What Is Personal Information?
What Personal Information Do We Collect?
We collect and maintain different types of personal information in respect of the individuals with whom we interact. This includes:
- contact and identification information, such as your name, address, telephone number and e-mail address; and
- business relationship information, including information related to your agreements, preferences, advisors and decision-makers, feedback and information requested by or provided to you.
DrFirst provides software solutions and services that seek to provide real-time access to patient data, improve communication and collaboration at the point of care and across the patient’s circle of caregivers, and enhance the doctor’s clinical view of the patient to help drive better health outcomes. As such, DrFirst may also collect personal health information from individuals participating in and / or impacted by these activities. If you are such an individual, we may collect your name, date of birth, address, health history, prescription history, and other information relating to your visits to and the care that you received from your healthcare providers (“personal health information“).
While we generally endeavour to collect personal information directly from you, we may collect your personal health information from other sources (e.g. your health care provider) if we have your consent or if the law permits.
As described in further detail below, we may utilize the services of third parties and may also receive personal information collected by those third parties in the course of the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
We may collect information related to your visit to our website, including the IP address and domain used to access our website, the type and version of your browser, the website you came from to access our website, the page you entered and exited at, any website page within our website that is viewed by that IP address and what country you are from. We may use this information to monitor our website’s performance (such as number of visits, average time spent, page views) and for our other business purposes, such as: (i) customizing certain content that we think you might like based on your usage patterns; (ii) improving our products and services; and (iii) upgrading our website.
In connection with the foregoing, we may place a “cookie” on the hard drive of your computer to track your visit. The cookie acts as an identification card and allows our website to identify you and to record your passwords and preferences. The cookie allows us to track your visit to our website so that we can understand your use of our website so that we can tailor the website to better meet your needs. Most web browsers are set to accept cookies. However, on most web browsers you may change this setting to have your web browser either: (i) notify you prior to a website placing a cookie on your hard drive so that you can decide whether or not to accept the cookie; or (ii) automatically prevent the placing of a cookie on your hard drive. It should be noted that if cookies are not accepted, you may not be able to access a number of web pages found on the website.
In addition, we collect the personal information that you submit to our website, such as your name, address and any other contact or other information that you choose to provide by:
- applying for a position with DrFirst through our website; or
- by corresponding with a representative of DrFirst via e-mail using the hyperlinks created for that purpose.
Our website may contain links to other websites that may be subject to less stringent privacy standards. If you click on a link to such a third party website, a third party may also place a cookie on your hard drive. We cannot assume any responsibility for the privacy practices, policies or actions of the third parties that operate these websites. DrFirst is not responsible for how such third parties collect, use or disclose your personal information. You should review the privacy policies of these websites before providing them with personal information.
Why Do We Collect Personal Information?
DrFirst collects personal information to enable us to manage, maintain, and develop our operations, including for example:
- to be able to provide our products and services to our customers (i.e. who have requested and/or purchased such products and services from us);
- to establish, maintain and manage our relationship with you so that we may provide you with, or receive from you, the products and services that have been requested;
- to be able to review the products and services that we provide to you so that we may: (i) understand your requirements for our products and services; and (ii) work to improve our products and services;
- to send you promotional and other marketing materials that we think might be of interest to you;
- to be able to comply with your requests;
- to monitor and investigate incidents and managing claims;
- to protect DrFirst against error, fraud, theft, and damage to our goods and property;
- to enable us to comply with applicable laws or regulatory process; and
- any other reasonable purpose to which you consent.
For the avoidance of doubt, any personal health information that we collect in connection with the delivery of our products and services to our customers will only be used in connection with such purposes, or as otherwise stated in this policy.
For example, to the extent permitted by applicable law, we may anonymize or otherwise de-identify your personal information for the purposes of: (i) providing technical support in connection with the products and services that we provide to our customers; (ii) improve our products and services; and/or (iii) creating aggregate data (e.g. analysis of information from multiple sources on an anonymized and aggregated basis) in order to identify or create products and/or services (e.g. trends, benchmarks, reports, summary metrics, etc.).
How Do We Use and Disclose Your Personal Information?
We may use and disclose your personal information:
- as permitted or required by applicable laws or regulatory requirements;
- for any additional purposes for which we have obtained your consent to the use or disclosure of your personal information.
We may also use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees, contractors, consultants, affiliates, and other parties who require such information to assist us with managing our relationship with you, including: (i) third parties that provide services to us; (ii) third parties that assist DrFirst in the provision of services to you; and (iii) third parties whose services we use to conduct our business.
For example, we may share your personal information from time to time with our third party information technology, data processing and payment processing service providers (including our affiliates) so that we may operate our business. As a result, your personal information may, subject to applicable laws, be collected, used, processed, stored or disclosed in the United States. In particular, our affiliates can access your personal information from the US for the purposes of supporting and maintaining our products and services, troubleshooting, and similar purposes. As such, your personal information may potentially be accessible to law enforcement and national security authorities in the US.
Finally, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements;
- to comply with valid legal processes such as search warrants, subpoenas or court orders;
- as part of DrFirst’s regular reporting activities to its affiliates;
- to protect the rights and property of DrFirst;
- during emergency situations or where necessary to protect the safety of a person or group of persons; and
- with your consent.
Your Consent Is Important to Us
It is important to us that we collect, use or disclose your personal information where we have your consent to do so. Depending on the sensitivity of the personal information, your consent may be implied, deemed (using an opt-out mechanism) or express. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from your action or inaction. For example, when you enter into an agreement with us, we will assume your consent to the collection, use and disclosure of your personal information for purposes related to the performance of that agreement and for any other purposes identified to you at the relevant time.
As we have described above, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.
You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our Privacy Officer using the contact information set out below. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer. In certain circumstances, the withdrawal of consent may render us unable to continue to provide products or services where the collection, use or disclosure of your personal information is necessary to provide the product or service.
As above, our business consists of providing products and services to third party customers. If you advise us that you wish to withdraw your consent in connection with your receipt of such products and services, we will notify our applicable customer so that they can attend to your request (subject to legal or contractual obligations and reasonable notice).
How Is Your Personal Information Protected?
The security of your personal information is important to us, please advise our Privacy Officer immediately of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of our relationship, please keep us informed of such changes.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
Access to Your Personal Information
You can ask to see your personal information. If you want to review, verify or correct your personal information, please contact our Privacy Officer. Please note that any such communication must be in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact our Privacy Officer.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
Inquiries or Concerns?
For example, you have the right to complain to the Information and Privacy Commissioner of Ontario if you think we have violated your rights under Ontario’s Personal Health Information Protection Act. This Commissioner can be reached as follows:
Information and Privacy Commissioner of Ontario:
2 Bloor Street East, Suite 1400
Toronto, Ontario, M4W 1A8
DrFirst Healthcare Innovations Limited
9420 Key West Avenue, Suite 101 Rockville, MD 20850
Attention: Privacy Officer
Telephone: (301) 231-9510