Effective: September 26, 2023
Personal Information shall include (i) personal information as such term is defined in the Personal Information Protection Electronic Documents Act; (ii) personal health information as such is defined in the Personal Health Information Protection Act (Ontario), provided that for purposes of this policy, Personal Information shall not include information about Health Espresso employees in such employees’ capacity as employees of Health Espresso.
It is the policy of Health Espresso to keep any information gathered through the use of our systems secure. As such, user information is not disclosed or shared to unauthorized third parties except as allowed by Canadian law and described herein.
2. Personal Information and Personal Health Information
Health Espresso collects information that personally identifies the user, such as the user’s name, address, mobile telephone number, e-mail addresses, location, medical history and other information that the user provides to Health Espresso or information on the Health Espresso profile or account. Personal information may be collected in a number of ways, including: in person, over the phone, by mail, over the Internet, and from third parties who you have authorized to disclose Personal Information to us. We make every reasonable effort to keep your Personal Information as accurate, complete and up-to-date as necessary. If desired, you may verify the accuracy and completeness of your Personal Information in our records.
Users may choose to disclose Personal Information and Personal Health Information is disclosed to other users of the application, including designated Secondary Users, the user’s Physician(s) and other Health Care Provider(s), individuals and companies managing those Physicians and Health Care Professionals, and Health Espresso administrative and technology staff. If Users are being offered access to Health Espresso’s services and technology, including online subscription services, through their Health Care Professionals, information may be set to be disclosed with the Health Information Custodian (HIC) by default.
3. Collection, Use and Disclosure of Personal Information and Personal Health Information
The Health Espresso mobile app and online platform use Personal Information and Personal Health Information for purposes consistent with the collected information. The information users provide directly relates to the Health Espresso features users can take advantage of. For example, if users chose to share information with health care providers, Health Espresso aids access. Location information allows users to find health care providers in their area.
Health Espresso employees have minimal access to user Personal Information and Personal Health Information of subscriber services. Health Espresso has no access to information stored on the Health Espresso mobile app . Access is restricted to authorized employees with legitimate business reasons such as the ability to provide technical support if requested. We require all of our employees to abide by Health Espresso’s privacy standards. Our employees understand the importance of keeping your information private. For this reason, our employees are required to agree to a confidentiality agreement that prohibits the disclosure of any user information to unauthorized parties.
Employees are strictly prohibited from accessing or disclosing Personal Information without authorization. All employees are expected to maintain the confidentiality of Personal Information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.
Health Espresso uses third-party service providers to host servers in Canada. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to Health Espresso, but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.
The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.
Your Personal Information may be disclosed in situations where we are legally permitted to do so, such as in the course of employing reasonable and legal methods to enforce your rights or to investigate suspicion of unlawful activities. We may release certain Personal Information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.
Should Health Espresso conduct market or product research, it will never use Personal nor Personal Health Information; rather, it would fully anonymize information, meaning that it would render it unlikely to be traced back to an individual.
4. Usage and Aggregate Data
Health Espresso collects usage information from users to our services. The purpose of this collection is to understand how users access and use the services in order to enhance and optimize our services. Usage information and data could include but is not limited to the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of messages sent or received, and times at which the application was accessed. It may also include a record of when specific features of the Health Espresso App or Health Espresso Service are used. In addition, Health Espresso will collect aggregate data about a group or category of services or users. This information, as well as the Personal Information collected, enables Health Espresso to analyze trends, administer Health Espresso’s services and products, troubleshoot, enhance, and improve Health Espresso’s services.
Health Espresso maintains the right to inform our users about any change that may affect information collected or stored. We may be required to comply with a court order or governmental regulatory requirement or disclose information in connection to legal proceedings. If required to do so, we will make every effort to notify the relevant parties about the proceedings.
Health Espresso reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.
Health Espresso is not anticipating any changes in corporate status, however as we grow and develop that may change. You understand and agree that we may use your Personal Information and disclose your Personal Information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing Personal Information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your Personal Information for substantially the same purposes as those set out in this Policy. In the event the transaction does not go through, we will require, by contract, the other party or parties to the transaction not to use or disclose your Personal Information in any manner whatsoever for any purpose, and to return or destroy such Personal Information. Personal Information that is collected online remains subject to applicable legislation and corporate policy.
5. Data Retention
Health Espresso reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law.
For free users, Personal Information and Personal Health Information retention is limited to the Health Espresso app on the user’s device. This means removing information from the app, or deletion of the app itself, will delete the Personal Information and Personal Health Information, unless users have their own device back-ups. For this reason, Health Espresso reminds users to exercise care if deleting the app, as users who wish to re-engage Health Espresso’s services will need to re-enter information upon redownload.
Paid subscriber Personal Information and Personal Health Information is backed up in the cloud.
