Privacy Notice

Effective Date: Nov 25 2019
Notice Version: 1.0

Data Controller Contact Information:
Outpost Health Corporation
700-2010 11th Avenue 
Regina Saskatchewan Canada S4P OJ3
privacy@outpost.health 

Privacy Officer
Dr. Didi Emokpare
Email: privacy@outpost.health

This privacy notice applies to the information that we collect from you when you use our website(s), www.outpost.health, and our mobile application collectively and hereinafter called “Platform.”

Our privacy notice tells you what personal data and non personal data we may collect from you, how we collect them, how we protect them, how we share them, how you can access and change them, and how you can limit our sharing of them. Our privacy notice also explains certain legal rights that you have with respect to your personal data. Any capitalized terms not defined herein will have the same meaning as where they are defined elsewhere on our Platform.

Definitions
‘NON PERSONAL DATA’ (NPD) is information that is in no way personally identifiable.

‘PERSONAL DATA’ (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data. 

(GDPR) means General Data Protection Regulation.

Topics Covered in Our Privacy Notice
YOUR RIGHTS INFORMATION WE COLLECT AND HOW WE COLLECT IT
HOW YOUR INFORMATION IS USED AND SHARED
RETAINING AND DESTROYING YOUR PD
UPDATING YOUR PD
REVOKING YOUR CONSENT FOR USING YOUR PD
PROTECTING THE PRIVACY RIGHTS OF THIRD PARTIES
DO NOT TRACK SETTINGS
LINKS TO OTHER WEBSITES
PROTECTING CHILDREN’S PRIVAC
YOUR EMAIL POLICY
OUR SECURITY POLICY
USE OF YOUR CREDIT CARD
TRANSFERRING PD FROM THE EUROPEAN UNION
CHANGES TO OUR PRIVACY NOTICE

YOUR RIGHTSYou Have the Right Not to Have Your Personal Information SoldYou have the right to request that we do not sell any of your personal information. Personal information for this section means a natural person’s first name or first initial and last name in combination with any one or more of the following data elements when the name and data elements are not encrypted: social security or social insurance number, driver’s license number, driver authorization card number, or identification card number, account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to the person’s financial account, a medical identification number or a health insurance identification number, a username, unique identifier, or electronic mail address in combination with a password, access code, or security question and answer that would permit access to an online account.

If you wish to make this request, please email us at: privacy@outpost.health telling us that you do not want to have any of your personal information sold. Please include enough personal information so that we can reasonably verify your identification. We will respond to your request within 60 days after receiving it.

Your Rights Under the GDPRWhen using our Platform and submitting PD to us, you may have certain rights under the GDPR if you reside or are in any of the countries of the European Union. Depending on the legal basis for processing your PD you may have some or all of the following rights:

The Right to Be Informed - You have the right to be informed about the PD that we collect from you and how we process them. The Right of Access - You have the right to get confirmation that your PD are being processed and you have the ability to access your PD.The Right to Rectification - You have the right to have your PD corrected if they are inaccurate or incomplete.The Right to Erasure (Right to Be Forgotten) - You have the right to request the removal or deletion of your PD if there is no compelling reason for us to continue processing them.The Right to Restrict Processing - You have the right to ‘block’ or restrict the processing of your PD. When your PD are restricted, we are permitted to store your data, but not to process them further.The Right to Data Portability - You have the right to request your PD that you provided to us and use them for your own purposes. We will provide your data to you within 30 days of your request. Contact us using the information at the top of this privacy notice to request your PD.The Right to Object - You have the right to object to us processing your PD for the following reasons:Processing was based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)Direct marketing (including profiling)Processing for purposes of scientific/historical research and statisticsRights in relation to automated decision-making and profiling.Automated Individual Decision-Making and Profiling - You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects regarding you or similarly significantly affects you. Filing a Complaint with Authorities - You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the General Data Protection Regulation. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.

