Consult+ Privacy Policy

Effective as of 1 August 2024

Dialogue Health Technologies Inc. and its wholly owned subsidiaries (“Dialogue”¹) are a group of companies providing the Dialogue Integrated Health Platform (“Platform”). The Platform is a secure application that allows our members (“Members”²) to access Telemedicine Services, Mental Health and Well-being Services and other Orientation and Counseling Services and self-guided health and wellness resources ("Services”).

Our Platform is accessible on mobile devices or on our website. When we refer to our Platform in this Privacy Policy (“Policy”), we are referring to both the app you use on your phone or tablet (“App”) and our website located at www.dialogue.co (“Website”).

Our Platform is also accessible via our relationships with Canada Life™ through Consult+™ virtual healthcare (“Consult+ ™”) and Sun Life Canada through Lumino Health Virtual Care (“Lumino”). Consult+™ and Lumino connect their clients to our Platform in order to enable access to the eligible Services. Therefore this Policy also applies to Dialogue’s collection, use and disclosure of Personal Information through the Platform in connection with Consult+™ and Lumino.

This Policy describes how we may collect, use and disclose your Personal Information, including Personal Health Information, in the course of providing our Services to you through our Platform or when you otherwise interact with us.

*Canada Life and Consult+ are trademarks of The Canada Life Assurance Company. 

¹ “We”, “us” or “our” and similar terms are also used to refer to Dialogue in this Policy.
² The term “you” and similar terms are also used to refer to Dialogue’s Members in this Policy.

Content

1. Personal Information we collect about you

2. How we use your Personal Information

3. Who we disclose your Personal Information to

4. Where we process and store your Personal Information

5. How we keep your Personal information secure

6. How long we retain Personal Information

7. Your rights with respect to your Personal Information

8. Privacy Accountability

9. Local Distinction

10. Use of third party links, applications or websites

11. Changes to our Policy

12. Data protection and privacy regulatory authorities

13. Contact information

14. Definitions

15. Schedule 1 - California Residents

16. Schedule 2 - UK or EEA Residents 

    
    
    

1. Personal Information we collect about you

We may collect the following Personal Information, from various sources:

Personal Information you provide when you create an account on our Platform. We ask you to provide Personal Information that we can reasonably use to identify you, create your account and contact you when needed. This Personal Information may include: your name, date of birth, mailing address, e-mail address, password that you create, telephone number, employer and health plan entitlement. When you create a profile for your dependant(s) or family members, the same information may be collected.

Personal Information you provide when you use our Services. We may collect the following information from you, depending on which if our Services you use:

• Personal Information you provide when you update your profile for yourself and/or family members (as described above);

• Personal Health Information you may provide through the Platform that is required to identify you, triage your care, treat and diagnose you or establish your care plan. This may include your symptoms, mental and physical health status including height, weight, images, medical history, medication, clinician observations, appointment history, diagnosis, investigation results and treatment information;

• Personal information to track your wellness progress such as, height, weight, body mass index, activities, exercise and lifestyle patterns. This may include steps taken and responses to health and wellness assessments, including our health profile that you complete on the Platform. We may collect this information directly from you or from connected fitness tracker accounts. (See “Information collected via your connected accounts” below); and

• Personal Information regarding your personal, familial, financial or legal situation (including your employment situation and careers goals).

Personal Information you share for identification. You will have the option to display a picture of your health card. If your health card does not have a photo to identify you, you may use a piece of identification issued by a government authority with a photo through the Platform to allow us to verify your identity.

Personal Information you share for making or receiving payment through our Platform. The Platform enables you to provide your payment card information in a wallet that is managed by a PCI-compliant vendor. Transaction information including your credit card, banking information or other financial information will be collected and processed by that vendor.

Personal Information you share when you contact us. When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and telephone number, along with additional information we need to help us promptly answer your question or respond to your comment.

Personal Information you share when you provide feedback in surveys and questionnaires. We may offer you the opportunity to participate in one of our optional surveys or questionnaires.

Personal Information collected via your connected accounts. Our Platform enables you to connect fitness or other health and well-being accounts that you have with third-parties. If you choose to connect an account that you have with a third party, we will indicate what information we will import into the Platform. If you agree, we will then access the third party account and import the information from that account into our Platform. The information we collect will depend on the information contained in the third party account. Some examples include number of steps taken, activities/exercise completed (i.e. swimming, running, walking, hiking, workout, cycling, etc.), weight, blood pressure, calories burned, hours of sleep, nutritional information, heart rate, inhaler usage, blood glucose levels, body temperature or location.

