Dialogue Privacy Policy

Effective as of 22 September 2023

Dialogue Health Technologies Inc. and its wholly owned subsidiaries (“Dialogue”, “we”, “us” or “our”) are a group of  companies providing the Dialogue Integrated Health Platform, a secure platform (the “Platform”) that allows our members (the “Users” or “you”) once registered, to directly access virtual healthcare, mental health and well-being, and other orientation and counseling services, as well as self-guided health and wellness resources (the “Services”). 

We treat your privacy with utmost respect and have established a set of policies, procedures and other practices, including this privacy policy (“Policy”), which govern our processing of your personal information to help explain the privacy features of our Platform, our App and our Website. 

Our broad choice of services is provided to our Users through the Platform with the help of standard forms and questionnaires (developed by us or by our professionals, working as partners, contractors and employees) whether by video call, audio call or text messages (the “Consultations”). 

Our Platform is accessible through our application available on mobile devices (the “App”) or on the website we operate, located at www.dialogue.co (our “Website”). When we refer to our “Platform” in this Privacy Policy we mean to also include the App and our Website.

Our Platform is also accessible through our relationships  with Canada Life ™  (under Consult+™ ) and Sun Life Canada through Lumino Health Virtual Care(“Lumino”). Consult+ ™ and Lumino connect their clients to the Dialogue Platform in order to access eligible Dialogue Services. This Privacy Policy applies to Consult+™ and Lumino. à

*Canada Life and Consult+ are trademarks of The Canada Life Assurance Company. 

 

Accountability

We take the appropriate steps to ensure that we comply with applicable privacy laws of the personal information we collect about you.  We maintain technical, physical and organizational safeguards to protect your personal information against loss, theft, unauthorized access, disclosure, copying, use or modification. We limit access to those who have a business need to know. Specifically, we are accountable for:

  • developing a governance structure that promotes and values privacy and that enables every one of our team members to make the right decisions, every day, about how to respect privacy when handling personal information;

  • ensuring we have in place an outsourcing procedure including identify, assess and contract for security safeguards with service providers that process personal information on our behalf;

  • ensuring that we properly identify and mitigate privacy risks throughout our operations, in part by striving to apply the principles of Privacy by Design in the development and review of our products and services, including where necessary conducting privacy impact assessments; and

  • earning and maintaining our Users, customers’ and team members’ trust by being transparent about how we handle personal information including personal health information (“PHI” defined in the Definitions section below) of our Users and by offering choices where it is appropriate to do so.

 

Local Distinctions

Please note that Telemedicine services are only available in Canada. In most provinces Dialogue has overall responsibility for protecting the privacy of your personal health information provided through the Telemedicine services and other Dialogue services. This Policy also describes how we help our employees who are health services providers meet their professional and legislative obligations as they relate to the management and protection of the privacy of personal information through the Platform.

In Alberta, where certain health services providers are designated custodians of the health information they collect, they have overall responsibility for the privacy of your Personal Health Information. Dialogue assists them with that responsibility to take the necessary steps to ensure they are equipped to meet all the statutory requirements they are subject to under the Alberta Health Information Act (“HIA”).

If you are a California resident, please also review our California Schedule for more information about the types of personal data we collect and disclose and the privacy rights you may have under California law.

Please also note that this Policy may change from time to time (see Changes to Our Policy for more information).

 

Consent

When you access our use Dialogue Services, you consent to our collection, use, disclosure and storage of your Personal Information, including Personal Health Information as described in this Policy.

BEFORE YOU ACCESS THE PLATFORM: Please read this Policy carefully to understand our policies and practices for collecting, processing, and storing your information, PHI and other types of information. If you do not agree with this Policy, your choice is to not use our Platform. This Policy should be read in conjunction with our Terms of Use.

WHEN ACCESSING THE PLATFORM AND SERVICES: You will be required to read and agree to our Terms of Use and Privacy Policy prior to using the Platform. By accessing the Platform you consent to the collection, use and retention of your personal information according to the terms of this Policy and in compliance with the Applicable Privacy Laws. We may request your express consent for the use of your personal information, including your personal health information. You have a choice to withhold or withdraw your consent for processing of your personal information, but sometimes this is not possible because of legal or contractual requirements. Additionally, withdrawing your consent may limit your access to the Services, products and functionalities of our Platform.

