INTRODUCTION AND DEFINITIONS
When receiving a Health Service from a Health Service Provider as a patient of the Health Service Provider your privacy is the responsibility of that Health Service Provider. When MedMe Health assists your Health Service Provider in providing a Health Service through MedMe Health’s platform and services, MedMe Health is acting as an affiliate of your Health Service Provider. In this role, MedMe Health is responsible for following the privacy policies of your Health Service Provider and protecting your personal and health information in accordance with the relevant legislation that your Health Service Provider is subject to.
If you have any questions or concerns after reading this, please email us at: firstname.lastname@example.org.
"Content" means any expression fixed in a tangible medium and includes, without limitation, ideas, text, comments, video, audio, images, graphics, designs, drawings, animations, logos, trademarks, copyrights, information, data, software, scripts, tasks, activities, badges and ranks, and any intellectual property therein, any of which may be created, submitted, or otherwise made accessible on or through the Site and/or Services.
“Health Service” means any health care related service (as defined by relevant legislation) that is provided to a patient by a Health Service Provider, irrespective of whether that service is delivered through the MedMe Health platform and services or by other means.
“Health Service Provider” means any provider of Health Services such as pharmacies and clinics contracting to make use of MedMe Health to deliver that Health Services to patients, irrespective of whether the Health Service is provided directly or through our platform and services.
"Minor" means a person under the age of majority in the jurisdiction where the dispensing pharmacy is located.
"Patient Representative" means a person who is authorized to act on the patient's behalf to manage the patient's prescriptions and Services.
“Services” means all services, except Health Services, made available by or through MedMe Health, including but not limited to services accessed through the Content or the Site. “Site”means medmehealth.com, medmeapp.ca, and medmeapp.com, its related webpages and sites (including, without limitation, any mobile optimization website and white-labelled/DNS-forwarded sites), and MedMe Health’s mobile applications.
"User Generated Content" or "UGC" means any Content whatsoever that you submit, create, upload, transfer, or otherwise makes available by access to the Site or through the Services, including but not limited to messages, information, images, data or in-media screen shots, video, audio or other Content posted in any public or private area within the Site or through the Services.
ACCEPTANCE OF TERMS AND REVISIONS
TYPES OF INFORMATION WE COLLECT
There are three types of information we may collect through your access to and use of the Site, Content and/or Services:
(a) “Personal Information” means information about an identifiable individual, including any “Personal Information” as such term is defined in the Personal Information Protection and Electronic Documents Act (Canada), where Personal Information crosses provincial or international boundaries, or as may be defined in any applicable and any applicable provincial privacy laws, such as the Personal Information Protection Act (British Columbia), the Personal Information Protection Act (Alberta) , and the Act Respecting the Protection of Personal Information in the Privacy Sector (Quebec).
Personal Information may include, but is not limited to, a person’s name, email address, residential address, geolocation information (i.e., your specific location), telephone number, date of birth, gender, occupation, employment status, and in some cases, user name.
Please note that this list is provided as an example only for purposes of the definition. It is not meant to be used as an exhaustive list of actual information collected or held by MedMe Health.
(b) “Personal Health Information” means information that may be collected when you engage aHealth Service Provider for a Health Service as such term is defined inapplicable legislation such as the Personal Health Information Protection Act (Ontario), the Health Information Act (Alberta), the Personal Health Information Privacy and Access Act (New Brunswick), the Personal Health Information Act (Newfoundland and Labrador), or the Personal Health Information Act (Nova Scotia).
Personal Health Information may include demographics information such as identity, contact, and personal statistics information (similar to the examples listed under the definition for Personal Information). Additionally, your Health Service Provider may also require you to provide certain physical and mental health information, including but not limited to personal and family medical history information, details of your existing medications, existence of drug allergies, medications requested and prescription information, the name of your primary physician and his or her contact information, your provincial health number and any private health benefits number or account information as part of delivering that Health Service.
Please note that this list is provided as an example only for purposes of the definition. It is not meant to be used as an exhaustive list of actual information collected or held by your Health Service Provider or by MedMe Health as their affiliate.
(c) “Non-Personal Information” means information that does not identify you. One common source of Non-Personal Information is to de-identify (remove anything that can point to identity) from PersonalInformation such as, for example, date of birth, age, gender, postal code and non-precise geolocation information (e.g., your city). This information by policy and legislation must be de-identified where necessary by the MedMe system before it falls under this definition. Non-Personal Information can also include anonymous “Usage Data” which is data that is non-identifying right from the start. Such anonymous data is often associated with your computer, mobile device, and/or media system platform, and may include such information as in-media time, activities, purchases, badges and ranks. Again, should any of this information actually be identifying at anytime, it must by policy be de-identified wherever necessary by the MedMe system before it falls under this definition.
