Last Updated: July 8, 2022
Dialogue Health Technologies Inc. (“Dialogue”, “we”, “us” or “our”) is a company providing a secure platform (the “Platform”) that allows our members (the “Users”) once registered, to directly access virtual healthcare, mental health and well-being, and other orientation and counselling services, as well as self-guided health and wellness resources (the “Services”). Our broad choice of services is provided to our Users through the Platform with the help of standard forms and questionnaires developed by us or by our professionals, working as partners, contractors and employees whether by video call, audio call or text messages (the “Consultations”). Our Platform is accessible through our application available on mobile devices or through a web browser (the “App”).
This Policy describes:
(i) the type of information we may collect from you or that you may provide when you access and use the App, the Platform or when you visit the website dialogue.co (our “Website”),
(ii) how we collect, use, disclose, and protect the personal information, including personal health information, of our Users and/or website users (”you”), and
(iii) our practices for collecting, using, maintaining, protecting, and disclosing that information.
We will only use your personal information in accordance with this Policy unless otherwise required by applicable law. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and used for limited purposes. All employees and contractors of Dialogue collecting and processing personal information in accordance with this Policy are required to adhere to the protections described in this Policy. Whenever we engage a third-party service provider or whenever we work with a new partner, we ensure that the information is properly safeguarded at all times at a comparable level of protection the information would have received if it had not been transferred.
For the purposes of this Policy:
(i) “personal information” or “PI” means information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person; and
(ii) “personal health information” or “PHI” means information about an identifiable individual that relates to the individual’s physical or mental health, including name of patient, date of birth, medical history, medical treatment, medical test results, medication list, and health number. PHI may be found in medical records, treatment and examination notes and communications between patients and our healthcare professionals via the Platform.
We collect and use several types of information from and about you:
When you create an account on our Platform:
Personal information, that we can reasonably use to directly or indirectly identify you and contact you when needed, such as your name, date of birth, details (including photo) of your health insurance card, mailing address, e-mail address, telephone number, Internet protocol (IP) address used to connect your computer to the Internet, user name or other similar identifier and any other identifier we may use to contact you online or offline.
When you access and use the Platform and when you receive Consultations:
Personal information and PHI:
(i) personal information as described above;
(ii) all personal health information about your physical and mental health you may disclose to our care coordinators and healthcare practitioners that is relevant to establish your care plan, such as symptoms, medical history, clinician observations, appointment history, diagnosis, investigation results and treatment information; and
(iii) all personal information regarding your personal, familial, financial or legal situation (including your employment situation and career goals) you may disclose to our coordinators and professionals that is relevant to provide you with our orientation and counselling services.
De-identified, aggregated, and anonymized information: non-personal information that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as demographic information, or statistical or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from the personal information we collected. For example, we may aggregate personal information to calculate the percentage of Users accessing a specific feature of our Platform. We may also use your personal information obtained from Consultations for product development, services quality checks or research purposes (such as medical research and studies). Such information will be anonymized and de-identified before being analyzed and used for such purposes.
When you make or receive a payment through our Platform:
Any transaction information including your credit card or banking information or other financial data in order to process the payment will be collected and processed by a PCI-compliant third-party provider and will not be collected nor processed by Dialogue. Any other personal information you may provide for the purposes of the transaction will be collected and used to process your order only.
When you access and use our Website:
(i) Technical information, such as your login information, your geo-location information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our Website, and usage details.
(ii) Digital interaction information : Non-personal details about your Website interactions, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, or any phone number used to call our customer service number.
(iii) Job Applicant Information : resumé, cover letter, reference letter, employment history and interests that you may send us directly or through our Career page.
Our App also lets you connect certain fitness or other health and well-being accounts that you have with third-party providers. If you choose to connect an account you have with a third-party provider (a “connected account”), we will import information from that connected accounts into our App when you connect it.
Depending on the information contained in the connected account, this could include:
Data collected from connected trackers or devices, such as number of steps taken and activities/exercise (i.e. swimming, running, walking and cycling distances), weight, food and drink, heart rate.
If you choose to connect a connected account, we will tell you what information we will import from it before you connect it. If you agree, we will then access the connected account and import the information (going back to the date you first opened the connected account) into our App.
Tracker and Data Points Table:
We use different methods to collect your information, including:
Through direct interactions with you through the Website, the App, the Platform or during Consultations when you provide it to us, for example, by filling in forms and questionnaires, by receiving care from our healthcare practitioners or by receiving orientation and counselling services from our professionals.
Automatically, through cookies and other automated data collection technologies or interactions, as you navigate through our Website and the Platform. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies (the “Activity Information”).
Through business partners and clients that provide us with a list of eligible Users that can have access to our Platform and services.
