NAVA MedQ Privacy Policy

 

1. Definitions:

“NAVA” “we”, “our” or “us” refers to NAVA Technologies Inc., employees, subcontractors and any affiliate or agent of NAVA Technologies Inc.

“You” or “Your”: refers to any person who uses the Application.

Application refers to the web applications commercialized by NAVA, including web applications commercialized directly by Health Care Provider under their own brand available at various subdomains under the domain navamedq.ca and the native applications commercialized by NAVA, including application branded by Health Care Providers specifically designed for Android Tablets, and for android and iOS smartphone devices.

collection refers to the act of gathering, acquiring, recording, or obtaining Personal Information from any source, by any means.

consent refers to the voluntary agreement to the collection, use, and disclosure of Personal Information for defined purposes. Consent can be express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically, or in writing. Implied consent can be reasonably inferred from an individual’s action or inaction.

End User refers to either the Patient who books an appointment with a Health Care Provider using the Application, or an individual acting on behalf of a Health Care Provider who operates the Application on a computer.

Health Care Provider refers to a medical practice or organization in its entirety, or any physician, nurse, or health care administrator who owns or works for a medical practice or organisation.

Patient refers to a person seeking to utilise the Application or Website for the purpose of booking an appointment, or the individual representing the Patient, such as a parent, guardian, or carer.

Personal Information refers to information about an identifiable individual that is recorded in any form. Personal Information does not include aggregate information that cannot be associated with a specific individual.

Privacy Officer refers to the person within NAVA Technologies Inc., who is responsible for ensuring compliance with privacy obligations, including this policy, with respect to the collection, use, disclosure, and handling of Personal Information by NAVA Technologies Inc., its employees, contractors, officers and authorized agents.

Sensitive Information refers to the health information about an individual.

Website refers to our website available at the domain www.navamedq.ca presenting our products and services, excluding the Application.

2. Your consent to use our services:

Protecting your security and privacy is very important to us. If you have any questions, concerns, or have any issues related to privacy and security, please contact us at security@navatech.ca

NAVA Technologies Inc., is the owner and operator of the Application and provides access to End Users on the terms and conditions contained in this document and should be understood in conjunction with our end user license agreement.

At NAVA, we take privacy seriously. We take great care to protect our customers’ privacy by following, in letter and spirit, the guidance provided by the Act respecting the protection of personal information in the private sector overseen by the “Commission de l’accès à l’information” and the Personal Information Protection and Electronic Document Act (PIPEDA) overseen by The Office of the Privacy Commissioner of Canada.

We collect Personal Information about our End Users at various points through our Application that are detailed below. This privacy policy outlines how we treat Personal Information specifically related to the use of the Application.

We encourage you to read this policy before using our services through our Application. By using the Application, you agree to the terms and conditions of this policy. If you do not agree with our practices as described in this policy, please do not use the Application or visit the Website.

3. Purpose of collecting and limiting the use of Personal Information:

We limit the collection of Personal Information to that which is necessary for purposes identified by us as described below.

In order to use our Application to book an appointment with a Health Care Provider, a Patient must first complete the registration form. Using the details you provide us during this registration process, we can . The information we may ask you to provide includes your name, e-mail address, mobile number, and your healthcare card number and its expiry date.

The information collected at the time of registration will also be used to contact you about the services offered by our Application in which you have expressed interest. The Health Care Providers affiliated with NAVA MedQ, may use our services to contact you regarding their services, products, or information related to the patient care. To learn more, you can refer to the end user terms and agreement of the Health Care Provider.

We use your information for the following purposes:

  • Verify your identity and match your information with information on your Health Care Provider’s system database
  • To provide updates to your Personal Information held by Health Care Providers;
  • To send appointment confirmation and appointment reminder notifications;
  • To provide you with the services, products, or information that you have requested from our Application;
  • To create your account, following your registration with us;
  • To provide you with technical support;
  • To inform you of updates to the Application;
  • To gather feedback from you, for the purposes of improving our services;
  • To contact you when required;
  • To compile anonymous statistical demographic information on the use of our system;
  • Send you news about our products and services in order to advise you of changes or tips for better use. You can unsubscribe or opt out of the receipt of these updates at any time.

