At Mental Health Innovations (“MHI”) we are committed to protecting your privacy and safeguarding your personal information. We do not ask for information we do not need, and we protect the information we have. We think of privacy ahead of time, before building any new feature. End-to-end security with full transparency is what drives information security at MHI.
The purpose of this Privacy Statement is to inform you about the types of Personal Information MHI (as follows, “we” or “us”) collects, uses, and discloses. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may correct that information. This Privacy Statement covers the Tandem application, as well as all other related websites that are operated and administered by, or on behalf of MHI and Tandem.
We are proud to demonstrate our commitment to your privacy by complying with the laws and regulations under applicable privacy laws in Canada. This Privacy Statement is designed to meet the standards prescribed by the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the regulations thereunder as well as applicable provincial privacy legislation and regulations, including, and the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), and the Personal Health Information Protection Act, 2004 (Ontario).
From time to time, we may make changes to this Privacy Statement. The Privacy Statement is current as of the “last revised” date which appears at the top of this page. We will treat Personal Information in a manner consistent with the Privacy Statement under which it was collected, unless we have your consent to treat it differently. This Privacy Statement applies to any information we collect or receive about you, from any source.
The following topics will be covered in this Privacy Statement:
- What is Personal Information?
- How do we collect your Personal Information?
- Where do we store your Personal Information?
- How do we use your Personal Information?
- To whom do we provide your Personal Information?
- When and how do we obtain your consent?
- How do we ensure the privacy of your Personal Information when dealing with our affiliates and other third parties?
- How long will we utilize, disclose, or retain your Personal Information?
- How can you review your Personal Information that we have collected, utilized, or disclosed?
- How do you know that the Personal Information we have on you is accurate?
- What if the Personal Information we have on you is inaccurate?
- How fast will we respond to your written requests?
- Are there any costs to you for requesting information about your Personal Information or our privacy practices?
- How do we know that it is really you requesting your Personal Information?
- What safeguards have we implemented to protect your Personal Information?
- How do you contact us regarding access to your Personal Information or our privacy practices?
1. What is Personal Information?
“Personal Information” is any information that is identifiable with you as an individual and may include personal health information. This information may include but is not limited to your name, gender, contact information, and usernames and passwords. Personal Information, however, does not include your business title, business address and business telephone number, or name in your capacity as an employee of an organization. This information may also include “personal health information” (as defined in the Personal Health Information Protection Act, 2004 (“PHIPA”) and its regulations, as they may be amended from time to time, and any successor legislation thereto) that you provide us.
2. How do we collect your Personal Information?
We will always collect your Personal Information by fair and lawful means. We may collect Personal Information from you directly through your access to our Site or Platform and/or from third parties, where we have obtained your consent to do so or as otherwise required or permitted by law. For the purposes of this Privacy Statement, Personal Information includes personal health information.
3. Where do we store your Personal Information?
We will keep the Personal Information that we collect either at an MHI site or the site of a service provider in Canada.
4. How do we use your Personal Information?
We identify the purposes for which we use your Personal Information at the time we collect such information from you, and we obtain your consent, in any case, prior to such use. We generally use your Personal Information for the following purposes (the “Purposes”):
- to provide or perform any of the services requested by you;
- to verify your identity and your age;
- to respond to your inquiries, complaints, or requests;
- to advise you about new programs and services that may be of interest to you;
- to collect opinions and comments in regard to MHI operations;
- to administer our website;
- in aggregate and anonymized form, to understand how our services are being used and to identify and build improvements to them;
- to investigate legal claims;
- such purposes for which MHI may obtain consent from time to time; and
- such other uses as may be permitted or required by applicable law.
5. To whom do we provide your Personal Information?
We identify to whom, and for what purposes, we disclose your Personal Information.
We may disclose anonymized and aggregated personal data to third parties to improve service, to ensure quality of care, and for research.
Generally, we will only make disclosures of Personal Information to such persons for which you provide your consent. Notwithstanding the foregoing, we may also make disclosures of Personal Information to an acquirer in connection with a transaction involving the sale of some or all of the business of MHI (in which case the use of your personal information by the new entity would continue to be limited by applicable law), or as otherwise permitted or required by law.
In addition, we may send Personal Information outside of the country for the purposes set out above, including for process and storage by service providers in connection with such purposes. However, you should note that to the extent that any Personal Information is out of the country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
If we receive a request for access to your Personal Information from a person other than you, we will promptly advise the person to make the request to you unless the agreement expressly requires us to provide such access and, if you have advised us of the name or title and contact information of a person to whom such requests are to be made, we will also promptly provide that person’s name or title and contact information to the person making the request.
6. When and how do we obtain your consent?
We generally obtain your consent prior to collecting and, in any case, prior to using or disclosing your Personal Information for any purpose. You may provide your consent to us orally, electronically, or in writing. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the personal information and the reasonable expectations you might have in the circumstances.
7. How do we ensure the privacy of your Personal Information when dealing with our affiliates and other third parties?
We ensure that all affiliates and other third parties that are engaged to perform services on our behalf and are provided with Personal Information are contractually required to observe the intent of this Privacy Statement and our privacy practices. We use encryption with our service providers, and all data is encrypted at rest.
8. How long will we utilize, disclose, or retain your Personal Information?
We may keep a record of your Personal Information, correspondence, or comments, in a file specific to you. We will utilize, disclose, or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law.
9. How can you review your Personal Information that we have collected, utilized, or disclosed?
If you make a written request to review any Personal Information about you that we have collected, utilized, or disclosed, we will provide you with any such Personal Information to the extent required by law. We will make such Personal Information available to you in a form that is generally understandable, and we will explain any abbreviations or codes.
10. How do you know that the Personal Information we have on you is accurate?
We will ensure that your Personal Information is kept as accurate, complete, and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary. We expect you, from time to time, to supply us with written updates to your Personal Information, when required.
11. What if the Personal Information we have on you is inaccurate?
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
12. How fast will we respond to your written requests?
We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. You have the right to make a complaint to the federal Privacy Commissioner in respect of this time limit.
13. Are there any costs to you for requesting information about your Personal Information or our privacy practices?
We will not charge any costs for you to access your Personal Information in our records or to access our privacy practices without first providing you with an estimate of the approximate costs, if any.
14. How do we know that it is really you requesting your Personal Information?
We may request that you provide sufficient identification to permit access to the existence, use, or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.
15. What safeguards have we implemented to protect your Personal Information?
We have implemented physical, organizational, contractual, and technological security measures to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use, or modification, including:
- encryption of Personal Information;
- that the only employees who are granted access to your Personal Information are those with a business “need to know” or whose duties reasonably require such information;
- premises security;
- deployment of technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access; and
- internal password and security policies.
In the event that we become aware that your Personal Information has been stolen or lost, or a person has obtained unauthorized access to your Personal Information, or we have used, disclosed, or disposed of your Personal Information improperly, we shall notify you at the first reasonable opportunity.
17. How do you contact us regarding access to your Personal Information or our privacy practices?
All comments, questions, concerns or complaints regarding your Personal Information, this Privacy Statement, or our privacy practices, should be forwarded to our Privacy Officer by email at email@example.com with the subject line “Privacy Inquiry”.