Our Privacy Philosophy

This privacy policy (the “Policy”) explains how Data Based Medicine Americas Ltd. and its subsidiaries (collectively, “TaperMD”, “we”, or “us”) collect, use, disclose and safeguard the personal information that you or a third party provide in connection with (the “Website”). We have adopted this Policy to affirm our commitment to maintaining the accuracy, confidentiality, and security of personal information. Providing personal information or authorizing a third party to disclose personal information to us signifies your consent to TaperMD’s collection, use, and disclosure of personal information in accordance with this Policy. If you provide personal information to us about a third party or authorize a third party to disclose personal information to us, you agree that you were authorized to do so.

For the purposes of this Policy, “personal information” means information that is used by a government authority, financial institution, or insurance carrier to distinguish a person from other individuals ( e.g., social security number, social insurance number, credit card information, or insurance policy number) is private. Such information can be used to identify an individual (e.g., a person who works at a healthcare facility, or a resident or patient in a healthcare facility). Certain information may be used to contact a person directly (e.g., an email address, home mailing address, or telephone number). Depending on the jurisdiction, the above identifiers are considered to be Personal Information (“PI”), Personally Identifiable Information (“PII”), Sensitive Personal Information (“SPI”), or a similar term, and it is private. An individual’s business contact information and business title generally are exempt from privacy laws. Information about an individual’s health, including insurance and billing information, is also considered – depending on the jurisdiction – to be PI, Protected Health Information (“PHI”), Personal Health Information (also known as “PHI”), Individually Identifiable Health Information (“IIHI”) or a similar term, and it also is private. In Canada and the United States, the laws that primarily govern how we deal with the PI, PII, SPI, PHI and IIHI which you provide to us in relation to the Services are listed in Table 1.

For the remainder of this Policy, we will refer to all PI, PII, SPI, PHI, IIHI, and “Health Information” as “Personal Information” unless we specifically note otherwise. If we wish to refer only to information about a specific individual’s health but not to other forms of Personal Information, we will refer to “PHI.”

Identifying Purposes and Obtaining Your Consent

We identify the purposes for collecting personal information at or before the time it is collected. We will not collect, use or disclose your personal information without your informed consent, unless required or permitted to do so by law.

At TaperMD, we collect and use personal information so we can: (i) provide, maintain, and improve our products and services, which includes using the information to allocate resources, and otherwise run and manage TaperMD in the ordinary course; (ii) provide information to our employees, contractors, partners (which are deemed in this Policy to include McMaster University, on behalf of its Department of Family Medicine, and the American Society of Consultant Pharmacists) and affiliates to allow them to perform services on our behalf, including the provision of personal information to service providers engaged by TaperMD; (iii) send you newsletters or other communications to which you have subscribed or may be interested; (iv) comply generally with privacy laws and all other applicable regulatory requirements; (v) understand the demographics, interests, usage patterns, and other characteristics of customers and to track and analyze trends and patterns, including through the aggregation of personal information; (vi) administer surveys; (vii) offer you tailored content, including advertisements; and (viii) assist you when you contact our customer support services, including to direct your questions to appropriate individuals, investigate and address any of your concerns, and to improve and monitor our customer support responses. We may also use your personal information for purposes that are otherwise consistent with the terms of this Policy or that are permitted or required by law, and for purposes for which you have otherwise provided consent.
Should we require your information to fulfill a purpose that is not identified in this Policy, we will obtain your consent before proceeding.

Limiting the Collection, Use, and Disclosure of Your Personal Information

a) The information we collect

The type of personal information that we may collect, including when you register for an account, includes: (i) your name, mailing address, email address, and telephone number; and (ii) other information that you share in your communications with us, our employees, our contractors, or our partners, including on or through the Website and any applications available on the Website.

The choice to provide us with your personal information, either directly or through a third party, is yours. However, your decision to withhold particular information may limit our ability to provide you with some of our products or services.

b) How your information is collected

Personal information may be collected in a number of ways, including: in person, over the phone, by mail, by fax, over the Internet (including from our Website, by email, or through any of our applications or other software that we provide), and from third parties whom you have authorized to disclose personal information to us.