While we do not send unsolicited e-mail or SMS messages, we do get in touch with you about information related to the services we provide related to the appointments that you have made using our Application or by the Health Care Provider for you. In addition to e-mail and SMS messages, users will also receive in phone notification on their Android and iOS smartphone using our Application.

4. Information Collected through the Application

We gather three basic types of information through the Application:

Personal Information (Patients): We do not collect Personal Information automatically when you visit our Website unless you have an account in the Application. We collect Personal Information from you when you voluntarily provide it to us – for example, when you contact us, through the Application, to book appointments with a medical practitioner or walk-in medical clinics and to track your appointments.

Health Care Providers may use the Application to store and manage Personal Information about Patients. Personal Information collected from Health Care Providers is under their control and is used by us in accordance with our agreements with Health Care Providers.

Personal Information collected by NAVA may include :

  • Your contact information, such as your name and the name of your dependent, mobile number, e-mail address;
  • Healthcare card number and expiration date, which we only collect if you wish to use our service for making and managing your appointments made available through the Application;
  • Details about your appointments with Health Care Providers, such as date, time, type of appointment, cancellation, no shows;
  • Notes from Health Care Providers about your appointment;

From time to time, your Health Care Provider may ask you for sensitive health information, when you make an appointment, in order to understand and evaluate your health condition and determine its urgency. On some occasions, you may be providing Sensitive Information voluntarily at the time of booking or requesting an appointment. Providing such information is not mandatory and is optional through our Application, as we focus on limiting the collection of information related to only booking and managing appointments with a Health Care Provider.

Personal Information (Health Care Providers): We collect the following information about physicians and other medical and paramedical practitioners: (1) Name (2) Email (3) Phone number (3) Picture for profile page (4) Specialization (3) Practice information (4) Languages Spoken (5) Gender (6) Hospital affiliations (7) Educational Background (8) Services provided (9) Working hours. We also collect the name, e-mail, phone number, and profile picture of the clinic’s administrative staff. In addition, we collect information about the medical facility, such as facility name, address, and hours of operation. Information about the practitioners and medical facility is shared with the patients to check the services offered and to book appointments with physicians.

When it is strictly necessary, we may also collect Personal Information from our Partners and other sources with whom we integrate our services to synchronize patient appointments and profiles, with the consent of the individual and facility.

Aggregate Information: When you visit and interact with the Application or the Website, we may collect anonymous aggregate information from server log files and cookies.

  • Server Log Files: Your Internet Protocol (IP) address is an identifying number that is automatically assigned to your computer by your Internet Service Provider (ISP). This number is identified and logged automatically in our server log files whenever you use the Application, or visit the website, along with the time(s) of your visit(s) and the page(s) that you visited. We use the IP addresses of all visitors to calculate Website and Application usage levels, to help diagnose problems with the website’s servers, and to administer the website. We may also use IP addresses to communicate or to block access by visitors who fail to comply with our Terms of Service. Collecting IP addresses is standard practice on the Internet and is carried out automatically by many web sites.
  • Cookies: Cookies are data that a web server transfers to an individual’s computer for record keeping purposes. We use operating cookies that allow us to keep your session active and analytics cookies supplied by the Google Analytics service. We do not provide Personal Information to Google Analytics other than IP addresses and clickthrough data (pages visited, duration of sessions). If you do not want information collected through the use of cookies, there are simple procedures in most browsers that allow you to delete existing cookies, to automatically decline cookies, or to be given the choice of declining or accepting the transfer of particular cookies to your computer. You should note, however, that declining cookies may make it difficult or impossible for you to use portions of the Application.

5. Use of Information Gathered through the Application

We may use your Personal Information for the following purposes.