To collect, use or disclose Personal Information, including PHI outside of the purposes contemplated in this Policy, we will seek your additional consent.

CONSENT OF MINORS: Our Platform is not intended for children. Children may provide personal information on our Platform only with the consent of his or her legal guardian. Once the consent of the legal guardian is received, we will collect, use and process all personal information collected in accordance with this Policy. Any access or change to any Personal Health Information of children will be given to the parent entitled to the information or the legal guardian only. We may request any relevant documentation from the parent or legal guardian, such as a copy of any custody and access agreement or any related court order, to proceed with any access or change requests. In some jurisdictions such as Alberta, if a User is under the age of majority, the healthcare practitioner will determine whether the patient is a mature minor with the capacity to provide informed consent. If the User is not a mature minor, the healthcare practitioner will seek informed consent from his or her legal guardian, in accordance with the Applicable Privacy Laws.

USE OF THIRD PARTY LINKS, APPLICATIONS OR SERVICE PROVIDERS: We cannot control the processing of any of your information when you access and use third-party links, external applications or external service providers. Please note that our Website may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third-party website or engage a third-party website, app or plugin, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies.  We may refer you to a third party service provider such as in-person employee assistance programs, substance use, workplace referral, or professional counseling services.  We do not control these third-party websites, apps or third party service providers, and we encourage you to read the privacy policy applicable to those sites and services. 

 

Consent

  1. Definition

  2. Information we collect about you

  3. How we use your personal information

  4. Where we process and store your data

  5. Legal basesfor processing personal information

  6. How we keep information secure

  7. How long we retain information

  8. Your rights with respect to your personal information

  9. Changes to our policy

  10. Data protection authority

  11. Contact information

 

1. Definition

For the purposes of this Policy:

  1. Applicable Privacy Laws”  means any and all applicable privacy legislations and regulations relating to privacy and the collection, use and disclosure of Personal Information and Personal Health Information in all  jurisdictions where Dialogue offers their Services, including but not limited to the Personal Information Protection and Electronic Documents Act (Canada) and/or any comparable provincial laws including the Act respecting the protection of personal information in the private sector, CQLR c P-39.1, Personal Information Protection Act (Alberta), Health Information Act, RSA 2000, c H-5 (“HIA”), Health Information Regulation, Alta Reg 70/2001, the California Consumer Privacy Act(“CCPA”), the General Data Protection Regulation (“GDPR”), and the UK Data Protection Act (2018) (“UK GDPR”).

  2. Custodian” is an individual as defined under applicable Canadian personal health information laws , who receives and uses health information and is responsible for ensuring that it is protected, used and disclosed appropriately. By example, Dialogue’s employees who are registered nurses and physicians in Alberta are considered “custodians”.

  3. Personal Information” or “PI” means information about an identifiable individual and is synonymous with similar terms used in Applicable Privacy Laws such as “personal data”. It includes information, used alone or with other information, that can directly or indirectly be used to identify, contact, or locate a person. Please note that personal information excludes information that is anonymized and cannot be associated with an identifiable individual and aggregate information which represents compiled data from a group of individuals who can no longer be individually identified;

  4. Personal Health Information” or “PHI” means information about an identifiable individual that can directly or indirectly be used to identify that individual and that relates directly to the individual’s physical or mental health, including name of patient, date of birth, medical history, medical treatment, medical test results, medication list, and any other health information, such as information related to the registration of an individual for healthcare services or as may be defined in Applicable Privacy Laws such as in Alberta, PHI includes all “health information”, as defined in the HIA. PHI is found in medical records, treatment and examination notes and communications between patients and our health services providers via the Platform.

  5. anonymized” “aggregate” or “non-identifying information” means information that is about you and for which it is, at all times, reasonable to predict, in the circumstances, that it will irreversibly no longer be possible to identify you directly or indirectly.

  6. pseudonymized information” means information that no longer directly identifies you.

  7. Telemedicine services” means electronic information and communications technologies to provide and support health care at distance; and

  8. Orientation and Counseling Services” means legal or financial services, work and career advisory services, family, marital, and relationships advisory services and other personal, children and elder care services.

