Ellerca Privacy Policy

Effective date: September 1, 2019

This Privacy Policy, together with the Terms of Service, constitute the terms and conditions between you and Ellerca Health Corp. (or “ELLERCA”, “we”, “us”, “our”) for using the Services (as defined below). In particular, this Privacy Policy explains how and why we collect, use and disclose Personal Information (as defined below). Your use of the Services constitutes your agreement with this Privacy Policy and your consent to our collection, use and disclosure of Personal Information in manners consistent with the terms of this Privacy Policy and the Terms of Service.

1. OVERVIEW

ELLERCA collects information from you (or “your”) and about you, both directly from you, our nurses, and from third parties, such as your physician or your other health care providers, when you, our nurses, or such third parties use and access our applications for mobile devices (the “App”), our website http://www.ellerca.com/ https://360care.ca (the “Site”), or any of our platforms available on the App or the Site (the “Platforms”, and collectively with the App and the Site, the “Services”) or otherwise communicate with us. Personal Information (“Personal Information”) is as defined in and governed by the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”).

Personal Information includes Personal health information (“Personal Health Information”). For convenience, Personal Health Information is as defined in Ontario’s Personal Health Information Protection Act (“PHIPA”). If other applicable personal health information protection legislation in other Canadian jurisdictions provides a broader definition of personal health information than PHIPA, then that legislation applies.

PHIPA creates oversight of health information custodians (“Custodians”) such as physicians in private practice, nurses, social workers, and other regulated health care providers who collect, use and disclose Personal Health Information in the course of providing their services. Regulated health care providers who are Custodians (or who would be Custodians if they carried on their practices in Ontario) may use the Services. This Privacy Policy is intended to apply and comply with the standards in PHIPA in every jurisdiction in Canada, except where a Canadian jurisdiction outside Ontario has a higher standard of protection of Personal Health Information, it being the intention of this Privacy Policy that the higher standard of protection should apply in such jurisdiction.

Under PHIPA, an “Agent” is broadly defined as a person who, with the authorization of a Custodian, acts for or on behalf of the Custodian in respect of Personal Health Information.

Under PHIPA, a “Health Information Network Provider” is defined as a person that provides services to two or more Custodians to enable the Custodians to use electronic means to disclose Personal Health Information to one another. A Health Information Network Provider may or may not be an Agent. Please ask us for a copy of our plain-language description of the services that we provide to the Custodians, which includes a general description of the safeguards we have put in place to protect against unauthorized use and disclosure, and to protect the integrity of the Information.

ELLERCA is a Health Information Network Provider – meaning that we enable your Custodians, through the Services, to use electronic means to disclose your Personal Health Information to one another. Ellerca may also be an Agent of the Custodian nurses that we employ to provide services to you.

Throughout this Privacy Policy, Personal Information and Personal Health Information will be collectively referred to as “Information”. The data elements collected as part of this Information are further described in Section 3 of this Privacy Policy.

ELLERCA is committed to promoting individual privacy and protecting the confidentiality of the Information we hold. We demonstrate our commitment to privacy by implementing this Privacy Policy and security procedures to protect the Information we hold and by educating our staff and any others who collect, use or disclose Information on our behalf about their privacy responsibilities. We will treat the Information you and others provide through the Services securely and, subject to this Privacy Policy and as permitted or required by law, we will not collect, use or disclose your Information without your consent or otherwise as permitted by law. We take steps to ensure Information placed in the Platforms and otherwise collected as part of the Services are secure.

BY USING THE SERVICES, YOU SIGNIFY YOUR CONSENT to the collection, use and disclosure of your Information in accordance with this Privacy Policy and to the processing of your Information through the Services. If you do not consent, you must not use the Services. In most instances, the various services provided by ELLERCA can only be offered to you, our nurses, or other regulated health care provider if you provide your Information through the Services.

This Privacy Policy explains:

  • what Information we collect;
  • how we use that Information; and
  • the choices we offer, including how to access and update Information.

