Last Revised: July 11, 2024
This privacy policy (the “PrivacyPolicy”) describes how MAPflow Inc. (“MAPflow”, “Company”, “we”,“us”, or “our”) collects, stores, uses, and distributes personalinformation, personal health information and data of Health Service Providers, their Patients, and any other individuals (collectively, “you” or “your”),in the course of accessing and using the Site, Platform, Materials, and/orServices, defined below.
MAPflow respects your privacy and is committed to keeping personal information and personal health information accurate, confidential and secure. As a Patient, when you receive a HealthService from your Health Service Provider, your privacy is the responsibility of that Health Service Provider. When your Health Service Provider accesses and uses the MAPflow Platform and Services to perform Health Services for you, theHealth Service Provider authorizes MAPflow to act as their affiliate for the purposes of electronic processing of relevant personal and health information you provide to the Health Service Provider, to the extent permitted by applicable law.
By accessing the Site or submitting information to us (either independently or through your Health ServiceProvider), you consent to the collection, use, and disclosure of your information by MAPflow for the provision of Health Services by your HealthService Provider in accordance with the Health Service Provider’s privacy policies, this Privacy Policy, and applicable privacy legislation. This PrivacyPolicy is intended to be subordinate to and supports the Health ServiceProvider’s privacy policies.
You are also deemed to have read and accepted the terms of the MAPflow WebsiteTerms of Use https://www.mapflow.ca/terms-of-use. In addition, when you use any current or future MAPflow Services, you will also be subject to the MAPflow Terms of Use Agreement or other agreement governing your use of our Services as applicable.
IF YOU DO NOT AGREE WITH OUR PRIVACY POLICY, YOU MUST NOT ACCESS OR USE THE PLATFORM AND/OR MATERIALS IN ANY CAPACITY, YOU MUST INSTRUCT YOUR HEALTH SERVICE PROVIDER IMMEDIATELY TO CEASE ACCESSING OR USING THE PLATFORM OR MAPFLOW’S SERVICES IN THE COURSE OF PROVIDING HEALTH SERVICES TO YOU, AND YOU MUST DISCONTINUE ALL USE OF THE PLATFORM AND SITE IMMEDIATELY.
For the purposes of this Privacy Policy:
The Health Service Provider is responsible for the privacy of Personal Information and Personal Health Information for their patients as the ‘health information custodian’, as such term or other similar designation is defined in any applicable provincial legislation. If you have an inquiry about the collection, use and disclosure of information by Health Service Providers, please contact them directly.
In accordance with the MAPflow Terms of UseAgreement (“Agreement”), Health Service Providers authorize MAPflow to act as an affiliate for the purposes of processing relevant PersonalInformation and Personal Health Information, including Patient Data, in order for Health Service Providers to perform Health Services. MAPflow shall ad hereto the privacy policies of the Health Service Provider and all applicable legislation in accordance with the Agreement and Privacy Policy.
This Privacy Policy applies to Patients receiving a Health Service by a Health Service Provider to the extent that it supports the Health Service Provider’s policies and clarifies MAPflow’s approach to safeguards and compliance in relation to this obligation. At all times, the Health Service Provider’s policies and related agreements and applicable legislation they are subject to take precedence to this Privacy Policy.
MAPflow has established policies and procedures to comply with this Privacy Policy and has designated a Privacy Officer as the contact person who is accountable for our compliance. The Privacy Officer’s contact information is contained at the end of this Privacy Policy.
MAPflow will identify the purposes for which Personal Information and Personal Health Information is collected at or before the time the information is collected. If MAPflow intends to use Personal Information and Personal Health Information for any other purpose, we will seek your consent, as required by law.
MAPflow will obtain consent before or when we collect, use, or disclose Personal Information and Personal Health Information about you, except where otherwise required or permitted by applicable privacy legislation. You can provide consent to the collection, use, and disclosure of Personal Information and Personal Health Information about you expressly, implicitly, or through an authorized representative, as required by applicable law. You can withdraw consent at any time, with certain exceptions, with your Health Service Provider or by contacting us at info@mapflow.ca.
You may also choose not to provide us with your Personal Information or Personal Health Information. However, if you make this choice, we may not be able to provide you with the Services you request.
BY PROVIDING PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION TO YOUR HEALTH SERVICE PROVIDER AND CONSENTING TO THE USE OF MAPFLOW AS PART OF RECEIVING A HEALTH SERVICE FROM THEM, YOU AUTHORIZE YOUR HEALTH SERVICE PROVIDER TO USE THE MAPFLOW PLATFORM AND SITE AND UPLOAD PATIENT DATA SPECIFIC TO YOU AND YOU AGREE THAT THE HEALTH SERVICE PROVIDER AND THEIR AFFILIATE(S), INCLUDING MAPFLOW, MAY COLLECT YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION AND YOU CONSENT TO THE USE, DISCLOSURE, AND TRANSFER OF YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION TO FACILITATE RECEIVING THIS SERVICE, IN ACCORDANCE WITH THE HEALTH SERVICE PROVIDER’S PRIVACY POLICIES AND AS PERMITTED OR REQUIRED BY LAW.