Personal Information collected via technological means. We may collect the following information in an automated way when you access and use our Platform:

• Technical information, such as your login information for a simplified sign-in and login process, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our Platform, and usage details.

• Digital interaction information, such as details about your Platform interactions, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Platform (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, or any phone number used to call our customer service number.

The technologies we use for this automated collection may include:

• Cookies. A cookie is a tiny element of data that our Platform sends to your browser, which may then be stored on your hard drive so that we can recognize your computer or device when you return. You may refuse to accept cookies by activating the appropriate setting on our browser. However, if you select this setting, you may be unable to access certain parts of our Platform. For additional information about our Cookies, please refer to our Cookies Notice.

• Web Beacons. Pages of our Platform may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Dialogue to monitor Platform activity. For example, web beacons can count individuals who have visited certain web pages and generate other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Personal Information we may collect from our clients and partners. We collect information about you from our clients (i.e., your employer) or partners (i.e., your insurer) who provides us with lists of individuals eligible to access our Services. The information that we collect may include your name, date of birth, mailing address, e-mail address, telephone number, employer and health plan entitlement. Our clients or partners may also provide Dialogue with information to enable a referral to services such as workplace referral or employee assistance programs.

Personal Information we may collect from external providers. We collect information about you from external providers and programs that you have agreed to be referred to, such as Orientation and Counseling Services, in-person employee assistance programs, substance use, workplace referral or professional counseling services. The information we collect varies depending on the Services. For example, this may be information to verify attendance, ensure continued care, and for billing purposes.

2. How we use your personal information

We may use your Personal Information for the following purposes:

To provide you with access to our Platform and Services. We may use your Personal Information to provide you with access to our Platform and to any consultations, information, products, or Services that you request from us. More specifically, we may use your Personal Information to:

• Determine your eligibility to access the Platform and our Services;

• Create and administer your account when you register on our Platform;

• Deliver our Services;

• Communicate with you with respect to the Platform registration and your account, respond to your inquiries; and

• Present service options and resources available to you.

To administer the Platform and Services. We may use your Personal Information for the administration
of the Services, including but not limited to:

• Carry out our obligations and enforce our rights arising from any contracts we may have with you, notably our Terms of Use, including for billing and collection or to comply with legal requirements;

• Implement and maintain safeguards that protect your Personal Information;

• Improve your experience on the Platform such as with simplifying your sign-up and login process; and

• Improve our Member support process.

To support our health care providers in the administration of their professional and legislative obligations. In order to provide you with our Services, we employ health care providers who are subject to various professional and legislative requirements pertaining to the protection of your Personal Information, including Personal Health Information. We offer various legal, administrative, technical and information management services to these providers to ensure they meet their privacy and confidentiality requirements.

By way of example, in Alberta, health care providers are Custodians and retain ultimate accountability for the management and protection of the Personal Health Information they collect from you. We provide these health care providers with information management services to help administer their obligations under Applicable Privacy Laws. For more information on our information management program for Custodians in Alberta, please contact us at privacy@dialogue.co.

To communicate with you. We may use your Personal Information to communicate with you, including to:

• Provide you with account-related information, or any information necessary to provide you with the Services you’ve requested from us;

• Notify you about new products or services, new partnerships and other key information on Dialogue;

• Notify you about changes to our Platform or to our Services;

• Provide you with useful health and wellness information about trends and best practices in health care, mental health and well-being and other relevant topics in connection with our Services; and

• We may also use your Personal Information to communicate with you in a variety of ways (through the Platform, by email, telephone, text message, or direct mail) about our programs, products, and Services.

To conduct studies and research. We may use your Personal Information for research and statistical purposes, including for medical research purposes and to improve health outcomes. When required by law, we use De-identified or Anonymized information to achieve these purposes.

We may also use your Anonymized information we receive from your employer or insurer for internal data analysis purposes (for example, to understand and demonstrate the use and utility of our Services) and to create aggregated reports that do not allow your identification.

