MedHelper Inc. manages and uses the brand names Med Helper, MédAide, My Active Health, Ma Santé Active, Medhelperapp.com, Medhelper.ca, Medhelper.com and Medhelpercloud.com (”Med Helper” “MedHelper” “MedHelperapp” “Medhelpercloud.com” “we,” “us,” “our”) are committed to protecting your privacy and complying with applicable data protection laws.
1. Our Services
MedHelper offers a treatment management platform that is accessible via our websites and mobile applications. This tool allows you to import or add treatment information (such as medications, measurements, exercises or activities) and setup reminders so you can track your adherence. Collectively, we refer to this tool as our “Service”.
The collection of your information by any third party service connected to our website or mobile application is governed by the Third-Party Services’ privacy policies and terms. We recommend you carefully review their privacy policies and terms, as MedHelper is not responsible for Third-Party Services.
Our Services are not intended for use by children and should only be accessed by individuals who are at least 18 years old.
2. What information do we collect?
We collect information about you as reasonably necessary for the following activities:
Using our Services
We collect the following information when you use our Services:
- Your contact and profile information including your name, email address, gender, date of birth and allergies; your preferences such as language, time zone, and the types of communication you would like to receive from us; and image (if you choose to provide this).
- If you chose to link your account with an insurer (we will not store your login and password information when you authenticate your insurer account).
- Your medication information that you have uploaded to the Service (including name, dosage, type, DIN, display name, current inventory, reason, prescribing physician and schedule information).
- Your activity information that you have uploaded to the Service (including name and scheduling information)
- Your measurement information that you have uploaded to the Service (including name and scheduling information)
- Your exercise information that you have uploaded to the Service (including scheduling information, exercises completed and KMs earned)
- Your appointment information that you have uploaded to the Service (including name and scheduling information)
- Notes you have created and uploaded to the Service
- Friends or Professionals you have connected with using the Service
- The adherence data on your medication and activities (logging when these events were taken, skipped or missed including logging the time taken for Take as Needed medications)
Logs, usage, and support data:
- Log data, which may include your IP address, the address of the web page you visited before using the Services, your browser type and settings, your device information (such as make, model, and OS), the date and time when you used the Services, information about your browser configuration, language preferences, unique identifiers, and cookies.
- Usage data and analytics, which may include the frequency of login, and the different types of activity undertaken by users.
- General Location information, such as IP address and the region in which you are located when you are logging in and using the Services.
- Customer support questions, issues, and general feedback that you choose to provide.
Google Analytics and Google Signals
We have activated Google signals in Google Analytics. Through this, any existing Google Analytics functions (advertising reports, remarketing, cross-device reports and reports on interests and demographic characteristics) are updated, to result in the summary and anonymization of your data, should you have permitted personalized ads in your Google Account.
The special aspect of this is that it involves cross-device tracking. That means your data can be analyzed across multiple devices. Through the activation of Google signals, data is collected and linked to the Google account. For example, it enables Google to recognize when you look at a product on a smartphone and later buy the product on a laptop. Due to activating Google signals, we can start cross-device remarketing campaigns, which would otherwise not be possible to this extent. Remarketing means, that we can show you our products and services across other websites as well.
Moreover, further visitor data such as location, search history, YouTube history and data about your actions on our website are collected in Google Analytics. As a result, we receive improved advertising reports and more useful information on your interests and demographic characteristics. These include your age, the language you speak, where you live or what your gender is. Certain social criteria such as your job, your marital status or your income are also included. All these characteristics help Google Analytics to define groups of persons or target audiences.
Those reports also help us to better assess your behavior, as well as your wishes and interests. As a result, we can optimize and customize our products and services for you. By default, this data expires after 26 months. Please consider, that this data is only collected if you have agreed to personalized advertisement in your Google Account. The retained information is always exclusively summarized and anonymous data, and never any data on individual persons. You can manage or delete this data in your Google Account.
Surveys, events, and marketing information
If you choose to participate in our surveys, contests, events (such as webinars and in-person events), or those in which we are affiliated, or request information from us about our Services, we may collect information about you related to the survey, contest, or event; your contact information, such as your name, email address, telephone number and address.
We may collect information on email open and click rates, including whether individuals clicked on links, and which web pages are visited after opening the email.
Browsing our websites
When you browse our websites, we collect information about you as described below, some of which is collected automatically:
- Aggregated website usage data including form analysis data (such as time taken to complete the form), engagement rate, session replay, and mouse movements. If you wish to opt out of this collection, please follow the steps outlined here. Please note this requires the use of an opt-out cookie, so if you reset your cookies, you will need to opt out again.
3. How do we use your information?
We use your information for the purposes described below:
Providing and securing our Services
- We need to identify and authenticate our users to ensure, for example, that only those authorized users are able to use the Services, and to make changes to their accounts.
- We use information that you provide when signing up to set up your account, contact you regarding the Services, and manage your account.
- We use your contact information and information related to your request to respond to your inquiries, manage our contract with you, respond to your questions and requests, and send you updates and information about the Services.
- We use logging and other data such as general location information—for example, the IP address of your browser or device, to help us manage the performance, security and compliance of the Services.
- We analyze usage information, your feedback, support queries, and survey responses to help us understand and make improvements to our Services.
