Privacy Statement of TelASK Technologies Inc. and its wholly owned subsidiaries (hereinafter referred to as “TelASK”, “we”, “us”, “our” and other such words).
Our Privacy Commitment for Ontario Health Virtual Visit Solution
TelASK enables health care providers to enhance their service with secure video consultations, and patients to consult health care providers from the privacy and convenience of any location they choose. We comply with privacy laws and we honour the trust of our users by taking every measures to protect personal and personal health information.
What is Personal Information?
Personal information is information about an identifiable individual, either alone or when combined with other information (“Personal Information”). Personal Information includes, for example, personal health information such as biometrics, health history, clinical notes, treatment plan and medical imaging.
COLLECTION OF PERSONAL INFORMATION
Usage Data: TelASK may collect information that your browser sends whenever you visit our website or when you access our Services by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address, browser type, browser version, language and time zone preferences, operating system, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access our Services with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Browsing Data: We use cookies and similar tracking technologies to track the activity on our Services and we hold certain information. Cookies are small text files that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Services. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.
Examples of cookies we use:
- Session Cookies: We use Session Cookies to operate our Services.
- Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
- Security Cookies: We use Security Cookies only for securing your login sessions
- Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.
Third Party Service Providers: We may use third-party service providers to help perform administrative functions such as database management, analytics or for assisting us in understanding how our Services are used. If the use of cookies by any service provider differs materially from the practices already listed, we will revise this policy accordingly and notify existing customers of the change(s).
Other Data: You may send electronic information or physical documentation to us in the following forms: messages or transaction information relating to your interactions with your clients and/or patients in accordance with requirements with applicable privacy law, receipts, personal data in text and picture form; and other subscriber-generated content provided to us in the normal course of your use of the Services, including but not limited to posts, profiles, comments, suggestions, forwarded messages, feedback information, usage information, transaction information and traffic data (as defined below).
USE AND DISCLOSURE OF PERSONAL INFORMATION
TelASK will not use or disclose Personal Information for purposes other than the identified purposes of the Services. We will not rent, exchange or sell Personal Information in any way.
General use: We may use your Personal Information for various purposes, including to:
- provide and maintain our Services;
- notify you about changes to our Services;
- allow you to participate in interactive features of our Services when you choose to do so;
- provide customer service and support, administrative messages, resolve disputes, and troubleshoot problems including helping third-party service providers fulfil their functions;
- gather analysis or valuable information so that we can improve our Services;
- monitor the usage of our Services;
- detect, prevent and address technical and security issues;
- fulfill any other purpose for which you provide it;
- carry out our obligations and enforce our rights arising from any contracts entered into between healthcare providers and us, including for billing and collection;
- provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;
- provide you with news, special offers and general information about other services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
- enforce our Terms of Use or other contractual agreements with you; and
- comply with legal or regulatory requirements;
- comply with other lawful purposes under applicable privacy laws.
We may also use Personal Information for other purpose for which we will obtain your consent or provide you with notice in advance.
Third-party disclosure: We may share your Personal Information with third-party service providers who help us to run our operations or to otherwise fulfill your request or as required by law. Our service providers are restricted from using your Personal Information in any way other than for the service they are providing. We make best efforts to ensure that such third parties maintain reasonable and appropriate safeguards and we utilize our best efforts to ensure they sign confidentiality agreements or have similar confidentiality requirements included in their standard agreement.
Sale of business: In the event that TelASK, or all or a portion of our business, or one or more of its divisions, is acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, liquidation or another similar transaction, your Personal Information shall be one of the transferred assets.
Retaining information: Unless otherwise specified in a Statement of Work (“SOW”) or other contract, we may retain your Personal Information while you have an account with us and thereafter for as long as we need it for purposes not prohibited by applicable laws and subject to the provisions in our Terms. This data may be retained for ten (10) years from its creation (the “Archival Term”). If you require your Personal Information or other content loaded into the Services (the “Client Data”) to be retained for any period following the Archival Term, there must be a new contract explicitly stating such time. Local backups will be retained for a period of six (6) months.
Legally compelled disclosures: Notwithstanding the foregoing, TelASK reserves the right (and you authorize TelASK) to share or disclose your Personal Information when TelASK determines, at its sole discretion, that the disclosure of such information is necessary or appropriate:
- to enforce our rights against you or in connection with a breach by you of this Privacy Policy or the Terms of Use;
- to investigate or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of us, our users, or others;
- to prevent prohibited or illegal activities; or
- when required by any applicable law, rule, regulation, subpoena, or other legal process.
DE-IDENTIFIED OR AGGREGATED DATA
TelASK may collect, use and share de-identified and aggregated data such as the websites and pages our customers visit within our Services, for research and analytical purposes and/or to improve the user experience on our website.
Aggregated data may be derived from your Personal Information but is not considered Personal Information in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Policy.
DATA RETENTION
We will retain any and all Personal Information that we are required to retain under any applicable laws and regulations for the full length of time required under those laws and regulations. We may retain de-identified or anonymized information for as long we deem necessary and in accordance with the terms of this Policy. Businesses may terminate their account by providing written notice through the Services or by email privacy@telask.com. Individuals who wish to have their Personal Information removed from Services may send their request to privacy@telask.com.
SECURITY SAFEGUARDS
We take your privacy very seriously and we are committed to safeguarding Personal Information in our custody and control.