Personal Health Information may only be de-identified for use as Non-Personal Information when permitted by and at the direction of the Health Service Provider responsible for that information. Any such action will only be done by MedMe Health in accordance with our agreements with and in compliance with the policies of the Health Service Provider and applicable legislation they are subject to.
MedMe Health only makes use of this Non-Personal Information for internal resource management and planning purposes if and as permitted by agreements and applicable legislation. None of this information is collected for purpose of selling to third parties and will only be shared with third parties where those parties may be engaged by MedMe Health in support of these purposes.
(d) The choice to provide us with Personal Information and Non-Personal Information (notwithstanding Usage Data) is yours. If you do not wish to have MedMe Health collect your Personal Information through the use of our Site, Content and/or Services, you can choose not to provide it. However, your decision to withhold particular details may limit the Services we are able to provide and make it more difficult for us to advise you or suggest appropriate alternatives to our Services. If we are unable to accommodate your requests based on the information that you have provided, we may ask for additional information so that we may better accommodate your needs. At all times though it remains your decision whether to provide or withhold this additional information requested.
The choice to provide your Health Service Provider or MedMe Health as their affiliate with Personal Health Information is yours. If you do not wish to allow your Health Service Provider or MedMe Health as there affiliate to collect your Personal Health Information as part of providing you with a Health Service, you can choose not to provide it. However, your decision to withhold particular details may limit the Health Service your Health Service Provider and/or MedMe Health as their affiliate are able to provide and make it more difficult to advise you or suggest appropriate alternates to the Health Service(s) requested. If your Health Service Provider and/or MedMe Health are unable to accommodate your requests based on the information that you have provided, your Health Service Provider and/or MedMe Health on their behalf may ask for additional information so that we may better accommodate your needs. At all times though it remains your decision whether to provide or withhold this additional information requested.
CONSENT– PERSONAL INFORMATION
Subject to legal and contractual requirements, you may refuse or withdraw your consent to the collection, use, disclosure, and transfer of your Personal Information for certain of the purposes identified herein at any time by contacting MedMe Health through the contact details provided below. If you refuse or withdraw your consent, you acknowledge that MedMe Health may not be able to provide you or continue to provide you with certain Services which may be of value to you.
CONSENT– PERSONAL HEALTH INFORMATION
BY PROVIDING PERSONAL HEALTH INFORMATION TO YOUR HEALTH SERVICE PROVIDER DIRECTLY AND/OR TO MEDME HEALTH AS THEIR AFFILIATE, AS PART OF RECEIVING A HEALTH SERVICE FROM THEM, YOU AGREE THAT THE HEALTH SERVICE PROVIDER AND THEIR AFFILIATE(S) MAY COLLECT YOUR PERSONAL HEALTH INFORMATION AND YOU CONSENT TO THE USE, DISCLOSURE, AND TRANSFER OF YOUR PERSONAL HEALTH INFORMATION TO FACILITATE RECEIVING THIS SERVICE, IN ACCORDANCE WITH THE HEALTH SERVICE PROVIDER’S PRIVACY POLICIES AND AS PERMITTED OR REQUIRED BY LAW.
Subject to statutory and contractual requirements, you may refuse or withdraw your consent to the collection, use, disclosure, and transfer of your Personal Health Information for certain of the purposes identified by your Health Service Provider and/or their affiliates at any time by contacting your Health Service Provider through the contact details provided by them. Alternately, you may submit such requests through MedMe Health as an affiliate of your Health Service Provider, and we will take all reasonable steps to forward your request to the Health Service Provider involved. If you refuse or withdraw your consent, you acknowledge that your Health Service Provider may not be able to provide you or continue to provide you with certain Health Services which maybe of value to you.
COLLECTION OF INFORMATION
We may collect information as follows:
(a) Information You Provide to Us. When you engage in receiving a Service of any type from MedMe Health as a client or from your Health Service Provider as a patient that requires the submission of information; we may collect such minimum information as is necessary to deliver the requested Service. This information is necessary for actions such as verifying your identity, fulfilling your orders, and contacting you concerning the Service you requested. Whether you are providing information as a client of MedMe Health or as a patient of a Health Service Provider that we are an affiliate of, we store your collected information securely both for your security and for use to verify your identity and provide you with the Services you requested and therefore provided said information to obtain.
