Last Updated: January 18, 2023
Dialogue Health Technologies Inc. (“Dialogue”, “we”, “us” or “our”) is a company providing a secure platform (the “Platform”) that allows our members (the “Users”) once registered, to directly access virtual healthcare, mental health and well-being, and other orientation and counseling services, as well as self-guided health and wellness resources (the “Services”). Our broad choice of services is provided to our Users through the Platform with the help of standard forms and questionnaires (developed by us or by our professionals, working as partners, contractors and employees) whether by video call, audio call or text messages (the “Consultations”). Our Platform is accessible through our application available on mobile devices or through a web browser (the “App”).
This Policy describes:
(i) the type of information we may collect from you or that you may provide when you access and use the App, the Platform or when you visit the website www.dialogue.co (our “Website”),
(ii) how we collect, use, disclose, and protect the personal information, including personal health information (“PHI” defined in the Definitions section below), of our Users and/or website users (”you”), and
(iii) our practices for collecting, using, maintaining, protecting, and disclosing that information.
Please also note that as custodians of personal health information, our health care professionals may also be subject to legislative and professional requirements that govern the collection and processing of your PHI. However, we ensure that these health professionals have the technology, maintenance and support they need to meet these requirements.
For the purposes of this Policy:
(i) “personal information” or “PI” means information about an identifiable individual, which includes information, used alone or with other information, that can directly or indirectly be used to identify, contact, or locate a person; and
(ii) “personal health information” or “PHI” means information about an identifiable individual, that can directly or indirectly be used to identify that individual and that relates directly to the individual’s physical or mental health, including name of patient, date of birth, medical history, medical treatment, medical test results, medication list, and any other health information. PHI may be found in medical records, treatment and examination notes and communications between patients and our healthcare professionals via the Platform.
(iii) “anonymized information” means information that is about you and for which it is, at all times, reasonable to predict, in the circumstances, that it will no longer be possible to identify you directly or indirectly.
(iv) “de-identified information” means information that no longer directly identifies you;
(v) “Telemedicine services” means healthcare services provided at a distance using information and communications technologies, such as interactive messaging, audio and video technology. The Platform allows you to access quality medical and healthcare services; and
(vi) “Counselling and Counselling Services” means legal or financial services, work and career advisory services, family, marital and relationships advisory services and other children and elder care services.
We collect and use several types of information from and about you:
Information you provide when you create an account on our Platform:
During the creation of your account, we are asking you to provide personal information, that we can reasonably use to identify you and contact you when needed, such as your name, date of birth, mailing address, e-mail address, telephone number.
When you access and use the Platform and when you receive Consultations:
When you access and use the PLatform, you can provide the following type of information:
(i) personal information as described above;
(ii) when necessary to the provision of the Services, your health card number;
(iii) all personal health information about your physical and mental health you may disclose to our care coordinators and healthcare practitioners that is relevant to establish your care plan, such as symptoms, medical history, clinician observations, appointment history, diagnosis, investigation results and treatment information; and
(iv) all personal information regarding your personal, familial, financial or legal situation (including your employment situation and career goals) you may disclose to our coordinators and professionals that is relevant to provide you with our orientation and counseling services.
In addition, you will have the opportunity to provide us with a photo of your health insurance card or if it does not include a photo identifying you, a piece of identification issued by a government authority with a photo, to allow us to identify you when providing health care.
When you make or receive a payment through our Platform:
When you make a payment on our Platform, your credit card information will be collected. Any transaction information including your credit card or banking information or other financial data in order to process the payment will be collected and processed by a PCI-compliant third-party provider and will not be collected nor processed by Dialogue.
When you access and use our Website:
We can collect the following information when you cess and use our Website or the App:
(i) Technical information, such as your login information, your geo-location information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our Website, and usage details.
(ii) Digital interaction information : Non-personal details about your Website interactions, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, or any phone number used to call our customer service number.
The technologies we use for this automatic data collection may include:
Flash Cookies. Certain features of our Website or our App may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website or our App. Flash cookies are not managed by the same browser settings that are used for browser cookies.
Web Beacons. Pages of our Website or our App, as the case may be, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Dialogue, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We may collect certain information, through our Website or App, that does not allow to identify an individual directly or indirectly. This information does not constitute personal information.
Information you provide when responding to a job offer
When you submit a job application, including by contacting us directly or via our Career page, we collect information about your application including your resume, cover letter, reference letter, your professional background and interests.
Information about your connected accounts
Our App also lets you connect certain fitness or other health and well-being accounts that you have with third-party providers. If you choose to connect an account you have with a third-party provider (a “connected account”), we will indicate what information we will import from it before you connect it. If you agree, we will then access the connected account and import the information from that connected account into our App (going back to the date you first opened the logged in account).
