Privacy Policy

Effective Upon: Feb 15, 2021

Last Updated: Feb 15, 2021

At the Canadian Research Group of Rheumatology in Immuno-Oncology (“us”, “our”, “we”), respect and protection of your private life is of the utmost importance. We want you to understand how we collect, use, disclose and protect your personal information, as well as how you can manage the personal information we collect from you. This Privacy Policy applies to your use of our website, services, features, learning modules and quizzes either online or offline (collectively, the “Services”).

By using our Services, you are accepting the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use our Services. If you do not understand, or if you have questions about this Privacy Policy, please contact us before using, or continuing to use, our Services.


Personal information means information about an identifiable individual (“personal information”), and does not include information that cannot be attributed to an identifiable individual, such as information of an aggregate or anonymous nature (collectively, “non-personal information”).


We will obtain your express consent prior to or when collecting, using, or disclosing your personal information for any purpose not described in this Privacy Policy, or for a purpose that was not identified to you nor reasonably expected at the time of collection, unless we are required or permitted by law not to obtain your consent. 

We may rely on your implied consent in certain circumstances, after taking into account factors such as the sensitivity of the personal information and your reasonable expectations.

We will limit the collection, use, and disclosure of your personal information to only that which is necessary for the purposes identified, unless you have otherwise consented, or when such collection, use, and/or disclosure is permitted or required by law.

You can always refuse to provide your personal information, except that it may prevent you from using our Services or receiving responses to your inquiries or other information of interest.



We collect two basic types of information from you when you provide it to us or when you use or interact with our Services: personal information and non-personal information.

The personal information we collect from you directly includes the following:

  • first and last name;
  • email address;
  • the type of healthcare professional you are;
  • the number of years you have been in practice;
  • the number of patients in the past year with rheumatic conditions you have managed;
  • the country you practice in; and
  • the province of Canada you practice in 

One or more of the pieces of information (except first and last name and personal – not work – email) above may not in and of itself or themselves constitute “personal information” but a combination of more than one piece of information may constitute personal information.  

We need to collect personal information from you in order to provide you with our Services, as well as to improve your experience using our Services. We will only collect, use, and disclose the personal information that we need in order to provide you with our Services.

You may also provide us with personal information in several other ways, including, for example when you:

  • use our Services, including visiting our website or participating in case rounds;
  • create an account;
  • correspond with us including through the “Contact” feature on the website;
  • sign up to receive updates on our Services;
  • ask for support or other assistance; or
  • interact with us in any other way, online or offline, including through our Services.


Like many websites, we may use cookies, web beacons, and/or similar log files. These are small text files that are stored on your computer browser or device when you visit certain online pages, images on web pages that track user activity on the website, or similar. We use these technologies to collect certain information in order to better your online experience.

You can set your browser or device to refuse all cookies or to indicate when a cookie is being sent. Setting your browser or device to decline cookies will prevent web beacons from tracking your activity. If you delete your cookies or if you set your browser or device to decline these technologies, some of our Services may not function properly. Our Services do not currently change the way they operate upon detection of a “do not track” or similar signal. 

We also use various types of online analytics, including Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on our Services. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use our Services, compile reports on the related activities, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google click here.

Other Sources 

We may also collect personal information from other sources (such as our third party service providers) or from our offline interactions with you to, among other things, enable us to verify or update information contained in our records and to better customize the Services for you.

Our Services may, from time to time, contain links to and from social media platforms. You may choose to connect to us through a social media platform, such as Facebook or Twitter, and when you do, we may collect additional information from you (including personal information), such as your screen names, profile picture, contact information, contact list, and the profile pictures of your contacts, through the social media platform. Please be advised that social media platforms may also collect personal information from you. When you click on a social plug-in, such as Facebook’s “like” button or Twitter’s “tweet” button, that particular social network’s plug-in will be activated and your browser will directly connect to that provider’s servers. We do not have control over the collection, use and disclosure practices of social media platforms and encourage you to review their privacy policies and practices, including their data security practices, before using these social media platforms.


Unless otherwise consented by you in advance, or as may be permitted or required by law, or if you have provided implied consent for the use of less sensitive personal information, we will only use your personal information to fulfill the purposes for which it was collected (and in accordance with this Privacy Policy).

We use personal information to:

  • provide you with our Services;
  • respond to your requests and communications;
  • maintain and improve our Services;
  • conduct surveys (and when conducting surveys we ensure that samples are representative of the general population) and research to better understand the preferences of our customers like you;
  • respond to legally binding demands from law enforcement, regulatory authorities or other third parties;
  • defend, protect or enforce our rights or Terms of Use;
  • to prevent fraud or the recurrence of fraud;
  • assist in the event of an emergency; and
  • comply with applicable law. 

