At Heart Diagnostic on the Wheel Inc. (“HDW” or “we”), we recognize the importance of your privacy. We are committed to using your personal information responsibly and only to the limited extent needed to serve you better.
HDW is mobile diagnostic service providing electrocardiography and electrography as well as other non-invasive cardiac tests from patients’ homes. HDW incorporates artificial intelligence and machine learning into diagnostic and image processing. The system allows for expedient delivery of results to health care clinics and hospitals for follow-up treatments. The diagnostics we collect are provided to third party healthcare providers such as telehealth organizations, health care clinics and hospitals (“Healthcare Providers”).
We have completed this Privacy Policy specifically for our mobile diagnostic service. In this policy, the term “Mobile Clinic” means HDW’s mobile service that collects patient data via portable medical devices and transmits it to Healthcare Providers. The term “HDW Site” means the website located at www.hdw-co.ca and www.hdw-co.com
This Privacy Policy regulates how we internally use, protect and disclose to third parties any personal information within our possession collected from you through your use of the Mobile Clinic or the HDW Site. This Privacy Policy applies to our directors, officers, partners, employees, contractors and authorized representatives (“Staff”). It is at all times subject to the requirements of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”). Additionally, how we use or disclose your personal information may also be subject to the requirements of Canada’s Anti-Spam Legislation, S.C. 2010, c. 23 (“CASL”). Any terms not defined herein have the meaning that PIPEDA attributes to them, and this Privacy Policy is meant to be consistent with PIPEDA, or where PIPEDA is silent on a matter then CASL.
This Privacy Policy is governed by the laws of Ontario and the laws of Canada as applicable herein. It is not a contract and will be treated as a non-contractual set of policies and practices binding on TABIA Staff under Principle 4.1.4 (PIPEDA, Schedule 1).
Our Privacy Information Officer is responsible for ensuring that Staff complies with this Privacy Policy. For further information, please contact:
Dr. Samira Heidari at:
Info@hdw-co.com
The identity of our Privacy Information Officer is available upon written request as required by Principle 4.1.2 (PIPEDA, Schedule 1).
The Privacy Information Officer is always a single individual who is an Officer of HDW. The Privacy Information Officer may form a privacy team consisting of certain Staff (“Privacy Team”). If so, the Privacy Information Officer will lead the Privacy Team may delegate duties to one or more members on that team from time to time.
The Privacy Team is responsible for,
1. implementing procedures contained in this Privacy Policy into the Mobile Clinic or HDW Site in order to protect personal information;
2. training our Staff to comply with this Privacy Policy and PIPEDA and communicating to Staff information about changes and updates to HDW policies and practices relating to personal information; and
3. enforcing this Privacy Policy and correcting any potential or actual instances of breach when operating the Mobile Clinic or HDW Site; and
4. reviewing and responding to any communication or notice relating to this Privacy Policy or PIPEDA with respect to the Mobile Clinic or HDW Site.
The initial response to a privacy-related inquiry must be in writing and must include the name and contact details of the Privacy Team member providing the response.
When you use the Mobile Clinic, HDW collects, uses, and discloses personal information for the following purpose:
1. HDW collects personal information directly from individuals. Such information can include personal health information and statistics, names, addresses, debit and credit card information, amounts purchased and amounts spent.
2. HDW uses personal information to create charts, graphs, and metrics that can be provided to your selected third party healthcare provider for the purposes of diagnostics and treatment.
3. HDW uses any personal information it gathers to design, monitor, update, amend and improve any HDW applications including artificial intelligence and machine learning programs which process the data obtained through your use of the Mobile Clinic.
(“Purpose”)
If we change the purpose set out above we give notice of the change on our website and we will post an updated Privacy Policy.
To fulfill our purpose, we may collect the following kinds of personal information:
1. Individual customer’s health details, including information gathered through the use of the Mobile Clinic services; and
2. Individual customer’s name, home address, home telephone number, email and healthcare provider.
HDW collects information from its registered users and stores it on HDW servers. We will not share this information to the extent that it is restricted by PIPEDA or unnecessary to advance our stated Purpose. HDW will never sell your personal information to third parties.