To monitor Platform usage and conduct Platform analytics in order to improve our Services. As with many applications, some data is required for the Platform to function on your devices. This data includes the type of device hardware and operating system, unique device identifier, IP address, language settings, and the date and time the Platform accesses our servers. We use this information and your Personal Information to help us understand the activity on the Platform, monitor and improve the Platform and Services and to tailor your experience. In addition, we may use vendors to collect analytical information about your use of the Platform, such as features used and time spent on the Platform. This helps us tailor your experience, improve our products and the quality of the Platform, and to manage and analyze data in order to better understand our Members.

For example, the information obtained through our surveys and questionnaires is used in an Aggregated and Non-identifiable form. We use this information to help us understand our Members and to enhance our products and Services. If you complete a Health Profile, the responses you provide in a Health Profile may be used to identify additional resources and Services that may be of interest to you in the Platform.

To send you promotional content regarding our Services and Platforms. We may use your Personal Information (if you have opted in, where required by Applicable Privacy Laws) to provide you with personalized content and services, such as tailoring our offerings to your interests and interactions with us, and deciding which offers or promotions to show you on our digital channels. We may do so in a variety of ways (for example, through the Platform, including push notifications, by email, telephone, text message, or direct mail).

You may unsubscribe from these at any time by clicking the “unsubscribe” link included at the bottom of each email or message or by changing the notification settings in the Platform (see “Notifications” tab in “Settings”). Alternatively, you can unsubscribe by contacting us at support@dialogue.co. This does not apply to communications necessary to render the Services or otherwise interact with you regarding your account.

To protect your rights and Dialogue’s rights. We may use your Personal Information to protect you, our rights, property and safety and those of our employees, clients and the public, to detect and prevent fraud and to comply with legal requirements.

To use vendors that support our Platform. We may transfer your Personal Information, including your Personal Health Information, to vendors that provide us with services including payment solution, backup and server hosting solution, software and IT maintenance, data analytics. We may also use vendors who assist with the authentication of individuals and with Member engagement, creative marketing materials services, health care and other external providers, and medical research and studies. To ensure adequate protection of Personal Information upon such transfers, Dialogue has implemented policies and guidelines to perform rigorous vendor privacy and security assessments prior to such transfers. We also use technical and contractual safeguards to protect the information we transfer and limit its transfer and use to what is necessary for the vendor to perform the service.

To generate Non-identifiable information. We may Aggregate your Personal Information, for the following purposes:

• To protect the privacy and the security of your Personal Information;

• To conduct research and analytics with the goal of improving our Services and the Member experience and developing new offerings. We may share such Non-identifiable information or insights with limited third parties to assist in research, analytics, planning, or product and service development;

• We may also use Aggregated information we receive from your employer or insurer for our internal analytics purposes(for example,to understand and demonstrate the use and utility of our Services) and to create aggregated reports that do not allow your identification. We may share such Aggregated Information or insights with our partners to assist in research, planning, or product and service development; and

• We may share Anonymized or Aggregated information with our clients (i.e., your employer) for billing, collection or reporting purposes regarding the use of our Services. This allows Dialogue to adequately manage Service delivery, understand the effectiveness of our Services and develop relevant products, services, or offerings. We do not disclose any Personal Information, including Personal Health Information to your employer.

3. Who we disclose your Personal Information to

We will not disclose your Personal Information for any purpose except as outlined in this Policy or as permitted or required under applicable law, unless we obtain your consent. We limit the Personal Information disclosed to what is necessary to meet these purposes.

We do not sell your Personal Information to any third parties.

External providers who help deliver the Services. For continuity of care purposes, and as part of our collaborative care model, we may need to disclose your Personal Information to external health care providers, such as specialists, pharmacists, pharmacies and laboratories for the purpose of providing or assisting in the provision of our Services that you have requested. Examples of this include providing medically appropriate referrals, prescriptions, or lab and imaging requisitions. Dialogue and its health care providers will not disclose your Personal Information, including Personal Health Information, to external health care providers unless such disclosure is required to provide you the Services you request or you expressly consent to the disclosure.

We may also need to disclose your Personal Information to other types of external providers for other Services and programs, such as workplace referral or employee assistance programs, and Orientation and Counseling Services.

Your benefits provider. At your direction, we will share your Personal Information with your benefits provider as required for them to administer your benefits plan.

