Our Privacy Philosophy
For the purposes of this Policy, “personal information” means information that is used by a government authority, financial institution, or insurance carrier to distinguish a person from other individuals ( e.g., social security number, social insurance number, credit card information, or insurance policy number) is private. Such information can be used to identify an individual (e.g., a person who works at a healthcare facility, or a resident or patient in a healthcare facility). Certain information may be used to contact a person directly (e.g., an email address, home mailing address, or telephone number). Depending on the jurisdiction, the above identifiers are considered to be Personal Information (“PI”), Personally Identifiable Information (“PII”), Sensitive Personal Information (“SPI”), or a similar term, and it is private. An individual’s business contact information and business title generally are exempt from privacy laws. Information about an individual’s health, including insurance and billing information, is also considered – depending on the jurisdiction – to be PI, Protected Health Information (“PHI”), Personal Health Information (also known as “PHI”), Individually Identifiable Health Information (“IIHI”) or a similar term, and it also is private. In Canada and the United States, the laws that primarily govern how we deal with the PI, PII, SPI, PHI and IIHI which you provide to us in relation to the Services are listed in Table 1.
For the remainder of this Policy, we will refer to all PI, PII, SPI, PHI, IIHI, and “Health Information” as “Personal Information” unless we specifically note otherwise. If we wish to refer only to information about a specific individual’s health but not to other forms of Personal Information, we will refer to “PHI.”
Identifying Purposes and Obtaining Your Consent
We identify the purposes for collecting personal information at or before the time it is collected. We will not collect, use or disclose your personal information without your informed consent, unless required or permitted to do so by law.
At TaperMD, we collect and use personal information so we can: (i) provide, maintain, and improve our products and services, which includes using the information to allocate resources, and otherwise run and manage TaperMD in the ordinary course; (ii) provide information to our employees, contractors, partners (which are deemed in this Policy to include McMaster University, on behalf of its Department of Family Medicine, and the American Society of Consultant Pharmacists) and affiliates to allow them to perform services on our behalf, including the provision of personal information to service providers engaged by TaperMD; (iii) send you newsletters or other communications to which you have subscribed or may be interested; (iv) comply generally with privacy laws and all other applicable regulatory requirements; (v) understand the demographics, interests, usage patterns, and other characteristics of customers and to track and analyze trends and patterns, including through the aggregation of personal information; (vi) administer surveys; (vii) offer you tailored content, including advertisements; and (viii) assist you when you contact our customer support services, including to direct your questions to appropriate individuals, investigate and address any of your concerns, and to improve and monitor our customer support responses. We may also use your personal information for purposes that are otherwise consistent with the terms of this Policy or that are permitted or required by law, and for purposes for which you have otherwise provided consent.
Should we require your information to fulfill a purpose that is not identified in this Policy, we will obtain your consent before proceeding.
Limiting the Collection, Use, and Disclosure of Your Personal Information
a) The information we collect
The type of personal information that we may collect, including when you register for an account, includes: (i) your name, mailing address, email address, and telephone number; and (ii) other information that you share in your communications with us, our employees, our contractors, or our partners, including on or through the Website and any applications available on the Website.
The choice to provide us with your personal information, either directly or through a third party, is yours. However, your decision to withhold particular information may limit our ability to provide you with some of our products or services.
b) How your information is collected
Personal information may be collected in a number of ways, including: in person, over the phone, by mail, by fax, over the Internet (including from our Website, by email, or through any of our applications or other software that we provide), and from third parties whom you have authorized to disclose personal information to us.
If you believe that a third party has inappropriately disclosed your personal information to us, please contact that third party directly. If the third party does not sufficiently respond to your inquiries, please let us know immediately.
Your personal information will only be used or disclosed in accordance with the purposes for which it was collected, unless you have otherwise consented or except where required or permitted by law.
c) We may monitor and record telephone calls
For the purpose of maintaining quality service, telephone calls to our customer service lines may be recorded. If your call is subject to a quality assurance program, you will be so advised prior to speaking with a representative.
d) Disclosure to third parties
We may share your personal information with our service providers in order for them to provide services to or on behalf of TaperMD, including processing and storage. These may include, for example, cloud storage providers and data analytics providers. To that end, when you provide personal information to TaperMD, the information may be stored on servers hosted or owned by a third party.
We may (i) share your personal information with our affiliates and partners; (ii) combine information internally across our affiliates or our different products and services; and (iii) combine personal information with demographic information, publicly available records and other third party information sources. We may use this information to provide you with a customized experience, to promote and develop products and services available through TaperMD or its affiliates, or as otherwise permitted by this Policy.
If you post a review, make a comment, or otherwise submit personal information on a public forum such as social media accounts or public forums on our Website or other applications, your communications may be viewable by the public.
We may also disclose personal information in situations where we are legally required or permitted to do so. The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements or to enforce your rights or to investigate suspicion of unlawful activities. In some instances, such as a legal proceeding or court order, we may also be required to disclose your personal information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so. We may release certain personal information when we believe that such release is reasonably necessary to protect the rights, property, or safety of ourselves and others.
We may use and disclose your personal information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing personal information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your personal information for substantially the same purposes as those set out in this Policy.
We may share Personal Information in the aggregate with third parties. For example, we may disclose the number of users that have been exposed to or clicked on advertisements. We may also disclose anonymized information about your use on TaperMD. For example, if you engage in a transaction in connection with TaperMD, we may publicly disclose information about the transaction in a manner that does not disclose Personal Information.
e) Keeping your information accurate
We make every reasonable effort to keep your personal information as accurate, complete and up-to-date as necessary. If desired, you may verify the accuracy and completeness of your personal information in our records.
