DRFIRST
CANADIAN PRIVACY POLICY
DrFirst Healthcare Innovations Limited (“DrFirst“) is committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Policy describes the personal information that DrFirst collects from or about you, how we use, and to whom we disclose that information.
DrFirst has adopted a series of Privacy Policies in order to address the specific privacy concerns of certain groupings of individuals. This Privacy Policy applies to how we collect, use and disclose the personal information of our customers, suppliers and other parties with whom we interact. We have developed other documents that describe our privacy policies and practices with respect to our employees (i.e. our “Employee Privacy Policy“). If you are unsure of which Privacy Policy applies to you, please contact our Privacy Officer for more information.
Privacy Policy Effective for Canada
It is DrFirst’s policy to comply with the privacy legislation within each jurisdiction in which we operate. Sometimes the privacy legislation and / or an individual’s right to privacy are different from one jurisdiction to another. This Privacy Policy covers only those activities that are subject to the provisions of Canada’s federal and provincial privacy laws, as applicable.
This Privacy Policy has a limited scope and application. Consequently, the rights and obligations contained in this Privacy Policy may not be available to all individuals or in all jurisdictions. If you are unsure if or how this Privacy Policy applies to you, please contact our Privacy Officer for more information.
What Is Personal Information?
For the purposes of this Privacy Policy, personal information is any information about an identifiable individual, other than an individual’s business contact information when collected, used or disclosed for the purposes of enabling the individual to be contacted in relation to their business responsibilities.
What Personal Information Do We Collect?
We collect and maintain different types of personal information in respect of the individuals with whom we interact. This includes:
- contact and identification information, such as your name, address, telephone number and e-mail address; and
- business relationship information, including information related to your agreements, preferences, advisors and decision-makers, feedback and information requested by or provided to you.
DrFirst provides software solutions and services that seek to provide real-time access to patient data, improve communication and collaboration at the point of care and across the patient’s circle of caregivers, and enhance the doctor’s clinical view of the patient to help drive better health outcomes. As such, DrFirst may also collect personal health information from individuals participating in and / or impacted by these activities. If you are such an individual, we may collect your name, date of birth, address, health history, prescription history, and other information relating to your visits to and the care that you received from your healthcare providers (“personal health information“).
While we generally endeavour to collect personal information directly from you, we may collect your personal health information from other sources (e.g. your health care provider) if we have your consent or if the law permits.
As described in further detail below, we may utilize the services of third parties and may also receive personal information collected by those third parties in the course of the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
Our Website
We may collect information related to your visit to our website, including the IP address and domain used to access our website, the type and version of your browser, the website you came from to access our website, the page you entered and exited at, any website page within our website that is viewed by that IP address and what country you are from. We may use this information to monitor our website’s performance (such as number of visits, average time spent, page views) and for our other business purposes, such as: (i) customizing certain content that we think you might like based on your usage patterns; (ii) improving our products and services; and (iii) upgrading our website.
In connection with the foregoing, we may place a “cookie” on the hard drive of your computer to track your visit. The cookie acts as an identification card and allows our website to identify you and to record your passwords and preferences. The cookie allows us to track your visit to our website so that we can understand your use of our website so that we can tailor the website to better meet your needs. Most web browsers are set to accept cookies. However, on most web browsers you may change this setting to have your web browser either: (i) notify you prior to a website placing a cookie on your hard drive so that you can decide whether or not to accept the cookie; or (ii) automatically prevent the placing of a cookie on your hard drive. It should be noted that if cookies are not accepted, you may not be able to access a number of web pages found on the website.
In addition, we collect the personal information that you submit to our website, such as your name, address and any other contact or other information that you choose to provide by:
- applying for a position with DrFirst through our website; or
- by corresponding with a representative of DrFirst via e-mail using the hyperlinks created for that purpose.
