At CardiAI™ , we are committed to providing our clients with exceptional service. As providing this service involves the collection, usage and disclosure of some personal information about our client’s protecting their personal information is one of our highest priorities.
While we have always respected our clients privacy and safeguarded their personal information, we have strengthened our commitment to protecting personal information as a result of Alberta’s Personal Information Protection Act (PIPA). PIPA, which came into effect on January 1, 2004, sets out the ground rules for Organizations in Alberta may collect, use and disclose the personal information.
We will inform our clients of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy (the “Policy “), in compliance with PIPA, outlines the principles and practices we will follow in protecting clients’ personal information. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’ personal information and allowing our clients to request access to, and correction of, their personal information.
The Policy describes the type of information we may collect from you or that you may provide when you access and use the cardiai.com website (the “Website“) and all related mobile apps, e-commerce shops, social media apps, desktop apps, and software as a service apps (collectively, the “Platform“), as well as our practices for collecting, using, maintaining, protecting and disclosing that information.
This Policy applies to information we collect:
- through the Website or any other part of the Platform; and
- in e-mail, text and other electronic messages between you and us.
It does not apply to information collected by:
- the Company offline or through any other means, including on any other website operated by the Company (including our affiliates and subsidiaries) or any third party; or
- any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Platform.
This Policy applies to the CardiAI Inc. Software, Service and CardiAI Inc. Website. This Policy regulates the processing of information relating to you.
The type of information we collect and share include:
- User demographics i.e. last name, first name, address, Date of Birth, Phone Number, Email
- Associations with your healthcare providers and medical and healthcare related organizations
- Health records created either by you or by one of your providers
- Communications between you and your providers which may include private or healthcare-related information provided by either party
CardiAI Inc. does not and will not sell this information to anyone without your explicit permission.
To facilitate your use of the Service, CardiAI™ may automatically collect certain types of information when you access or use the Service. This includes, but is not limited to, Your Internet Protocol (IP) address, location, browser, access times, and referring website addresses. This information is used to analyze the use of resources, preventing fraud, troubleshooting, and also for improving our services.
In order to collect this data, CardiAI Inc. may utilize automated tools and files such as “cookies.” These automated tools and files may reside on our servers or on your computer or device. If you restrict our ability to use automated tools and files, your ability to access and use all or part of the Service may be limited or disabled completely.
CardiAI™ draws upon the expertise of a variety of health care users. Lead by Cardiologist, Dr. Anmol S. Kapoor, CardiAI™ consists of experienced health care users, health system experts and knowledgeable technology specialists in the health industry. CardiAI™ prioritizes patient-centered care by understanding and emphasizing patient needs to their health care and information providers. CardiAI™ is dedicated to innovation and use of technology to improve and enable precision-based care.
Use of Information
CardiAI Inc. uses your personally identifiable information primarily to provide you with the Service and to provide customized content on the Service that is of interest to you. For example,The information provided by you will be used in the following ways:
- To provide you with access to your personal health data
- To provide you with the management of your personal information
- To facilitate communications with your health care providers
- In secure messaging with your health care providers
Information provided by you is also used to verify your authority to access the Service and to contact you when reasonably necessary. CardiAI Inc. may also use any information you have provided as reasonably necessary to administer or provide customer support for the Service. You may opt-out of receiving some or all non-Service-related communications by updating your profile on the Service. Also, your full name and email address may be used when you use the Website to send a message to another user. Additionally, we use your email address to contact you on behalf of other users on the site (such as when another user sends you a message).
Controlling Your Personal Information
CardiAI Inc. may make available to users chat rooms, forums, message boards, and other interactive features. You should be aware that when you voluntarily disclose personally identifiable information (e.g. user name, e-mail address) via forums, postings, profiles or other public areas of the Website, that information, along with any substantive information disclosed in your communication, can be collected, correlated and used by third parties and may result in unsolicited messages from other posters or third parties. Such activities are beyond the control of CardiAI Inc. Please do not post any personal information on the public areas of the Service that you expect to keep private.
We never sell your personal and medical information to anyone under any circumstances. We only share your personal information with our agents, representatives, trusted service providers and contractors that are offering certain products or services in connection with the usage of the service. We may need to disclose user information in certain exceptional circumstances, such as to protect our legal rights, to address actual or threatened illegal or harmful conduct, or as required by law or legal process (e.g., a search warrant, subpoena or court order), in which case your health information custodian will be asked for consent if legally required. We may also discolose your information to third parties in circumstances where you have given express permission; for instance, if you send an email to a third party using the Service. We may also share aggregated demographic and statistical information with our partners. This is not linked to any personal information that can identify any individual person.
CardiAI Inc. will only disclose personal information without the individual’s consent as set out in PIPA including but not limited to:
- The disclosure is authorized or required by statute or regulation of Alberta or Canada, a bylaw of a local government or by the legislative instrument of a professional regulatory organization.