We may collect usage information from users of our services, including through the use of cookies, web beacons and tracking pixels, SDKs, and other similar technologies. Cookies are very small text files that are stored on your browser or device. Usage information collected from our Website and our applications may include your device type, device identifier, IP address, MAC address, location, browser type, operating system, duration of use, user behavior, length of time spent on the services, and frequency of use. We may use this information for purposes including remembering your preferences and settings, determining the popularity of certain content, authenticating users, determining the effectiveness of any advertising campaigns, and analyzing the behavior and interests of people (including traffic and trends) accessing our Website and applications. We may also allow others to provide analytics services (e.g. Google Analytics) and audience measurement services for us, to serve advertisements on our behalf on the Internet, and to monitor and report on the performance of those advertisements. These third parties may perform such services through the use of cookies, web beacons and tracking pixels, SDKs, and other similar technologies. By modifying your browser settings, you may be able to block cookies or otherwise make adjustments to the use of cookies, although this may affect the functioning of certain TaperMD services. You may also visit to opt-out of certain other cookies.

If you believe that a third party has inappropriately disclosed your personal information to us, please contact that third party directly. If the third party does not sufficiently respond to your inquiries, please let us know immediately.

Your personal information will only be used or disclosed in accordance with the purposes for which it was collected, unless you have otherwise consented or except where required or permitted by law.

c) We may monitor and record telephone calls

For the purpose of maintaining quality service, telephone calls to our customer service lines may be recorded. If your call is subject to a quality assurance program, you will be so advised prior to speaking with a representative.

d) Disclosure to third parties

We may share your personal information with our service providers in order for them to provide services to or on behalf of TaperMD, including processing and storage. These may include, for example, cloud storage providers and data analytics providers. To that end, when you provide personal information to TaperMD, the information may be stored on servers hosted or owned by a third party.

We may (i) share your personal information with our affiliates and partners; (ii) combine information internally across our affiliates or our different products and services; and (iii) combine personal information with demographic information, publicly available records and other third party information sources. We may use this information to provide you with a customized experience, to promote and develop products and services available through TaperMD or its affiliates, or as otherwise permitted by this Policy.

If you post a review, make a comment, or otherwise submit personal information on a public forum such as social media accounts or public forums on our Website or other applications, your communications may be viewable by the public.

We may also disclose personal information in situations where we are legally required or permitted to do so. The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements or to enforce your rights or to investigate suspicion of unlawful activities. In some instances, such as a legal proceeding or court order, we may also be required to disclose your personal information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so. We may release certain personal information when we believe that such release is reasonably necessary to protect the rights, property, or safety of ourselves and others.

We may use and disclose your personal information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing personal information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your personal information for substantially the same purposes as those set out in this Policy.

We may share Personal Information in the aggregate with third parties. For example, we may disclose the number of users that have been exposed to or clicked on advertisements. We may also disclose anonymized information about your use on TaperMD. For example, if you engage in a transaction in connection with TaperMD, we may publicly disclose information about the transaction in a manner that does not disclose Personal Information.

e) Keeping your information accurate

We make every reasonable effort to keep your personal information as accurate, complete and up-to-date as necessary. If desired, you may verify the accuracy and completeness of your personal information in our records.

Despite our efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date information in your file, we will remedy any such errors on a timely basis. In the event that inaccurate information is mistakenly sent to a third party, we will communicate relevant changes to the third party where appropriate.

Protecting Your Personal Information

a) Access to your information within TaperMD

Access to private, sensitive, and confidential information, including your personal information, is restricted to authorized employees or contractors with legitimate business reasons.

Our employees and contractors understand the importance of keeping your information private. All employees and contractors are expected to maintain the confidentiality of personal information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.

b) Disposal and Retention

Except as otherwise permitted or required by law, your personal information will be retained for so long as is reasonably necessary to fulfil the purposes for which it was collected.

c) Safeguarding your information

To ensure that your personal information is protected, we utilize security safeguards that are on par with the industry standard. We keep electronic customer files in a secured environment with restricted access and use.