(b) Information Provided to Us by Your Patient Representative or by You for a Person for whom You will be a Patient Representative. If an individual wishes to have you act as a Patient Representative for the purposes of managing the individual’sServices, or you ask another to act as Your Patient Representative, we may collect information about you and the other person as detailed in the previous paragraph to facilitate delivery of that Service. This includes situations such as where a parent or guardian is acting as a Patient Representative for a minor or incapacitated person. As per the previous paragraph, the minimum information necessary to deliver the requested Service will be collected.
(c)When You or Your Patient Representative make purchases for Services from your Health Service Provider through the MedMe platform, you may make use of the Health Service Provider’s payment system, or may instead be presented with the option to engage the MedMe platform’s partnered payment processor. Where the Health Service Provider’s system is used to make payment and/or where our payment processor is used, the payment processor involved will collect and be responsible for any credit card information you provide for making payment. MedMe Health does not in either case collect or store your credit card information. Other Personal Information provided for making payment, such as your insurance information, policy numbers, and group plan information you may provide as part of obtaining Services, that pass through and/or are stored in the MedMe system, will be handled in a secure manner at all times in accordance with our privacy policies, applicable legislation, and contractual obligations with your Health Service Provider.
(d) When You or Your Patient Representative receive a Health Service such as a vaccination from a Health Service Provider through our Site and/or Services, you or your Patient Representative will provide your Health Service Provider with your Personal Health Information (through MedMe Health as an affiliate of the Health Service Provider). For prescriptions this information can include the medication requested, amounts, and information regarding your physician or other prescribing professional. Your chosen Health Service Provider will use the Personal Health Information provided to fill your prescription as required. This information will be stored, processed and shared with the applicable provincial prescription drug information system by your chosen Health Service Provider using their information system as required by the Law in the applicable jurisdiction. Your chosen Health Service Provider may also contact your physician or the prescribing professional if additional information regarding your prescription is required.
(e) Public Forums. If you choose to make use of any public forum, blog, comment section or chat function managed by MedMe Health to submit or post a message, query, or comment that involves Personal Information, we cannot guarantee and are not responsible for that information’s privacy or security. We place disclaimers in all Public Forums managed by MedMe Health warning that these forums are public and therefore are not an appropriate place to post PersonalInformation or expect responses on same for any reason.
(f) In-Media Communications. If you choose to send a message to us through our message, chat, post or other function, we may collect any information you may disclose through such means in order to facilitate the communication.
(g) Push Notifications. If you choose to enable push notifications, we may use your information such as a device ID or email address in order to send push notifications to your device as per your direction.
(h) Your Location. As a client, we may collect precise geolocation information as part of delivering requested Services to you such as locations of Health Service Providers close to you, provided that prior to doing so initially, you are either informed by us of such a practice or be prompted by us to allow or disallow such a feature. In the event you proceed with using any of the Site, Content and/or Services or choose to allow such a feature, you will have the ability to disallow it at any time thereafter by taking the appropriate steps in the applicable settings tab. We do not keep or store precise geolocation information. Precise geolocation is only collected and used at the time MedMe Health delivers the requested Services.
(i) Information You Submit to Us. If you choose to submit Personal Information to us for any other reason in any other form, we will collect such information and use it for the purposes for which you submitted it.
(j) Visiting our Site. We will not collect any Personal Information from you simply by virtue of your visiting our Site; we only collect Personal Information if you or your Patient Representative choose to submit it to us. We do, however, collect Non-Personal Information such as Usage Data, for purposes of connection management and platform improvement whenever you use our Site and/or Services. Such Non-Personal Information is not combined with Personal Information unless you choose to submit Personal Information to us.
(k) Where Permitted by Law. We may also collect information, including Personal Information as otherwise permitted by law.
(l) Do Not Track (DNT). Do Not Track (DNT) is a privacy preference that you can set in their web browser allowing you to opt out of tracking by websites and online services. At the present time, the World Wide Web Consortium (W3C) has not yet established universal standards for recognizable DNT signals, and, therefore, MedMe Health does not recognize DNT.
(m) "Cookies". In connection with the foregoing collection of information, we may also use “cookies” or similar technologies (small amounts of data that are stored on your computer's hard drive, mobile device or media system platform when you use or access our Site and/or Services that identify your computer, mobile device or media system platform and may store information about you such as behavioural data. Should you choose to submit PersonalInformation to us, we may link cookie information to such Personal Information. If you do not wish to accept cookies, you have the option of blocking or disabling cookies. However, please be aware that some of our Site, Content and/or Services will not function properly if you do so and you may lose access to Services you purchased.