Other persons, when permitted or required by law. In certain circumstances, applicable law may allow or require us to disclose your Personal Information to others. For example:

• To those entities affiliated to Dialogue for the purposes detailed in this Policy;

• In event of an emergency that threatens the life, health or security of an individual;

• When required in the context of a prospective or completed business transaction, such as a transfer of assets or shares or a merger, in accordance with applicable legal requirements. For example, we may make your Personal Information available to advisors or (potential) buyers of our business if necessary for concluding the transaction;

• To comply with any court order or other valid legal inquiry, law, or judicial proceeding, including to respond to any governmental or regulatory request, in accordance with applicable laws, including in cases of alleged or actual breach of privacy; and

• To enforce our Terms of Use and other agreements, including for billing and collection purposes.

4. Where we process and store your Personal Information

Dialogue provides its Services globally and some parts of the Services may be hosted or accessed on servers located in countries outside of your home country or province. (For Québec residents, please note that this means it is possible that your Personal Information could be communicated outside Québec) The Platform hosts Personal Information in Canada, the United States, the United Kingdom (“UK”) and in the European Economic Area (“EEA”). We may transfer your Personal Information to our subsidiaries and vendors globally. Where your access to the Services is facilitated by your employer or benefits provider, they may choose the hosting location that your account may be connected to.

We also use vendors who may access, store or otherwise process Personal Information in Canada, the UK, the European Union, the United States or other countries. The laws applicable to the protection of Personal Information in such countries may be different from those applicable in your home country or province and may permit or require disclosure of your Personal Information to law enforcement or national security authorities. To ensure adequate protection of Personal Information upon such transfers, Dialogue has implemented policies and guidelines to perform rigorous vendor privacy and security assessments prior to such transfers. We also use technical and contractual safeguards to protect the information we transfer and limit its transfer what is necessary for the purposes sought.

UK and EEA Members. For Members located in the UK and EEA, whenever we transfer your Personal Information to a third country or to an international organization, we ensure that an adequate level of protection is afforded to it by ensuring that adequate safeguards are implemented. We may transfer Personal Information to other countries based on European Commission-approved or UK Government-approved Standard Contractual Clauses or otherwise in accordance with Applicable Privacy Laws. We may also transfer your Personal Information to other countries in connection with storage and processing of data, fulfilling your requests and operating the Services. 

5. How we keep your Personal Information secure

The security of your Personal Information is very important to us. We use physical, technical, and administrative safeguards designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. Such measures include:

• Secure storage: We protect our systems and your data within industry-leading, accredited data centers. All Personal Information, including Personal Health Information, are stored in ISO 27001 certified data centers that adhere to global privacy and data protection best practices.

• Network security: Dialogue has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly accessible systems.

• End-to-end encryption: Dialogue encrypts all video, audio and written exchanges with you. Data transmissions and communications on the Platform are end-to-end encrypted.

• Strict limitations on access: We strictly limit access to your Personal Information to just those employees, contractors and trusted third parties who have a legitimate need to access it, and they are all subject to binding contractual confidentiality obligations.

• Security policies and training: Dialogue has implemented policies, practices and procedures that specifically address the security of your Personal Information, including Personal Health Information. An independent SOC2 type II audit of the effectiveness of these controls is completed on an annual basis. Dialogue delivers security training to employees and contractors on how to safeguard Personal Information and mitigate operational risks. All Dialogue employees and contractors are contractually obligated to keep Personal Information confidential, use it only for the purposes for which we disclose it to them and to process the Personal Information with the same standards set out in this Policy.

  
  
  

6. How long we retain Personal Information

Dialogue retains Personal Information, including Personal Health Information, only for as long as necessary to fulfill the purposes for which the information was originally collected, unless further retention is required for legitimate legal, regulatory or organizational purposes. When Personal Information, including Personal Health Information, is no longer required to be retained, Dialogue will securely dispose or anonymize the information in compliance with relevant legal, regulatory and contractual requirements.

Some of your Personal Information, including Personal Health Information cannot be disposed of before a period determined by statutory retention requirements (for example, some Canadian provinces impose a minimum retention period of 10 years for patient records).

