Dialogue Technologies Inc. (“Dialogue”, “we”, “us” or “our”) is a secure telemedicine platform (the “Platform”) that allows users to directly access quality healthcare services via on-demand telemedicine consultations with healthcare professionals (“Consultation”) through our mobile application (the “App”).
For the purposes of this Policy, “personal information” means information about an identifiable individual. “Personal health information” or “PHI” means information about an identifiable individual that relates to the individual’s physical or mental health, including name of patient, birthday, medical history, medical treatment, medical test results, medication list, and health number. PHI may be found in medical records, treatment and examination notes and communications between patients and their healthcare professionals.
Dialogue will collect personal information and PHI from you when you access and use our App, the Platform, the website www.dialogue.co (the “Website”) or our other software products (collectively referred to as the “Services”).
We take the privacy of our users seriously and are committed to safeguarding your personal information and PHI. If you have any questions about the Policy or our privacy practices, please contact our Designated Privacy Contact with your questions at firstname.lastname@example.org.
1. Our Commitments
- Dialogue will never collect, use or disclose your personal information or PHI without your consent.
- Dialogue will never rent or sell the personal information or PHI that we collect.
- Dialogue has implemented industry standard physical, administrative and technological safeguards to protect personal information and PHI from unauthorized access.
- Dialogue complies with applicable privacy and personal health information legislation where it operates, including the Personal Information Protection and Electronic Documents Act, the Act respecting the protection of personal information in the private sector (Quebec) and the Personal Health Information Protection Act (Ontario).
2. Information We Collect and Store
Dialogue will collect the following information from you when you register for an account with Dialogue (“Account”) or use the Services:
Registration and Health Information
When you register for an Account, we will collect identification and contact information, such as name, email address, mailing address and demographic information.
When you use the Platform, we will collect and store personal health information, such as symptoms, medical history, appointment history, diagnosis and treatment information.
When you make or receive a payment through our Services, we will collect and use your credit card or banking information or other financial data in order to process the payment.
Log and Website Information
When you access and use the Services, we may automatically collect certain technical information about your visit, including the date, time, browser type, your internet service provider, your IP address, device information (including device identifiers), geo-location information, computer and network performance data, the URL that you are coming from and your navigation history in order to customize and personalize your experience on the Services, improve our Services and for statistical research purposes.
Information from Consultations
Dialogue does not record or store recordings of Consultations. Data obtained from Consultations will be anonymized and de-identified before being analyzed and used by Dialogue for product development and research purposes.
3. Use and Disclosure of Your Information
Consultations and Healthcare Services
We will use the personal information and PHI that we collect from you to schedule, administer and personalize your Consultations, update your patient record and to provide you with healthcare services.
We may disclose your personal information, including PHI to third-party healthcare professionals involved in providing you with healthcare services, such as a physician, specialist, pharmacist, nutritionist or lab technician. We will only disclose your personal information to a third-party healthcare professional, not associated with Dialogue, after obtaining your consent to the disclosure.
Only healthcare professionals involved in providing you with healthcare services can access your information.
Access to your information is logged and regular audits are made in order to ensure that any access is authorized and that information is only accessed on a ‘need to know’ basis.
We may use your personal information to verify your identity and the information that you provide to us, to communicate with you about our Services and your Account and to provide you with technical support.
Third-Party Service Providers
We may transfer your personal information, including PHI to a third-party service provider for processing and storage. Whenever we engage a third-party service provider, we ensure that the information is properly safeguarded at all times at a comparable level of protection the information would have received if it had not been transferred.
We may use your personal information to detect, investigate, address and prevent fraudulent or illegal activities. We reserve the right to disclose your personal information as required by law, when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal process served on us and to defend against legal claims.
These situations may include, but are not limited to, disclosing potentially life saving information during medical emergencies and reporting infectious diseases or fitness to drive.
We may disclose and share your personal information to explore and/or undertake a corporate transaction, including a merger, acquisition, amalgamation, IPO, reorganization or sale of Dialogue. Your personal information relevant to the transaction, such as billing information, can be used and disclosed solely for the purposes related to the transaction and will be protected by security safeguards appropriate to the sensitivity of the information.
Your PHI will not be disclosed and will remain confidential.
4. Patient Rights
Accessing the PHI held by Dialogue
You have the right to access your patient record. If you request a copy of your patient record, it will be provided to you, subject to a reasonable fee. You can request access to your patient record by contacting us at email@example.com.
Limitations on access
You may be temporarily denied access to your patient record if providing access would create a significant risk to your health. You will also be denied access to your patient record where disclosure would be likely to reveal personal information about a third person or the existence of such information and the disclosure may seriously harm that third person, unless the third person consents or in the case of an emergency that threatens the life, health or safety of the person concerned.
We use reasonable means to ensure that information in your patient record is accurate. If you identify any inaccuracies, you can request that a note be made on the file with the inaccurate information.
You can withdraw your consent to the further use or disclosure of your personal health information by Dialogue, except where the use or disclosure of the information is authorized by law. Please contact us at firstname.lastname@example.org if you wish to withdraw your consent. You will be required to complete a Consent Withdrawal Form.
5. Anonymized Information
When conducting product development, research, advertising and marketing, we will only use anonymized, de-identified and aggregated information.
6. Retaining Your Information
If you want us to permanently delete your personal information, including PHI, from our servers, please send an email to email@example.com. We will ensure that your information is deleted in a reasonable time after receiving that request.
So long as your Account remains active, we will preserve your personal information, including PHI.
We will retain any and all personal information that we are required to retain under any applicable laws for the full duration of time required under those laws. We may also retain any anonymized and de-identified information and continue to use this information in accordance with this Policy.
7. Safeguarding Your Information
Dialogue is committed to information security and protects personal information and PHI through integrated, physical, technological and administrative safeguards:
- Secure Storage: Dialogue stores all personal information and PHI in an Amazon Web Services ("AWS”) data center. AWS is ISO 27001 certified and adheres to global privacy and data protection best practices.
- Network Security: Dialogue has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly-accessible systems.
- End-to-End Encryption: Dialogue encrypts all Consultations. Data transmissions and communications on the Platform are end-to-end encrypted.
- Privacy Policies and Training: Dialogue has implemented written privacy policies and procedures that specifically address PHI. Dialogue delivers privacy training to employees on how to safeguard personal information and mitigate operational risks. All Dialogue employees and contractors are legally bound to confidentiality.
8. Breach Response
There is no guarantee against data breaches. However, Dialogue has taken reasonable measures to prevent a breach, as described above. In the event of a data breach, Dialogue will:
- Notify users at the first reasonable opportunity of the breach; and
- Immediately apply remedial measures.
9. Children and Minors
Persons under the age of 14 (“Minor”) are not permitted to register for an Account. However, Minors may use their parent’s or legal guardian’s Account.
Persons 14 years of age and older must register for their own Account.
10. Changes To This Policy
If we decide to make material changes to the Policy, we will notify you and other users by placing a notice on our Website and App. You should periodically check the Website and the App for updates.
11. Contacting Us
To ensure meaningful consent by patients, Dialogue provides information about privacy practices in this Policy, as well as through our Designated Privacy Contact at firstname.lastname@example.org
If we are unable to resolve your issue to your satisfaction, you can file a complaint to the Commission d’accès à l’information or to the Office of the Privacy Commissioner of Canada.