The Mobile Clinic collects personal health information for the purposes of analyzing it, creating prediction models and transferring required data to Healthcare Providers. HDW expects all Healthcare Providers receiving customer information to fully comply with the requirements of PIPEDA and CASL.
Per Principle 4.1.3 of PIPEDA, HDW may, from time to time, work with third parties who will use and process personal information to administer and improve the HDW Site, internal analytical processes and the Mobile Clinic. HDW may also use and process personal information to comply with audits from third parties. Before transferring that information, we will ensure that a contract is in place between HDW and those parties that includes terms requiring those third parties to only process information for the Purpose outlined in this policy.
As permitted by section 10(8) of CASL, when you visit the HDW Site, we may place a “cookie” on the hard drive of your computer to track your visit. A cookie is a small data file that is transferred to your hard drive through your web browser and can only be read by the website that placed the cookie on your hard drive. The cookie acts as an identification card and allows ours website to identify you and to record your passwords and preferences.
The cookie allows us to track your visit to HDW Site so that we can better understand your use of our website so that we can customize and tailor HDW Site to better meet your needs. Most browsers are set to accept cookies but you can usually change this if you so desire. It should be noted that if cookies are not accepted, you may be unable to access a number of web pages found on HDW Site.
When collecting, using and disclosing personal information about you, we rely on your implied consent when you give us your personal information on request of your own free will. This is provided that we collect that information in the ordinary course of our business in accordance with our Purpose.
If we require information for a new purpose, our Staff will contact you (either by telephone, e-mail or in person), to identify the new purpose and seek your express consent. We do not collect personal information from children (anyone under 18) over the telephone or in person without a parent’s express oral consent.
When we are collecting your information via the HDW Site, you will be able to expressly consent by checking a checkbox at the end of the initial questionnaire. When we are collecting your information via diagnostic tools in the Mobile Clinic, you will be asked to sign an electronic consent. In the absence of any indication to the contrary, we will assume anyone supplying us with information online is over 18 years of age or has parental consent and guidance.
You can withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by sending an e-mail or a fax to our Privacy Information Officer at the contact information above. In such circumstances, a withdrawal of consent will impede our ability to provide HDW products or services to you. We will inform you of any implications connected to withdrawing your consent.
If you have asked us to put you on an email mailing list to provide you with certain information on a regular basis, and such emails constitute “Commercial Electronic Messages” under CASL, you may ask us to remove you from the list at any time (using the unsubscribe instructions provided with each email and on the site where you signed up).
We use our best efforts to limit the personal information we collect, use and disclose solely those details we need to fulfill our Purpose. We have designed our standard forms only to collect the information that we foresee we will need. We do not collect, use and disclose personal information using deceptive, fraudulent or unlawful means, and we do not conduct video surveillance.
When using and disclosing information to third parties like healthcare providers, we only disclose on a need-to-know basis. Also, we only do so with the appropriate contractual safeguards as contemplated in Principle 4.1.3 of Schedule 1 of PIPEDA.
We keep records of the work performed and services provided by us in accordance with applicable regulatory requirements and professional standards. These records may include personal information. Our records are stored with safeguards against inappropriate or unauthorized access. We retain contact information about individuals for the period of time the individual subscribes to our services.
We destroy electronic information by deleting it. This is done when a customer terminates their subscription to our services.
In order to fulfill our Purpose to a high quality standard, we ask you to update your personal information and maintain appropriate contact preferences from time to time. You also have the right to contact us in order to verify that the information we have on file is accurate.
We do not, as a practice, contact you in order to ensure that the personal information we have in accurate. We may take reasonable steps to do so when using that information in course of providing you with an ongoing product or service, provided our Staff is in regular contact with you. Otherwise, we strongly encourage you to contact us and ensure that the information we have in your file is up-to-date.