Our Legal Basis for Collecting and Processing PDOur legal basis for collecting and processing your PD when you buy our products or services is based on and the necessity for the performance of a contract or to take steps to enter into a contract. Our legal basis for collecting and processing your PD when you sign up for our newsletter, medical articles, instructional videos on nutrition and exercise is based on consent.

Automatic InformationWe automatically receive information from your web browser or mobile device. This information may include the name of the website from which you entered our Platform, if any, as well as the name of the website you’ll visit when you leave our Platform. This information may also include the IP address of your computer/the proxy server you use to access the Internet, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our Platform. We use all this information to analyze trends among our users to help improve our Platform.

Information from ConsultationsData obtained from Consultations will be anonymized and de-identified before being analyzed and used by Outpost Healthcare Corporation for product development and research purposes.

When Entering and Using Our PlatformWhen you enter and use our Platform and agree to accept cookies, some of these cookies may contain your PD.


Use and Disclosure of Your Information Consultations and Healthcare ServicesWe will use the personal information and PHI that we collect from you to schedule, administer and personalize your Consultations, update your patient record and to provide you with healthcare services.

We may disclose your personal information, including PHI, to third-party healthcare professionals involved in providing you with healthcare services, such as a specialist physician, pharmacist, physiotherapist, psychologist, counsellor, nutritionist, clinical researcher or lab technician. When the disclosure is part of a care plan that you have agreed to, we will consider the agreed care plan to constitute implied consent. For all other disclosures to a third-party not associated with Outpost Healthcare Corporation, we will only make the disclosure after obtaining your express consent.

Only healthcare professionals and their delegates involved in providing you with healthcare services can access your PHI. All delegates who are not regulated healthcare professionals sign strict and durable confidentiality agreements.

Access to your information is logged and we perform regular audits in order to ensure that any access is authorized and that information is only accessed on a ‘need to know’ basis.We may share with selected third-parties demographic and contact information about you (including but not limited to name, date of birth and any email addresses or phone numbers) by email, SMS, instant messaging or any other means necessary, for reasons including but not limited to: verifying your identity, medical follow-up, scheduling appointments, confirming appointments, customer support and technical support.

Our Use of Cookies

Our Platform uses cookies. A cookie is a small piece of data or a text file that is downloaded to your computer or mobile device when you access certain websites. Cookies may contain text that can be read by the web server that delivered the cookie to you. The text contained in the cookie generally consists of a sequence of letters and numbers that uniquely identifies your computer or mobile device; it may contain other information as well. 

By agreeing to accept our use of cookies you are giving us and the third parties with which we partner permission to place, store, and access some or all the cookies described below on your computer.

Strictly Necessary Cookies - These cookies are necessary for proper functioning of the Platform, such as displaying content, logging in, validating your session, responding to your request for services, and other functions. Most web browsers can be set to disable the use of cookies. If you disable these cookies, you may not be able to access features on our Platform correctly or at all.

Performance Cookies - These cookies collect information about the use of the Platform, such as pages visited, traffic sources, users’ interests, content management, and other measurements.

Functional Cookies - These cookies enable the Platform to remember users’ choices, such as their language, usernames, and other choices while using the Platform. They can also be used to deliver services, such as letting a user create a blog post, listen to audios, or watch videos on the

Platform.Media Cookies - These cookies can be used to improve a Platforms performance and provide special features and content. They can be placed by us or third parties who provide services to us.

Advertising or Targeting Cookies - These cookies are usually placed and used by advertising companies to develop a profile of your browsing interests and serve advertisements on other websites that are related to your interests. You will see less advertising if you disable these cookies.

Session Cookies - These cookies allow a Platform to link the actions of a user during a browser session. They may be used for a variety of purposes, such as remembering what a user has put in their shopping cart as they browse a Platform. Session cookies also permit users to be recognized as they navigate a Platform so that any item or page changes they make are remembered from page to page. Session cookies expire after a browser session; they are not stored long term.