(n) Third Party Advertising Partners. MedMe Health is not engaged with any third-party advertising partners at this time and does not in any way collect Personal Information for such activities. Where the MedMe platform in turn links you to a Health Service Provider platform as part of your receiving a requested Service from the Health Service Provider, there may be third-party advertising partners involved with the Health Service Provider and their platform. The Health Service Provider at all times remains responsible for any information that may be shared with these third-parties through the Health Service Provider’s own platform, and you or your Patient Representative should contact the Health Service Provider directly for any related questions or concerns.
PUBLIC INFORMATION INCLUDING USER GENERATED CONTENT
You may choose to disclose information about yourself in the course of contributing User Generated Content to us or through your use of our Site and/or Services including but not limited to our online forums,"profiles" for public view or in similar forums on our Site. Information that you disclose in any of these forums is unencrypted, public information, may be accessed or recorded by MedMe Health, and there is no expectation of privacy or confidentiality therein.
You should be aware that any Personal Information you submit in the course of these public activities can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the Personal Information you choose to make public in any of these forums.
Note also that in the ordinary course of Internet activity, depending on your personal Internet web browser settings, certain information may be sent by your browser to third parties such as advertising networks and analytics companies. MedMe Health has no control over the information sent from your browser to those networks or other third parties and recommends that you ensure that your browser settings prevent the disclosure of information you would not like to share.
USE OF YOUR INFORMATION
As a patient of a Health Service Provider that we are an affiliate to, MedMe Health will only use your Personal Health Information in the manner and for the purposes authorized and directed by the Health Service Provider as part of delivering the requested Health Service to you, in accordance with the Health Service Provider’s policies, our agreements with them, and applicable legislation they are subject to. At no time will your Personal Health Information be used for any other purpose without such direction and authorization. As a client of MedMe Health, we may use your Personal Information for administrative, analytical, optimisation, security and other purposes, including, without limitation, the following purposes:
(a) to develop, enhance, market, sell or otherwise provide information, products, services and functionality that you have requested, including the Services;
(b) to improve our Site and/or Services, and to inform the creation of future Services;
(c) to send you information related to our Site /or Services, including confirmations, technical notices, updates, security alerts, information related to product safety or recall issues and support and administrative messages;
(d) to process transactions for the Services;
(e) to manage your account with MedMe Health;
(f) to attempt to contact you regarding product safety or recall issues;
(g) to track your access to and use of our Site and/or Services to help us learn more about your Site and/or Services access and usage, Content consumption and understand your preferences and tendencies so that we can personalise your experience, provide you with offers and notifications that are tailored to you, and otherwise enhance your experience when viewing Content and using our Site and/or Services;
(h) to personalise your MedMe Health Content and offers;
(i) to respond to customer service inquiries;
(j) to troubleshoot problems with the Site and/or Services;
(l) to protect against unlawful activities or other misuse of the Site, Content and/or and Services or for other security reasons;
(m) to provide you with notices on behalf of your Health Service Provider on appropriate Services available to you that suits your needs and profile and is age/gender-appropriate and targeted to your region;
(n) to compile statistics;
(o) to send you push notifications (if you choose to allow that function); and
(p) for any other purpose to which you consent or that is otherwise permitted or required by law.
If you have provided your email/cell phone number and provided consent to receive notifications under Canadian Anti-Spam Law (CASL), we may occasionally send you as a client important information regarding your Service. We may also send you notices on behalf of your Health Service Provider as part of HealthServices you have requested from them. If you no longer wish to receive notifications, you may cancel your Service, or contact the Health Service Provider in the case of notifications provided to you on their behalf.
DISCLOSURE OF INFORMATION
As a patient of a Health Service Provider that MedMe Health is an affiliate of, MedMe Health will only disclose your Personal Health Information in the manner and for the purposes authorized and directed by the Health Service Provider aspart of delivering the requested Health Service to you, in accordance with the Health Service Provider’s policies, our agreements with them, and applicable legislation they are subject to. At no time will your Personal Health Information be disclosed for any other purpose without such direction and authorization.
As a client, MedMe Health will not transfer your Personal Information to third parties, except for our subsidiaries, affiliates and business partners that we engage to provide services on our behalf, such as (but not limited to) web hosting services, credit card payment processing, provincial/private health plan coverage, pharmacy software providers, and order processing and delivery, provided that such third parties have agreed to comply with legally required privacy standards and they agree to use the information only for the purposes disclosed at the time of collection or for a use consistent with that purpose. MedMe Health will only provide those third parties with the Personal Information that they need to deliver the Services requested by you to MedMeHealth or on MedMe Health’s behalf.
We may also disclose your Personal Information to a third-party vendor whose products or services you have requested in order to deliver those products and services to you. Such third parties may keep and use your Personal Information whether or not you purchase their products or services. Your Personal Information will be subject to their privacy policies, so you should contact them directly for information or to voice your concerns in respect of their policies.