2. DEFINITIONS

“Account” means the account of a User (as defined below) who has a registered account.

“Health Care Provider” means any health care provider who provides health care services to you through the Services or who otherwise uses the Services for your diagnosis, treatment or other benefit, including our nurses.

“Non-identifying Information” means information that cannot be used to contact or identify you and is not linked to any Information that can be used to contact or identify you. It can include passively collected information about your activities and the activities of your Health Care Providers within the Services, such as usage data, but only to the extent that information is not linked to your Information.

“Patient” means a User who registers with ELLERCA with respect to receiving health care services and may therefore and for that purpose have access to the Services. You may become a Patient through your use of the Services.

“User” means an individual or other person who registers with ELLERCA and creates an Account, including any Custodians and Patients.

3. INFORMATION COLLECTED

Information is collected in three ways:

3.1 Information you provide

You provide Information to Ellerca when you register as a User, create a Patient profile, or communicate with us by email, phone, video conferencing, the App, the Site, any of the Platforms or postal mail:

  • When you register as a User or create a Patient profile. In order to use the full complement of the Services, you must register with Ellerca. When you register for the Services, you become a User with an Account. Your Information is recorded through our online registration. At the time of registration, we collect Information, which may include (but not be limited to) the following:
    • First and Last Name
    • Address
    • Email Address
    • Date of Birth
    • Phone Number
    • Gender
    • Weight
    • Height
    • Emergency Contact
    • Medical diagnoses and dates of diagnoses
    • Current medications and treatment plans
    • Insurance information
    • Names of your physicians or other health care providers, including those who you wish to designate as being in your circle of care
    • Other health information that you voluntarily provide
  • Once you become a Patient with an Account, additional Information that you provide (including via videoconference with a Health Care Provider) is stored as part of your profile. This may include: health insurance information, scheduled appointments, selected Health Care Providers, documents and Information that you or your selected Health Care Provider or other regulated health provider entity may upload, your medication adherence, and any other Information you or relevant third parties providing services to you choose to include.
  • Otherwise through the Services. If you are not a User, we may nevertheless collect Information you provide us with through the Services, such as contact information.

3.2 Information obtained from your use of the Services

When you visit our Site, use our App or any of the Platforms, or otherwise use the Services, the following Information may also be collected:

  • URL information and IP addresses. We may receive the digital address (URL) of the website that you came from when you access our Site over the internet. When you leave our Site, we may also receive the address of the website that you go to. ELLERCA may also receive the internet protocol (IP) address of your computer (or the proxy server you use to access the World Wide Web), your device operating system and type of web browser you are using, your mobile device (including your unique device identifier/UDID) and mobile operating system (if you are accessing the Services using a mobile device) as well as the name of your internet service provider or your mobile carrier. We may correlate this information with other Information we have about you.
  • Log information. We may automatically collect and store certain information in server logs about your user sessions when you log-in through your Account. This may include when and how often you access the Services and what tasks were performed. This information will be used for ELLERCA’s purposes to improve the design of our Services and to help us better understand how to increase your medication adherence.
  • Cookies and anonymous identifiers. We use cookies and tracking pixels (also referred to as web beacons) to track the Services usage and trends, customize your experience on the Services and improve the quality of our services. For example, by using these technologies we can determine among other things which pages of our Site you visit. A cookie is a tiny data file that resides on your computer, mobile phone, or other device, that allows us to recognize you as a User when you return to the Site using the same computer (or mobile device) and web browser. Using the settings in your browser, you can remove or block cookies, but in some cases doing so may impact your ability to use ELLERCA’s Services.
  • Functional information. Technical information that we collect to ensure that our systems are working properly and collecting reliable data.
  • Location information. We collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, and other sensors that may provide information on WiFi access points or cell phone towers. In addition to other purposes identified in this Privacy Policy, we use this information to help improve your medication adherence.
  • Videoconferences. We may also record and store the videoconferences relating to any services provided by a Health Care Provider to you using the Services.