MAPflow collects Personal Information, including but not limited to, the following:
MAPflow collects Personal Health Information, including but not limited to, the following:
MAPflow collects Technical Information which includes information and data that is collected when you access our Platform and Site including usage details, login information, browser types and versions, time zone setting, browser plug-in types and versions, operating system, or information about your internet connection, the equipment you use to access our Platform and Site, and usage details. Technical Information also includes non-personal details about your Site and Platform interactions such as clickstream to, through and from our Site (including date and time), pages you viewed, searches you conducted, page response times, download errors, length of visits, page interaction information (scrolling, clicks, and mouse-overs), etc.
MAPflow also collects Non-Personal Information. This information can also include anonymous usage data that is non-identifying and aggregated data that has been de-identified or anonymized in accordance with our agreements with and in compliance with the policies of the Health Service Provider and applicable legislation they are subject to. THIS PRIVACY POLICY DOES NOT RESTRICT OUR USE OF NON-PERSONAL INFORMATION FOR ANY LEGITIMATE BUSINESS PURPOSE AND MAPFLOW RESERVES THE RIGHT TO USE NON-PERSONAL INFORMATION WITHOUT FURTHER NOTICE TO YOU OR CONSENT, IN ACCORDANCE WITH LAW.
MAPflow collects information in different ways, including:
As a Patient of a Health Service Provider, MAPflow will only use your Personal Information and Personal Health Information in the manner and for the purposes authorized and directed by the Health Service Provider as part of delivering the requested Health Services to you, in accordance with Health Service Provider’s privacy policies, our agreements with them, this Privacy Policy, and applicable legislation they are subject to.
With your consent, MAPflow uses PersonalInformation and Personal Health Information for the purposes of providingaccess to and enabling the use of the Platform and Site. When you voluntarilyprovide Personal Information and Personal Health Information, we use thisinformation in the following ways:
When you visit the Site, Platform, or send emails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by email or by posting notices on the Site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing. It is your responsibility to ensure you provide an up-to-date and accurate email address regarding electronic communications.
If you have opted-in to receive marketing communications from us, we may send you promotional offers from time to time. You may unsubscribe at any time by clicking the unsubscribe link at the bottom of the message. This prevents any promotional emails from being sent to you unless you explicitly request that we re-add you to a promotion list.
To the extent permitted by applicable law, we may disclose Personal Information and Personal Health Information that we collect, or you provide as Patient Data, as described in this Privacy Policy, with:
We may share aggregate or anonymized information, including Non-Personal Information, with service providers, business partners, and other third parties, to the extent permitted by applicable law, including but not limited to for the purposes of evaluating the Services, research and analytical purposes, marketing, etc. We take steps to keep Non-Personal Information from being associated with you and we require our partners to do the same.
The choice to provide Personal Information and Personal Health Information to your Health Service Provider is yours. If you do not wish for MAPflow to collect your Personal Information and Personal Health Information through the use of the Platform or Site, you can choose not to provide it. However, your decision to limit or withhold certain details may limit the Services that MAPflow is able to provide the Health Service Provider. However, it is at all times your decision to provide, withhold, or withdraw your consent for the use of your Personal Information and Personal Health Information.
MAPflow collects Personal Information and Personal Health Information only by fair and lawful means and only collects the necessary amount of information as required for the purposes of providing the Services and in accordance with this Privacy Policy.
MAPflow will use Personal Information and Personal Health Information only for the reasons as set out in this Privacy Policy. MAPflow will keep Personal Information and Personal Health Information only as long as necessary for the identified purposes and as required by law. MAPflow may share Personal Information and Personal Health Information to affiliates, subsidiaries, and other third parties only for the purposes of providing Services as set out in this Privacy Policy.
We take steps to ensure security and limit access to Personal Information and Personal Health Information, including contractual restrictions and training on confidentiality and privacy obligations.
We retain Personal Information and Personal Health Information only as long as your Health Service Provider directs us to, in accordance with the Health Service Provider’s policies, our agreements with them, this Privacy Policy, and applicable legislation they are subject to.
Currently, MAPflow or our third-party service providers retain, and store information collected by, or provided to, us in the cloud and on secure servers in Canada. Some of our third-party service providers may retain and store limited information outside of Canada in accordance with their respective privacy policies and as permitted by applicable data protection laws. While we undertake measures to protect Personal Information and Personal Health Information, when it is stored and/or processed in other jurisdictions, the laws of other countries may not provide the degree of protection for Personal Information and Personal Health Information that is available in Canada. You will be made aware of when and what information they are sharing outside of Canada and have the option not to share this information and engage these services.
Generally, if you are under the age of 16, your parent, a children’s aid society, or another person who is legally entitled to give consent on your behalf, will act as your Patient Representative. That person can consent to the collection, use or disclosure of your information, except in certain circumstances.
MAPflow does not knowingly collect or use any Personal Information and Personal Health Information from individuals under the age of 16 unless provided by the Health Service Provider with the consent of the Patient Representative in accordance with the terms of this Agreement.