When the user chooses to use Health Espresso’s in-app communication features, including chat, Health Espresso processes and stores the user’s messages, logs, contact data, and other related information. Health Espresso does this in order to provide these communication options. Data will be stored indefinitely in a secure and private manner, either on the user’s mobile device, or for subscribers, online as part of the online platform. Information is deleted as per direction from the user as allowable by operational needs and relevant law. Health Espresso maintains security/privacy policies and procedures to ensure every step is taken to maintain the integrity of the data in our care.
6. Data Protection and Control of User Data
Health Espresso takes reasonable steps to protect information collected from users to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.
Health Espresso has appointed a Privacy Officer who works with the Information Security Manager. Together both are responsible for information system monitoring and information security policy and procedure management. The Privacy Officer is responsible for compliance with Health Espresso’s privacy program including,
Undertaking privacy impact assessment and threat and risk assessments on a regular basis;
Adopting policies and procedures on the basis of privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.
Health Espresso users may access their Personal Information by accessing their account and, should they require assistance, by contacting our Privacy Officer. Our Privacy Officer’s contact information can be found below.
Safeguard measures to ensure authorized access include: the use of a username and a password for authentication. Every user must keep their password and username safe and make sure that any person who has access to view such private information is permitted to do so. Users must contact Health Espresso immediately if the user believes their password has been misused. All Health Espresso web communications, and data stored in-app are encrypted in transit and at rest, using industry-standard AES encryption.
Health Espresso stores all Personal Information and Personal Health Information in Canada, with Amazon Web Services (AWS). AWS is hosting all Health Espresso servers, databases and applications in the AWS secure cloud. AWS is certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the Standard also includes the right to audit AWS for compliance.
Having read this notice and by choosing to use the Health Espresso App, site and Health Espresso Services, you consent to the collection, transfer, processing, storage, disclosure and other uses of your information described herein. In the event you set up a Profile that relates to someone other than yourself, you are solely responsible for ensuring that you have any and all consents and permissions to share that Personal Information with us and to use that information as part of the Health Espresso Services.
When adding secondary users, or healthcare professionals, to your profile, Health Espresso presumes users have implied consent for these parties to access Personal Health Information. To withdraw consent for secondary users or healthcare professionals, users may simply delete the secondary user/healthcare professional’s profile in-app.
Users may withdraw consent for Health Espresso’s App and Services at any time; however, be aware that withdrawal of consent may result in our inability to offer you our Services. Users who would like to close your Account or delete any Profile from your Account, please contact us at email@example.com. Health Espresso will use commercially reasonable efforts to honor your request, save when data retention is necessary to comply with legal obligations or contractual agreements.
8. Age Restrictions
Health Espresso's Site, Apps and Services are not directed to persons under the age of 13. Health Espresso does not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at firstname.lastname@example.org If Health Espresso becomes aware that a child under 13 has provided us with Personal Information, the company will delete such information from our files. If you as a user and have created a Profile for a minor under the age of 18, you represent and warrant to us at Health Espresso that you are the parent or legal guardian for that minor with a right to provide us the Personal Information of that minor.
9. Usage Risks
Exporting Information: Health Espresso offers users the ability to share information with their healthcare providers. The Health Espresso platform is designed to make this information sharing painless; it allows different ways to share. However, users should be aware that some methods of information sharing are less secure than others. If users export or send Personal Information / Personal Health Information, including sensitive information to:
Online cloud services, including Google Drive
Health Espresso cannot guarantee the security of these channels, the user's accounts or settings. Users send sensitive information over insecure methods or to insecure locations do so at their own risk.
Before sending sensitive information, users are encouraged to review the security of their choice.
Secondary Users: Users of Health Espresso have the option of allowing secondary users to their account. Secondary users include family or professionals outside of healthcare providers the user wishes to have access to their health records for monitoring of care, or as substitute decision-makers if the user becomes invalid and unable to make care decisions. Secondary users may only be added by the primary user of the account. Once enabled, Health Espresso cannot monitor or limit secondary user access to Personal Information or Personal Health Information, although primary users can remove access at any time.
For this reason, users should only enable secondary user access to those they trust.
10. Governing Law
11. Reporting a Problem
If you feel your account may have been compromised, or you discover abuse or misuse of Health Espresso Services, the Site or the Health Espresso App, please report it immediately to email@example.com and we will investigate.
12. Contacting Health Espresso
Subscribers may contact our Privacy Officer to make enquiries on our privacy practices or to the accuracy of their personally identifiable information and to request the update, correction or deletion of such information or account should they wish to do so. Any query, comments or concerns can be sent to us by email at firstname.lastname@example.org or by mail at the following address:
2275 Upper Middle Rd.
East, suite 101,
Oakville, Ontario L6H 0C3