7. Your rights with respect to your Personal Information

Depending on the jurisdiction in which you are located, you may have the following rights with respect to your Personal Information. Please note, the list below is a general list of individual privacy rights, and not all are applicable to Dialogue:

• Withdrawal of your consent. Your access and use of the Platform is completely voluntary. Where you have provided your consent to the collection, use, and disclosure of your Personal Information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent please contact us at privacy@dialogue.co. Please note that if you withdraw your consent, we may be unable to provide you with a particular product, Service or consultation and you may not be able to access the Platform anymore. We will explain the impact to you at the time of your request.

• Unsubscribe from promotional communications. If you no longer wish to receive promotional communications from us, you may unsubscribe by clicking the “unsubscribe” link included at the bottom of each email or message or by changing the notification settings in the Platform (see “Notifications” tab in “Settings”). Alternatively, you can unsubscribe by contacting us at support@dialogue.co. This does not apply to communications necessary to render the Services or otherwise interact with you regarding your account.

• Access to and correction of Personal Information. It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes. You have the right to request access to the Personal Information, including Personal Health Information, that we hold about you. You can review and correct some of your Personal Information by logging into the Platform’s account profile page. You may also send us an email at privacy@dialogue.co to request access to or correct any Personal Information that you have provided to us.

• Erasure of Personal Information. You may ask us to delete or remove Personal Information where there is no reason for us continuing to hold it, subject to restrictions explained in Section 7. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below).

• Object to or restrict processing of Personal Information. In certain circumstances you can ask us to suspend the processing of your Personal Information.

• Request information on exclusively automated processing of Personal Information to render a decision. You may obtain information on the Personal Information used to render such a decision (and request that this information be corrected) and the reasons, principal factors and parameters that led to the decision.

• Request additional information about data processing. You can request additional information about data processing, including the Personal Information collected and how it is processed by Dialogue

• Request the transfer of your Personal Information to another organization (known as the “right to data portability”). In certain circumstances, you may be able to request to receive the Personal Information that you provided to us in a structured, commonly used and machine-readable format and to transmit it to another organization.

• Opt-Out of Sale or Sharing (California only). You can request to opt out of the sale or sharing of your Personal Information by contacting us at privacy@dialogue.co. For the purposes of this section, “sell” means the transfer of your Personal Information to a third party for monetary or other valuable consideration, and “sharing” means any disclosure of Personal Information (renting, releasing, disclosing, disseminating, making available, transferring, or other communicating orally, in writing, or by electronic or other means) to third parties for cross-contextual behavioural advertising purposes, each subject to certain exceptions set forth in applicable California law. Dialogue is a common business for the purposes of California law. Your opt out of cookie-based tracking for certain advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache or cookies. Your opt out of mobile app tracking is specific to the device you are using.

• Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights (California only). We will not, because you have exercised any of the rights detailed in this Policy, deny you any goods or services, charge different prices or rates for goods or services or provide you with a different level or quality of goods or services.

We may request specific information from you to help us confirm your identity when you exercise these rights.

8. Privacy Accountability 

We are committed to protecting your privacy and Personal Information. We have implemented a comprehensive set of policies and procedures that govern our treatment of Personal Information. These policies and procedures include, among other things, the following:

• We maintain technical, physical and administrative safeguards to protect your Personal Information against unauthorized access, use or disclosure.

• We respond to privacy requests and complaints in a timely and effective manner.

• We retain and dispose of Personal Information in a secure way in accordance with our retention schedule that follows applicable laws, regulations, and best standards.

• We designate a Privacy Officer who is responsible for overseeing Dialogue’s compliance with Applicable Privacy Laws. Dialogue’s health care providers who are Custodians of Personal Health Information also designate the Privacy Officer to support them in ensuring their compliance with such Laws.

• We define the roles and responsibilities for our personnel with respect to the treatment of Personal Information, promote privacy-driven culture and enable every one of our team members to make the right decisions, every day, about how to respect privacy when handling Personal Information.

• We provide our personnel with regular privacy training and awareness initiatives.

• We ensure Personal Information is protected when engaging vendors to process Personal Information on our behalf.

• We identify and mitigate privacy risks throughout our operations, in part by striving to apply the principles of Privacy by Design and where necessary conducting privacy impact assessments.

• We are transparent about how we handle Personal Information, including Personal Health Information.