If you are 16 or older and capable of consenting, only you can consent to the collection, use or disclosure of your Personal Health Information unless you have designated a Patient Representative.
Except as restricted by law, upon written request by you or an authorized representative, an individual will be informed of the existence, use, and disclosure of their Personal Information and Personal Health Information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and may request to have it amended.
MAPflow will keep Personal Information and Personal Health Information in its possession or control accurate, complete, current and relevant, based on the most recent information available to MAPflow. You are responsible for notifying MAPflow, directly or through your Health Service Provider, about the accuracy and completeness of your Personal Information and Personal Health Information and may have it amended as appropriate.
To make a request to access, examine, obtain a copy of, or to amend or update your Personal Information and Personal Health Information: You can submit a request in writing to MAPflow by sending an email to support@mapflow.ca or by contacting our Privacy Officer (details listed below).When making your request, please include all relevant details to help us identify your record in MAPflow’s control or possession. MAPflow shall make reasonable efforts to assist you and to respond to your request and MAPflow shall also provide an explanation of any term, code, or abbreviation used in the record.
The safety and privacy of Personal Information and Personal Health Information is our top priority. Personal Information and Personal Health Information will be protected by security safeguards appropriate to the nature and format of the information being stored through physical, electronic, and administrative measures. We strive to protect Personal Information and Personal Health Information from theft, loss, and unauthorized access, copying, modification, use, disclosure and disposal. We conduct audits and complete investigations to monitor and manage our privacy compliance. We ensure that all of our officers, directors, employees and agents protect your privacy and only use Personal Information and Personal Health Information for the purposes to which you have consented.
We may transfer Personal Information and Personal Health Information that we collect or that Health Service Provider’s provide as Patient Data as described in this Privacy Policy to contractors, service providers, and other third parties we use to support our business purposes and who are contractually obligated to keep Personal Information and Personal Health Information confidential, use it only for the purposes for which we disclose it to them, and to process the Personal Information and Personal Health Information with the same standards set out in this policy.
There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, electronic, or administrative safeguards. We follow all privacy and security requirements as outlined in legislation. By sharing your Personal Information and Personal Health Information with us, you acknowledge that your Personal Information and Personal Health Information may be at risk should an external party breach our systems. As required by law, we will inform you of any breaches which would create a reasonable risk of harm to you. We will take reasonable steps to mitigate such risks and to prevent them from occurring again in the future.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY IN CONNECTION WITH YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION.
A Data Incident involves an unauthorized access, use, or disclosure of Personal Information and Personal Health Information, loss of Personal Information and Personal Health Information, or other breach in the protection of your Personal Information and Personal Health Information. In the event of a Data Incident, we will investigate to assess whether the incident poses a risk of serious injury to you. In these circumstances, you will be notified at the first reasonable opportunity or as otherwise required by law.
We will readily make available specific information about our policies and practices related to the management of Personal Information and Personal Health Information. Individuals will have access to this information through this Privacy Policy or by contacting our Privacy Officer. The information will be available in a format that is easy to understand.
It is our policy to post any changes we make to our Privacy Policy on this page. We include the date the Privacy Policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Site and this Privacy Policy to check for any changes. Your continued use or access of the Platform or Services after the effective date signifies your acceptance of and agreement to any changes.
We welcome your questions, comments, and requests regarding your Personal Information, Personal Health Information, this Privacy Policy and our privacy practices.
You may contact us as follows:
Andrea Edginton
Privacy Officer
support@mapflow.ca
If you feel we have not met our legal obligations under this policy or applicable privacy laws, please contact our Privacy Officer.
If you are not satisfied with the resolution that we have provided, the Commissioner can be reached as follows:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec
K1A 1H3
Canada
Toll-free: 1-800-282-1376
Phone: (819) 994-5444
Fax: (819) 994-5424
TTY: (819) 994-6591
Provincial Offices can be contacted as follows:
Alberta:
Office of the Information and Privacy Commissioner of Alberta
Email: privacy@gov.ab.ca
Phone: 1-888-878-4044
Website: www.oipc.ab.ca
British Columbia:
Office of the Information and Privacy Commissioner for British Columbia
Email: info@oipc.bc.ca
Phone: 1-250-387-5629
Website: www.oipc.bc.ca
New Brunswick:
Office of the Ombud NB
Email: ombud@ombudnb.ca
Phone: 1-888-465-1100
Website: https://ombudnb.ca
Nova Scotia:
Office of the Information and Privacy Commissioner Nova Scotia
Email: privacy@novascotia.ca
Phone: 1-844-424-2985
Website: https://oipc.novascotia.ca/
Ontario:
Information and Privacy Commissioner of Ontario
Email: info@ipc.on.ca
Phone: 1-800-387-0073
Website: www.ipc.on.ca
Prince Edward Island (PEI):
Information and Privacy Commissioner
Email: infoprivacy@assembly.pe.ca
Phone: 902-368-4099
Website: www.assembly.pe.ca