 

2. Information we collect about you

We collect and use several types of information about you, which is collected from various sources:

Information you provide when you create an account on our Platform. During the creation of your account, we ask you to provide personal information that we can reasonably use to identify you and contact you when needed, such as your name, date of birth, mailing address, e-mail address, telephone number, employer, and health plan entitlement. When you create a profile for your dependant(s) or family members, the same information may be collected.

Information you provide when you access and use the Platform and when you receive Consultations: When you access and use the Platform, you can provide the following type of information, which may be considered personal information:

  1. personal information collected when you create your account, update your profile for yourself and/or family members as described above;

  2. when necessary to the provision of the Services, your health card number;

  3. all personal health information about your physical and mental health you may disclose through the Platform, or to our care coordinators and healthcare practitioners that is relevant to identify you, triaging your care or to establish your care plan, such as symptoms, medical history, medication, clinician observations, appointment history, diagnosis, investigation results and treatment information (see also below “Sensitive personal information”);

  4. video and/or photographs you share to assist with diagnosis, identification purposes or may be taken during your consultation and

  5. all personal information regarding your personal, familial, financial or legal situation (including your employment situation and career goals) you may disclose to our coordinators and health services providers that is relevant to provide you with our Orientation and Counseling services.

Information you share for Identification: You will have the opportunity to provide us with a photo of your health insurance card or if it does not include a photo identifying you, a piece of identification issued by a government authority with a photo, to allow us to identify you when providing health care.

Information you share for making or receiving payment through our Platform:

The Platform enables the collection of payment card information in a wallet managed by a technology service provider. Any transaction information including your credit card or banking information or other financial data in order to process the payment will be collected and processed by a PCI-compliant third-party provider.

Personal Information you share when you contact us, or provide feedback in surveys and questionnaires: We also collect the information you provide to us when you contact us or send us questions, comments, suggestions or complaints, including your contact information and information about your inquiry that is necessary in order to address it or to respond to you.

Personal Health Information collected via the Platform. We may collect Personal Health Information from you through our Platform. We may collect this information directly (for example, information about your height, weight and lifestyle which you provide manually through our Platform) or from connected fitness tracker accounts (if they contain sensitive personal information and as further detailed below).

We may also offer a Health Risk Assessment (“HRA”) which you may be invited to complete. If you do so, then this will collect sensitive personal information including Personal Health Information directly from you (for example, information about your ethnicity) which will be used to highlight potential risk factors. We rely on your consent to collect and process this information as set out in this Privacy Policy. The information from the HRA may be used to identify additional resources and services for you in the Platform. We may use the information collected in the HRA for aggregated or de-identified reporting for analytics purposes. We would not share your HRA results identifying you directly or indirectly with our client or partners unless you provide your consent or has been made available by you.

PHI / Special Category Reason

Height

We collect this during onboarding to determine your BMI. (See BMI below)

Weight

We collect this during onboarding to determine your BMI. We also collect this if you create a weight goal.

BMI

We calculate your BMI from your height and weight for two reasons.

  1. To determine if you are in an at risk BMI category.

  2. To use it as part of our research and analytics 

Activity Data

If you enable a wearable device within the Platform, we will track permitted activity data. The type of data depends upon what you enable – e.g. if you enable steps data we will collect this and use it to track progress against your steps goal or your position within a steps challenge.

Ethnicity

Occasionally we run health risk assessments within which we may ask for your ethnicity. This is used to then determine if you are ‘At Risk’ – e.g. we might run an assessment to determine your risk factors for Diabetes.

Medical History

Occasionally we run health risk assessments within which we may ask for your medical history including medications, diagnosis. This is used to then determine if you are ‘At Risk’- e.g. we might run an assessment to determine your risk factors for Diabetes.

Family Medical History

Occasionally we run health risk assessments within which we may ask for your family medical history. This is used to then determine if you are ‘At Risk’- e.g. we might run an assessment to determine your risk factors for Diabetes.