We may use non-personal information for any legitimate business purpose.


Except as set forth in this Privacy Policy, or as required or permitted by law, we do not disclose your personal information to any parties other than our service providers, and their respective directors, officers, employees, agents, consultants, advisors or other representatives who or that have a need to use your personal information to provide (or improve) our Services, to legal or regulatory authorities, or for other purposes for which you have provided your consent. In no event will we sell or rent your personal information.

We may disclose personal information:

  • to our third party service providers to help us with the uses described in the Use section, above;
  • to comply with your directions or any additional consent you have provided us; and
  • to other parties where we are under a duty to disclose your personal information in order to comply with any applicable legal obligation including a regulatory process, or an order of a government institution, investigative body, regulatory body or judicial authority of competent jurisdiction.

We disclose non-personal information to third parties as reasonably necessary to meet our business needs. We do not disclose your personal information to third parties for their own direct marketing purposes without your consent. 


We are concerned about ensuring the security of your personal information, and we have taken appropriate measures to ensure its security and confidentiality. We exercise great care in providing secure transmission of your information from your browser or device to our servers. We store personal information that we have collected in secure operating environments and utilize security protocols such as passwords and firewalls. We will only retain your personal information for the period reasonably required to fulfill the purposes for which it was collected. We may retain non-personal information for as long as we have a business need to do so.

Once we receive your personal information, it may be transferred to and maintained on or in computing systems or cloud-based servers located outside of your province and in jurisdictions (where the data protection laws may differ than those of your jurisdiction). Your consent to this Privacy Policy followed by your disclosure of your personal information represents your agreement to such transfer and maintenance.

All of our service providers are contractually obligated to employ appropriate data security measures with respect to your personal information and to collect/use/disclose/retain it only within the scope required for the provision of our Services. The service providers we contract with will use your personal information only if required to perform their respective services. These include, for example, IT service providers that we retain to operate and safeguard our IT system that stores your personal information.

We try our best to safeguard personal information once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your information, please contact us as soon as possible.


On your reasonable written request, we will provide you, not later than thirty (30) days from our receipt of your request, or such additional time as required by law, with access to or information about your personal information (if any) under our custody or control, and the names of persons to whom, and any circumstances in which, your personal information has been and is being disclosed by us. You must provide sufficient information in your request to allow us to verify your identity and identify the information you are seeking.

If you request a copy of your personal information and the personal information can reasonably be reproduced, we will provide you with a copy of the personal information, or, if applicable, we will give you reasons for any delay in providing a copy of the requested personal information. All requests may be subject to minimal costs, in accordance with applicable privacy legislation.

We reserve all rights not to disclose personal information, in whole or in part, in certain circumstances permitted or required by law, including but not limited to where: 

  • the personal information is protected by any legal privilege;
  • the disclosure of the personal information would reveal confidential commercial information;
  • the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual; 
  • the personal information was generated in the course of a formal dispute resolution process; or
  • the personal information was collected by us without your knowledge and consent for reasonable purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.  

If access to your personal information is refused, in whole or in part, we will provide you with the reasons for the refusal, the provision of applicable privacy legislation on which the refusal is based, and the contact information of the Privacy Officer who can answer your questions about the refusal, and will inform you that you may ask for a review of the refusal in accordance with applicable privacy legislation.  

To submit a request to access your personal information or designate an authorized agent to make a request to access your personal information, please contact us. Our security procedures mean that we may request proof of identity before we disclose your personal information to you. 

The accuracy of the information we have about you is very important. To submit a request that we update your personal information, please contact us.

On your request, we will make every reasonable effort to correct outdated personal information, or errors or omissions in your personal information where that personal information is in our custody or control. Such request must be in writing, signed by you, and include sufficient detail to enable us to identify any personal information in our custody or control in relation to the request.

We will, as soon as reasonably practical and not later than thirty (30) days from our receipt of your request, or within such additional time as permitted or required by law, either correct the personal information and, if applicable and reasonable to do so, send correction notifications to any third party to whom we disclosed the incorrect personal information, or decide not to correct the personal information, but we will annotate the personal information under our control to indicate that a correction was requested but not made.

We will inform you of the action that we have taken in response to your request for correction, the contact information of the Privacy Officer who can answer your questions about your request for correction, and that you may ask for a review of the action taken in accordance with applicable privacy legislation.


We reserve the right to change our Privacy Policy from time to time by posting the changes here. If we make any changes to this Privacy Policy that materially affect your rights, we will provide you with notice by prominently posting those changes on our website, or via email, or both. Your use of our Services after we have made changes to our Privacy Policy will mean that you have accepted those changes.


If you have questions, concerns, or would like to update/change your personal information, you can always contact our Privacy Officer by sending an email to [email protected], attention: Privacy Officer.