We comply with the Health Insurance Portability and Accountability Act (HIPPA), so your information is safe and secure.
- We reserve the right to change this policy from time to time as industry practice, the law, and our procedures in this area may change from time to time. We will post the current version of this policy here. If the changes are significant, we will provide a more prominent notice.
- The platforms may contain links to other external websites, such as pharmacy websites. These sites are not operated by us and they may have different privacy policies. We are not responsible for the privacy practices of those websites. Your use of the Simpilli Platforms neither establishes nor governs your relationship with pharmacies. The services provided to you by pharmacies form bilateral contractual relationship between you and pharmacies and we are no parties to this agreement.
2. PERSONAL INFORMATION (PI) AND PERSONAL HEALTH INFORMATION (PHI)
- If the policies and procedures outlined in this document do not address a specific situation, individuals are advised to contact the Company's Privacy Officer for guidance or clarification.
3. PERSONAL INFORMATION (PI) AND PERSONAL HEALTH INFORMATION (PHI) WE COLLECT
- The Company collects and uses only the PI and PHI that we need for opening Simpilli Accounts for use of the Simpilli Platform and operating our business. Generally, the Company collects the following PI and PHI from individuals for the various purposes set out below:
- gender (optional)
- address - used for delivery of medications by the pharmacy.
- email address
- telephone number
- date of birth
- geographic information, including obtaining GPS location data from your mobile telephone or other device - required to show you nearby pharmacies to your current location.
- Scanned copy of prescriptions - needed by pharmacy to provide you their service.
- The Company collects, uses and discloses personal information and personal health information for the following purposes:
- to confirm your identity and personal information;
- to enable pharmacies to provide pharmacy services to you;
- to manage the Company's business and operations, including customer relationships and matters;
- to meet legal and regulatory requirements;
- Inform individuals about the Company's products and services that we believe may be of interest to them;
- Better understand an individual’s interests in our products and services;
- Deliver, develop, enhance or improve products and services;
- Verify access rights to our website and Apps;
- Meet regulatory requirements;
- Conduct market research;
- To enforce our legal relationship with you
- We normally collect information directly from you. We may collect your information from other persons with your consent or as authorized by law. Before or at the time of collecting information, we identify the purposes for which we are collecting the information. We do not provide this notification when information is volunteered for an obvious purpose. If we wish to use or disclose your information for a new purpose not included in this policy, we will notify you and seek your consent.
- We also receive and send data from our servers and from your browser when you visit our website, and use our application, including your IP address, the time and information about the page you requested and the website through which you were linked to our site, if any. We may use tracking technologies in a variety of ways, including the following: keeping count of return visits to our site; accumulating and reporting anonymous, aggregate (data collected in mass), statistical information on website usage; and determining which features users like best.
- Finally, your Internet browser has a feature called "cookies," which stores small amounts of data on your computer about your visit to our site. Cookies tell us nothing about who you are, however, unless you specifically give us personal information. You do not need to have cookies turned on to visit our site or app. You may also elect not to allow cookies to be collected by selecting certain options on your browser.
- Ordinarily we ask for consent to collect, use or disclose PI and PHI, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
- You may withdraw consent to the use and disclosure of PI and PHI at any time, unless the PI and PHI is necessary for us to fulfill our reasonable business or legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information.
5.COLLECTION OF PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION
- The purpose for collecting PI and PHI is set out in this policy. Any necessary consent shall be obtained before PI and PHI is collected, used or disclosed.
- We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain PI and PHI. Where express consent is needed, we will normally ask clients to provide their consent orally (in person, by telephone), in writing (by signing a consent form), or electronically (by clicking a button).
- We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain PI and PHI. Where express consent is needed, we will normally ask clients to provide their consent electronically by clicking a button. We may rely on “opt-out” consent for certain types of information.
- PI and PHI collected by the Company or on behalf of the Company will be sent to the Company’s head office in Canada and will be subject to the laws of Canada.
- Please note that we may use cloud-based services to store information (our servers are located in Canada).
6.SHARING OF PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION.
- Pharmacies.Pharmacies may access PI and PHI that you have entered, scanned or uploaded to the Simpilli platforms in order to provide you pharmacy services. Pharmacies may collect PI and PHI about you verbally through audio or video calls or by text through the chat and question feature. Pharmacies must comply with professional regulatory requirements, including as it relates to confidentiality and privacy and record keeping, as well as privacy laws. The information you reveal to pharmacies is at your own risk.
- Third Party or Affiliated service providers.We may hire service providers, which may be affiliates, to perform services on our behalf, including, but not limited to website developers, services and technology providers. We provide them with a limited amount of information which is necessary in order for them to provide the services required. They are prohibited from using the information for purposes other than to facilitate and carry out the services they have been engaged to provide. These service providers are not permitted to disclose this information to others. The Company will strive to protect your information disclosed to third parties by contractual agreements requiring that those affiliated service providers adhere to confidentiality and adequate security procedures.