The information we collect automatically is Activity Information that can be associated with your personal information, and we maintain it or associate it with personal information we collect directly from you or that we receive from third parties. It helps us improve our Website or our App and to deliver a better and more personalized service, including by enabling us to:
Estimate our audience size and usage patterns;
Store information about your preferences, allowing us to customize our Website or our App according to your individual interests;
Speed up your searches; and
Recognize you when you return to our Website and our App.
The technologies we use for this automatic data collection may include:
Flash Cookies. Certain features of our Website or our App may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website or our App. Flash cookies are not managed by the same browser settings that are used for browser cookies.
Web Beacons. Pages of our Website or our App, as the case may be, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Dialogue, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
You can opt-out of several third party ad servers’ and networks’ cookies simultaneously by using a relevant opt-out tool, such as the ones created by the Digital Advertising Alliance of Canada and the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.
We do not control these third parties’ tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
We use information that we collect about you or that you provide to us, including any personal information:
To provide you with access to our Platform and to any Consultations, information, products, or services that you request from us, including healthcare services;
To identify and authenticate you in order for you to access the Platform and to provide you with our services;
To create and administer your User account when you register on our Platform;
To communicate with you with respect to the Platform registration and your account and respond to your inquiries on the Platform, the App, our Website or our products and services offering in general;
To determine your eligibility to access the Platform and our services;
To notify you about new products or services releases, new partnerships and other key information on Dialogue;
To notify you about changes to our Platform, our App or our Website or any products or services we offer or provide though it;
To provide you with useful healthcare information and other information about trends and best practices in healthcare, mental health and well-being and other relevant topics in connection with our services;
To process your job applications through our Website;
To improve our Website, products or services, marketing, or customer relationships and experiences;
To fulfill any purposes we described before you provided the information; and
For any other purposes upon your consent.
We may disclose personal information and PHI that we collect or you provide as described in this Policy:
To third-party professionals, including specialist physicians, pharmacists, physiotherapists, psychologists, nutritionists, lawyers, financial advisors, career or marriage counselors or lab technicians, involved in providing you with the services or the Consultations. All professionals engaged by Dialogue, whether as contractors or employees, are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy. When the disclosure is part of a care plan or any other orientation and counselling services that you have agreed to, we will consider the agreed care plan or the orientation and counselling services to constitute implied consent;
For all other disclosures to a third-party not associated with Dialogues’ Platform or services, we will only make the disclosure after obtaining your express consent;
To fulfill the purpose for which you provide it; and
For any other purpose disclosed by us when you provide the information.
We may also disclose your personal information:
To comply with any court order, law, or legal process, including to respond to any government or regulatory request, in accordance with applicable laws, notably in case of suspected or actual privacy breach;
To third parties, when potentially life saving information during medical emergencies and reporting infectious diseases or fitness to drive; and
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Dialogue, our clients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
In order to provide you with some of our orientation and counselling services, we may need to transfer your personal information, including PHI when medically indicated, to different Dialogue partners, including lawyers, law firms, financial advisors, marriage counsellors, clinics, etc. We may also transfer your personal information, including PHI, to a third-party service provider for processing and storage in Canada. Whenever we engage a third-party service provider, we ensure that the information is properly safeguarded at all times at a comparable level of protection the information would have received if it had not been transferred.
We may disclose and share your personal information to explore and/or undertake a corporate transaction, including a merger, acquisition, amalgamation, IPO, reorganization or sale of Dialogue. Your personal information relevant to the transaction, such as billing information, can be used and disclosed solely for the purposes related to the transaction and will be protected by security safeguards appropriate to the sensitivity of the information. Your PHI will not be disclosed and will remain confidential, except in case of completion of a business transaction, in accordance with applicable law, to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Dialogue’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Dialogue about our clients and Users is among the assets transferred and is necessary for carrying on the business or activity of the company and the provision of our services.
We may share de-identified, aggregated or anonymized information with our clients for reporting purposes, including usage of our services, and with third party service providers for use in creating marketing materials, case studies and statistical analyses or for research purposes (such as medical research and studies). This allows Dialogue, its clients and our respective third-party service providers to understand how we are performing, or develop relevant products, services or offers.
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
Where necessary, we use carefully selected and trusted third party vendors to deliver selected services and enable the desired user experience within our App. These third parties are also known as sub-processors, as they process data on behalf of Dialogue as part of the provision of services. We require those vendors to demonstrate their own security and privacy practices so that we are fully confident in the way that your information is processed by them.
We engage sub-processors for many purposes, including for data storage and processing (including personal information and PHI), user authentication, platform infrastructure hosting, event tracking, and user engagement.
Dialogue ensures that all member/user data processing takes place within Canada, but benefits from an adequacy decision that is in place between Canada and both the EU and UK. This means that there is ‘essential equivalence’ between Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU and UK GDPR, protecting the processing of data of residents of those jurisdictions.
The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Such measures include:
Secure Storage: Dialogue stores all personal information and PHI in an Amazon Web Services (“AWS”) data center located in Canada. AWS is ISO 27001 certified and adheres to global privacy and data protection best practices.