Depending on the information contained in the connected account, this could include:Data collected from connected trackers or devices, such as number of steps taken and activities/exercise (i.e. swimming, running, walking and cycling distances), weight, food and drink, heart rate, as described in the below table:
Information we may collect from our customers and business partners
We collect information about you from our customers (e.g., your employer) or business partners (e.g., your insurer) who provide us with lists of individuals eligible to access our Services. We may also combine your de-identified personal information with other de-identified information we receive from our customers or business partners for data analysis purposes (for example, to understand and demonstrate the use and utility of our services) and to create de-identified, aggregated reports that do not allow your identification or anonymization.
We can use information that we collect about you or that you provide to us, including any personal information for the following purposes:
To provide you with access to our Platform
We may use your personal information to provide you with access to our Platform and to any Consultations, information, products, or services that you request from us.More specifically we may use your personal information:
To create and administer your User account when you register on our Platform;
To communicate with you with respect to the Platform registration and your account and respond to your inquiries on the Platform, the App, our Website or our products and services offering in general;
To determine your eligibility to access the Platform and our services;
To administer our business activities
We may use your personal information for reasons in connection with our business activities, including :
To implement and maintain safeguards that protect your personal information
To administer our business activities
We may use your personal information for reasons in connection with our business activities, including :
To implement and maintain safeguards that protect your personal information
To communicate with you
We may use your personal information to communicate with you in several occasions including :
To notify you about new products or services releases, new partnerships and other key information on Dialogue;
To notify you about changes to our Platform, our App or our Website or any products or services we offer or provide though it;
To provide you with useful healthcare information and other information about trends and best practices in healthcare, mental health and well-being and other relevant topics in connection with our services;
For study, research and statistical purposes
We may use your personal information for research, research and statistical purposes, including to improve our Website, products or services, marketing or customer relationships and experiences. For example, we can create statistics to demonstrate the usefulness of our Platform or conduct research to determine how to improve certain services and develop new ones. When required by law, we use de-identified or anonymized information to achieve these purposes.
To process job applications
When you submit a job application, we may use your personal information to process your job application through our Website; and to contact you about your application.
To improve our services, marketing and customer relationship management
Personal information that we collect about you or that you provide to us will be de-identified before it is used with your consent for the following purposes:
For product development purposes
For the purpose of verifying the quality of our services
For research purposes (such as research and medical studies);
To improve our marketing materials;
For the purpose of managing the services provided and the relationship with our clients;
For data analysis purposes, including combining this information with other information that may concern you (for example, provided by your employer or the paying organization for your use of our services) but do not allow you to be directly identified because they are de-identified (for example, to understand and demonstrate the use and utility of our services) and for the purpose of creating de-identified reports, aggregated so as not to allow your identification or anonymized.
For any other purpose consistent with the purpose of the Services
With your express consent, we may use your personal information for any other purpose consistent with the purpose of the Services.
The following are individuals who may have access to your personal information, and in which cases:
The professionals who provide the Services via the Platform
Health professionals who provide you with Telemedicine Services and other professionals and advisors who provide Orientation and Counselling Services on the Platform may have access to your personal information (including your PHI in the case of health professionals), when necessary to enable them to provide their services and comply with their legal and regulatory obligations (for example, to identify you in order to initiate a Consultation). All professionals engaged by Dialogue, whether as contractors or employees, are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy.
Our service providers
We may share your personal information, including your PHI, with organizations that provide us with services for the purposes set out in this Policy. When we hire an independent service provider, we ensure that the transferred information is properly protected, and at a level of protection comparable to that which would have been received had it not been transferred.
The personal information we collect about you or that you provide to us will be de-identified and shared, with your consent, with our service providers for the following purposes:
For the purpose of creating marketing materials; and
For case studies and statistical analyses or research purposes (such as medical research and studies)
Your personal information will never be included in this marketing material or in the results of these statistical analyses or research.
We may share anonymized, de-identified or aggregated information in a manner that does not allow your identification with our customers for reporting purposes regarding the use of our services. This allows Dialogue and its customers to understand the effectiveness of our Services or to develop relevant products, services, or offerings.
Other persons, when permitted or required by law
In certain circumstances, the law may allow or require us to disclose your personal information to others. For example:
To comply with any court order, law, or judicial proceeding, including to respond to any governmental or regulatory request, in accordance with applicable laws, including in cases of alleged or actual breach of privacy; and
Dialogue ensures that all member/user data processing takes place within Canada, but benefits from an adequacy decision that is in place between Canada and both the European Union and United Kingdom. This means that there is ‘essential equivalence’ between Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU and UK GDPR, protecting the processing of data of residents of those jurisdictions.
The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Such measures include:
Secure Storage: Dialogue stores all personal information and PHI in an Amazon Web Services (“AWS”) data center located in Canada. AWS is ISO 27001 certified and adheres to global privacy and data protection best practices.
Network Security: Dialogue has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly-accessible systems.
