Privacy Policy
MedSec Inc. (MedSec Inc./we/us/our) provides Services as described in the Terms of Service through its website located at www.medsec.ca and related technologies, including any updates or new features, functionality, and information (collectively, with the Site, the “Service” or “Services”). This Privacy Policy explains the Personal Information we collect through the Service, how we use, share and otherwise handle Personal Information about individuals (“you”/ “your”), and your choices and rights concerning our practices.
Personal Information as used in this Privacy Policy refers to any information or data about an identifiable individual. Some examples of elements considered to be personal information include name, age, date of birth, gender, credit card information, health/medical information, home address, telephone number, tracking technologies, IP addresses, identification numbers (e.g., Driver’s License), etc. Personal Information is collected for MedSec Inc.’s own business sales and marketing purposes from end users of the Service such as Clients or Employers, including visitors to the Site. An Employer refers to MedSec Inc.’s client that has contracted with MedSec Inc. to provide Services to the Employer’s employees and their dependents (“Users”) in connection with its health plan. We also process the Personal Information of medical professionals and health care professionals (“Health Care Experts”) in order to provide the Service.
This Privacy Policy is incorporated into and forms part of our Terms of Service. Terms used but not defined herein shall have the meanings ascribed to them in our Terms of Service.
Please review this Privacy Policy carefully and contact us at info@medsec.ca if you have any questions before using the Service or submitting Personal Information to us.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Site or use the Service.
Collection of Personal Information
- We collect Personal Information from you when you visit the Site, register for a subscription, use the Service, and interact with or contact MedSec Inc. The types of identifiers or information you may provide alone or in combination with other information constitutes Personal Information:
- Communication information is sent to us when you contact MedSec Inc. directly, including through the Site, with questions or concerns and when you voluntarily respond to surveys or questionnaires. Providing this information is optional to you;
- Requesting information from MedSec Inc. when you use, the “Let’s Show You How It Works, Contact Us Now!” function on the Site including name and email;
- Contact information such as your name, email address, postal address, phone number, fax number, employer, and job title;
- Identification information such as date of birth, Social Insurance Number;
- Account log-in credentials including your username and password;
- The demographic information we may collect includes your age, gender, income level, and other demographic information as a part of the Service;
- Payment information such as credit card numbers and associated identifiers, billing address, and any background information necessary to process purchase of the Service where you pay for our Service;
- Financial information for reimbursements, subject to the terms of your Health Reimbursement Account/ Arrangement (“HRA”) in accordance with the Terms of Service;
- Health information that we collect on behalf of an Employer about you and your dependents that you provide when you use the Service to search for a healthcare provider, obtain reimbursements for medical services, or correspond with the concierge regarding second opinion medical treatment. This may include information and documentation related to the payment for medical services, the content of your communications with the concierge, and the history of your search, including your medical history, including the results of any information requests, questionnaires, surveys, interviews, or other documentation, video, audio or text interactions related to the payment or provision for health services;
- Commercial information where we will retain a history of your reimbursements and other transactions through the Service;
- Social media information where we have pages on social media sites such as LinkedIn, Facebook, and Twitter (“Third Party Sites”). When you interact with our social media pages, we will collect Personal Information that you choose to provide to us, such as your contact details. The companies that host our social media pages may provide us with aggregate information and analytics regarding the use of our social media pages. You may be able to manage your privacy preferences directly with the applicable social network platform.
Your Privacy Rights
We have chosen to focus on and embrace the principles of the European Union (EU) General Data Protection Regulation 2018 (Regulation (EU) 2016/679) (“GDPR”) and are committed to the privacy and protection of Personal Information that including helping to support the United States’ Health Insurance Portability and Accountability Act of 1996 and Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) (collectively referred to as “HIPAA”), and Canada’s Protected Health Information (“PHIPA”) and the Personal Information Protection and Electronic Documents Act (“PIPEDA”). For more information, refer to the GDPR for Data Protection and Privacy Statement in this section.
