for automatic data collection may include:
- Browser Cookies. A browser cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by changing your browser settings, but this may impact your experience on our Website or make certain parts of the Website or the Services unavailable to you;
- Flash Cookies. Certain features of our Website use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation on our Website. Flash cookies are not managed by the same browser settings that are used for browser cookies. For information about managing Flash cookies, see the How to Manage The Collection of your Personal Information; and
- Web Beacons. Our Website contains small electronic files known as web beacons or pixel tags that permit us to count users who have visited those pages and for other related website statistics.
You can opt-out of behavioural tracking and some third party cookies using an opt-out tool created by the Digital Advertising Alliance of Canada . You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out does not mean you will not receive advertisements, it means that the advertisements you receive will not be tailored to you.
How We Use Your Information
We use information that we collect from you, including personal information and health information:
- To operate, improve, and analyze information about our Website;
- To provide you with the Services;
- To provide you with information or support that you request from us;
- To fulfill the purposes described in this Policy, or any other purpose that we describe when we collect your information;
- To prompt Authorized Clinics to update wait times and respond to appointment requests;
- To carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection or to comply with legal requirements;
- To notify you about changes to our Website or any Services we offer or provide through it.
- To keep the Services secure;
- To improve our Services, marketing, or customer service;
- In any other way we may describe in this Policy or when you provide the information; and
- For any other purpose with your consent.
If you subscribe to our newsletter, we will also use your personal information to contact you about Services, health updates, promotions, and other information that may be of interest to you. If you no longer wish to receive this information, you may withdraw your consent at any time by using the unsubscribe mechanism at the bottom of our emails.
Who We Disclose Your Personal Information To
We may disclose personal information that we collect about you:
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Medimap’s assets;
- To Authorized Physicians and/or Authorized Clinics, if you use the Online Check-In Service or the Virtual Care Service;
- To contractors, service providers, and other third parties that support our business (such as video chat providers, payment processors, email providers, and data hosts) and who are contractually obligated to keep personal information confidential and use it only for the purposes for which we disclose it to them;
- To comply with any court order, law, or legal process, including government or regulatory requests;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Medimap, our customers, or others;
- As otherwise permitted by applicable laws; and
- With your consent.
Your personal health information will always be stored in Canada. However, in accordance with this Policy, we may disclose other personal information to third-parties or service providers in other provinces or foreign countries, where it may be processed, stored, or transferred to a foreign country, with different privacy laws.
By submitting your personal information, including personal health information, to Medimap, you consent to this transfer, storage, and processing.
How To Manage the Collection of Your Personal Information
You have choices when it comes to certain information that we collect from you. The mechanisms you can use to manage the collection of your personal information are described below:
Automated Data Collection
Newsletters and Promotional Offers
If you have subscribed to our newsletter but no longer wish to receive our emails or promotional offers, you can withdraw your consent by clicking the unsubscribe link included in the email. If you unsubscribe to our newsletter, we will continue sending you information that is directly related to your use of the Services, such as appointment reminders.
How We Keep Your Information Secure
The security of your personal information is very important to us.
We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers, and all data is encrypted both when it is sent and when it is being stored. Any payment transactions will be encrypted using SSL technology.
Where you have created a password to access to certain parts of our Website, you are responsible for keeping this password confidential. Do not share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, the transmission of information online is not completely secure, and we cannot guarantee the security of your personal information when you submit it through the Website. Any transmission of personal information is at your own risk.
How We Retain Your Data
Unless otherwise permitted or required by applicable law, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.
Use of the Website By Children
Our Website is not intended for children under 13 years of age. If you are under 13, do not use or provide any information on the Website, including your name, address, telephone number, email address.
We do not knowingly collect personal information from children under 13 and will delete any information that we learn was received from a child under 13 without parental consent.
Parents and legal guardians may use the Services on behalf of their dependents who are under 13 years of age.
Access and Correction
You have the right to access the personal information we maintain about you and correct it if it is inaccurate. If you have provided an Authorized Clinic or Authorized Physician with personal information that you wish to correct, you must contact them directly.
To review, verify, or correct your personal information, please contact our Privacy Office at firstname.lastname@example.org. We may request specific information from you to confirm your identity and to provide you with the personal information that we hold about you or make your requested changes.
If we believe a requested change would violate any law or cause your information to be incorrect, we may refuse your request. We may also refuse access to certain information, as permitted by applicable law (e.g. information protected by solicitor-client privilege). If we cannot provide you with access to your personal information, we will tell you why, subject to any legal or regulatory restrictions.
Deletion and Withdrawal of Consent
You have the right to withdraw your consent to our collection and use of your personal information or request that we delete your personal information. If you withdraw your consent or request that we delete your information, we may not be able to provide you with some or all of the Services. We will inform you of the specific consequences of withdrawing your consent or deleting your data when you request it.
To withdraw your consent or request deletion of your personal information, please contact our Privacy Officer at email@example.com. We may request specific information from you to confirm your identity and identify the personal information we hold about you.
If we believe that withdrawing your consent or deleting your information is contrary to law, we may refuse your request and explain our decision to do so, subject to any legal or regulatory restrictions.
Notification of Breach
You have the right to know if there has been a breach in the security of your personal information, and that breach creates a real risk of significant harm to you.
If your information is compromised and it creates a real risk of significant harm, we will notify you in accordance with applicable law, and take all reasonable steps to minimize the impact of the breach.
How To Contact Us
If you have questions or comments regarding this Policy, including our compliance with this Policy or applicable law, please contact our Privacy Officer at firstname.lastname@example.org.