End-to-End Encryption: Dialogue encrypts all video, audio and written exchanges with you. Data transmissions and communications on the Platform are end-to-end encrypted using TLS version 1.2.
Privacy Policies and Training: Dialogue has implemented written policies, practices and procedures that specifically address the privacy and security of your personal information and PHI. Dialogue delivers privacy training to employees and contractors on how to safeguard personal information and mitigate operational risks. All Dialogue employees and contractors are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy.
SOC 2 Type II Compliance: Dialogue’s Information Security Policy and its related policies and processes are compliant with the trust services criteria relevant to security (“applicable trust services criteria”) set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria), in accordance with CSAE 3000 and AICPA Guide to Reporting on an examination of Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and Privacy (SOC 2).
The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Website and App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Please also ensure that while using the Platform and particularly during Consultations, you are in a safe and private environment where the confidentiality of your personal information and your privacy are adequately protected.
Dialogue has taken reasonable measures to prevent a breach of your personal information. In the event of a data breach, Dialogue will notify Users at the first reasonable opportunity of the breach (where applicable), immediately apply remedial measures and notify any relevant provincial or federal authority in accordance with applicable laws.
Dialogue retains personal information and PHI only for as long as necessary to fulfill the purposes for which this information was originally collected, unless further retention is required for legitimate legal, regulatory or business purposes. When personal information and PHI is no longer required to be retained, Dialogue will securely destroy, erase or anonymize the information in accordance with relevant legal, regulatory and contractual requirements.
We reserve the right to use anonymized and de-identified data for any legitimate business purpose without further notice to you or your consent.
Some of your personal information and PHI cannot be deleted due to statutory retention requirements (for example, the minimum retention period of patient records varies by jurisdiction ranging from 10 to 34 years). For any deletion request, please follow the deletion request procedure in the App or contact us at firstname.lastname@example.org, and we will let you know if we can accommodate your request.
Our Website is not intended for children under 14 years of age. Children under age 14 may provide any personal information on our Website or our App, only with the consent of his or her legal guardian. Once the consent of the legal guardian is received, we will collect, use and process all personal information collected in accordance with this Policy.
Any access or change to any personal health information of children under 14 years of age will be given to the parent entitled to the information or the legal guardian only. We may request any relevant documentation from the parent or legal guardian, such as a copy of any custody and access agreement or any related court order, to proceed with any access or change requests.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to and to correct the personal information that we hold about you. This also applies to your patient record held by our health care professionals, including any PHI it contains.
You can review and change your personal information by logging into the Website and visiting your Platform account profile page. If you want to review, verify, correct, or withdraw consent to the use of your personal information you may do so directly through the Platform. You may also send us an email at email@example.com to request access to or correct any personal information that you have provided to us.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions:
Information protected by solicitor-client privilege.
Information that is part of a formal dispute resolution process.
Information that is about another individual that would reveal their personal information or confidential commercial information.
Information contained in patients’ records: you have the right to access your patient record as detained by our healthcare professionals, including all the PHI contained therein. If you request a copy of your patient record, it will be provided to you, subject to a reasonable fee. You can request access to your patient record by contacting us through the App. You may be temporarily denied access to your patient record if providing access would create a significant risk to your health. You will also be denied access to your patient record where disclosure would likely cause any substantial adverse effect on your physical, mental, or emotional health, or reveal personal information about a third person or the existence of such information and the disclosure may seriously harm that third person, unless the third person consents or in the case of an emergency that threatens the life, health or safety of the person concerned. We use reasonable means to ensure that information in your patient record is accurate. If you identify any inaccuracies, you can request that a note be made on the file indicating the inaccurate information.
We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you are concerned about our response or would like to correct the information provided, you may contact us at firstname.lastname@example.org
Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at email@example.com. Please note that if you withdraw your consent we may not be able to provide you with a particular product, service, or Consultation and you may not be able to access the Platform, the Website or the App anymore. We will explain the impact to you at the time to help you with your decision.
If you no longer wish to receive certain informational or promotional emails from us, you can opt-out by sending us an email stating your request to firstname.lastname@example.org. This opt-out does not apply to information provided by Dialogue as part of a product or service purchase, service experience, or other transactions.
With your consent, we may send you push notifications related to certain of our services. If you no longer wish to receive push notifications, you can opt-out by changing your preferences in the App or by sending us an email stating your request to email@example.com.
We welcome your questions, comments, and requests regarding this Policy and our privacy practices. Please contact our Privacy Officer and team at firstname.lastname@example.org.
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this Policy, and with applicable privacy laws. To discuss our compliance with this Policy please contact us at email@example.com.
If we are unable to respond to your request to your satisfaction, you may file a complaint with the Privacy Commissioner of your province or territory or the Privacy Commissioner of Canada.
In Quebec, the organization responsible for protecting privacy is the Commission d'accès à l'information du Québec.