9. Local Distinctions 

Please note that our Telemedicine Services are only available in Canada. In some provinces, Dialogue has the ultimate responsibility for protecting your Personal Information, including your Personal Health Information, provided through the Telemedicine Services and other Services. In other provinces, the Custodians of Personal Health Information are ultimately accountable for complying with such Legislation and for ensuring the protection of Personal Health Information under their control or custody.

In Alberta, for example, health care providers that are Custodians of Personal Health Information have the ultimate responsibility for protecting your Personal Health Information and Dialogue supports them with that responsibility. More precisely, Dialogue collects, uses and discloses Personal Health Information on behalf of the Custodians and provides them with information management services to help administer their obligations under Alberta’s Health Information Act.

If you are a California resident, please refer to the California Schedule below for more information about the types of Personal Information that we collect and disclose and the privacy rights you may have under California law. If you are a UK or EEA resident, please refer to the UK or EEA Schedule below for the Legal bases for processing Personal Information.

10. Use of third party links, applications or websites  

We cannot control the processing of any of your information when you access and use third party links, external applications or websites. Please note that our Website may include links to third party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third party website or engage a third party website, app or plugin, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies. We do not control these third party websites, applications or vendors, and we encourage you to read the privacy policy applicable to those sites and services.

11. Changes to our Policy  

If we make material changes to how we Process our Members’ Personal Information, we will notify you by email, through the Platform and through a notice on the Website home page. For all other changes, we include the date the Policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Platform and this Policy to check for any changes.

12. Data protection and privacy regulatory authorities

You have the right to make a complaint, at any time, to the relevant supervisory authority, privacy regulator, or commissioner.

In the UK, the relevant body that Dialogue is accountable to is the Information Commissioner's Office (ICO) whose details can be accessed via the ICO website at https://ico.org.uk/global/contact-us/.

In the EU, you can find out more from the European Commission website at here (https://commission.europa.eu/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en).

For Canadian privacy commissioner contact details see the below list:

• Alberta: www.oipc.ab.ca

• British Columbia: www.oipc.bc.ca

• Manitoba: www.ombudsman.mb.ca

• New Brunswick: https://oic-bci.ca/

• Newfoundland and Labrador: www.oipc.nl.ca

• Northwest Territories: https://atipp-nt.ca/

• Nova Scotia: https://oipc.novascotia.ca/

• Nunavut: https://atipp-nu.ca/

• Ontario: www.ipc.on.ca

• Prince Edward Island: https://www.assembly.pe.ca/

• Québec: www.cai.gouv.qc.ca

• Saskatchewan: https://oipc.sk.ca/

• Yukon: https://www.ombudsman.yk.ca/

• Federal: https://www.priv.gc.ca/

13. Contact information

We welcome your questions, comments, and requests regarding this Policy and our privacy practices. Please contact our DPO, Privacy Officer and team at privacy@dialogue.co.

We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this Policy, and with Applicable Privacy Laws. To discuss our compliance with this Policy please contact us at privacy@dialogue.co.

Contact Address:

Dialogue Health Technologies Inc.

C/O  Privacy Officer

2200 Stanley, Street 2nd floor, Davis Building, Montreal, QC, H3A 1R6

Individuals and the data protection supervisory authorities in the EU/EEA and UK may also contact our data protection representatives according to Article 27 of the GDPR or UK GDPR:

EU:

DP-Dock GmbH,

Attn.: Dialogue Health Tech, Ballindamm

39, 20095 Hamburg, Germany

UK:

DP Data Protection Services UK Ltd.,

Attn.: Dialogue Health Tech, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

www.dp-dock.com | dialogue@gdpr-rep.com

14. Definitions

For the purposes of this Policy:

• “Anonymized” “Aggregate” or “Non-identifying information” means information that is non-identifiable as to any individual and otherwise no longer constitutes Personal Information.

• “Applicable Privacy Laws” means all applicable privacy legislation and regulations relating to privacy and the collection, use and disclosure of Personal Information and Personal Health Information, including but not limited to the Personal Information Protection and Electronic Documents Act (Canada), provincial private sector and health privacy laws including the Act respecting the protection of personal information in the private sector (Québec), the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), the Personal Health Information Protection Act, 2004 and the HIA, the California Consumer Privacy Act, the General Data Protection Regulation (“GDPR”), and the UK Data Protection Act (2018) (“UK GDPR”).