- The disclosure is necessary to comply with an audit or inspection authorized by a statute or regulation of Alberta or Canada
- To comply with a subpoena, warrant, or order issued by a court or person or body having jurisdiction to compel the production of information or with a rule of court relating to the production of information
- The disclosure is to a public body (under the Freedom of Information and Protection of Privacy Act) or to help in an investigation or a law enforcement proceeding;
- To collect a debt owed to the organization
- It is reasonable for purposes of an investigation or a legal proceeding;
- It is to protect against, or for the prevention, detection or suppression of fraud, as set out in PIPA.
We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect CardiAI Inc. accounts and systems from unauthorized access. Communications are encrypted using the Secure Socket Layer (SSL) system.
Our databases are protected from general employee access both physically and logically. Passwords are stored securely in a database. All backup drives and tapes are encrypted.
Access to Your Data
In accordance with PIPA, CardiAI Inc. may disclose business contact information and records to carry out its administrative functions.
Subject to PIPA, CardiAI Inc. will not provide public access/disclosure to personal information including personal information that:
- violates an individual’s right to privacy, unless that individual consents to the release of the personal information, or unless required by law
- violates a legally recognized privilege
- impairs the ability of CardiAI Inc. to ensure a fair, safe and informed marketplace
- deals with a complaint, investigation/inspection
CardiAI Inc. will ensure that personal information used or disclosed by it will be sufficiently accurate, complete and up to date.
CardiAI Inc. will update personal information about clients and employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
CardiAI Inc. will keep personal information accurate and up to date.
CardiAI Inc. will record changes to personal information received from clients and employees within ten working days.
When an individual disagrees with the accuracy of their personal information received from a formal request, the individual is entitled to request a correction. The request for correction must be in writing and addressed to the Privacy Officer. If the correction is refused, the individual may require CardiAI Inc. to attach a Statement of Disagreement to the file.
Modifying Your Data
Besides access, the access we believe that users should have the ability to modify information in their account. Using the CardiAI Inc., you may update or delete health information that you have provided to us. Note that if you provide information to third parties using the CardiAI Inc., CardiAI Inc. cannot control the activities of those parties. For instance, if you share your health information with your physician using the CardiAI Inc., CardiAI Inc. can give you the ability to modify or delete information in your account on the CardiAI Inc. but can not control how that data is maintained by your physician.
If you feel that there is incorrect information in your CardiAI Inc. account, you will need to contact your physician or other health information custodian to make the specified changes.
You may also close your account at any time. You may do this by contacting us using the contact information specified below and requesting that your account need to be closed. Once you close your account, you will no longer be able to access the Service.
Request an Audit
We take disclosure of your health information seriously and have implemented the measures to create an audit of certain situation in which your health information is accessed through our system. Note that this accounting does not include disclosures that you have initiated. If you would like an audit of access and disclosure of your information, you may request one by writing to our Privacy Officer.
Disposal of your Health Records
CardiAI Inc. only retains your personal health information for as long as it is required by the laws in effect in the jurisdiction where your healthcare provider is administering care.
Should it be necessary for legal purposes to dispose of your personal health information, the healthcare provider can contact us (as below) to request secure and complete disposal of your health information.
Do not share your Cardi AI Inc. password with anyone. Other than when you log on to the Website, we will never ask you for your password. Your personal information is protected by the password you provide when you create your CardiAI Inc. account. Please keep this password confidential. The confidentiality of your password is yours to protect. You may change your password at any time by clicking on the “Change Password” in your profile page.
Privacy Concerns or Complaints
An individual who believes that CardiAI Inc. has not complied with this policy has the right to make a written complaint about the matter to CardiAI Inc. CardiAI Inc. will use an internal complaint handling procedure to investigate and attempt to resolve the matter.
An individual has the right to make a complaint to the Information and Privacy Commissioner or to ask the Commissioner to review a decision CardiAI Inc. has made. However, individuals are encouraged to use CardiAI Inc.’s internal complaint handling procedure first.
CardiAI Inc. will provide the complainant with appropriate assistance to ensure that the complainant has equitable access to the complaint handling procedure.
CardiAI Inc. may decide not to investigate a complaint if:
- The complaint relates to an act or practice that is not a possible breach of the privacy of an individual.
- The complaint relates to an act or practice that is no longer reasonably able to be investigated because of the length of time since it occurred.
- The act or practice relates to an event which that occurred prior to the organization being subject to this policy.
- The complaint is trivial, frivolous or vexatious or the complaint relates to an act or practice that is the subject of court proceedings that have commenced or are intended to be commenced.
Servicae Provider outside of Canada
For the purposes of electronic communication with clients and employees, CardiAI Inc. will notify individuals if personal information is stored in the United States.
For all other questions or concerns about our privacy practices, please feel free to contact us at:
Attention: Privacy Officer
201, 3151 27th St. NE, Calgary, AB T1Y 7J8