Physical and Mental Wellness Survey

If you participate in assessments evaluating your physical and mental health we may ask you about your stress levels, mood, sleep, relationship impacts, and related questions. This is used to determine if you are ‘At Risk’ – e.g we may run an assessment to determine if you would benefit from speaking with a professional and/or share  additional support content to help monitor your Physical and Mental Health 

Information collected via technological means. We may collect the following information automatically when you access and use our Platform:

  1. Technical information, such as your login information, your geo-location information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our Website, and usage details.

  2. Digital interaction information: Non-personal details about your Website interactions, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, or any phone number used to call our customer service number.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website or our App. For additional information about our Cookies, please refer to our Cookies Notice.

Flash Cookies. Certain features of our Website or our App may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Platform. Flash cookies are not managed by the same browser settings that are used for browser cookies.

Web Beacons. Pages of our Platform, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Dialogue, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We may collect certain information, through our Platform, that does not allow us to identify an individual directly or indirectly. This information does not constitute personal information.

Information collected via your connected accounts. Our Platform also lets you connect certain fitness or other health and well-being accounts that you have with third-party providers. If you choose to connect an account you have with a third-party provider (a “connected account”), we will indicate what information we will import from it before you connect it. If you agree, we will then access the connected account and import the information from that connected account into our Platform (going back to the date you first opened the logged in Dialogue account).

Depending on the information contained in the connected account, this could include data collected from connected trackers or devices, such as:

  • Number of steps taken

  • Activities/exercise (i.e. swimming, running, walking, hiking, workout, cycling distances)

  • Weight

  • Blood Pressure

  • Calories Burned

  • Sleep

  • Food and Drink

  • Heart Rate

  • Inhaler Usage

  • Blood Glucose

  • Body Temperature

  • Locations

Information we may collect from our customers and business partners. We collect information about you from our customers (e.g., your employer) or business partners (e.g., your insurer) who provide us with lists of individuals eligible to access our Services. The information that we collect may include such as your name, date of birth, mailing address, e-mail address, telephone number, employer, and health plan entitlement, department. Our customers or business partners may also share with Dialogue information to enable a referral to services such as workplace referral, employee assistance programs.

Information we may collect from third party service providers. We collect information about you from external third party service providers that you have agreed to be referred to such as Orientation and Counseling Services, in-person employee assistance programs, substance use, workplace referral, or professional counseling services. The information they share is to verify attendance, ensure continued care, and for billing purposes. 

 

3. How we use your personal information

We may use information that we collect about you or that you provide to us, including any personal information for the following purposes listed in this Policy or as permitted or required under Applicable Privacy Laws:

To provide you with access to our Platform and our services. We may use your personal information to provide you with access to our Platform and to any Consultations, information, products, or services that you request from us. More specifically we may use your personal information:

  • To determine your eligibility to access the Platform and our services

  • To create and administer your User account when you register  on our Platform;

  • To communicate with you with respect to the Platform registration and your account and respond to your inquiries on the Platform or our products and services offering in general;

  • To present service options and resources available to you

To administer our business activities. We may use your personal information for reasons in connection with our business activities, including but not limited to:

  • To carry out our obligations and enforce our rights arising from any contracts we may have with you, notably our Terms of Use, including for billing and collection or to comply with legal requirements;

  • To implement and maintain safeguards that protect your personal information.

To support our health services providers in the administration of their professional and legislative obligations. In order to provide you with our Services, we may employ health services providers who are subject to various professional and legislative requirements pertaining to the protection of your personal information and personal health information. To ensure the utmost level of protection of your Personal Information and PHI, we offer various legal, administrative, technical and information management services to these practitioners.

By way of example, in Alberta, custodians retain ultimate accountability for the management and protection of the Personal Health Information they collect from you. As an affiliate of these custodians, we provide them with services to help administer their obligations under Applicable Privacy Laws. To this end, custodians may provide us with access to your PHI, without seeking further consent from you, to enable us to adequately support them, all in compliance with the provisions of the HIA and its regulation. For more information on our Information Management Program for Alberta custodians, please contact us at privacy@dialogue.co.