Addressing Your Inquiries and Concerns
We are happy to provide you with a copy of this Policy.
Upon request, we will also inform you of: the type of personal information we have collected, how your personal information has been used, and any third parties to whom your personal information has been disclosed.
Please direct all questions or enquiries about this Policy to:

Data Based Medicine Americas Ltd.
181 Bay Street, Suite 1800
Toronto, ON, M5J 2T9

Updating this Privacy Policy

TaperMD strives to evolve to meet our customer’s needs and expectations, and that means our products and services may change, and how we offer our products and services may change. With that in mind, we review our privacy practices from time to time, and that our information handling practices may change. Any changes to our privacy standards and information handling practices will be reflected in this Policy in a timely manner. TaperMD reserves the right to change, modify, add, or remove portions of this Policy at any time. Please check this page periodically for any modifications. To determine when this Policy was last updated, please refer to the modification date at the bottom of this Policy. If at any point you do not agree with the terms of this Policy, you must not use TaperMD’s services.

Website and Apps Governed by this Privacy Policy

Our Website and any of our applications available from our Website or third-party platforms (including the iTunes Store and Google Play) are governed by the provisions and practices stated in this Policy. Our Website and such applications may contain links to third-party sites or applications that are not governed by this Policy. Although we endeavor to only link to sites or applications that share our commitment to your privacy, please be aware that this Policy will no longer apply once you leave our Website or such applications, and that we are not responsible for the privacy practices of third-party sites or applications. We, therefore, suggest that you closely examine the respective privacy policies of third-party sites and applications to learn how they collect, use and disclose your personal information.

Governing Law

This Policy and all related matters shall be interpreted and construed in accordance with the laws of the Province of Ontario and the applicable federal laws of Canada.

Personal Information Outside of Canada

TaperMD may perform activities outside of Ontario and outside of Canada through third parties. For example, personal information may be stored on servers outside of Ontario and outside of Canada. You acknowledge and agree that, as a result, your personal information may be processed, used, stored, or accessed in other jurisdictions and may be subject to the laws of those jurisdictions. For example, information may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in other countries.

Unless otherwise specified, TaperMD provides the Services from its headquarters in Toronto, Ontario, Canada and hosts customer’s production database in the customer’s country of residence. In the case of American customers, TaperMD may access a customer’s data from Canada for purposes of, for example: responding to support requests; fixing software issues; or, providing services to a customer on the back end of the platform (e.g., correcting errors in a resident record [subject to the conditions set forth in Section 8 of this policy], adding/removing a facility’s data to/from a customer’s database in the event of a purchase/sale/change in management, or performing simulation testing of our disaster recovery plan).

In the event of a disaster affecting TaperMD’s American data center, we will host American customers’ data in Canada until the disaster is addressed.

In the case of Canadian customers, backup data may be hosted in the United States in encrypted form, and within an encrypted environment.

Table 1: Privacy Laws Applicable to Personal Information

Applicable Law
(includes any amendments and implementing regulations)
Type of Personal Information Governed by the LawJurisdiction
Health Insurance Portability and Accountability Act of 1996, P.L. 104-191 *Protected Health InformationUnited States
Health Information Technology for Economic and Clinical Health Act of 2009, P.L. 111-5, Title XIII (amends HIPAA)Health Information and Individually Identifiable Health InformationUnited States
Personal Information Protection Act, SBD 2003, c. 63Personal Information (including that relating to the mental or physical health of individuals)British Columbia
Health Information Act, RSA 200, c. H-5Health InformationAlberta
Health Information Protection Act, SS 1999, c. H-0.021Personal Health InformationSaskatchewan
Personal Health Information Act, CCSM, c. P33.5Personal Health InformationManitoba
Personal Health Information Protection Act, SO 2004, c. 3, Sch. APersonal Health Information Ontario
Personal Health Information Act, SNL 2008, c. P-7.01Personal Health Information Newfoundland and Labrador
Health Information Act, RSPEI 1988, c. H-1.41Personal Health Information Prince Edward Island
Personal Health Information Act, SNS 2010, c. 41Personal Health Information Nova Scotia
Health Information Privacy and Management Act, SY 2013, c. 16Personal Health Information Yukon
Personal Information Protection and Electronic Documents Act, SC 2000, c. 5“An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions….”
Note that Personal Health Information is expressly excluded from Part 1 (“Protection of Personal Information in the Private Sector”).
Digital Privacy Act, SC 2015, c. 32 (amends PIPEDA)Personal InformationCanada
Canada’s Anti-Spam Legislation S.C. 2010, c. 23“An act to promote… the economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities….”
Requires express or implied consent to send commercial electronic messages (e.g., emails, texts and instant messages).

Last revised: Tuesday, August 25, 2020