We respect the privacy of our customers/clients and employees and will protect that privacy as vigorously as possible. The methods we use include:
• Storing personal information in electronic files that are secure and to which access is restricted. We do not store personal information in paper form using physical files; and
• Password-protected computers (including on laptops, desktops and smart-phones) and the use of technology safeguards, such as firewalls, encryption and intrusion detection, to prevent hacking or unauthorized computer access; and
• Information technology and security professionals who monitor our network, ensure that all software is kept up-to-date, and work to minimize securities vulnerabilities and potential for network intrusion.
Unfortunately, no data transmission over the Internet or by electronic mail can be guaranteed to be 100% secure. As a result, we cannot ensure, warrant or represent that any information transmitted to us electronically will always be protected.
We do not store personal information on laptops and mobile devices outside the office with the exception of medical devices contained in the Mobile Clinic. Staff may remotely access the office network from a personal computer. Such access is only permitted if the computer has technology safeguards equal to, or better than, those on the computers belonging to our organization. Under no circumstances may Staff store data from our office network on a personal computer.
We recognize that technology and security measures evolve at a remarkable pace so at HDW we annually review our personal information safeguards with our Information Technology consultants and in-house experts. We want to ensure that our safeguards exceed industry best-practice.
Despite our safeguards and our best efforts, it is still possible that someone could infiltrate our systems and take personal information. In the event of such a data breach, HDW will:
1. Immediately investigate the circumstances of the breach including the date and time it occurred, the personal information compromised, and the individuals affected.
2. As quickly as possible ascertain the sensitivity of the information that has been compromised. Based on that analysis we will determine whether the breach could result in significant harm to the individuals involved.
3. Based on the analysis above, we will then identify the factors that contribute to a real risk of that significant harm occurring to the individuals involved.
4. Once the steps above are complete, we will identify:
.1 Any immediate steps that we can take to reduce the risk of harm. HDW will then proceed to take those steps as quickly as possible. These steps could include connecting with organizations or government institutions that we believe could reduce the risk of harm or mitigate that harm; and
.2 Any immediate steps that the affected individuals can take to reduce the risk of harm, or otherwise mitigate harm. This could include changing logins and passwords.
5. Once the steps above are complete, as soon as feasible (but not later than within 72 hours of learning about the event), we will,
.1 notify the Privacy Commission of Canada along with any other relevant government authorities, as required under PIPEDA; and
.2 notify all individuals whose data was compromised as required under PIPEDA.
6. We will continue to monitor the situation until we are satisfied that there is no longer any reasonable risk of significant harm. After the risk of significant harm is no longer material, we will audit our information collection and security safeguard systems and rectify any deficiencies. We will also consult professionals, and privacy experts, and, based on their guidance, implement any other solutions required to minimize the probability of said breach occurring again.
To attain our updated privacy policy, please email us at info@hdw-co.com.
You may review any personal information we have on you in our files by making a written request to our Privacy Information Officer at the address above.
Please include sufficient details in your request about the type of information that you would like to see about yourself. Please sign your request and send it by regular mail and we will contact you within 30 days of receipt. Please note that we only respond if you are making a request relating to your own personal information. We will not grant access to personal information about someone else.
We will be pleased to provide you with access to your personal information as long as it does not fall within an express PIPEDA exception. Examples of such exceptions include information protected by solicitor- client privilege; information generated in the course of a formal dispute resolution process; information about another individual where disclosure would reveal confidential commercial information; or information disclosed to the police or other lawful authorities where we are required to withhold disclosure.
Please note that summary information is available on request, subject to the terms above, but more detailed requests requiring archive or other retrieval costs may be subject to our normal professional and disbursement fees.
Should you have any questions or concerns about this Privacy Policy or how we handle your information- access request, please direct them to our Privacy Information Officer. He or she will be pleased to respond and if necessary investigate the matter.
We reserve the right to change our Privacy Policy at any time by posting a new version on our web site. In the event of a conflict between this version and another, the version that is later in time prevails.