To communicate with you and to respond to your inquiries or requests. We may use your personal information to communicate with you on several occasions including:

  • To notify you about new products or services releases, new partnerships and other key information on Dialogue;

  • To notify you about changes to our Platform or any products or services we offer or provide through it;

  • To provide you with useful healthcare information and other information about trends and best practices in healthcare, mental health andwell-being and other relevant topics in connection with our services;

For study, research and statistical purposes. We may use your personal information for research, research and statistical purposes, including for medical research purposes, to improve our Platform, products or services, marketing or customer relationships and experiences,  improve health outcomes. For example, we can create statistics to demonstrate the usefulness of our Platform or conduct research to determine how to improve certain services and develop new ones. When required by law, we use pseudonymized or anonymized information to achieve these purposes.

We may also combine your pseudonymized personal information with other pseudonymized information we receive from your employer or insurer for our internal data analysis purposes (for example, to understand and demonstrate the use and utility of our services) and to create pseudonymized, aggregated reports that do not allow your identification. We may share such de-identified information or insights with our partners to assist in research, planning, or product and service development.

We may collect and analyze information about the actions you take on our Platform or the usage of our Services to better understand what services to provide and product needs. We analyze Personal Information account profile and actions you take on the Platform (such as your usage patterns) and your ratings or responses to surveys, to better understand how we can improve.

To improve our services, marketing and customer relationship management. We may use your personal information to provide you with personalized content and services, such as tailoring our products and services, our digital experience and offerings, and deciding which offers or promotions to show you on our digital channels.

We may also use your personal information to communicate with you in a variety of ways (for example, by email, telephone, text message, direct mail or through our online support services) about our programs, products, services, special offers, promotions, contests or events that may be of interest to you.

If you no longer wish to receive our commercial electronic messages, please follow the unsubscribe procedure included in each of these messages. For more information on this topic, see the Your Rights with Respect to your Personal Information section of this Policy.

For other purposes. We may use your personal information to protect you, our rights, property and safety and those of our employees, customers and the public, to detect and prevent fraud and to comply with legal requirements. 

 

4. Who has access to your personal information

We will not disclose your Personal Information for any purpose other than what has been outlined in this Policy or as permitted under applicable law, unless we obtain your consent. We disclose only the limited amount of Personal Information necessary to meet these purposes.

We do not sell your Personal Information to any third parties.

The following are individuals who may have access to your personal information, and in which cases:

Our health services providers and other professionals and advisors who offer Services, including via the Platform. For continuity of care purposes, or when necessary to enable them to provide their services and comply with their legal and regulatory obligations (for example, to identify you in order to initiate a Consultation) health services providers who offer Telemedicine Services (in Canada only) and other professionals and advisors who assist in the provision of Services to you, may have access to your personal information (including your PHI in the case of health services providers). We may also disclose your Personal Information to third parties such as other health professionals, specialists, pharmacists, pharmacies and laboratories for the purpose of providing or assisting in the provision of healthcare and Services to you – this includes, but is not limited to, providing medically appropriate referrals, prescriptions, or lab and imaging requisitions.

All providers and professionals engaged by Dialogue, whether as contractors or employees, are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy and in compliance with Applicable Privacy Laws.

Dialogue and the healthcare practitioners who provide services on our Platform will not disclose your personal information and PHI to third parties unless such disclosure is permitted or required by Applicable Privacy Laws, is required to provide you the services in compliance with this Policy or you expressly consent to the disclosure.

Our service providers. We may share your personal information, including your PHI, with organizations that provide us with services for the purposes set out in this Policy including payment solution providers, backup and servers hosting solution providers or software and IT maintenance providers, data analytics providers, service providers who assist with the authentication of individuals and with users engagement, creative marketing materials services, medical research and studies. Your personal information will never be included in marketing materials without your consent.

We may share your Personal Information with our service providers who are contracted to perform services or functions on our behalf where they require the information to assist us in serving you. We use contractual controls to protect this information and limit its use to what is necessary for the service provider to perform the service.

When we hire an independent service provider, we ensure that the transferred information is properly protected, and at a level of protection comparable to that which would have been received had it not been transferred.

Our clients. We may share anonymized, pseudonymized or aggregated information with our customers for billing, collection or reporting purposes regarding the use of our services. This allows Dialogue and its customers to adequately manage its services, understand the effectiveness of our Services or to develop relevant products, services, or offerings. We will not disclose any Personal Health Information to your employer or benefits provider without your consent.