The scope of the GDPR has been applied to MedSec Inc.’s business operations and the handling of Personal Information where you may have the following rights with regard to the Personal Information we control about you:
- You can access, correct, update, and delete your Personal Information;
- If you are a resident or a visitor from the European Economic Area, please refer to the GDPR for Data Protection and Privacy Statement in the section below;
- You can opt-out of receiving marketing communications from us at any time. Refer to the section, Marketing Communications;
- You can withdraw your consent at any time if we have collected and processed your Personal Information with your consent. The withdrawal of your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal;
- You have the right to complain to a data protection authority regarding our collection and use of your Personal Information. Please contact your local data protection authority for more information.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You may contact us by emailing info@medsec.ca
GDPR for Data Protection and Privacy Statement
The GDPR is a European Union regulation that protects the rights of data subjects in the European Economic Area (EEA), with respect to the processing of their personal data as such term is defined in the GDPR. Similarly, the United Kingdom General Data Protection Regulation / Data Protection Act of 2018 (“UK GDPR”) forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, which protects the rights of data subjects in the United Kingdom (UK), with respect to the processing of their personal data as such term is defined in the GDPR.
MedSec Inc. will process personal data only if and to the extent that at least one of the following applies as a legal basis for processing:
- The processing is necessary for the purposes of the legitimate interests pursued by MedSec Inc.;
- The processing is necessary for the performance of a contract to which you are a party;
- You have given consent to the processing of your personal data for a specific purpose;
- The processing is necessary for MedSec Inc.’s compliance with a legal obligation.
In terms of international data transfers, if you are located within the EEA or the UK when you visit our Site or Services, we may transfer your personal data outside of the EEA or the UK, as applicable. When we do, we will ensure that an adequate level of protection is provided for the information.
Personal information is processed and stored in data centers located in Canada that are permitted under GDPR for countries whose legal systems are deemed by the European Commission to provide an adequate level of protection. An example is Canada’s PIPEDA. By using our Site and Services, and providing Personal Information, you consent to the transfer of data to
Canada and the processing of such data in Canada. A User’s Personal Information will be managed by this Privacy Policy regardless of where a client’s information is stored or accessed.
As per the GDPR (and if you are a resident of the European Union or the UK), you have certain data protection rights under the GDPR or the UK GDPR, respectively. In certain circumstances, you have the following rights:
- Right to be informed. The right to the collection and use of your personal data;
- Right of access. The right to obtain access to your personal data.
- Right to rectification. The right to correct inaccurate or incomplete personal data that MedSec Inc. has concerning you;
- Right to erasure or restrict processing. Also known as the “right to be forgotten,” the right to require MedSec Inc. to delete or remove your personal data under certain circumstances, including the right to block or restrict processing of your personal data;
- Right not to be subject to automated decision-making;
- Right to portability. The right to copy or transfer your personal data under certain circumstances;
- Right to restrict processing. The right to restrict the processing of personal data;
- Right to object to processing. The right to object to the processing of personal data for certain purposes.
In providing the Service, some of the Personal Information we receive from you, the employer for whom you work, third-party administrators of your Employer’s health plan, insurance companies, or health care providers may be subject to laws and regulations, such as rules issued under HIPAA that govern covered entities’ use and disclosure of certain individually identifiable health-related Personal Information (“Protected Health Information”). When MedSec Inc. receives Protected Health Information, it does so as Personal Information (including Protected Health Information) and we ensure we are meeting the GDPR principles that govern our use and disclosure of Personal Information (including Personal Health Information) that may be more restrictive than otherwise provided in this Privacy Policy.
Processing of Personal Information on Behalf of Employers
In order to provide the Service, we collect Personal Information from you when you use the Service, from your Employer, from the third-party administrator of your Employer’s health plan, and as otherwise described above. We process that information on behalf of an Employer in accordance with our Terms of Service and other agreements with the Employer. If you are a User and would no longer like your information to be used by an Employer that has contracted with us to provide the Service to you, or you would like to access, correct, or request deletion of your information, please contact your Employer.
Personal Information of Health Care Experts
In order to identify MedSec Inc.’s Health Care Experts worldwide, we gather and analyze data from publicly available business and professional information about you such as information from public institutions, government, and non-governmental organization websites, public databases such as PubMed, public news sources, and other readily available public resources. In addition, we may acquire lawfully obtained proprietary data from third parties and private sources, including third-party claims data (health insurance claims and treatments selected by certain doctors or healthcare providers). We combine this information with claims data from the Service that has been anonymized to improve our products and services.