Communicating with you
We use your contact information where appropriate to send you information about our Services, events, marketing communications (consistent with your preferences. We also use email statistics, such as open rates, to assess the effectiveness of, and to make improvements to our communications.
Improving our websites and applications
We use information about you to help us understand usage patterns and other activities on our websites and applications so that we can diagnose problems and make improvements, including enhancing usability and security.
4. What are your rights regarding the information about you?
When using our Services, you may access, update, or correct most of your Account information by logging in to your account to edit your profile.
If you have requests that cannot be carried out by logging in to your account, such as accessing additional information or deleting information about you, please email our privacy team. Please note that we may need to retain certain information about you for as long as you maintain an account for our Services, to provide you with our Services, for record keeping purposes, to comply with our legal and regulatory obligations, to resolve disputes, or to enforce the applicable terms of service or other agreement in place between you and MedHelper (the “Terms of Service”).
Requests to access, correct, or delete your information will be handled within thirty (30) days unless they are unusually extensive or complex, in which case we will advise you of the expected timeline for handling your request.
You can contact our Support team for other general requests about your account.
Marketing emails, advertising and website browsing
For marketing communications, you may opt out of marketing communications by clicking on the unsubscribe link in the marketing email you receive.
5. Who has access to your information?
MedHelper does not rent or sell your information. We restrict access to your information to authorized employees and we do not share your information with third parties except in the circumstances explained below.
Employees and Authorized Contractors
Our employees and authorized contractors may need to access information about you when they require this to perform their job. For example, a customer support representative would need access to your account to validate your identity and respond to your question or request; our email communications team would need access to your contact information to ensure this information is sent correctly and any unsubscribe requests are properly managed; and our security staff would need to review information to investigate attempted denial of service attacks, fraudulent account activity, or other attempts to compromise the Services.
All our employees and contractors are required to agree to maintain the confidentiality and protect the privacy of your information.
Service Providers, Authorized Resellers, and Partners
We will share limited information about you to authorized service providers we use for marketing services, communicating with you, managing our customer database, the provision of professional services, and providing and managing the Services (including hosting data centers and securing our Services).
We limit the number of service providers who are permitted to process your Content for the purpose of assisting us in delivering the Services. Prior to engaging any third-party, MedHelper evaluates their privacy, security and confidentiality practices.
|Entity Name||Activity||Location of Servers|
|Amazon Web Services, Inc.||Cloud Service Provider – Infrastructure and Storage||Canada|
|Firebase – Google||Cloud Service Provider – Mobile tracking analytics and reporting||Canada|
|Google Analytics||Cloud Service Provider – Mobile and Web tracking analytics and reporting||Canada|
|Zendesk, Inc.||Cloud Service Provider – Customer Support Services||United States|
|HumanisRx||Clinical Pharmacist Services||Canada|
|SendGrid||Email Service Provider||United States|
Law Enforcement, Government Agencies, and Professional Advisors
We may need to disclose information about you where we believe that it is reasonably necessary to comply with a law or regulation, or if we are otherwise legally required to do so, such as in response to a court order or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands.
In addition, we may be required to disclose information about you if we believe it is necessary to investigate, prevent, or take action: (a) against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use our Services), or to protect the personal safety of any person; or (b) regarding situations that involve the security of our Services, abuse of the Services infrastructure, or the Internet in general (such as voluminous spamming, or denial of service attacks).
6. How do we safeguard your information?
MedHelper maintains industry standard security safeguards to protect your information. This includes ensuring our employees receive appropriate security and privacy training and guidance so they are aware of the measures they need to implement to protect your information.
Access controls are in place to limit access to your information to those who need it to perform their jobs. For example, information about you may be provided to our customer support specialists to help you with your requests. Individuals who are permitted to handle your information must adhere to confidentiality obligations.
We encrypt data where appropriate to ensure that your information is kept private. We undertake vendor security and privacy reviews to ensure that vendors follow our stringent requirements to safeguard your information, and we also enter into data protection agreements with our vendors.
7. How long do we retain your information?
We retain your information only as long as required to provide the Services requested by you, for record keeping purposes, to comply with our legal obligations, resolve disputes, and enforce the terms for the Services.
Aggregated data is used by MedHelper for analysis, product improvement, and troubleshooting purposes.
After it is no longer necessary for us to retain information about you, we will dispose of it in a secure manner or anonymize the information.
8. Your Rights
Under PIPEDA you may have the following specific rights:
- The right to know about the personal information collected about you, which we have set out under “Information about your Personal Information”
- The right to have your personal information deleted.
- The right not to be discriminated against for exercising consumer rights under PIPEDA.
You may exercise your rights by emailing our Privacy team.
While we disclose personal information to service providers for the purpose of managing our relationship with you (e.g. distributing marketing communications) and providing the Services, we do not sell your personal information.
10. How to contact us
If you have any questions, concerns or feedback, please email our Privacy team and Privacy Officer/Data Protection Officer; or send a letter to:
6500 Trans-Canada Hwy
Pointe-Claire H9R 0A5 QC
If we are unable to resolve your concerns, you also have the right to contact your local data protection authority.
Office of the Privacy Commissioner of Canada
30, Victoria Street