Our website may contain links to other websites that may be subject to less stringent privacy standards. If you click on a link to such a third party website, a third party may also place a cookie on your hard drive. We cannot assume any responsibility for the privacy practices, policies or actions of the third parties that operate these websites. DrFirst is not responsible for how such third parties collect, use or disclose your personal information. You should review the privacy policies of these websites before providing them with personal information.
Finally, we may use third party analytics tools to help us measure traffic and usage trends for our website. These tools may use cookies and other technologies to collect information about your use of our website, and collect information sent by your device or our website. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, better understand your online activity, and assists us in improving our website.
For example, we use Google’s Universal Analytics to better understand who is using our website and how people are using it. Google may use cookies, pixel tags and other technologies to collect and store information such as website pages visited, places where users click, time spent on each website page, IP address, type of operating system used, location-based data, device ID, search history, and phone number. We use this information to improve our website and as otherwise described in this Privacy Policy. Please see https://policies.google.com/technologies/partner-sites for information about how Google Analytics uses this information, visit https://tools.google.com/dlpage/gaoptout for information about the Google Analytics Opt-out Browser Add-on, and visit http://www.google.com/settings/ads to adjust the settings for your Google account.
Why Do We Collect Personal Information?
DrFirst collects personal information to enable us to manage, maintain, and develop our operations, including for example:
- to be able to provide our products and services to our customers (i.e. who have requested and/or purchased such products and services from us);
- to establish, maintain and manage our relationship with you so that we may provide you with, or receive from you, the products and services that have been requested;
- to be able to review the products and services that we provide to you so that we may: (i) understand your requirements for our products and services; and (ii) work to improve our products and services;
- to send you promotional and other marketing materials that we think might be of interest to you;
- to be able to comply with your requests;
- to monitor and investigate incidents and managing claims;
- to protect DrFirst against error, fraud, theft, and damage to our goods and property;
- to enable us to comply with applicable laws or regulatory process; and
- any other reasonable purpose to which you consent.
For the avoidance of doubt, any personal health information that we collect in connection with the delivery of our products and services to our customers will only be used in connection with such purposes, or as otherwise stated in this policy.
For example, to the extent permitted by applicable law, we may anonymize or otherwise de-identify your personal information for the purposes of: (i) providing technical support in connection with the products and services that we provide to our customers; (ii) improve our products and services; and/or (iii) creating aggregate data (e.g. analysis of information from multiple sources on an anonymized and aggregated basis) in order to identify or create products and/or services (e.g. trends, benchmarks, reports, summary metrics, etc.).
How Do We Use and Disclose Your Personal Information?
We may use and disclose your personal information:
- as permitted or required by applicable laws or regulatory requirements;
- for the purposes described in this Privacy Policy; and
- for any additional purposes for which we have obtained your consent to the use or disclosure of your personal information.
We may also use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees, contractors, consultants, affiliates, and other parties who require such information to assist us with managing our relationship with you, including: (i) third parties that provide services to us; (ii) third parties that assist DrFirst in the provision of services to you; and (iii) third parties whose services we use to conduct our business.
For example, we may share your personal information from time to time with our third party information technology, data processing and payment processing service providers (including our affiliates) so that we may operate our business. As a result, your personal information may, subject to applicable laws, be collected, used, processed, stored or disclosed in the United States. In particular, our affiliates can access your personal information from the US for the purposes of supporting and maintaining our products and services, troubleshooting, and similar purposes. As such, your personal information may potentially be accessible to law enforcement and national security authorities in the US.
In addition, your personal information may be disclosed or transferred to another party during the course of the grant of a security interest in DrFirst assets, or completion of, all or a part of DrFirst through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you consent otherwise.
Finally, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements;
- to comply with valid legal processes such as search warrants, subpoenas or court orders;
- as part of DrFirst’s regular reporting activities to its affiliates;
- to protect the rights and property of DrFirst;
- during emergency situations or where necessary to protect the safety of a person or group of persons; and
- with your consent.