We make no guarantee as to any Health Care Expert’s identity, professional credentials, or licensure status. MedSec Inc. has no personal relationship with any Health Care Experts of products or services that are referenced in our Service.
If you are a Health Care Expert and would like to opt-out of our use of third-party claims data relating to you, please contact us at info@medsec.ca
The types of Personal Information we may collect include:
- Contact information such as your name, business email address, postal address, phone number, and fax number;
- Professional details such as information regarding your job position, title, practice, specialties, and education;
- Publications, content, and media of public record such as journals, research papers or articles you have contributed or published or have been featured in, speeches or lectures that you have delivered, and in clinical trials where you are named;
Internet Activity Information
We may receive certain information about your visit or interaction when you visit, use and interact with the Service. Software used on the Site collects internet or other electronic network activity and may include:
- The date and time you visited the Site;
- The pages visited on the Site, including features you use, the actions you take;
- The frequency and duration of your activities;
- The domain from which you access the Site;
- Internet Protocol (IP) address;
- The type of browser and operating system used in the device you use to access the Site;
- Any search terms used to navigate the Site.
Use of Cookies and Similar Tracking Technologies
We use cookies to operate and administer the Service, gather usage data on the Service, and help us serve you better and improve your experience on the Service. Cookies are small data files that are sent, stored, accessed, and maintained on your device’s hard drive. Cookies can be stored on your device for different periods of time. Some cookies are temporary and expire after a certain amount of time, or upon closing the session (session cookies), others stay after your browser is closed until a defined expiration or deletion date is set in the cookie (as determined by the third party placing it), and help recognize your computer when you open your browser and browse the Internet again (persistent cookies). Cookies allow us to measure the use and effectiveness of our content, track user trends, and monitor our Site to improve the quality of the Service.
Most browsers can be set to reject all or some cookies, however, if you choose to refuse, disable, or limit the ability of websites to set cookies, you may be unable to access some parts of the Service and you may not be able to benefit from the full functionality of the Service.
Google Analytics is an element of the Site and by using cookies, Google Analytics collects and stores data to track and examine the use of the application, prepare reports on its activities and share them with other Google services. You can opt-out of Google Analytics by using a browser plugin available at https://support.google.com/ads.
Links to Third-Party Websites
Our Service may contain links to other websites and services not operated or controlled by us, including social media services (“Third Party Sites”). We cannot be responsible for any access and use of such linked sites, including the privacy and protection of any Personal Information that you share or provide to Third Party Sites. Privacy will be governed by the specific privacy policies, terms of service, and information practices of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and user policies.
How We Use Personal Information We Collect and the Legal Basis
We collect and process Personal Information for the following purposes and on the legal basis described in this Privacy Policy or disclosed to you within our products and Service, including:
- Managing Business Purpose: For our legitimate business purposes such as operating and expanding our business activities, conducting investigations, conducting product research, improving or modifying our Site and Service, identifying usage trends, and deterring unauthorized, fraudulent, or illegal activity;
- Evaluating and Improving Our Site: To operate, maintain and improve the Service, including through analytics to help us understand how you use the Site and analyze how you interact with our Service in order to improve the overall user experience is necessary for our legitimate interest in administering our Site;
- Providing Our Site and Service: To perform our contract with you for the use of our Site and Services and to fulfill our obligations under applicable Terms of Service. Where we have not entered into a contract with you, we base our legitimate interests to provide the Service, including providing Health Care Expert recommendations and reimbursement of eligible expenses, as well as any related customer support, and to provide you with information that you request from us through inquiries, comments, feedback, or questions;
- Promoting Security: By monitoring the use of our Site and Service, investigating suspicious activity, verifying accounts and activity, and enforcing our terms and policies, all to the extent that is necessary for our legitimate interest in protecting against, identifying, and preventing fraud, unlawful activity, or misuse of our Service, and other liabilities;
- Establishing Anonymous Statistics: We may anonymize your Personal Information for the purpose of establishing internal reports related to product or service research and Service improvements, including the development of new tools and features (“Reports”). All information disclosed in the Reports only includes anonymized data that does not identify you, and we may, in turn, share these Reports with third parties;
- Managing User Registrations: If you have a registered account with us, to maintain your account and authenticate Users, including offering functionalities such as the ability to save User preferences and account or user history for the purpose of performing our contract with you according to applicable Terms of Service. Where we do not have a contract directly with you, we base the processing of your Personal Information on our legitimate interests;