Persistent Cookies - These cookies are stored on a user’s device between browser sessions, which allows the user’s preferences or actions across a website or across different websites to be remembered. Persistent cookies may be used for several purposes, including remembering users’ choices and preferences when using a Platform or to target advertising to them.We may also use cookies for:identifying the areas of our Platform that you have visited personalizing content that you see on our Platform our Platform analytics remembering your preferences, settings, and login details allowing you to post comments

Most web browsers can be set to disable the use of cookies. However, if you disable cookies, you may not be able to access features on our Platform correctly or at all. 

Web Beacons

We may also use a technology called web beacons to collect general information about your use of our Platform and your use of special promotions or newsletters. The information we collect by web beacons allows us to statistically monitor the number of people who open our emails. Web beacons also help us to understand the behavior of our customers and users.

Users create their own passwords 

Users can also be assigned an Outpost Healthcare ID number, and may then may be asked to change their password.

At User and Member Registration or When Buying Products or Services

When you register as a user, member, or when buying our products or services, we may collect some or all of the following information: your first and last name, date of birth, gender, email address, physical address, phone number,  insurance information, IP address, user name, password, health information and next of kin’s contact information (name, phone number, and email address).  

Collecting Information About Your Physical Location

When you use our Platform, we may collect and process information about your actual physical location. We use several technologies such as GPS and IP tracking to determine your location. These technologies may also give us information about nearby cell towers, Wi-Fi access points, and other devices.

Website Chat and Video Consultation Technology

Our Platform contains chat and video consultation technology that enable visitors to communicate with us live online. Sometimes visitors can communicate with us without buying our products and services. When you use our chat or video consultation technology, we may collect some or all of the following information: your email address, first name, last name, location, date of birth, phone number, health information, and any other information you willingly choose to give us. You should only provide enough information to us that is necessary to answer our questions.

Google Analytics

Our Platform uses Google Analytics to collect information about the use of our Platform. Google Analytics collects information from users such as age, gender, interests, demographics, how often they visit our Platform, what pages they visit, and what other websites they have used before coming to our Platform. We use the information we get from Google Analytics to analyze traffic, improve our marketing, advertising, and Platform.

Google Analytics collects only the IP address assigned to you on the date you visit our Platform, not your name or other identifying information. We do not combine the information collected using Google Analytics with PD. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you use our Platform, the cookie cannot be used by anyone but Google. Google also uses specific identifiers to help collect information about the use of our Platform. 

For more information on how Google collects and processes your data visit: https://www.google.com/policies/privacy/partners/You can prevent Google Analytics from using your information by opting out at this link: https://tools.google.com/dlpage/gaoptout

What Happens If You Don’t Give Us Your PD

If you do not provide us with enough PD, we may not be able to provide you all our products and services. However, you can access and use some parts of our Platform without giving us your PD.

HOW YOUR INFORMATION IS USED AND SHARED

We use the information we receive from you to: provide our products and services you have requested or purchased from us personalize and customize our content make improvements to our Platform contact you with updates to our Platform, products, and services resolve problems and disputes provide health care services and information to you

Communications and Emails

When we communicate with you, we will use the email address you provided when you registered as a user or customer. We may also send you emails with promotional information about our Platform or offers from us or our affiliates unless you have opted out of receiving such information. You can change your contact preferences at any time through your account or by contacting us using the contact information at the top of this privacy notice.

Sharing Information with Affiliates and Other Third Parties

We do not sell or rent your PD to third parties for marketing purposes. However, for data aggregation purposes we may use your NPD, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your PD. We may give your PD to third-party service providers whom we hire or contract to provide services to us.

These third-party service providers may include but are not limited to payment processors, web analytics companies, physicians, medical assistants, medical services, medical research companies, call centers, data management services, help desk providers, accountants, law firms, insurance companies, shopping cart and email service providers, and shipping companies. 

Text Messaging and Push Notifications

If you provide a mobile telephone number to us, you are giving your consent and authorize us or a third party to send you text messages and push notifications. You are not required to give us your consent for these text messages and push notifications. However, withholding your consent may interfere or prevent us from providing some or all of our services to you. You can stop receiving text messages and push notifications at any time by contacting us.