  • Provision of Service and Communications (Patients): Through the information, you provide us, we will be able to (1) send appointment confirmation and appointment reminders notifications; (2) provide the service, products, or information that you have requested from our application; (3) create an account for you if you registered with us; (4) provide optimal administrative and support services; (5) inform you of updates to the software; (6) evaluate and improve our services; (7) contact you when required; (8) encourage users and visitors to contact us with questions and comments; (9) respond to your questions and comments.
  • Provision of Service and Communications (Health Care Providers): Through the information you provide us, we will be able to (1) create an account for you and manage multi-clinic access; (2) send alerts about appointment cancellation;(3) provide optimal administrative and support services; (4) provide the service, products, or information that you have requested from our application; (5) inform you of updates to the software; (6) evaluate and improve our services; (7) contact you when required; (8) to contact us with questions and comments; (9) respond to your questions and comments.
  • Business Purposes: We may collect certain data that do not contain Personal Information for internal business purposes etc. for analysis and management of our operations to develop new features, improve our product and services to better serve you.
  • Transactions: We facilitate the completion of transaction between Patients and Health Care Providers using third party payment processing service providers (Stripe™ and Square™). Your credit card information is not stored on our server and we do not process any transaction ourselves. All payments will be securely processed, using a third-party payment gateway. These service providers use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information.

6. Disclosure:

We will make reasonable efforts to ensure that we only collect and receive information that is necessary for the purposes identified, and we ensure that the data is used only for the purpose for which it was obtained.

We do not use or disclose personal information for purposes other than those for which it is collected, except with the consent of the concerned individual or as required by law. We retain personal information only as long as necessary for the fulfillment of these purposes, or as required by law.

We may disclose Personal Information as follows :

  • With our employees who need to know in the performance of their duties and undertake to treat Personal Information in accordance with this policy.
  • With Health Care Providers, where a Health Care Provider has provided Personal Information about you or if you used the Application to book or manage medical appointment with such Health Care Provider.
  • With service providers retained by us in order to assist us in our business obligations, provided that the third party commits to protecting personal information in accordance with this policy. At this time, we share Personal Information with the following service providers:
Service Provider Purpose Userful Links
Amazon Web Services AWS hosts all data used in the operation of the Application and backups. Privacy Notice

https://aws.amazon.com/privacy/

AWS Service Terms

https://aws.amazon.com/agreement/

 

 

Twilio Twilio facilitates automated communication with Patients.

Twilio receives contact information (email, phone number) and information about appointments where included in messages.

Privacy Statement :

https://www.twilio.com/legal/privacy

Data Protection Addendum

https://www.twilio.com/legal/data-protection-addendum

 

 

  • With a person who, in our reasonable judgment, based on identification provided, is seeking the information as an agent of a Health Care Provider entitled to receive such information;
  • Where you explicitly consent to such disclosure
  • To comply with any legal obligation that requires or permits the disclosure of personal information (for example, in the context of an investigation of the contravention of a law)

Only our employees with a business-related need to know, or whose duties reasonably so require, are granted access to Personal Information about customers.

All information you provide us, through support calls or e-mails, will only be available to the NAVA team responsible for providing the services requested. Once the issue has been addressed, the support ticket will be closed, and information archived.

We do not and will not sell any Personal Information to third parties for marketing or any other commercial purposes.

In the event that the sale or restructuring of all or part of our business is envisioned, we may disclose collected Personal Information to the persons or organizations involved before and after the transaction, whether or not it takes place. In such a case, these persons or organizations will undertake to keep disclosed Personal Information confidential and to use the same exclusively in order to evaluate the feasibility or the opportunity of the proposed transaction as well as in accordance with this policy.

7. Access and Correction Rights

We make reasonable efforts to keep Personal Information as accurate, complete, and up to date as is necessary to fulfil the purposes for which the information is to be used.

We rely upon the Health Care Providers to keep your Personal Information up to date and or you to ensure the accuracy of the Personal Information that you provide us at time registration to the Application. You may review the information you have provided and update Personal Information by accessing the profile page from the setting menu of the Application. Any modification to your Personal Information recorded by a Health Care Provider affiliated with NAVA will entail a modification in our records and in the records of all other Health Cara Providers affiliated with NAVA.

