PRIVACY POLICY
Privacy Policy last updated on September 9, 2019
​
This Privacy Policy describes how HealthCasa collects, uses, and discloses your Personal Information and Personal Health Information when you visit our Site and create an account on the HealthCasa Platform. All information provided in your Profile is necessary to ensure optimal care and is securely protected, as required by law, and as detailed in this Privacy Policy. Personal Information shall include (i) personal information as such term is defined in the Personal Information Protection Electronic Documents Act; (ii) personal health information as such is defined in the Personal Health Information Protection Act (Ontario), provided that for purposes of this policy, Personal Information shall not include information about HealthCasa employees in such employees’ capacity as employees of HealthCasa.
​
HealthCasa agrees to respect and observe the provisions set forth in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and any other relevant privacy legislation, including, without limitation, the Personal Health Information Privacy Act (“PHIPA”). We consider your Personal Information to be very important and should be protected. HealthCasa will not disclose or share your Personal Information to unauthorized third parties except as allowed by Canadian law and described herein.
​
HealthCasa reserves the right to review the covenants contained in this Privacy Policy and to make changes. Every time that a change to this policy is made, users will be notified and the revised version will be posted on the HealthCasa website. By utilizing our application and/or website, or otherwise providing Personal Information to us, the user agrees to be bound by HealthCasa’s Privacy Policy.
​
Personal and Personal Health Information
HealthCasa collects information that personally identifies the user, such as the user’s name, address, mobile telephone number, e-mail addresses, medical history and other information that the user provides to HealthCasa. Personal Information may be collected in a number of ways, including: in person, over the phone, by mail, over the Internet, and from third parties who you have authorized to disclose Personal Information to us. We make every reasonable effort to keep your Personal Information as accurate, complete and up-to-date as necessary. If you would like to know what information is held in our records or wish to have any of the information updated or modified, please contact us at info@healthcasa.com
​
Some of your Personal and Personal Health Information may be disclosed to your Physician(s) if you give us permission to do so, as well as HealthCasa Practitioners, and HealthCasa administrative and technology staff. Access to private, sensitive and confidential information, including your Personal and Personal Health Information, is restricted to authorized employees with legitimate business reasons. All HealthCasa employees are required to abide by HealthCasa’s privacy standards and agree to a confidentiality agreement that prohibits the disclosure of any Personal and Personal Health Information to unauthorized parties.
​
HealthCasa will not rent or sell the Personal Information or Personal Health Information it collects. HealthCasa will never disclose Personal or Personal Health Information to third parties except as stipulated in this privacy policy or as otherwise permitted by law. If HealthCasa conducts market or product research, we will use non-personally identifiable information such as gender, age or city of residence, and will not use Personal or Personal Health Information.
HealthCasa currently uses a third-party service provider, Medstack to host servers in Canada, within a Amazon Web Services Secure Cloud. (AWS). Medstack is a high security environment making use of industry-standard open source software to establish, maintain and monitor security and compliance. All Personal and Personal Health Information remains in Canada. AWS is certified as compliant with ISO Standard 27018 Code of Practice for Personal Identifiable Information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the Standard also includes the right to audit AWS for compliance. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to HealthCasa, but the access of such third parties to such information is strictly controlled.
​
You as the user, also play an important role in protecting your privacy and the confidentiality of your Personal Information. You are required to use a valid email address as your user name and a secure password, in order to access your account. The user must keep their password and username safe and not share it with any third party . Users must contact HealthCasa immediately if the user believes their password has been compromised or misused. You are responsible for maintaining the confidentiality of your account credentials and for all activity linked to your account. You must activate a timed screen lock with a pattern or passcode on any personal device used to access your HealthCasa Account, as well as logout of the HealthCasa Website or App when not using it. You acknowledge that if you choose to keep any HealthCasa data or information on your device, HealthCasa is not and cannot be responsible for the security of that data or information. HealthCasa will not be responsible for any unauthorized use of your account by a third party. You agree to notify HealthCasa immediately of any unauthorized use of your account by third parties or any other breach of security.
​
Third parties
HealthCasa may use third parties such as Maple, to provide services to users. This means that we may need to collect, use and disclose of User Personal Information requested by Maple or other third parties for enrolment and ongoing administration, including the use of each User’s email address for communications about the services provided by the third party. Each User will be required to create a Maple account and agree to Maple’s Terms of Use, located at www.getmaple.ca/terms terms and Privacy Policy, located at www.getmaple.ca/privacy. HealthCasa will not receive reports containing Personal Health Information from Maple or any other third party, unless the user has provided consent to do so.
​
Disclosure of Personal and Personal Health Information
The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so. If required to do so, we will make every effort to notify the relevant parties about the proceedings.
​
Usage and Aggregate Data
HealthCasa collects usage information from users to our services. The purpose of this collection is to understand how users access and use the services in order to enhance and optimize our services. Usage information and data could include but is not limited to the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of messages sent or received, and times at which the application was accessed and used. In addition, HealthCasa will collect aggregate data about a group or category of services or users. This information, as well as the Personal Information collected, enables HealthCasa to analyze trends, administer services and products, troubleshoot, and improve services.
HealthCasa maintains the right to inform our users about any change that may affect information collected or stored.
HealthCasa reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.
​
Data Control and Retention
HealthCasa reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law. HealthCasa processes and stores the user’s messages, logs, contact data, and other related information in order to provide HealthCasa’s services to the user. Data will be stored indefinitely in a secure and private manner or deleted as per direction from the user as allowable by relevant law. HealthCasa will take reasonable steps to protect information collected from users to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.
​
Privacy Contact
HealthCasa has appointed a Designated Privacy Contact who acts as Chief Privacy and Security Officer (CPSO) responsible for information system monitoring and information security policy and procedure management. The CPSO is responsible for compliance with HealthCasa’s privacy program including:
​
Undertaking Privacy Impact Assessments (PIA) and Threat and Risk Assessments (TRA) on a regular basis;
​
Adopting policies and procedures based on the results of the Privacy Impact Assessment and Threat and Risk Assessments to mitigate all identified risks;
​
Conducting privacy and security training for all HealthCasa Practitioners, employees and contractors;
​
Creating, monitoring and updating internal privacy and security policies to guide all HealthCasa staff in day-to-day operations.
​
Users may contact our CPSO to make enquiries on our privacy practices, to request access to their Personal Information or to request the update, correction or deletion of such information or account should they wish to do so. Any query, comments or concerns can be sent to us by email at info@healthcasa.com or by mail at the following address:
​
HealthCasa Limited:
47 Front Street East, Suite #200
Toronto, Ontario
M5E 1B3
​
Governing Law
This Privacy Policy shall in all respects be governed by and interpreted, construed and enforced in accordance with the laws of the Province of Ontario and the laws of Canada applicable therein.
​
Cookies
Our website may use “cookies” to enhance the user experience. Web cookies are very small text files that are stored on the user’s computer from a webpage to keep track of information about the user’s browsing on that site. The use of cookies allows us to capture standard web traffic information, such as the time and date the user visited our website, their IP address, and their browser information. In no circumstances do the cookies capture any information that can personally identify the user. The user may choose to set their web browser to refuse cookies, or to alert the user when cookies are being sent. If the user sets their web browser to disable cookies, some parts of the website may not be accessible to the use.
​
Questions and Comments
If you have any questions regarding your use of HealthCasa or this Privacy Policy, please contact us at info@healthcasa.com