Despite our efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date information in your file, we will remedy any such errors on a timely basis. In the event that inaccurate information is mistakenly sent to a third party, we will communicate relevant changes to the third party where appropriate.
Protecting Your Personal Information
a) Access to your information within TaperMD
Access to private, sensitive, and confidential information, including your personal information, is restricted to authorized employees or contractors with legitimate business reasons.
Our employees and contractors understand the importance of keeping your information private. All employees and contractors are expected to maintain the confidentiality of personal information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.
b) Disposal and Retention
Except as otherwise permitted or required by law, your personal information will be retained for so long as is reasonably necessary to fulfil the purposes for which it was collected.
c) Safeguarding your information
To ensure that your personal information is protected, we utilize security safeguards that are on par with the industry standard. We keep electronic customer files in a secured environment with restricted access and use.
Addressing Your Inquiries and Concerns
We are happy to provide you with a copy of this Policy.
Upon request, we will also inform you of: the type of personal information we have collected, how your personal information has been used, and any third parties to whom your personal information has been disclosed.
Please direct all questions or enquiries about this Policy to:
Data Based Medicine Americas Ltd.
181 Bay Street, Suite 1800
Toronto, ON, M5J 2T9
TaperMD strives to evolve to meet our customer’s needs and expectations, and that means our products and services may change, and how we offer our products and services may change. With that in mind, we review our privacy practices from time to time, and that our information handling practices may change. Any changes to our privacy standards and information handling practices will be reflected in this Policy in a timely manner. TaperMD reserves the right to change, modify, add, or remove portions of this Policy at any time. Please check this page periodically for any modifications. To determine when this Policy was last updated, please refer to the modification date at the bottom of this Policy. If at any point you do not agree with the terms of this Policy, you must not use TaperMD’s services.
Our Website and any of our applications available from our Website or third-party platforms (including the iTunes Store and Google Play) are governed by the provisions and practices stated in this Policy. Our Website and such applications may contain links to third-party sites or applications that are not governed by this Policy. Although we endeavor to only link to sites or applications that share our commitment to your privacy, please be aware that this Policy will no longer apply once you leave our Website or such applications, and that we are not responsible for the privacy practices of third-party sites or applications. We, therefore, suggest that you closely examine the respective privacy policies of third-party sites and applications to learn how they collect, use and disclose your personal information.
This Policy and all related matters shall be interpreted and construed in accordance with the laws of the Province of Ontario and the applicable federal laws of Canada.
Personal Information Outside of Canada
TaperMD may perform activities outside of Ontario and outside of Canada through third parties. For example, personal information may be stored on servers outside of Ontario and outside of Canada. You acknowledge and agree that, as a result, your personal information may be processed, used, stored, or accessed in other jurisdictions and may be subject to the laws of those jurisdictions. For example, information may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in other countries.
Unless otherwise specified, TaperMD provides the Services from its headquarters in Toronto, Ontario, Canada and hosts customer’s production database in the customer’s country of residence. In the case of American customers, TaperMD may access a customer’s data from Canada for purposes of, for example: responding to support requests; fixing software issues; or, providing services to a customer on the back end of the platform (e.g., correcting errors in a resident record [subject to the conditions set forth in Section 8 of this policy], adding/removing a facility’s data to/from a customer’s database in the event of a purchase/sale/change in management, or performing simulation testing of our disaster recovery plan).
In the event of a disaster affecting TaperMD’s American data center, we will host American customers’ data in Canada until the disaster is addressed.
In the case of Canadian customers, backup data may be hosted in the United States in encrypted form, and within an encrypted environment.
Table 1: Privacy Laws Applicable to Personal Information
(includes any amendments and implementing regulations)
|Type of Personal Information Governed by the Law||Jurisdiction|
|Health Insurance Portability and Accountability Act of 1996, P.L. 104-191 *||Protected Health Information||United States|
|Health Information Technology for Economic and Clinical Health Act of 2009, P.L. 111-5, Title XIII (amends HIPAA)||Health Information and Individually Identifiable Health Information||United States|
|Personal Information Protection Act, SBD 2003, c. 63||Personal Information (including that relating to the mental or physical health of individuals)||British Columbia|
|Health Information Act, RSA 200, c. H-5||Health Information||Alberta|
|Health Information Protection Act, SS 1999, c. H-0.021||Personal Health Information||Saskatchewan|
|Personal Health Information Act, CCSM, c. P33.5||Personal Health Information||Manitoba|
|Personal Health Information Protection Act, SO 2004, c. 3, Sch. A||Personal Health Information||Ontario|
|Personal Health Information Act, SNL 2008, c. P-7.01||Personal Health Information||Newfoundland and Labrador|
|Health Information Act, RSPEI 1988, c. H-1.41||Personal Health Information||Prince Edward Island|
|Personal Health Information Act, SNS 2010, c. 41||Personal Health Information||Nova Scotia|
|Health Information Privacy and Management Act, SY 2013, c. 16||Personal Health Information||Yukon|
|Personal Information Protection and Electronic Documents Act, SC 2000, c. 5||“An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions….”|
Note that Personal Health Information is expressly excluded from Part 1 (“Protection of Personal Information in the Private Sector”).
|Digital Privacy Act, SC 2015, c. 32 (amends PIPEDA)||Personal Information||Canada|
|Canada’s Anti-Spam Legislation S.C. 2010, c. 23||“An act to promote… the economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities….”|
Requires express or implied consent to send commercial electronic messages (e.g., emails, texts and instant messages).
Last revised: Tuesday, August 25, 2020