Your Consent Is Important to Us
It is important to us that we collect, use or disclose your personal information where we have your consent to do so. Depending on the sensitivity of the personal information, your consent may be implied, deemed (using an opt-out mechanism) or express. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from your action or inaction. For example, when you enter into an agreement with us, we will assume your consent to the collection, use and disclosure of your personal information for purposes related to the performance of that agreement and for any other purposes identified to you at the relevant time.
Typically, we will seek your consent at the time that we collect your personal information. In certain circumstances, your consent may be obtained after collection but prior to our use or disclosure of your personal information. If we plan to use or disclose your personal information for a purpose not previously identified (either in this Privacy Policy or separately), we will endeavor to advise you of that purpose before such use or disclosure.
As we have described above, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.
Choice/Opt-Out
You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our Privacy Officer using the contact information set out below. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer. In certain circumstances, the withdrawal of consent may render us unable to continue to provide products or services where the collection, use or disclosure of your personal information is necessary to provide the product or service.
As above, our business consists of providing products and services to third party customers. If you advise us that you wish to withdraw your consent in connection with your receipt of such products and services, we will notify our applicable customer so that they can attend to your request (subject to legal or contractual obligations and reasonable notice).
We assume that, unless you advise us otherwise, you have consented to the collection, use and disclosure of your personal information as explained in this Privacy Policy.
How Is Your Personal Information Protected?
DrFirst endeavors to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to prevent your personal information from loss and unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. Unfortunately, we cannot guarantee complete security: for example, (i) unauthorized access use, or disclosure, (ii) hardware or software failure, and (iii) other events may compromise the security of your personal information at any time. DrFirst complies with all contractual requirements with respect to using, accessing, and protection of personal information, even where such requirements are more specific or stringent than those set forth in this Privacy Policy.
The security of your personal information is important to us, please advise our Privacy Officer immediately of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of our relationship, please keep us informed of such changes.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
Access to Your Personal Information
You can ask to see your personal information. If you want to review, verify or correct your personal information, please contact our Privacy Officer. Please note that any such communication must be in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact our Privacy Officer.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
Inquiries or Concerns?
If you have any questions about this Privacy Policy or concerns about how we manage your personal information, please contact our Privacy Officer by telephone, in writing or by e-mail. We will endeavor to answer your questions and advise you of any steps taken to address the issues raised by you. If you are dissatisfied with our response, you may be entitled to make a written submission to the Privacy Commissioner in your jurisdiction.
For example, you have the right to complain to the Information and Privacy Commissioner of Ontario if you think we have violated your rights under Ontario’s Personal Health Information Protection Act. This Commissioner can be reached as follows:
Information and Privacy Commissioner of Ontario:
2 Bloor Street East, Suite 1400
Toronto, Ontario, M4W 1A8
416-326-3333
commissioner@ipc.on.ca
www.ipc.on.ca
Privacy Officer
We have appointed a Privacy Officer to oversee compliance with this Privacy Policy. The contact information for our Privacy Officer is as follows:
DrFirst Healthcare Innovations Limited
9420 Key West Avenue, Suite 101 Rockville, MD 20850
United States
Attention: Privacy Officer
E-mail: df_legal@drfirst.com
Telephone: (301) 231-9510
Revisions to this Privacy Policy
DrFirst from time to time, may make changes to this Privacy Policy to reflect changes in its legal or regulatory obligations or in the manner in which we deal with your personal information. We will post any revised version of this Privacy Policy on our website (at https://drfirst.com), and we encourage you to refer back to it on a regular basis.
This Privacy Policy was last updated on October 14, 2020.
Interpretation of this Privacy Policy
Any interpretation associated with this Privacy Policy will be made by our Privacy Officer. This Privacy Policy includes examples but is not intended to be restricted in its application to such examples; therefore where the word “including” is used, it shall mean “including without limitation”.
This Privacy Policy does not create or confer upon any individual any rights, or impose upon DrFirst any rights or obligations outside of, or in addition to, any rights or obligations imposed by Canada’s federal and provincial privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Privacy Policy and Canada’s federal and provincial privacy laws, as applicable, this Privacy Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.