Last updated: 2 June 2020
Personal Information shall include information about an identifiable individual (also referred to as ‘user’).
Personal Health Information shall include identifying information about an individual in oral or recorded form, if the information:
a) relates to the past, present or future physical or mental health of the individual, including information that consists of the health history of the individual’s family,
b) relates to the providing of health care or health services to the individual, including the identification of a person as a provider of health care to the individual,
c) is collected in the course of providing health services,
d) relates to the past, present or future payment, eligibility, or coverage of health care, or
e) if applicable, other provisions for personal health information as defined by the Personal Health Information Act (Ontario), the Health Information Act (Saskatchewan) and the Health Insurance Portability and Accountability Act (HIPAA, United States).
For purposes of this policy, Personal Information shall not include information about TryCycle Data Systems employees in such employees’ capacity as employees of TryCycle Data Systems.
It is the policy of TryCycle Data Systems to keep any information gathered through the use of our systems secure. As such, user information is not disclosed or shared to unauthorized third parties except as allowed by law and described herein.
2. Personal and Personal Health Information
Information that is collected by TryCycle Data Systems includes the following:
Personal information: Information that personally identifies the user such as name, emails, phone numbers, address, race, gender, marital status, date of birth, and primary diagnosis. This will also include other personally identifiable information that the user may choose to add to the user account profile. In addition, the user will actively enter information into the System, including real-time behavioral input and free-form text entries (“Data”). The user will actively decide what to enter in these cases. There is no mechanism for users to edit, alter or delete their individual data after it has been submitted to TryCycle.
Location: The system collects location data from sources such as GPS, Wi-Fi and cell towers when the App is in use. Location data is only collected with consent, which may be withdrawn by the user at any time. We may also collect Accelerometer samples, Wi-Fi network IDs, and other activity data that is personally identifiable.
Information from your device: The mobile device makes available information about the operating system, device identifier, carrier, language, battery performance, and network connections. In addition, most operating systems collect and make available health and fitness information shared by the user and other health and fitness applications. These can include:
- Activity. These fitness data characterize the physical activity of the user: the steps taken are being combined with information obtained from other activity tracker apps and allow an objective result.
- Mindfulness. In this case, the Health application collects all the data and shows how much time the user has devoted to a mindfulness practice.
- Sleep. Many applications store user sleep data - information is received from several sources (many devices have a "Sleep Mode" and third-party fitness gadgets and accessories).
- Nutrition. There will be information from third-party food control applications and popular healthcare platforms that track total calories, kinds of food, micronutrient totals, and hydration levels.
- Other important data. Many apps allow users to store health fitness data relating to other indicators including heart rate, fitness analysis, reproductive health, etc.
Other services: The TryCycle platform may also use information drawn from third-party services like Twitter, Facebook, LinkedIn, etc., to provide additional sources of data that can be analyzed to provide additional feedback and insights for medical providers. Permission to draw from these sources is opt-in only, and may be withdrawn at any time by communicating with your healthcare provider.
In addition to the personal information collected by the application, healthcare providers may record interactions, test results, evaluations, and notes consistent with treatment. By virtue of agreeing to use this application, you agree that your chosen healthcare providers are authorized to disclose Personal Information to us. We make every reasonable effort to keep your Personal Information as accurate, complete and up-to-date as necessary. If desired, you may verify the accuracy and completeness of your Personal Information in our records.
Some of the user’s Personal and Personal Health Information is disclosed to other users of the application, including the user’s Physician(s) and other Health Care Provider(s), individuals and companies managing those Physicians and Health Care Professionals, insurance companies, and TryCycle Data Systems administrative and technology staff.
3. Collection, Use and Disclosure of Personal and Personal Health Information
TryCycle Data Systems uses and discloses Personal and Personal Health Information for purposes consistent with such Personal Information’s collection. For example, TryCycle Data Systems shall be allowed to collect, use and disclose Personal Information in a manner that is consistent with providing the services contemplated by the use of TryCycle Data Systems’ mobile application and clinical portal.
Access to private, sensitive and confidential information, including user’s Personal Information, is restricted to authorized employees with legitimate business reasons. We require all of our employees to abide by TryCycle Data Systems’ privacy standards. Our employees understand the importance of keeping your information private. For this reason, our employees are required to agree to a confidentiality agreement that prohibits the disclosure of any user information to unauthorized parties.
Employees are strictly prohibited from accessing or disclosing Personal Information without authorization. All employees are expected to maintain the confidentiality of Personal Information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.
TryCycle Data Systems will never rent or sell the personal information or personal health information it collects.
TryCycle Data Systems uses third-party service providers to host servers in Canada and the United States. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to TryCycle Data Systems, but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.