- As permitted or required by law.From time to time, the Company may be compelled to disclose PI and/or PHI in response to a law, regulation, court order, subpoena, valid demand, search warrant, government investigation or other legally valid request or enquiry. In these circumstances, the Company will protect the interests of its customers by making reasonable efforts to ensure that orders or demands comply with the laws under which they were issued, that it discloses only the PI and PHI that is legally required and nothing more, and that it does not comply with casual requests for PI and PHI from government or law enforcement authorities. We may also disclose information to our accountants, auditors, agents and lawyers in connection with the enforcement or protection of our legal rights. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful or to law enforcement and emergency services providers, in an emergency or where required or permitted by law. We may release certain PI and PHI when we have reasonable grounds to believe that such release is reasonably necessary to protect the rights, property and safety of others and ourselves, in accordance with or as authorized by law.
- Business transaction.We may disclose PI and PHI to third party in connection with a sale or transfer of business or assets, an amalgamation, re-organization or financing of parts of our business. However, in the event the transaction is completed, your PI and PHI will remain protected by applicable privacy laws. In the event the transaction is not completed, we will require the other party not to use or disclose your PI and PHI in any manner whatsoever and to completely delete such information.
7.OBTAINING ACCESS TO PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION
- Upon request received by the Company in writing, individuals shall be informed of the existence, use, and disclosure of their PI and PHI records and shall be given access to that information. Requests to access PI and PHI held by the Company should be directed to the Company's Privacy Officer.
- Requests must be made in writing or by e-mail. Individuals may be required to verify their identity in order to access their PI and PHI. Any such documentation provided shall be used for verification purposes only.
- The Company responds to requests for access to PI and PHI within forty five (45) days of receipt of the request, or as may be permitted in accordance with applicable privacy legislation.
- A fee for reasonable costs incurred may be charged when responding to more complex requests, if authorized by law. The individual will be informed of the applicable fee.
- Requested information will be provided in a form that is generally understandable.
- The Company will be as specific as possible when describing to whom it has disclosed personal information about an individual.
- Individuals are permitted either to view the original record, or to request a copy, subject to limitations as permitted or required by law. To preserve the integrity of the record and ensure that documents are not removed from the Company, individuals wishing to view an original record will do so at the Company's head office and under the supervision of designated Company personnel.
8.LIMITATION TO ACCESS
- The Company will only refuse access to information about you in those circumstances permitted or required by applicable privacy legislation.
- In the event that the Company refuses to provide access to information, it will provide you with the reasons for its refusal upon request. Exceptions may include information that contains references to or opinions of other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. The Company will respond to your requests for access in accordance with applicable privacy legislation.
9.MAINTENANCE OF PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION
- PI and PHI shall be kept as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.
- Individuals have the right to challenge the accuracy and completeness of the PI and PHI that is maintained by the Company and have it amended as appropriate.
- Individuals seeking a correction or amendment to their PI and PHI should direct their requests in writing to the Company's Privacy Officer.
- All formal requests to amend PI and PHI must be accompanied by appropriate supporting documentation. The Company’s Privacy Officer will manage any exceptions. The amended information will be transmitted to service providers, as appropriate.
- If the individual is not satisfied with the results of the request, the Company shall internally document the issue, and provide a response. The existence of the unresolved challenge will be transmitted to service providers, as appropriate.
10.SECURITY OF PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION
- PI and PHI will be retained only as long as necessary and as required by applicable legislation and securities regulations and will be disposed of in a manner that is appropriate to the sensitivity of the information. We render client PI and PHI non-identifying, or destroy records containing PI and PHI once the information is no longer needed. We use appropriate security measures when destroying client PI and PHI, including shredding paper records and permanently deleting electronic records.
- PI and PHI will be protected by administrative, technical and physical security safeguards, appropriate to the sensitivity of the PI and PHI. All PI and PHI collected on the platforms is securely and digitally stored on servers physically located in Canada. The platforms are secured through encryption technologies. The platforms are licensed by us to pharmacies and are used by pharmacies to provide their service to you. We have implemented and maintain reasonable and appropriate security measures, procedures and practices to protect against the loss and unauthorized access, use, modification, destruction or disclosure of your PI and PHI while it is in our custody and control.
- Although we use encryption technology and security measures to protect your PI and PHI, when using the platforms you understand there are inherent risks to any technology that could cause these security measures to fail or be breached. This may result in unauthorized collection, use or disclosure of your PI/PHI.
- We will notify the Office of the Information and Privacy Commissioner, and any other Privacy Commissioners as required, without delay, of a security breach affecting personal information if it creates a real risk of significant harm to individuals or as required under applicable laws.
11. CHALLENGING COMPLIANCE
- If you are not satisfied with the response from our Privacy Officer after making a complaint, you may have recourse to additional remedies under applicable privacy legislation. For further information, please contact the Federal Privacy Commissioner or your provincial Privacy Commissioner, as applicable.
12. QUESTIONS AND COMPLAINTS
- If you have a question or concern about any collection, use or disclosure of PI and PHI by the Company, or would like to request access to your own personal information, please contact: Privacy Officer: Bal Singh at email [email protected]