Other persons, when permitted or required by law. In certain circumstances, the law may allow or require us to disclose your personal information to others. For example:

  • To those entities affiliated to Dialogue for the purposes detailed in this Policy;

  • In event of an emergency that threatens the life, health or security of an individual

  • When required in the context of a prospective or completed business transaction, such as a transfer of assets or shares or merger, in accordance with applicable legal requirements. For example, we may make your personal information available to advisors or (potential) buyers of our business if necessary for concluding the transaction and continuing operating the business;

  • If such processing were in a way that it would not directly identify you, such as through aggregate information;

  • To comply with any court order, law, or judicial proceeding, including to respond to any governmental or regulatory request, in accordance with applicable laws, including in cases of alleged or actual breach of privacy; and

  • To enforce our Terms of Use and other agreements, including for billing and collection purposes.

 

5. Where we process and store your data

Dialogue provides its Services globally and some elements of the Services may be hosted on servers located in countries outside your home country or province. Dialogue Platform hosts personal information in Canada, United States, United Kingdom (UK) and in European  Economic Area (EEA). We transfer your personal information to our subsidiaries in our group and service providers globally. Where your access to the Services is facilitated by your employer or benefits provider, they may choose the hosting location that your account may be connected to.

We also use service providers who may access or store other Personal Information in Canada, United Kingdom, European Union, the United States or other jurisdictions.

The laws applicable to the protection of personal information in such countries may be different than from those applicable in your home country or province and may permit or require disclosure of the data to the law enforcement or national security authorities. Where required by law, or where Dialogue determine there is a heightened risk to the User in transferring of their personal information outside of their province or territory, country, or region Dialogue has implemented processes and procedures to undertake a privacy impact assessment.

For Telemedicine Services (in Canada only), the data is hosted in Canada and cannot be accessed from outside Canada, with only a few limited exceptions. For Quebec residents, please note that it is possible that this information could be communicated outside Québec.

United Kingdom and EEA Users

For Users with data hosted in the United Kingdom or EEA, whenever we transfer your personal data to a third country or to an international organization, we ensure that an adequate level of protection is afforded to it by ensuring that adequate safeguards are implemented.
We may transfer personal information to other countries based on European Commission-approved or UK Government-approved Standard Contractual Clauses, or otherwise in accordance with Applicable Privacy Laws. We may also transfer your personal information to other countries in connection with storage and processing of data, fulfilling your requests, and operating the Services. By registering with the Services, you consent to personal information about you being transferred outside your home country or province. 

 

6. Legal bases for processing personal information

We may process your personal information where you have consented to such processing of your personal information. For example, we may ask for your consent to process your personal health information. To the extent allowed under Applicable Privacy Laws, your consent may also be “implied” in certain cases, meaning that your agreement is assumed based on your action or inaction at the point of collection, use or sharing of your personal information.

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we may also process your personal information when we have one of the below valid legal basis to do so:

  • Contractual Necessity.  We may process your personal information where required to provide you with the Services.  For example, we may process your personal information to respond to your inquiries or requests.

  • Compliance with a Legal Obligation.  We may process your personal information where we have a legal obligation to do so.  For example, we may process your personal information to comply with tax, labour, and accounting obligations.

  • Vital interests of an individual. We may process your personal information when there is a vital interest to you, such as in the case of an emergency or to protect you.

  • Legitimate Interests.  We may process your personal information where we or a third party have a legitimate interest in processing your personal information.  Specifically, we have a legitimate interest in processing your personal information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of the Service.  We only rely on our or a third party’s legitimate interests to process your personal information when these interests are not overridden by your rights and interests. 

 

7. How we keep information secure

The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Such measures include:

  • Secure Storage: Dialogue protects our systems and your data within industry-leading, accredited data centers. All personal information and PHI are in ISO 27001 certified data center which adheres to global privacy and data protection best practices.

  • Network Security: Dialogue has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly accessible systems.

  • End-to-End Encryption: Dialogue encrypts all video, audio and written exchanges with you. Data transmissions and communications on the Platform are end-to-end encrypted.

