Date: June 11, 2020
The Information that we collect and what it is used for
Sources of personal information
In most instances, we collect information directly from you, such as when you use the Service and you enter information through the App. We may also collect information about you that is provided to us from third parties, such as if you are designated as an emergency contact by a user of the Service.
When you create an account, we collect information to associate you with your account, to identify you when you contact us, to allow us to contact you or to provide you notices about your account or the Service, and for billing purposes. The information that we collect for these purposes may include your name, email address, date of birth, mailing address and phone number, as well as the login information that you create to access your Nexus Health account, such as your password.
Some of your account information may also be included as part of the personal and health information records that are available for third-parties to view as is intended by your use of the Service (the “Service Record”). In some cases, you may be able to opt out of including this information in your Service Record.
Personal Information including Health Information collected for the Service
The Service is intended to allow you to provide quick and easy access to your personal information, including health or medical information, that is part of your personal Service Record to third-parties (such as emergency responders or health care providers). The Service Record is stored in Nexus Health’s database for access through a website on the Internet (the “Service Website”) that is available by scanning a QR code that is printed on your NexID wristband.
The App allows you to input your own health information to populate your Service Record, including information about allergies, conditions and medications. You may limit who has knowledge of your individual Service Website by restricting who has access to scan your QR code.
The Service Website is set up in a way that it is not indexed by search engines and it would be nearly impossible to guess by brute-force methods. However, as Service Websites are accessible without a password, to protect your privacy you should not widely distribute your QR code or the link to your Service Website and you should not input any information that you wish to remain private to strangers if an emergency situation arises. Please note that any information that you choose not to include in your Service Record will not be available for third-parties to view and may therefore limit the usefulness of the Service to you in some situations.
You may, at your option, also include the information of one or more emergency contact persons. The field to enter the contact’s relationship with you is optional; entering it may allow health care responders to determine whether the contact might have the authority to make health care decisions on your behalf should you become incapacitated.
We require that you advise those whom you have designated as emergency contacts of that fact and to obtain explicit consent to allow their information to be published on the Service Website. This is requirement is to ensure each of your emergency contacts is aware of the privacy implications of how their information is used for the Service, to avoid any surprises, and to ensure that they would be able and willing to assist you in an emergency situation.
Personal information of Emergency Contact
If you are designated as an emergency contact by a user of the Nexus Health Service, we collect personal information from the user about you, including name, phone number, email address. The information is displayed through a website (the user’s Service Website) when the QR code printed on the user’s NexID wristband is scanned and is intended to allow third parties (such as health care providers) to contact you in case the user experiences an emergency. We may also collect, at the user’s option, the user’s relationship with you in order to allow health care responders to determine whether you might have the authority to consent to treatment or make care decisions on behalf of the user in situations where the user may be incapable of doing so.
If you do not wish to have your information displayed on the user’s Service Website, including if you wish for us to delete your information completely from our databases, please contact us using our contact information set out below. Please note that if you ask us to delete your contact information, third parties may not be able to contact you if the person who designated you as an emergency contact experiences an emergency.
We operate our website using Shopify. When you buy something through our website, we collect your personal information through Shopify such as your name, address, email address, and phone number, to allow us to process and deliver your order.
We use third-party service payment processors to allow you to buy any of our products or to pay for the Service online. You may be asked by these third-party providers to supply certain payment information including, your credit card number, the expiration date of your credit card, and your billing address. Currently we use Shopify Payments as our payment processor, and you may view its terms of service, including how it handles privacy, here: https://www.shopify.ca/legal/terms-payments-us
When you visit either our Shopify website or a website that displays a Service Record, our Web servers, like all Web servers across the Internet, log certain information about your visit including your IP address, your browser, and the time of your visit. We may use this information on an anonymous basis for the purposes of analyzing web traffic, ensuring the security of our systems and fraud detection. In addition, our websites may place a small file in your browser, also called a “cookie” in order to optimize your experience. Websites and content on the internet owned or operated by third-parties have different privacy policies from our own and may treat your information in a different manner than we do. You may encounter third-party content or websites on our website in the following instances:
Anonymous Information for Improving our services
We collect de-identified or anonymized information from the App, the Service, the Nexus Health Shopify Website, and Service Websites to develop new or improve existing services.
Accessing and managing your Information
Your account profile information can be accessed and changed by logging into the App. You can also view, change, or delete your medical and health information that is in your Service Record (and appears on your Service Website) through the App. Your updates are applied automatically and any changes are usually reflected in the Service Record within a few minutes, although sometimes there may be a delay due to, for example, maintenance to our systems.
If you find any of your personal information on your Service Record or Service Website that you are unable to correct or update, please contact us using the contact information provided below (“Contact Information”).
At this time, the information that we collect from you as a customer of our online store is not linked to your account through the App. Please contact us if you would like to view or delete the information that we have collected from you when you purchased a NexID wristband.
Sharing and transfers of personal information
Your personal information may be shared by us with third-parties in accordance with the intended use of the Service, For example, those attempting to assist you in an emergency may view (by scanning the QR code on your NexID wristband) may view any health information that you previously entered into the App and set as publicly visible.
We do not sell your personal information to third-parties. However, we may need to share your personal information if required by law, such as under a warrant or subpoena. Further, we may use service providers located in countries outside of Canada, and as a result your personal information may be transferred to those countries. The privacy laws of those countries may be different from those applicable in Canada.
Storage and retention
To allow you to have access to your information through your personal Service Website on a long-term basis, we allow you keep your personal information in our database indefinitely until you choose to have it removed from our systems. However, users only have the ability to access their information (including to modify or delete the information) through the App during a paid subscription period. If you do not have a paid subscription, please contact us through our contact information listed below to modify, update or remove your personal information in our systems.
Security of your information is important to us. However, while we endeavour to protect your personal information, no means of Internet transmission or electronic storage is completely secure, and we cannot guarantee its absolute security.
If you are contacting us with regard to your personal profile, please note that, for security reasons, we will ask you for certain information to verify your identity before giving you access. The information that you provide to us during the verification process is not retained (other than what already exists in your personal profile).