Effective Upon: Feb 15, 2021
Last Updated: Feb 15, 2021
Personal information means information about an identifiable individual (“personal information”), and does not include information that cannot be attributed to an identifiable individual, such as information of an aggregate or anonymous nature (collectively, “non-personal information”).
We may rely on your implied consent in certain circumstances, after taking into account factors such as the sensitivity of the personal information and your reasonable expectations.
We will limit the collection, use, and disclosure of your personal information to only that which is necessary for the purposes identified, unless you have otherwise consented, or when such collection, use, and/or disclosure is permitted or required by law.
You can always refuse to provide your personal information, except that it may prevent you from using our Services or receiving responses to your inquiries or other information of interest.
We collect two basic types of information from you when you provide it to us or when you use or interact with our Services: personal information and non-personal information.
The personal information we collect from you directly includes the following:
- first and last name;
- email address;
- the type of healthcare professional you are;
- the number of years you have been in practice;
- the number of patients in the past year with rheumatic conditions you have managed;
- the country you practice in; and
- the province of Canada you practice in
One or more of the pieces of information (except first and last name and personal – not work – email) above may not in and of itself or themselves constitute “personal information” but a combination of more than one piece of information may constitute personal information.
We need to collect personal information from you in order to provide you with our Services, as well as to improve your experience using our Services. We will only collect, use, and disclose the personal information that we need in order to provide you with our Services.
You may also provide us with personal information in several other ways, including, for example when you:
- use our Services, including visiting our website or participating in case rounds;
- create an account;
- correspond with us including through the “Contact” feature on the website;
- sign up to receive updates on our Services;
- ask for support or other assistance; or
- interact with us in any other way, online or offline, including through our Services.
You can set your browser or device to refuse all cookies or to indicate when a cookie is being sent. Setting your browser or device to decline cookies will prevent web beacons from tracking your activity. If you delete your cookies or if you set your browser or device to decline these technologies, some of our Services may not function properly. Our Services do not currently change the way they operate upon detection of a “do not track” or similar signal.
We may also collect personal information from other sources (such as our third party service providers) or from our offline interactions with you to, among other things, enable us to verify or update information contained in our records and to better customize the Services for you.
Our Services may, from time to time, contain links to and from social media platforms. You may choose to connect to us through a social media platform, such as Facebook or Twitter, and when you do, we may collect additional information from you (including personal information), such as your screen names, profile picture, contact information, contact list, and the profile pictures of your contacts, through the social media platform. Please be advised that social media platforms may also collect personal information from you. When you click on a social plug-in, such as Facebook’s “like” button or Twitter’s “tweet” button, that particular social network’s plug-in will be activated and your browser will directly connect to that provider’s servers. We do not have control over the collection, use and disclosure practices of social media platforms and encourage you to review their privacy policies and practices, including their data security practices, before using these social media platforms.
We use personal information to:
- provide you with our Services;
- respond to your requests and communications;
- maintain and improve our Services;
- conduct surveys (and when conducting surveys we ensure that samples are representative of the general population) and research to better understand the preferences of our customers like you;
- respond to legally binding demands from law enforcement, regulatory authorities or other third parties;
- to prevent fraud or the recurrence of fraud;
- assist in the event of an emergency; and
- comply with applicable law.
We may use non-personal information for any legitimate business purpose.
We may disclose personal information:
- to our third party service providers to help us with the uses described in the Use section, above;
- to comply with your directions or any additional consent you have provided us; and
- to other parties where we are under a duty to disclose your personal information in order to comply with any applicable legal obligation including a regulatory process, or an order of a government institution, investigative body, regulatory body or judicial authority of competent jurisdiction.
We disclose non-personal information to third parties as reasonably necessary to meet our business needs. We do not disclose your personal information to third parties for their own direct marketing purposes without your consent.
We are concerned about ensuring the security of your personal information, and we have taken appropriate measures to ensure its security and confidentiality. We exercise great care in providing secure transmission of your information from your browser or device to our servers. We store personal information that we have collected in secure operating environments and utilize security protocols such as passwords and firewalls. We will only retain your personal information for the period reasonably required to fulfill the purposes for which it was collected. We may retain non-personal information for as long as we have a business need to do so.
All of our service providers are contractually obligated to employ appropriate data security measures with respect to your personal information and to collect/use/disclose/retain it only within the scope required for the provision of our Services. The service providers we contract with will use your personal information only if required to perform their respective services. These include, for example, IT service providers that we retain to operate and safeguard our IT system that stores your personal information.
We try our best to safeguard personal information once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your information, please contact us as soon as possible.
ACCESS, UPDATES, AND REMOVAL
On your reasonable written request, we will provide you, not later than thirty (30) days from our receipt of your request, or such additional time as required by law, with access to or information about your personal information (if any) under our custody or control, and the names of persons to whom, and any circumstances in which, your personal information has been and is being disclosed by us. You must provide sufficient information in your request to allow us to verify your identity and identify the information you are seeking.
If you request a copy of your personal information and the personal information can reasonably be reproduced, we will provide you with a copy of the personal information, or, if applicable, we will give you reasons for any delay in providing a copy of the requested personal information. All requests may be subject to minimal costs, in accordance with applicable privacy legislation.
We reserve all rights not to disclose personal information, in whole or in part, in certain circumstances permitted or required by law, including but not limited to where:
- the personal information is protected by any legal privilege;
- the disclosure of the personal information would reveal confidential commercial information;
- the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual;
- the personal information was generated in the course of a formal dispute resolution process; or
- the personal information was collected by us without your knowledge and consent for reasonable purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
If access to your personal information is refused, in whole or in part, we will provide you with the reasons for the refusal, the provision of applicable privacy legislation on which the refusal is based, and the contact information of the Privacy Officer who can answer your questions about the refusal, and will inform you that you may ask for a review of the refusal in accordance with applicable privacy legislation.
To submit a request to access your personal information or designate an authorized agent to make a request to access your personal information, please contact us. Our security procedures mean that we may request proof of identity before we disclose your personal information to you.
The accuracy of the information we have about you is very important. To submit a request that we update your personal information, please contact us.
On your request, we will make every reasonable effort to correct outdated personal information, or errors or omissions in your personal information where that personal information is in our custody or control. Such request must be in writing, signed by you, and include sufficient detail to enable us to identify any personal information in our custody or control in relation to the request.
We will, as soon as reasonably practical and not later than thirty (30) days from our receipt of your request, or within such additional time as permitted or required by law, either correct the personal information and, if applicable and reasonable to do so, send correction notifications to any third party to whom we disclosed the incorrect personal information, or decide not to correct the personal information, but we will annotate the personal information under our control to indicate that a correction was requested but not made.
We will inform you of the action that we have taken in response to your request for correction, the contact information of the Privacy Officer who can answer your questions about your request for correction, and that you may ask for a review of the action taken in accordance with applicable privacy legislation.
If you have questions, concerns, or would like to update/change your personal information, you can always contact our Privacy Officer by sending an email to firstname.lastname@example.org, attention: Privacy Officer.