AVOCARE PRIVACY POLICY

Last updated: January 2018

This Privacy Policy describes how we, Avocare Corporation (“we”, “us”, “our” and “Avocare”) collect, use and disclose your personal information when you use our website, our applications and our services (collectively, the “Services”). By providing us with your personal information, each user of our Services (“you” and “your”) agrees to our collection, use and disclosure of your personal information in accordance with this Privacy Policy. This Privacy Policy forms part of the Avocare Terms and Conditions for Patients and should be read together with those terms. This Privacy Policy does not apply in respect of our employees’ personal information that is collected, used and disclosed in connection with our employment relationships.

In this Privacy Policy, the term “personal information” means (i) personal information as such term is defined in the Personal Information Protection Electronic Documents Act (Canada); and (ii) personal health information as such term is defined in the Personal Health Information Protection Act (Ontario). Personal information includes information such as contact information, name, address, phone numbers, email address, gender, data of birth, health-related information, medical and health history, medical records, prescription information and your health card number.

This Privacy Policy does not apply to data that has been collected in respect of which all personal identifiers have been removed such that the information could not reasonably be used to identify the individual. We may use de-identified information for statistical analysis and other research purposes.

Personal information collection

We collect personal information from individual patients and health care providers for the purpose of registering individuals for the Services, providing information and Services to individual patients, and allowing individual patients, health care providers, clinics and their personnel (collectively, “Clinic Personnel”) to communicate with each other via the Services. We may also request that you provide additional information that we may use to improve our business and the Services we provide. Providing this information to us is optional.

Avocare collects information such as your name, address, mobile telephone number, email addresses, medical and health history and other information that you provide to Avocare or information on the Avocare profile or account. Personal information may be collected in a number of ways, including: in person, over the phone, by mail, over the Internet, and from third parties who you have authorized to disclose personal information to us. We make every reasonable effort to keep your personal information as accurate, complete and up-to-date as necessary. If desired, you may verify the accuracy and completeness of your personal Information in our records.

Use and disclosure of personal information

We use and disclose personal information for the purposes described above under “Personal information collection”. We also use your personal information to help us better understand your needs, to improve the Services and for any additional purposes for which we have obtained your consent. In order to provide the Services to you, we may disclose your personal information to Clinic Personnel and our authorized employees and personnel who need the information for legitimate business reasons (“Our Personnel”). We require all Our Personnel to abide by our privacy standards. Our Personnel are prohibited from accessing or disclosing personal information without authorization. Our Personnel are required to maintain the confidentiality of personal information at all times.

We may use your contact information for the purpose of communicating with you about our Services. You may opt-out or unsubscribe from optional communications such as those that market our services or inform you about our events.

We do not disclose personal information to third parties except as contemplated in this Privacy Policy or as otherwise permitted or required by law. In some instances, such as a legal proceeding or court order, we may also be required to disclose your personal information to authorities. We only disclose the information specifically requested and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.

Your personal information may be disclosed in situations where we are legally permitted to do so, such as in the course of employing reasonable and legal methods to enforce our rights or to investigate suspicion of unlawful activities. We may release certain personal information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.

Business transactions

We may use and disclose your personal Information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets for the purposes of evaluating and allowing third parties to evaluate and performing the proposed transaction. These purposes include, for example, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing personal information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your personal information for substantially the same purposes as those set out in this Privacy Policy. In the event a proposed transaction is not completed, we will require, by contract, the other party or parties to whom your personal information was disclosed not to use or disclose your personal information in any manner whatsoever for any purpose, and to return or destroy such personal information.

Third party service providers

We use third-party service providers to provide technology, host data and servers, and otherwise assist us in providing the Services. These third-party service providers may have access to personal information as an incidental result of the services provided by them to us, but these parties are not permitted to access your personal information for their own purposes or uses.

Except where prohibited by law, we may use service providers that are located outside of Canada. As a result, some of your personal information may be processed, stored and/or disclosed in a jurisdiction other than Canada and it may potentially be accessible to law enforcement and national security authorities of that jurisdiction. In the event that foreign law enforcement and/or national securities authorities request your personal information, it shall only be provided in strict accordance with the law and subject to all required legal permissions.

Personal information retention and deletion

We may reject, suspend, alter, remove or delete data that you provide to us or submit using the Services if we determine that such data breaches our terms and conditions or that such actions are reasonable or necessary to protect us or others.

We process and store messages, logs, contact data, and other related information in order to provide the Services. We will maintain such data and information in accordance with our record retention policies and as permitted or required by law.

Safeguarding your personal information

We take reasonable steps to protect personal information that we collect to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction. We have in place reasonable physical, electronic and operating procedures to safeguard and secure the personal information we collect. Although we make reasonable efforts to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction, you should be aware that there is always some risk that an unauthorized party could find a way to breach our security procedures and systems and/or those of our service providers. This risk is heightened for information that is transmitted via unsecured or public WiFi.

We store personal health information in Canada, with MedStack. MedStack hosts all Avocare servers, databases and applications in the Microsoft Azure secure cloud. Microsoft Azure is certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors.

Cookies

Our website may use "cookies" to enhance the user experience. Web cookies are very small text files that are stored on the user’s computer from a webpage to keep track of information about the user’s browsing on that site. The use of cookies allows us to capture standard web traffic information, such as the time and date the user visited our website, their IP address, and their browser information. In no circumstances do the cookies capture any information that can personally identify the user. The user may choose to set their web browser to refuse cookies, or to alert the user when cookies are being sent. If the user sets their web browser to disable cookies, some parts of the website may not be accessible to the user.

Governing law

This Privacy Policy shall be governed by and interpreted, construed and enforced in accordance with the laws of the Province of Ontario and the laws of Canada applicable therein.

Contacting us

Subscribers may contact our Privacy Officer to make enquiries regarding our privacy practices or with respect to the accuracy of their personal information provided to us or retained by us and to request an update, correction or deletion of such information. You may access your personal information by accessing your account. Any query, comments or concerns can be sent to us by email at privacy@avocare.ca or by mail to the following address:

Avocare Corporation, 60 Atlantic Ave., Suite 200, Toronto, ON M6K 1X9, Attention: Privacy Officer

Changes to this Privacy Policy

We may change and update this Privacy Policy. We will notify our users of changes to this Privacy Policy by sending notices by email to the addresses provided by our users. The current version of this Privacy Policy will be posted to our website. By continuing to use our Services following a change to this Privacy Policy, or otherwise providing personal information to us, the user agrees to be bound by the revised version of this Privacy Policy.