Network Security: Dialogue has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly-accessible systems.
End-to-End Encryption: Dialogue encrypts all video, audio and written exchanges with you. Data transmissions and communications on the Platform are end-to-end encrypted using TLS version 1.2.
Privacy Policies and Training: Dialogue has implemented written policies, practices and procedures that specifically address the privacy and security of your personal information and PHI. Dialogue delivers privacy training to employees and contractors on how to safeguard personal information and mitigate operational risks. All Dialogue employees and contractors are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy.
SOC 2 Type II Compliance: Dialogue’s Information Security Policy and its related policies and processes are compliant with the trust services criteria relevant to security (“applicable trust services criteria”) set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria), in accordance with CSAE 3000 and AICPA Guide to Reporting on an examination of Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and Privacy (SOC 2).
The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Website and App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Please also ensure that while using the Platform and particularly during Consultations, you are in a safe and private environment where the confidentiality of your personal information and your privacy are adequately protected.
Unfortunately, the transmission of information through the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website or our App. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or our App.
Please note that here is no guarantee against data breaches. However, Dialogue has taken reasonable measures to prevent a breach, as described above. In the event of a data breach, Dialogue will notify Users at the first reasonable opportunity of the breach (where applicable), immediately apply remedial measures and notify any relevant provincial or federal authority in accordance with applicable laws.
Dialogue retains personal information and PHI only for as long as necessary to fulfill the purposes for which this information was originally collected, unless further retention is required for legitimate legal, regulatory or business purposes. When personal information and PHI is no longer required to be retained, Dialogue will securely destroy, erase or anonymize the information in accordance with relevant legal, regulatory and contractual requirements.
We reserve the right to use anonymized and de-identified data for any legitimate business purpose without further notice to you or your consent.
Some of your personal information and PHI cannot be deleted due to statutory retention requirements (for example, the minimum retention period of patient records varies by jurisdiction ranging from 10 to 34 years). For any deletion request, please follow the deletion request procedure in the App or contact us at firstname.lastname@example.org, and we will let you know if we can accommodate your request.
Our Website is not intended for children under 14 years of age. Children under age 14 may provide any personal information on our Website or our App, only with the consent of his or her legal guardian. Once the consent of the legal guardian is received, we will collect, use and process all personal information collected in accordance with this Policy.
Any access or change to any personal health information of children under 14 years of age will be given to the parent entitled to the information or the legal guardian only. We may request any relevant documentation from the parent or legal guardian, such as a copy of any custody and access agreement or any related court order, to proceed with any access or change requests.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to and to correct the personal information that we hold about you.
You can review and change your personal information by logging into the Website and visiting your Platform account profile page. If you want to review, verify, correct, or withdraw consent to the use of your personal information you may do so directly through the Platform, you may also send us an email at email@example.com to request access to or correct any personal information that you have provided to us.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your personal information without fee, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
Information protected by solicitor-client privilege.
Information that is part of a formal dispute resolution process.
Information that is about another individual that would reveal their personal information or confidential commercial information.
Information contained in patients’ records: you have the right to access your patient record as detained by our healthcare professionals, including all the PHI contained therein. If you request a copy of your patient record, it will be provided to you, subject to a reasonable fee. You can request access to your patient record by contacting us through the App. You may be temporarily denied access to your patient record if providing access would create a significant risk to your health. You will also be denied access to your patient record where disclosure would likely cause any substantial adverse effect on your physical, mental, or emotional health, or reveal personal information about a third person or the existence of such information and the disclosure may seriously harm that third person, unless the third person consents or in the case of an emergency that threatens the life, health or safety of the person concerned. We use reasonable means to ensure that information in your patient record is accurate. If you identify any inaccuracies, you can request that a note be made on the file indicating the inaccurate information.
We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you are concerned about our response or would like to correct the information provided, you may contact us at firstname.lastname@example.org
Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at email@example.com. Please note that if you withdraw your consent we may not be able to provide you with a particular product, service, or Consultation and you may not be able to access the Platform, the Website or the App anymore. We will explain the impact to you at the time to help you with your decision.
If you no longer wish to receive certain informational or promotional emails from us, you can opt-out by sending us an email stating your request to firstname.lastname@example.org. This opt-out does not apply to information provided by Dialogue as part of a product or service purchase, service experience, or other transactions.
With your consent, we may send you push notifications related to certain of our services. If you no longer wish to receive push notifications, you can opt-out by changing your preferences in the App or by sending us an email stating your request to email@example.com.
We welcome your questions, comments, and requests regarding this Policy and our privacy practices. Please contact our Privacy Officer and team at firstname.lastname@example.org.
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this Policy, and with applicable privacy laws. To discuss our compliance with this Policy please contact us at email@example.com.
If we are unable to resolve your issue to your satisfaction, you can file a complaint with the privacy commissioner in your province or territory, or with the Office of the Privacy Commissioner of Canada.