3.3 Information we get from other Users

We collect information relating to your communication with other Users or your Health Care Providers, including any documents they may upload to the Services. This includes, but is not limited to, your medical history and any other Information (including personal health information) that you disclose to a Health Care Provider (including our nurses) and medical documents containing, amongst other things, medical records relating to you (“Medical Document”). For example, if a nurse conducts a mental health assessment with you, the Information they collect will be added to your file on the Services.

4. COLLECTION OF INFORMATION FROM CHILDREN

The Services are intended for use by individuals eighteen (18) years of age or older and have the capacity to form legally binding contracts under applicable law. ELLERCA does not knowingly collect, either online or offline, Information from individuals under the age of 18. At this time, the Services are intended for residents of Canadian provinces and territories.

5. ACCOUNTABILITY

We are responsible for Information we hold. ELLERCA demonstrates our commitment to privacy by implementing this Privacy Policy as well as security policies and procedures to protect the Information and by educating our staff and any others who collect, use or disclose Information on our behalf about their privacy responsibilities.

6. IDENTIFYING PURPOSES, CONSENT, AND LIMITING COLLECTION OF INFORMATION

ELLERCA may hire other companies to provide services on its behalf (each hereafter an “Agent”). ELLERCA gives each Agent only the Information it needs to deliver its service. ELLERCA requires Agents to maintain the confidentiality of Information and prohibits them from using such Information for any other purpose. It holds all such Agents accountable for compliance with this Privacy Policy.

ELLERCA and its Agents may use your Information for the following purposes:

  • to provide Users with information about the Services, including updates and notifications;
  • to send general e-mail communication (however the general e-mail communication will not include Information as defined in this Privacy Policy);
  • to maintain, administer, register and service your Account;
  • for support services;
  • contact you in response to your technical or general inquiries, or periodically solicit feedback and input from you;
  • to generate statistics and aggregate reports to improve the Services;
  • to provide services, included health care services;
  • to facilitate videoconferencing;
  • to improve your medication adherence;
  • to communicate with you;
  • to offer you tailored content;
  • to improve the quality of the Services or enhance your experience with ELLERCA;
  • for administrative, management and business purposes such as administration of your Account;
  • to store Information; and
  • verify Information you provide us as well as the representations and warranties you make to us in the Terms of Service or on Ellerca.

ELLERCA also collects, uses and discloses Information as identified at the time of collection, or as permitted or required by applicable law, including for any other purpose for which we have your consent.

ELLERCA assumes that your registration of an Account constitutes implied consent for the above purposes, all of which are of the essence of the Services, unless expressly instructed otherwise. If you do not consent, or if you withdraw your consent, the Services may not be available to you or your Health Care Providers.

The Services allows you to view manage appointments, track your medications and medication adherence, and communicate with Health Care Providers (including by videoconference), while enabling the Health Care Providers to manage the process more efficiently.

We limit the collection, use, retention and disclosure of Information to that which is reasonably necessary for the purposes outlined herein. By using the Services, you consent to the collection from and communication to Health Care Providers and any third party for the purposes set out in this Privacy Policy, by ELLERCA and any corporation, company or other entity effectively controlling or controlled by ELLERCA or associated with others under common control or ownership, and includes, but is not limited to subsidiaries (the “Affiliates”).

The Information we collect allows Health Care Providers to, among other things, view your health history, electronically transmit Medical Documents, and input health information in connection with the health care services they have provided to you.

You consent to our using aggregate, Non-Identifying Information collected via cookies and similar technologies to use in statistical analysis to help us track trends and analyze patterns in the use of the Services. You also consent to ELLERCA using any of your data in aggregate form for research or other purposes, including disclosure to third parties.