- Sending Administrative Communication: For the purposes, a) to send you information related to the Site or Service (e.g., invoices, technical notices, administrative messages, confirmations, expiration and renewal notices, etc.), b) to perform the obligations of our contract with you, or c) to notify you about changes regarding the Site or Service and changes to our terms, conditions, and policies or, if we have not contracted directly with you, in reliance with our legitimate interests;
- Sending Marketing or Advertising Communication: To provide you with information about other products and services we offer that are similar to those that you have already subscribed to or inquired about and we feel may interest you. These communications are ones that you have consented to receive, and it is necessary for our legitimate interest in conducting direct marketing, and advertising of our Site and Service;
- Complying with Legal Obligations: To cooperate with public authorities, including courts or regulators, and comply with applicable legal obligations and legal processes, and our own policies to protect our legal rights, or as is necessary for our legitimate interest in protecting against misuse of our Site, protecting privacy, safety, or property, pursuing remedies available to us, limiting our damages and complying with valid legal proceedings.
Marketing Communications
We may use your Personal Information to contact you to inform you about the Service, including products or services we believe may be of interest to you. You may opt-out of receiving marketing communications by following the instructions contained in the communication we send you (e.g. in an email). If at any time you do not wish to receive future marketing communications, you may contact us at info@medsec.ca you unsubscribe from our marketing lists, you will no longer receive marketing communications from us but we will continue to contact you regarding the management of your account, service messages such as security and legal notices, and to respond to your requests. We will not use your Personal Information for marketing purposes unless you provide express consent to do so.
Disclosure of Personal Information
We may share the following categories of Personal Information (described above) without further notice to you unless required by the law:
Service Providers: We use service providers to support our business or collaborate with in meeting business operations needs and to perform certain services and functions. Service providers will access, process, or store Personal Information and are bound by contractual obligations to keep Personal Information confidential, perform their duties to us in accordance with our instructions, and be consistent with applicable law. Such services may include cloud services, other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management services, and web analytics services;
Commercial Clients: We provide our commercial clients (including hospitals, and life sciences companies) with search tools to select the information that they are interested in such as finding experts on disease and/ or treatment. We may provide our commercial clients with limited client information in connection with our Service development and performance reporting for their marketing delivered through the Service. We may share limited information and prior to sharing this information, we require the recipients to agree to limit their use to the authorized purpose. We do not share your Personal Information with our commercial clients without your consent;
- Employers: We may share a User’s Personal Information (including Health Information) in accordance with applicable law, with the User’s Employer in order to verify that medical expenses submitted through the Service are eligible for reimbursement. Employers’ handling of this Personal Information is subject to each Employer’s respective privacy policy and practices;
- Health Care Experts: We may share a User’s Personal Information (including Health Information) in accordance with applicable law, with the Health Care Expert seen by that User in order to settle and reimburse claims submitted through the Service. A Health Care Expert’s handling of this Personal Information is subject to that Health Care Expert’s privacy policy and practices;
- Primary Policyholders: For a User that is not the primary policyholder, we may have to share that User’s Personal Information (including Health Information) in accordance with applicable law, with the primary policyholder for billing purposes;
- Transfer of Business: In the event that we are involved in a merger, divesture, acquisition, restructuring, consolidation, reorganization, bankruptcy, dissolution or similar event, or a corporate sale or other disposition of all or a portion of the business or our assets, in which your Personal Information and other information may be shared in the diligence process with counterparties and others assisting with the event and may be part of the assets transferred;
- Legal Obligations: MedSec Inc. may be required to disclose Personal Information about you to law enforcement, government, or private entities acting pursuant to a court order, law, or legal process or in the good faith belief that such action is necessary or appropriate to a) comply with applicable laws, lawful requests and legal process as a legal obligation, including to meet national security or law enforcement requirements, and arbitration, b) to comply with any government or regulatory request where required c) to enforce the terms and conditions that govern the Site and/or Service, d) protect our rights, property, privacy or safety, e) protect, investigate and deter against fraudulent, harmful or illegal activity, or f) act in urgent circumstances to protect the personal safety of users of the Service, our employees, or the public.