  • Strict limitations on access: we strictly limit access to your personal information to just those employees, contractors and trusted third parties who have a business need to access it, and they are all subject to binding contractual confidentiality obligations.

  • Privacy Policies and Training: Dialogue has implemented written policies, practices and procedures that specifically address the privacy and security of your personal information and PHI. Dialogue delivers privacy training to employees and contractors on how to safeguard personal information and mitigate operational risks. All Dialogue employees and contractors are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy.

 

8. How long we retain information

Dialogue retains personal information and PHI only for as long as necessary to fulfill the purposes for which this information was originally collected unless further retention is required for legitimate legal, regulatory or business purposes. When personal information and PHI are no longer required to be retained, Dialogue will securely destroy, erase or anonymize the information in compliance with relevant legal, regulatory and contractual requirements.

Some of your personal information and PHI cannot be deleted due to statutory retention requirements (for example, the minimum retention period of patient records varies by jurisdiction ranging from 10 to 34 years). For any deletion request, please follow the deletion request procedure in the Platform or contact us at privacy@dialogue.co, and we will let you know if we can accommodate your request. 

 

9. Your rights with respect to your personal information

Depending on your jurisdiction where you are located, you may have the following rights with respect to your personal information:

  • Withdrawal of your consent. Your access and use of the Platform is completely voluntary. Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at privacy@dialogue.co. Please note that if you withdraw your consent, we may be unable to provide you with a particular product, service or Consultation and you may not be able to access the Platform anymore. We will explain the impact to you at the time of your request to help you with your decision.

    If you no longer wish to receive certain informational or promotional emails from us, you can opt-out by sending us an email stating your request to support@dialogue.co. This opt-out does not apply to information provided by Dialogue as part of a product or service purchase, service experience, or other transactions.

  • Push Notifications. We may send you push notifications via our App related to certain of our services. If you no longer wish to receive push notifications, you can opt out by changing your preferences in the App or by sending us an email stating your request to support@dialogue.co.

  • Access to and correction of personal information. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to the personal information that we hold about you. This also applies to your patient record held by our health services providers, including any PHI it contains. You can review and change your personal information by logging into the Platform’s account profile page. If you want to review, verify, correct, or withdraw consent to the use of your personal information, you may do so directly through the Platform. You may also send us an email at privacy@dialogue.co to request access to or correct any personal information that you have provided to us. Dialogue’s response to the User is made by email within a reasonable delay in respect with the timeframes set out in Applicable Privacy Laws. Such requests will be considered subject to applicable laws and regulations.

  • Erasure of personal information. You may request us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

  • Object or restrict to processing of personal information. In certain circumstances for example where we are relying on our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You can also ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request information on automated processing of personal information to render a decision. You may obtain information on the personal information used to render the decision (and request that this information be correct) and the reasons, principal factors and parameters that led to the decision.

  • Request additional information about data processing. You can request additional information about data processing, including the personal information collected and how it is processed by Dialogue.

  • Request the transfer of your personal information to another organization (known as the “right to data portability”). In certain circumstances, you may be able to request to receive the personal information that you provided to us in a structured, commonly used and machine-readable format and to transmit it to another organization  

  • Change your browser settings on your device. Please refer to your browser instructions or help screen to learn how to block, delete and manage cookies on your computer or mobile device.

  • Opt-Out of Sale or Sharing (California). You can request to opt out of the sale or sharing of your personal information by completing the form available at www.dialogue.co . For the purposes of this section, “sell” means the transfer of your personal information to a third party for monetary or other valuable consideration, and “sharing” means any disclosure of personal information (renting, releasing, disclosing, disseminating, making available, transferring, or other communicating orally, in writing, or by electronic or other means) to third parties for cross-contextual behavioural advertising purposes, each subject to certain exceptions set for in applicable California law. Dialogue is a common business for the purposes of California law. Your opt-out of cookie-based tracking for certain advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache or cookies. Your opt-out of mobile app tracking is specific to the device you are using.

  • Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights (California). We will not, because you have exercised any of the rights detailed in this Privacy Policy, deny you any goods or services, charge different prices or rates for goods or services, or provide you with a different level or quality of goods or services.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable Privacy Laws may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

You currently will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you are concerned about our response or would like to correct the information provided, you may contact us at privacy@dialogue.co.