7. INFORMATION WE SHARE

We do not share Information with companies, organizations and individuals outside ELLERCA unless the following circumstances apply or as otherwise permitted or required by law:

  • With your consent, we will share Information with companies and organizations outside ELLERCA when we have your consent to do so. We require opt-in consent for this to occur, unless the law permits or requires otherwise.
  • By becoming a User of the Services, you consent to share your Information with other Users that you select or from whom you receive services, including, without limiting the foregoing, Health Care Providers within your circle of care.
  • By becoming a User, you consent to the sharing of your Information with your insurance companies, to the extent necessary for ELLERCA to bill your insurance companies and provide evidence of any services provided to you.

We will disclose Information where permitted or required by law including:

  • in an emergency if it is clearly in your interests or will reduce a significant risk of bodily harm to you or a third party and consent cannot be obtained in a timely way;
  • in relation to any legal proceeding to protect or defend ELLERCA’s or a third party’s rights or property;
  • to a public body or a law enforcement agency in Canada concerning an offence under the laws of Canada or a province (including to protect our property or the health, safety and property of our community);
  • to meet any applicable law, regulation, legal process or enforceable governmental request required or permitted by PIPEDA, PHIPA or other substantially similar provincial legislation in Canada or legislation applicable to a jurisdiction where the Services are being used;
  • to assist in an investigation or in the making of a decision to undertake an investigation;
  • to enforce our agreement with you or other Users, including payment terms and investigation of potential violations;
  • to comply with a subpoena, warrant or order issued or made by a court, person or body with jurisdiction to compel the production of Information, detect, prevent, or otherwise address fraud, security or technical issues; or
  • in certain circumstances as required for the integrity and reputation of our business and ELLERCA’s technology.

We may share aggregate, Non-Identifying Information publicly and with our partners. For example, we may share Information publicly to show trends about the general use of ELLERCA’s services.

We may disclose and transfer Information in connection with a financing of our business, merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of ELLERCA or its affiliates or as part of a corporate reorganization or change in corporate control.

8. LIMITING USE, DISCLOSURE AND RETENTION

Information will not be used or disclosed by ELLERCA for purposes other than those for which it was collected as set out in this Privacy Policy, our Terms of Service and your consent, except with your further consent or as permitted or required by law. Information will be retained by ELLERCA only as long as necessary for the fulfillment of those purposes. Information that is no longer required to fulfill the identified purposes will be destroyed, erased, or made anonymous safely and securely.

You acknowledge and agree that if you request that your Information be removed from the database created by the Services, it may not be possible to completely delete all Information due to technological and legal constraints. In addition your Health Care Providers may have retained copies of your Medical Documents and other medical information, simply by extracting them from the records in the said database in accordance with their own privacy policies and the requirements of their regulators and applicable law. ELLERCA does not have control over Health Care Providers (other than any Health Care Providers who are employees of ELLERCA) or other service providers in possession of your Information.

9. ACCURACY

ELLERCA will take reasonable steps to ensure that the information about you is as accurate, complete, and up to date as is necessary to minimize the possibility that inappropriate information may be used to make a decision about you. However, we cannot be responsible for errors in the records caused by you, your Health Care Providers, or other Users you authorize to have access to your Information.

10. SAFEGUARDS

We implement commercially-reasonable administrative, technical and physical security measures to protect your Information. These include the following:

  • ELLERCA uses symmetric 256-bit encryption using an RSA public-key SHA-2 algorithm and ECC public-key cryptography to secure connections between you and our servers and protect any data that is submitted to the system.
  • All Patient information is stored on a separate private database server that is inaccessible to the public internet.
  • All Patient and Health Care Provider’s data uses data-at-rest encryption which ensures that any underlying storage, automated backups, replicas, and snapshots of sensitive information are encrypted.
  • As part of becoming registered for an Account and becoming a User, you will be asked to create a password. You should create a password (one that uses letters and numbers or symbols and is not a dictionary word or name or that includes information about you such as your date of birth or middle name). Please change your password frequently. If you access the Services from a public computer, please ensure to fully log-out of your Account and delete your browsing history and cache. If you access the Services from your own computer, ensure that your computer is password protected.
  • The Information we collect will be stored on servers in Canada. Within ELLERCA, only Health Care Providers employed by ELLERCA or staff Users who require access to offer our services or maintain our services properly functioning and secure will have access to your Information. We require anyone who collects, uses or Information on our behalf to be aware of the importance of maintaining its confidentiality. This is done through the signing of confidentiality agreements, privacy training, and contractual means.
  • ELLERCA also takes steps to protect Information against theft, loss and unauthorized use or disclosure. Care is used in the destruction of Information, to prevent unauthorized parties from gaining access to the Information.