It is your responsibility to keep your Personal Information secure by safeguarding your username and password information in accordance with the Terms of Use. We encourage you to take active measures to protect your account, including by choosing a unique username and password, as well as a strong password on your computer and your mobile device. We take appropriate technical, physical and administrative security measures to protect Personal Information in our custody and control against unauthorized access, use, modification and disclosure, theft, accidental loss, destruction and damage. The measures we take include but are not limited to:
- Separated testing environment with deidentified data used for development provided to developers who are not required to have access to Protected Health Information.
- Providing reasonable physical and electronic safeguards with regard to the storage of Personal Information as set out in our Master License Agreement;
- Limiting access to your Personal Information to those employees or contractors who we reasonably believe need to come into contact with Personal Information to provide products or services to you or in order to do their jobs; and
- Governing employees and other contractors by strict standards and policies to ensure that Personal Information is secure and treated with the utmost care and respect.
- When temporary access is granted, an automatic expiration is pre-set: immediately after the task is completed, or contract’s expiry date, or after 3 months of inactivity.
Our comprehensive Information Security Program is dedicated to protecting your privacy by ensuring the confidentiality, integrity and availability of our health care information. The physical, technical and administrative safeguards implemented by TelASK follow or exceed industry standards and are designed to protect personal health information against theft, loss and unauthorized use or disclosure and to protect records of personal health information against unauthorized copying, modification or disposal.
TelASK has achieved “Service Organization Control 2” compliance, or commonly known as SOC 2, which is a voluntary compliance standard for service organizations based on Trust Services Criteria that covers security, availability, processing integrity, confidentiality and privacy. This SOC 2 compliance achievement clearly demonstrates our commitment to protect the personal information as well as personal health information that we maintain, and to continuously improve our information security position. It is an important part of our overall privacy and security programs and provides both our stakeholders and the public with the assurance that we treat data protection seriously. Our program also includes privacy and security controls and practices in the following components, addressing a comprehensive approach to privacy and security paradigm – people, process and technology:
Control Environment
Communication & Information
Risk Assessment
Monitoring Activities
Control Activities
Logical & Physical Access Controls
System Operations
Change Management
Risk Mitigation
TelASK implemented controls include but not limited to the following:
People:
- On-going cybersecurity awareness and training
- Comprehensive on-boarding, off-boarding and role-change process that include background checks
- Comprehensive suite of policies and procedures to protect the confidentiality, integrity and availability of your information
Process:
- Robust processes have been in place in order to meet and supersede privacy and information security best practices and rigorous SOC 2 compliance requirements
- Strong authentication and authorization with robust password policy requirements in conjunction with Multi-Factor Authentication (MFA)
- Regular user access level reviews
- Documented and practiced Incident Response, Business Continuity and Disaster Recovery Plans
- For TelASK Business Continuity and Disaster Recovery, TelASK leverages Microsoft Azure Data Centres and multi-region and multi-availability zones (AZs) to minimize downtime if any.
Technology:
- Web Application Firewall to prevent and strictly control access to our applications
- Secured data with encrypted data-in-transit and data-at-rest
- Endpoint Detection and Response solution
- Security Information and Event Management (SIEM) solution monitored 24x7x365 by a team of information security professionals from a Security Operations Centre (SOC)
- All production and non-production environments are in renown Microsoft Azure cloud infrastructure with strict physical and logical security controls
- Strong physical security controls with layers of detection and protection (See https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security)
BREACH NOTIFICATION / RESPONSE
In the unlikely event that we believe that the security of your Personal Information in our possession or control may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we may notify you by the email address registered to your account. We will never send email messages to customers requesting confidential information such as passwords, credit card numbers, or social security or social insurance numbers. Do not act on any such emails as you may compromise your Personal Information by replying or by following links to a fraudulent website.
Please note that no data transmission over the internet or otherwise can be guaranteed to be completely secure. As a result, while we strive to protect your Personal Information, we cannot warrant the security of any information you transmit to us, and you do so at your own risk.
If you have a security related concern, please contact us at privacy@TelASK.com. We will work closely with you to ensure a quick and personal response to your concerns.
CONSENT AND PRIVACY SETTINGS
By using the Services, you consent to the collection, use and disclosure of your Personal Information by us in the manner described in this Privacy Policy. You may always opt not to disclose certain Personal Information, which may restrict access to certain features of the Services. For example, your name and email address are necessary to complete the registration process. At any time after registration, you may opt out of most email communication from us by clicking the opt-out link at the bottom of our emails, or by contacting us. However, we may still contact you for administrative and technical purposes. Withdrawing consent will not apply to actions TelASK has already taken based on your prior consent.
ACCURACY OF INFORMATION AND INDIVIDUAL ACCESS
We rely on you to ensure that the Personal Information you enter into the Services is as accurate, complete and up-to-date as necessary for the purposes for which it is intended to be used. You may make changes or corrections to your Personal Information at any time. You may review or update your Personal Information by clicking your settings tab in your business dashboard or in the menu located within your personal profile. When updating your Personal Information, we may ask you to verify your identity before we can act on your request. Unless required by law, we may reject requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or for other legal bases as the case may be.
Changes to Our Privacy Policy
We reserve the right to modify this policy at any time. If we make any material changes to our Policy, we will post a notice on this site prior to the effective date of the change.
Questions about our Privacy and Security Procedures?
If you have any questions or concerns about privacy at TelASK, or the use of this site in general, please email us at privacy@telask.com or send correspondence to the following address:
Canada
Privacy Officer
150 Elgin Street 10th Floor, Suite 1055
Ottawa ON K2P 1L4