If you are registered with the Application, you can contact us at contact@navatech.ca for help with the following scenarios:

  • Request access to the information that NAVA Application has on you.
  • Request correction to the information that we have on you.

In the above cases, to provide the necessary support, we will have to verify your identity by asking to confirm some personal information and authenticate your account.

If you are not registered to the Application, you can contact your Health Care Provider to request correction to your Personal Information that is in the Health Provider system.

NAVA believes privacy is a fundamental human right, so the “Nava Website and Application” is designed to centralize, minimize the collection and use of data and provide transparency and control over the information of the user and his clients. However, if you believe that we have violated any of your rights, you can reach out to us and let us know how we can rectify the problem.

8. Retention and Destruction:

We retain Personal Information only as long as it is deemed necessary to fulfil the identified purposes for which the information was collected, that is to say for (i) as long as your account is active, (ii) as long as a Health Care Provider uses the Application to manage your Personal Information, or (iii) otherwise for a limited period of time as long as we need to fulfill the purposes for which we have initially collected it, unless otherwise required by law.

Personal Information no longer necessary or relevant for the identified purposes, or no longer required to be retained by law, shall be securely destroyed, erased, or made anonymous.

We shall maintain reasonable and systematic controls, schedules, and practices for such information, its retention and destruction.

9. Security Safeguards

9.1 How We Protect Your Information

We protect Personal Information with security safeguards appropriate to the sensitivity of the information.

With the use of appropriate physical, administrative, and technical security measures, we protect Personal Information against a variety of risks, such as, loss, theft, unauthorized access, disclosure, copying, use, modification, or destruction of such information.

We use commercially reasonable efforts to ensure the protection of Personal Information that we disclose to third parties. For example, contracts with third parties’ stipulate responsibilities to protect Personal Information and only use it for specific purposes.

The measures that we take towards ensuring the protection of Personal Information include the encryption of our database. All communication from our Application to our servers use SSL encryption. In addition, your user session expires periodically requiring you to re-login. We don’t store user passwords in clear text on our servers.

All our employees with access to Personal Information shall be required, as a condition of employment, to respect the privacy of Personal Information accessible to them. All employees are required to sign an agreement including provisions regarding the safeguarding of Personal Information upon hire, and annually thereafter.

As described above, we have security measures and tools in place to help protect against the loss, misuse, and alteration of the information under our control. However, no method of transmitting or storing data is completely secure. If you have reason to believe that your interaction with us is no longer secure, or that the security of your account with us has been compromised, you must immediately notify us of the problem by contacting us at security@navatech.ca

9.2 How We Store and Process Your Information 

The information collected by NAVA is processed and/or stored in Canada. NAVA will not transfer information that we collect, including personally identifiable information, to affiliated entities, or to other third parties across borders.

Personal information is hosted by our hosting provider, Amazon Web Services on servers located in Canada. Information about security measures in place at AWS may be found here : https://aws.amazon.com/fr/security/. Information specify to privacy compliance may be found here : https://aws.amazon.com/fr/compliance/data-privacy-faq/?nc=sn&loc=4.

10. Other Important Notes regarding our Privacy Policies and Practices

  • Children: We advise that all Personal Information on users below the age of eighteen (18) be provided by a parent or legal guardian.
  • Other Third Party Websites or Applications: The Application may integrate with software provided by third party service providers used by Health Care Providers. This third-party software is not under our control and we are not responsible for their working functions or maintenance and privacy practices or contents, including for their third party to other websites.
  • Choice: We do not disclose your Personal Information to third parties, including to our affiliates, for marketing purposes. However, from time to time, we will occasionally send you e-mails or other information that match your requests and offer you promotions of our services. If, at any time, you wish to stop receiving these e-mail communications from us, you may select the unsubscribe feature in the e-mails you received.