Legally Required Releases of Information

We may be legally required to disclose your PD if such disclosure is (a) required by subpoena, law, or other legal process; (b) necessary to assist law enforcement officials or governmental enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our terms and conditions; (d) necessary to protect us from legal action or claims from third parties, including you and/or other users; or (e) necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.

Disclosures to Successors

If our business is sold or merges in whole or in part with another business that would become responsible for providing our Platform to you, we retain the right to transfer your PD to the new business. The new business would retain the right to use your PD according to the terms of this privacy notice as well as to any changes to this privacy notice as instituted by the new business. We also retain the right to transfer your PD if our company files for bankruptcy and some or all of our assets are sold to another individual or business.

Community Discussion Boards, Blogs

Our Platform may offer the ability for users to communicate through online community discussion boards, blogs, or other mechanisms. We do not filter or monitor what is posted on such discussion mechanisms. If you choose to post on these discussion mechanisms, you should use care when exposing any PD, as such information is not protected by our privacy notice nor are we liable if you disclose your PD through such postings. Also, PD which you post on our Platform for publication may be available worldwide by means of the Internet. We cannot prevent the use or misuse of such information by others.

Clinical Trials

Outpost Healthcare does not conduct clinical trials. Our software platform connects you to research organizations or companies conducting clinical trials. If you are interested in participating in a study that appears on our clinical research study platform, pursuant to the General Data Protection Regulation (GDPR) , you are requested to consent to the process by which Outpost Healthcare collects and processes  your personal data for purposes of recruitment for the relevant and appropriate research study. These opt-in requests may be presented as email responses, notifications, modals, checkboxes, or other digital mechanisms, under which you will have the opportunity to affirmatively indicate your consent to the processing of your personal data as described in our Privacy and Terms of Use  document.


RETAINING AND DESTROYING YOUR PD
We retain information that we collect from you (including your PD) only for as long as we need it for clinical,  legal, medico-legal, business, or tax purposes. Your information may be retained in electronic, paper, or a combination of both forms. When your information is no longer needed, we will destroy, delete, or erase it.

UPDATING YOUR PD
You can update your PD using services found on our Platform. If no such services exist, you can contact us using the contact information found at the top of this privacy notice and we will help you. However, we may keep your PD as needed to enforce our agreements and to comply with any legal obligations.

REVOKING YOUR CONSENT FOR USING YOUR PD

You have the right to revoke your consent for us to use your PD at any time. If you opt out, it will not affect disclosures otherwise permitted by law including but not limited to: (i) disclosures to affiliates and business partners, (ii) disclosures to third-party service providers that provide certain services for our business, such as payment processors, web analytics companies, advertising networks, call centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies, (iii) disclosures to third parties as necessary to fulfill your requests, (iv) disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law, (v) previously completed disclosures to third parties, or (vi) disclosures to third parties in connection with subsequent contests or promotions you may choose to enter, or third-party offers you may choose to accept. If you want to revoke your consent for us to use your PD, please contact us through the contact information at the top of this privacy notice.

PROTECTING THE PRIVACY RIGHTS OF THIRD PARTIES

If any postings you make on our Platform contain information about third parties, you agree to make sure that you have permission to include that information. While we are not legally liable for the actions of our users, we will remove any postings about which we are notified, if such postings violate the privacy rights of others.

DO NOT TRACK SETTINGS
Some web browsers have settings that enable you to request that we do not track your movement within our Platform. Our Platform does not obey such settings when transmitted to and detected by our Platform. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.

LINKS TO OTHER WEBSITES
Our Platform may contain links to other websites. These websites are not under our control and are not subject to our privacy notice. These websites will likely have their own privacy notices. We have no responsibility for these websites and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your responsibility to check the privacy notices of these websites to see how they treat your PD. 

PROTECTING CHILDREN’S PRIVACY
Our Platform is not designed for use by anyone under the age of 16 unless the age of consent in their country provides for 13, 14 and 15-year old children to give us their consent to collect personal data from them. In countries where the age of consent is 16 or older, the child will need parental consent before providing us with their personal data. In all cases, we do not knowingly collect PD from children under the age of 13 without parental consent. 