The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.
Your Personal Information may be disclosed in situations where we are legally permitted to do so, such as in the course of employing reasonable and legal methods to enforce your rights or to investigate suspicion of unlawful activities. We may release certain Personal Information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.
Should TryCycle Data Systems conduct market or product research, it will never use Personal nor Personal Health Information; rather, it would fully anonymize information, meaning that it would render it unlikely to be traced back to an individual.
4. Usage and Aggregate Data
TryCycle Data Systems collects usage information from users of our services. The purpose of this collection is to understand how individuals access and utilize features and services in order to enhance and optimize our products and applications. Usage information and data could include, but is not limited to, the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of notification messages sent or received, and times at which the application was accessed and utilized. In addition, TryCycle Data Systems will collect aggregate data about a group or category of services or users. This information, as well as the Personal Information collected, enables TryCycle Data Systems to analyze trends, administer TryCycle Data Systems’ services and products, troubleshoot, enhance, and improve TryCycle Data Systems’ products and services.
TryCycle Data Systems maintains the right to inform our users about any change that may affect information collected or stored. We may be required to comply with a court order or governmental regulatory requirement or disclose information in connection to legal proceedings. If required to do so, we will make every effort to notify the relevant parties about the proceedings.
TryCycle Data Systems reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.
5. Data Retention
TryCycle Data Systems reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law.
TryCycle Data Systems processes and stores the user’s messages, logs, contact data, and other related information in order to provide TryCycle Data Systems’ services to the user. Data will be stored indefinitely in a secure and private manner or deleted as per direction from the user as allowable by operational needs and relevant law. TryCycle Data Systems maintains security/privacy policies and procedures to ensure every step is taken to maintain the integrity of the data in our care, including the encryption of all personal information while in transit or at rest.
6. Control of User Data
TryCycle Data Systems takes reasonable steps to protect information collected from users to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.
TryCycle Data Systems has appointed a Designated Privacy Contact who acts as Chief Privacy Officer (CPO) responsible for information system monitoring and information security policy and procedure management. The CPO is responsible for compliance with TryCycle Data Systems’s privacy program including,
- Undertaking privacy impact assessment and threat and risk assessments on a regular basis;
- Adopting policies and procedures on the basis of privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.
TryCycle Data Systems’ users may access their Personal Information by communicating directly with their provider. However, should they require further assistance in coordinating with their provider, by contacting our CPO. Our CPO’s contact information can be found below.
Safeguard measures to ensure authorized access include: the use of a username and a password for authentication. Every user must keep their password and username safe and make sure that any person who has access to view such private information is permitted to do so. Users must contact TryCycle Data Systems immediately if the user believes their password has been compromised or misused.
TryCycle Data Systems stores all Personal and Personal Health Information from Canadian residents with either Microsoft Azure or IBM Cloud within Canada; Personal and Personal Health Information from U.S. residents is also stored with either Microsoft Azure or IBM Cloud, but at a data center located in the United States. These two service providers are responsible for the hosting and security of all servers, databases and applications in the secure cloud. Microsoft Azure and IBM Cloud are certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the Standard also includes the right to audit Microsoft and/or IBM for compliance.
TryCycle Data Systems relies on consent for the collection, use and disclosure of PHI and their execution of consent directives on behalf of users. Users may withdraw their consent at any time; however, be aware that withdrawal of consent may result in our inability to offer you our Services.
If TryCycle Data Systems use of information changes in ways not identified in this Privacy Statement, we will notify you and obtain your express consent as required under applicable privacy laws.
8. Governing Law
9. OCAP Principles
For users in First Nations Communities, TryCycle Data Systems works with community leaders to ensure compliance with the First Nations Principles of OPAC. These are:
- Ownership: referring to the relationship of First Nations to their cultural knowledge, data, and information.
- Control: affirming that First Nations, their communities, and representative bodies are within their rights in seeking control over all aspects of research and information management processes that impact them.
- Access: referring to the fact that First Nations must have access to information and data about themselves and their communities regardless of where it is held.
- Possession: referring to the physical control of data.
10. Contacting TryCycle Data Systems
Users may contact our CPO to make enquiries on our privacy practices or to the accuracy of their personally identifiable information and to request the update, correction or deletion of such information or account should they wish to do so. To protect vulnerable populations, TryCycle Data Systems reserves the right to verify communications, including with healthcare providers, before taking action. Any query, comments or concerns can be sent to us by email at firstname.lastname@example.org or by mail at the following address:
TryCycle Data Systems
University of Connecticut
Technology Incubation Program Building
400 Farmington Ave
Farmington, CT 06032
TryCycle Data Systems
1296 Carling Ave
Ottawa, ON K1Z 7K8