11. OPENNESS

Information about our policies and practices relating to the management of Information are available to the public, including:

  • Contact information for our Privacy Officers, to whom complaints or inquiries can be made;
  • The process for obtaining access to Information we hold about you, and making requests for its correction;
  • A description of the type of Information we hold, including a general account of our uses and disclosures;
  • The descriptions and documents referred to in subsection 6.(3) of Ontario Regulation 329/04 to PHIPA; and
  • A description of how to make a complaint to ELLERCA or to the applicable Privacy Commissioner.

12. ACCESSING AND UPDATING YOUR INFORMATION

12.1 Accessing and Updating your Information

You may access or update your Information by logging into your Account and accessing your Account settings.

To access, change or remove Information not accessible through your Account settings or profiles, contact our User Care team at:privacy@ellerca.com . In some cases, we may not be able to reasonably accommodate your request to remove or modify your Information, in which case we will let you know, and tell you why. For example, we cannot change the records made by Health Information Custodians because those records are subject to their own regulatory regime.

12.2 Cancelling your Account

If you have registered with ELLERCA and prior to any transactions, decide to deactivate your Account, you may contact our User Care team at privacy@ellerca.com and request deactivation. Except for the retention of such information as is required by law, your Information will be removed from the Platform.

If a transaction has occurred, the history from that transaction will remain, including but not limited to medical notes or documents, communication between and among Patient, physician or other Health Care Provider, and your appointment history.

We will retain your Information if we believe it may be necessary to prevent fraud or future abuse. We may also retain your Information and Non-Identifying Information for business purposes, such as analysis in the aggregate, Account recovery, auditing our records, enforcing our rights and obligations under our agreements or if required by law. To the extent permitted by law, ELLERCA disclaims any liability in relation to the deletion or retention (subject to the terms herein) of Information or any obligation not to delete the information.

13. CHALLENGING COMPLIANCE WITH OUR PRIVACY POLICY AND PRACTICES

Any person may ask questions or challenge our compliance with this Privacy Policy or applicable legislation by contacting our Privacy Officer(s):

ATTN : Privacy Officer
Ellerca Health
5925 Airport Road, Suite 200
Mississauga ON L4V 1W1

ELLERCA will receive and respond to complaints or inquiries about our policies and practices relating to the handling of Information, and will investigate all complaints. If a complaint is found to be justified, ELLERCA will take appropriate measures to respond. We will inform Patients who make inquiries or lodge complaints of other available complaint procedures, including to the Privacy Commissioner of Canada or the information and privacy commissioners of the Provinces in which such Patients live, as applicable.

14. CHANGES TO OUR PRIVACY POLICY

ELLERCA reserves the right, in its sole discretion, to modify this Privacy Policy at any time with all non- substantive changes taking effect immediately. For all substantive changes to our policy we will post notification of such modifications on our Site or App and in some instances by electronic communication, and after a period of 30 days, such substantive changes will take effect and will govern from that point in time. By continuing to access or use the Services after we have posted a modification via the Site or App or have otherwise provided you with notice of a modification, you agree to be bound by the modified Privacy Policy. If the modified Privacy Policy is not acceptable to you, you agree to immediately stop using the Services. You should periodically check the Site for updates. Your continued use of the Site or the Services after such effective date will constitute acceptance by you of the changes.

Empowering people to live their best lives.

Home

Company

Download

Copyright Ellerca Health Corp. 2020. All rights reserved.