If you are a parent or guardian and believe that your child is using our Platform without your required consent, please contact us. Before we remove any information we may ask for proof of identification to prevent malicious removal of account information. If we discover that an unauthorized child is using our Platform, we will delete his or her information within a reasonable period of time. You acknowledge that we do not verify the age of our users nor have any liability to do so. 

OUR EMAIL POLICY
You can always opt out of receiving email correspondence from us or our affiliates. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission except in the sale or transfer of our business, or if our company files for bankruptcy.

OUR SECURITY POLICY
We have built our Platform using industry-standard security measures and authentication tools to protect the security of your PD. We and the third parties who provide services to us also maintain technical and physical safeguards to protect your PD. Unfortunately we cannot guarantee prevention of loss or misuse of your PD or secure data transmission over the Internet because of its nature. We strongly urge you to protect any password you may have for our Platform and not share it with anyone.
 
Safeguarding your Information

Outpost Healthcare retains all personal information data within Microsoft Azure data centers located in Canada.  Azure infrastructure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2. Microsoft designs, builds, and operates dataccenters in a way that strictly controls physical access to the areas where your data is stored. Microsoft understands the importance of protecting your data, and is committed to helping secure the data centers that contain your data.Outpost Healthcare utilizes Microsoft Azure’s components to secure its network and internal systems following industry standard best practices. 

All communication is encrypted end-to-end, including video and all interactions with you. Outpost Healthcare has implemented written policies and procedures that address the privacy and security of your Personal Information.  Outpost delivers privacy training to employees and contractors to ensure personal information is safeguarded and to mitigate operational risks.  All employees and contractors are legally bound to confidentiality. We do not store any data in any country, other than Canada. If the country we are operating in requires a copy of their data to be located within their country (Assuming Azure has a datacenter that supports it in their country), we will passively replicate our data to that datacenter using Azure’s GeoReplication feature.

Outpost Healthcare is committed to protecting and securing your data. However, there is no guarantee against data and security breaches. However, we have taken reasonable measures to prevent breaches. In the event of any such data breach, Outpost Health Corporation will notify users at the first reasonable opportunity of the circumstances surrounding the breach, and immediately apply available urgent counter measures.

USE OF YOUR CREDIT CARD
You may have to provide a credit card to buy products and services from our Platform. We use third-party billing services and have no control over them. We use commercially reasonable efforts to ensure that your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorized use. However, you understand and agree that we are in no way responsible for any misuse of your credit card number.  Payments are processed via a third party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Outpost does not store any credit card information within our systems.


TRANSFERRING PD FROM THE EUROPEAN UNION
PD that we collect from you may be stored, processed, and transferred among any countries in which we operate. The European Union has not found the United States and some other countries to have an adequate level of protection of PD under Article 45 of the GDPR. Our company relies on derogations for specific situations as defined in Article 49 of the GDPR. If you are a European Union customer or user, with your consent your PD may be transferred to the United States or other countries outside the European Union when you request information from us. When you buy goods or services from us, we will use your PD for the performance of a contract or to take steps to enter into a contract. Wherever we transfer, process, or store your PD, we will take reasonable steps to protect it. We will use the information we collect from you in accordance with our privacy notice. By using our Platform, services, or products you agree to the transfer of your PD described within this section.
                               
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to change this privacy notice at any time. If our company decides to change this privacy notice, we will post those changes on our Platform so that our users and customers are always aware of what information we collect, use, and disclose. If at any time we decide to disclose or use your PD in a method different from that specified at the time it was collected, we will provide advance notice by email sent to the email address on file in your account. Otherwise we will use and disclose our users’ and customers’ PD in agreement with the privacy notice in effect when the information was collected. In all cases your continued use of our Platform, services, and products after any change to this privacy notice will constitute your acceptance of such change. If you have questions about our privacy notice, please contact us through the information at the top of this privacy notice.


Copyright © Outpost Healthcare Corporation 2019. www.outpost.health