Data Retention
We keep Personal Information we collect from you for at least the period necessary to fulfill the purposes described in this Privacy Policy, and for our legitimate business purposes, or as required by law (e.g. for medical record retention, legal, accounting, etc.), whichever is longer. These documents are retained and destroyed in accordance with MedSec Inc.’s document retention policies. If we delete some or all of your Personal Information, we may continue to keep and use anonymous data previously collected and/or anonymized your Personal Information.
Security
You use the Service at your own risk. We are serious about your security and take appropriate and reasonable measures to protect and secure Personal Information from loss, misuse, unauthorized access, disclosure, alteration, unauthorized, accidental, or unlawful destruction, including considering the risk involved in the processing and the nature of the Personal Information. We employ safeguards designed to protect and store your Personal Information in a secure operating environment that is not available to the public, however, we cannot guarantee the security of Personal Information during its transmission or its storage on our system. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. You should take steps to protect against unauthorized access, such as to your password and device, signing off after using a shared device, choosing a complex password that nobody else knows or can easily guess, and keeping your log-in credentials private.
Further, while we attempt to ensure the security and integrity of Personal Information, we cannot guarantee that our security measures will prevent malicious third parties from illegally obtaining access to Personal Information. We do not warrant or represent that Personal Information about you will be protected against, loss, misuse, or alteration by third parties. We are not responsible for any lost, stolen, or compromised passwords or for any unauthorized account activity.
Children
Our Site and Service are not intended or directed to children who are under the age of 18. MedSec Inc. does not knowingly collect Personal Information from children under the age of 18 without the consent of a parent or legal guardian. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Service, or without the consent of a parent or legal guardian, please contact us at info@medsec.ca and we will take the necessary steps to delete the Personal Information collected.
Service Location
The Service is based and hosted in Canada. By using our Service, you understand and acknowledge that your Personal Information will be transferred from your location to our servers in Canada. We take steps to ensure your Personal Information is processed in accordance with this Privacy Policy.
Further, Personal information is processed and stored in data centers located in Canada which are permitted under the GDPR for countries whose legal systems are deemed by the European Commission to provide an adequate level of protection which is through PIPEDA.
Choices Regarding Personal Information
Providing us with Personal Information is your choice in certain circumstances. If you choose not to provide Personal Information that is needed to use some features of our Service, you may be unable to use those features or the Service.
Profile Information and Your Account: If you have a registered MedSec Inc. account, you may log in to your account to update or correct your Personal Information or contact us by email at info@medsec.ca if you prefer to submit and update or correct to us directly.
Deletion of Your Account: You may request that we delete your account by sending an email to info@medsec.ca Note: We will need to verify that you have the authority to delete the account and certain activity and records generated prior to deletion, including transactions through the Service. Information will remain stored by us and may be shared with third parties as detailed in this Privacy Policy. Any information that has been anonymized, including Claims Data, cannot be re-associated with you, therefore we will not be able to delete this type of information.
If you are a Health Care Expert and would like to opt-out of our use of third-party claims data (as described in the Personal Information of Health Care Experts section above) relating to you, please contact us at info@medsec.ca
Changes to This Privacy Policy
The Service and our business may change from time to time. We reserve the right to change this Privacy Policy at any time and at our sole discretion. When we make a change, we will update the “Date of Last Revision” located at the end of this Privacy Policy, and post the updated Privacy Policy on this page, unless another type of notice is required by the applicable law.
Any changes to this Privacy Policy will be effective upon posting or as otherwise indicated at the time of posting. In all cases, by continuing to use our Service after posting, or providing us with Personal Information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy, the changes, and the practices described in the Privacy Policy. Please check the Site periodically to review such changes in the Privacy Policy. If you object to any changes, you may close your account by contacting info@medsec.ca
Contact Us
If you have any questions or concerns with any of the terms within the Privacy Policy or MedSec Inc.’s privacy practices, you may contact us by emailing info@medsec.ca
Department
Quick Links
Copyright © 2022. MedSec Inc. All Rights Reserved | Privacy Policy | Terms of Service