11. Openness Concerning Policies and Practices

We make readily available, specific information about our Personal Information management policies and practices to our customers and the public upon request.

This information includes:

  • the name and contact email of the Privacy Officer to whom inquiries or complaints can be forwarded;
  • the means of gaining access to Personal Information that we hold;
  • a description of the type of Personal Information that we hold, including a general account of its use and disclosure;
  • a copy of any brochures or other information that explains our policies or information handling practices.

We make information available to help customers exercise choices regarding the use and disclosure of their Personal Information.

12. Challenging Compliance

A customer shall address a challenge concerning our compliance with the principles set out in this privacy policy to the Privacy Officer.

We maintain procedures for addressing and responding to all inquiries and complaints by customers with regard to our handling of Personal Information.

For more information, please contact: Privacy Officer, NAVA Technologies Inc. at sundar@navatech.ca

13. Changes of this Policy

We reserve the right to amend this policy, and any of our policies or procedures concerning the treatment of information collected through the Application . You can determine when this policy was last updated by referring to the “Last Updated” legend at the bottom of this page. Any changes to our policy will become effective upon the posting of the revised policy on the Website. Use of the website following such changes constitutes your acceptance of the revised policy.

If you have an account and provided an email address, we will inform you in advance of any change to this policy. We will not use your Personal Information for new purposes without your prior consent.

This policy represents the sole, authorized statement of our practices with respect to the collection of Personal Information through the Application, and our use of such information. Any summaries of this policy generated by third party software or otherwise shall have no legal effect, do not bind us, shall not be relied upon to substitute this policy, and will neither supersede not modify this policy.

14. Opt-Out and Closing Your Account

You may unsubscribe at any time from e-mail, SMS or in-phone App notifications. To unsubscribe from email, you may simply click on the unsubscribe link in the e-mail message. To unsubscribe from SMS notifications, reply with the text “STOP” to the message. You may turn off in-phone App notifications by simply accessing the Settings section in the Application menu.

You can close your NAVA Application account at any time from your mobile device accessing the Settings section in the Application menu. However, this action will not remove your Patient file that is managed by you Health Care Provider using NAVA system. If you have any question regarding your Patient file, please contact directly your Health Care Provider.

After closing your NAVA Application account, if you have not opted out from e-mail and SMS notifications, you may continue to receive appointment confirmation and reminder notifications for the appointments you have with the Health Care Provider. You can opt-out of e-mail and SMS notification following the instruction we have provided here, or you may request the Health Care Provider to turn off the notifications for you.

Note that NAVA may not be able to delete any deidentified data on you. This is data that has been dissociated from your identity and that is used for quality improvement or analytical purposes. Once this data has been deidentified, it may no longer be possible to determine which user it came from.

15. More Information

NAVA Application adheres to the standards of information privacy and security set forth by Canada Health Infoway (Privacy and Security Requirements and Considerations for Digital Health Solutions, version 2.0 – https://www.infoway-inforoute.ca/en/component/edocman/resources/technical-documents/architecture/2154-privacy-and-security-requirements-and-considerations-for-digital-health-solutions)

NAVA Application respects the laws that relate to privacy rights in Canada and Quebec: Personal Information Protection and Electronic Documents Act (PIPEDA) (http://laws-lois.justice.gc.ca/eng/acts/P-8.6/) and P-39.1 – Act respecting the protection of personal information in the private sector (http://legisquebec.gouv.qc.ca/en/ShowDoc/cs/P-39.1).

16. Contacts

If you have any questions regarding this Privacy Policy, please contact our Data Privacy Officer, Sundar Krishnan, by the following methods:

By Email: sundar@navatech.ca

Last change: August 5th, 2020

Changes since last revision (March 1st, 2017):

  • Purpose of collecting and limiting the use of Personal Information: Health Care Provider affiliated with NAVA MedQ, may use our services to contact you regarding their services, products, or information related to the patient care.
  • Changes of this policy: Correction on the location of the last revision date