We may also share aggregate or anonymized information, including de-identified Personal Information, about you with service providers, business partners, and other third parties, to the extent permitted by applicable law.
We may share your Usage Data and other Non-Personal Information including, without limitation, device IDs, advertising IDs or other persistent identifiers and non-precise geolocation information with third parties who assist us with our operations such as administration, analytics, planning and optimization, and with our business partners in order to, among other things, allow them to provide better service to MedMe Health or on MedMe Health’s behalf.
PROTECTION OF YOUR INFORMATION
As required by applicable privacy laws, MedMe Health has implemented reasonable physical and technical measures to protect the information we collect or are provided with from unauthorized access and against loss, misuse or alteration by third parties. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY IN CONNECTION WITH YOUR PERSONAL INFORMATION.
For further information on how we safeguard information we collect or are provided with, contact us via email at email@example.com.
RETENTION OF YOUR INFORMATION
We retain Personal Health Information you provide only as long as your Health Service Provider directs us to, in accordance with the Health Service Provider’s policies, our agreements with them, and applicable legislation they are subject to.
As a client, the data and information that we collect from you (including Personal Information) will be stored and maintained by MedMe Health or our third-party service providers until you delete it or instruct your Health Service Provider to delete it.
Currently, MedMe Health or our third-party service providers retain and store information collected by, or provided to, us in the cloud and on secure servers in Canada. Some of our third-party service providers may retain and store limited contact information (including Personal Information) outside of Canada for services such as appointment reminder communications that you have requested or accessed. Under the laws of those other jurisdictions, in certain circumstances courts, law enforcement agencies, regulatory agencies or security authorities in those other provinces or foreign jurisdictions may be entitled to access this information. At all times you will be made aware of when and what information they are sharing outside of Canada and have the option to not share this information and engage these services.
If you access our Site and/or use any of our Services, you are responsible for protecting the confidentiality of your account password and account information, and for restricting access to your computer, device or media system platform, and you agree to accept responsibility for all activities that occur under your account. Please notify us immediately if you detect suspected breach or misuse of your account.
ACCESS AND ACCURACY
Health Service Providers remain responsible at all times for your Personal Health Information collected, used, stored, and retained in the course of providing you Health Services. Any requests to access, amend/correct, or withhold access to or disclosure of your Personal Health Information are to be directed to your chosen Health Service Provider. Any such requests received by MedMe Health will be directed to the Health Service Provider involved and you will be notified of this action and how to contact your Health Service Provider for this matter.
As a client, for any MedMe platform specific Personal Information (if any) that is not specifically involved with Services from a Health Service Provider (and thus is not the responsibility of the Health Service Provider), MedMe Health will use commercially reasonable efforts to provide you access to your Personal Information (to the extent we are in possession of any) if you submit your request for access via firstname.lastname@example.org. Subject to applicable law, MedMe Health reserves the right to deny access to your Personal Information on any of the following grounds:
(a)when denial of access is required by law;
(b)when granting you access is reasonably likely to negatively impact other people's privacy;
(c)when granting access is, in our judgement and acting reasonably, cost prohibitive; or
(d)when we have reason to believe that such requests are frivolous or made in bad faith.
You are responsible for ensuring that all information created through your access to and use of the Site and/or Services is accurate, reliable and complete and you acknowledge and accept that the use of such information is at your own risk. We ask that you keep the Personal Information that you provide to us current and correct. You represent and warrant that all Personal Information you provide us is true and correct and relates to you and not to any other person.
If you believe that the Personal Information maintained by MedMe Health (not the Health Service Provider) about you, if any, is inaccurate or incomplete, you may notify us by describing in detail any inaccuracies or omissions via email at email@example.com. Following receipt of a properly submitted notice, we will, within a reasonable time period and acting in our sole discretion, use commercially reasonable efforts to either: (a) amend or correct your Personal Information to reflect corrected or additional information provided by you, or (b) in connection with your Personal Information, make note of any claimed inaccuracies or omissions reported in the notice submitted by you.
OUR POLICY REGARDING CHILDREN
MedMe Health recognizes the privacy interest of children, and our Site, Content and/or Services are not intended for children under the age of majority in your jurisdiction and we do not target our Site, Content and/or Services to children under the age of majority. MedMe Health does not knowingly collect or use any Personal Information from children under the age of majority unless provided by a parent or guardian using the Site and/or Services on behalf of such minor. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, please contact us at firstname.lastname@example.org. We will delete such information from our files within a reasonable time.
QUESTIONS OR COMMENTS
Privacy Officer and CEO
email@example.com or firstname.lastname@example.org