 

10. Changes to our policy

It is our policy to post any changes we make to our Policy on this page with a notice that the privacy policy has been updated on the Platform. If we make material changes to how we treat our users’ personal information, we will notify you by email to the primary email address specified in your Platform account and through a notice on the Website home page. We include the date the privacy policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Website and this Policy to check for any changes.

 

11. Data protection authority

You have the right to make a complaint at any time to the supervisory authority/privacy regulator of your own country of residence.
In the UK, the relevant body that Dialogue is accountable to is the Information Commissioner's Office (ICO) whose details can be accessed via the ICO website at https://ico.org.uk/global/contact-us/

In the EU, you can find our more from the European Commission website at here (https://commission.europa.eu/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en).

For Canadian privacy commissioner contact details see the below list:

We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please do get in touch using the details in our Contacting us section below.

 

12. Contact information

We welcome your questions, comments, and requests regarding this Policy and our privacy practices. Please contact our DPO, PrivacyOfficer and team at privacy@dialogue.co.

We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this Policy, and with Applicable Privacy Laws. To discuss our compliance with this Policy please contact us at privacy@dialogue.co.

Contact Address:

Dialogue Health Technologies Inc.

C/O  Privacy Officer

390 Notre-Dame W., suite 200

Montreal, Quebec

H2Y 1T9


Individuals and the data protection supervisory authorities in the EU/EEA and individuals and the data protection supervisory authority (“ICO”) in the UK may also contact our data protection representatives according to Article 27 GDPR:

EU: DP-Dock GmbH, Attn.: Dialogue Health Tech, Ballindamm 39, 20095 Hamburg, Germany

UK: DP Data Protection Services UK Ltd., Attn.: Dialogue Health Tech, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

www.dp-dock.com 

dialogue@gdpr-rep.com 

 

Schedule I - California Residents

If you are a User residing in California , please note that we have been collecting, using and disclosing  personal information as follows in the past twelve months:

  • We collect and use the following categories of personal information for the business and commercial purposes described in this Policy:

    • Identifiers that you provide directly to us, such as name, date of birth, mailing address, e-mail address, and telephone number, health card number.

    • Medical and health information about your physical and mental health you may disclose to our care coordinators and healthcare practitioners that is relevant to identify you or to establish your care plan, such as symptoms, medical history, clinician observations, appointment history, diagnosis, investigation results and treatment information. We may also collect information about your health and physical activity through fitness trackers.

    • Professional or employment-related information such as your employment situation and career goals you may disclose to our coordinators and health services providers that is relevant to provide you with our orientation and counseling services.

    • Financial information and other familial or legal situation information you may disclose to our coordinators and health services providers that is relevant to provide you with our orientation and counseling services.

    • Protected classifications such as ethnicity that you may provide if you wish that we run a health risk assessment.

    • Photos of government-issued IDs, such as health insurance card.

    • Internet or other electronic network activity information, which are described in Section 2 of the Privacy Policy under “Information collected via technological means.”

    • Geolocation information.

    • Other information that you provide to us when you contact us or send us questions, comments, suggestions or complaints, including your contact information and information about your inquiry that is necessary in order to address it or to respond to you.

    • Certain categories of personal information mentioned above are considered to be sensitive personal information, namely: ethnicity, health card numbers and other government-issued IDs, and medical and health information.We do not use or disclose sensitive personal information for purposes other than to perform our services and provide the goods reasonably expected by an average consumer who requests those goods or services or for other purposes specified in section 7027, subsection (m) of the California Consumer Privacy Act Regulations (for example, for security and safety purposes).

  • We collect and use these categories of personal information for the business and commercial purposes described in Section 3 of this Policy;

  • We collect these categories of personal information from the sources described in Section 2 of this policy, including directly from you, automatically through your devices, as well as from our business partners, service providers, our affiliates and subsidiaries, commercially available sources, social media platforms; and providers of third-party products or services;

  • We disclose each of these categories of personal information for our business and commercial purposes as described in this Policy to the categories of parties described in Section 4 of this Policy;

  • Dialogue does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.