• “Custodian” is a person, as defined under applicable Canadian health privacy laws, who collects, uses and/or discloses Personal Health Information in connection with the delivery of health care services and is responsible for ensuring that it is protected and processed appropriately. By example, Dialogue’s employees who are nurses and physicians in Alberta are considered “Custodians”.

• “Mental Health Services”, questionnaire-based screening to assess stress levels and presence of mental health issues, habit-forming coaching sessions and as needed physician evaluation of psychotherapy sessions. It also includes access to Cognitive Behavioural Therapy training and toolkits.

• “Orientation and Counseling Services” means legal or financial services, work and career advisory services, family, marital, and relationship advisory services and other personal, children and elder care services.

• “Personal Health Information” means any Personal Information regulated under applicable health privacy laws.

• “Personal Information” means information about an identifiable individual or as otherwise defined under Applicable Privacy Laws, and includes Personal Health Information.

• “De-identified information” means information that no longer directly identifies an individual.

• “Telemedicine Services” means electronic information and communications technologies to provide and support the delivery of health care services at distance.

• “Wellbeing Services” means wellness in the workplace, wellness content including; videos, audio, articles pertaining to health and wellness topics, challenges and health habits.

15. Schedule 1 - California Residents

If you are a User residing in California, please note that we have been collecting, using and disclosing personal information as follows in the past twelve months:

• We collect and use the following categories of personal information for the business and commercial purposes described in this Policy:

  • Identifiers that you provide directly to us, such as name, date of birth, mailing address, e-mail address, and telephone number, health card number.

  • Medical and health information about your physical and mental health you may disclose to our care coordinators and healthcare practitioners that is relevant to identify you or to establish your care plan, such as symptoms, medical history, clinician observations, appointment history, diagnosis, investigation results and treatment information. We may also collect information about your health and physical activity through fitness trackers.

  • Professional or employment-related information such as your employment situation and career goals you may disclose to our coordinators and health services providers that is relevant to provide you with our Orientation and Counseling services.

  • Financial information and other familial or legal situation information you may disclose to our coordinators and health services providers that is relevant to provide you with our Orientation and Counseling services.

  • Protected classifications that you may provide if you complete a HRA.

  • Photos of government-issued IDs, such as health insurance cards.

  • Internet or other electronic network activity information, which are described in Section 1 of the Privacy Policy under “Information collected via technological means.”

• • Other information that you provide to us when you contact us or send us questions, comments, suggestions or complaints, including your contact information and information about your inquiry that is necessary in order to address it or to respond to you.

• • Certain categories of personal information mentioned above are considered to be sensitive Personal Information, namely: ethnicity, health card numbers and other government-issued IDs, and medical and health information. We do not use or disclose sensitive personal information for purposes other than to perform our services and provide the goods reasonably expected by an average consumer who requests those goods or services or for other purposes specified in section 7027, subsection (m) of the California Consumer Privacy Act Regulations (for example, for security and safety purposes).

• We collect and use these categories of personal information for the business and commercial purposes described in Section 2 of this Policy;

• We collect these categories of personal information from the sources described in Section 1 of this policy, including directly from you, automatically through your devices, as well as from our business partners, service providers, our affiliates and subsidiaries, commercially available sources, social media platforms; and providers of third-party products or services;

• We disclose each of these categories of personal information for our business and commercial purposes as described in this Policy to the categories of parties described in Section 3 of this Policy;

• Dialogue does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.

16. Schedule 2 - UK or EEA Residents

Legal bases for processing Personal Information

If you are located in the EEA or the UK, the following legal basis for processing Personal Information may apply, aside from a valid consent:

• Contractual necessity. We may process your Personal Information where required to provide you with the Services. For example, we may process your Personal Information to respond to your inquiries or requests.

• Compliance with a legal obligation. We may process your Personal Information where we have a legal obligation to do so. For example, we may process your Personal Information to comply with tax, labour, and accounting obligations.

• Vital interests of an individual. We may process your Personal Information when there is a vital interest to you, such as in the case of an emergency or to protect you.

• Legitimate interests. We may process your Personal Information where we or a third party have a legitimate interest in processing your Personal Information. Specifically, we have a legitimate interest in processing your Personal Information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of the Services. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.