Date: October 13, 2021
Changes from the last version: • Changed term “QR code” to “NexID QR code” for clarity • To reflect the addition of the medication reminder and COVID-19 vaccine information features • To reflect the addition of the Digital ID profile option • Reorganization and other changes make the policy easier to understand
The Information that we collect and what it is used for
Sources of personal information
In most instances, we collect information directly from you, such as when you use the Service and you enter information through the App. We may also collect information about you that is provided to us from third parties, such as if you are designated as an emergency contact by a user of the Service.
When you create an account, we collect information to associate you with your account, to identify you when you contact us, to allow us to contact you or to provide you notices about your account or the Service, and for billing purposes. The information that we collect for these purposes may include your name, email address, profile picture, date of birth, mailing address and phone number, as well as the login information that you create to access your Nexus Health account, such as your password. Further, your account will be linked to either the NexID QR code (that is printed on your NexID wristband) or, if you do not have NexID QR code, a Digital ID that can later be replaced by the NexID QR code.
Some of your account information may also be included as part of the personal and health information records that are available for third-parties to view as is intended by your use of the Service (the “Service Record”). In some cases, you may be able to opt out of including this information in your Service Record.
Personal Information including Health Information collected for the Service
The Service is intended 1) to allow you to provide quick and easy access to your personal information, including health or medical information, that is part of your personal Service Record to third-parties (such as emergency responders or health care providers), and; 2) if you have an active subscription to the App, to make use of the App’s various features. The Service Record is stored in Nexus Health’s database for access through a website on the Internet (the “Service Website”) that is available by scanning a NexID QR code that is printed on your NexID wristband. You may limit who has knowledge of your individual Service Website by restricting who has access to scan your NexID QR code. During a paid or otherwise active subscription period for the App, you can access and input your own health information to populate your Service Record, including information about allergies, conditions and medications (including your schedule for taking medications). Information can also be modified or deleted through the App. If you do not have or no longer have a paid or active subscription, please contact us through our contact information listed below to modify, update or remove your personal information in our systems.
The Service Website is set up in a way that it is not indexed by search engines and it would be nearly impossible to guess by brute-force methods. However, as Service Websites are accessible without a password, to protect your privacy you should not widely distribute your NexID QR code or the link to your Service Website and you should not input any information that you wish to remain private to strangers if an emergency situation arises. Please note that any information that you choose not to include in your Service Record will not be available for third-parties to view and may therefore limit the usefulness of the Service to you in some situations.
Emergency Contact Information
You may, at your option, also include the information of one or more emergency contact persons. The field to enter the contact’s relationship with you is optional; entering it may allow health care responders to determine whether the contact might have the authority to make health care decisions on your behalf should you become incapacitated.
We require that you advise those whom you have designated as emergency contacts of that fact and to obtain explicit consent to allow their information to be published on the Service Website. This is requirement is to ensure each of your emergency contacts is aware of the privacy implications of how their information is used for the Service, to avoid any surprises, and to ensure that they would be able and willing to assist you in an emergency situation. An email is automatically sent to any emergency contact that you add to your profile to advise them that you have designated them as an emergency contact and to confirm that you have obtained their consent.
COVID-19 Vaccine Information
The App also allows you to enter information about any COVID-19 vaccines that you have received, as well as upload documents that can serve as proof of vaccination. You can show this proof to others by opening the App, and navigating to Update Health Info > COVID-19 Vaccine > View button next to “View your COVID-19 Proof of Vaccine page”. The vaccine information and proof thereof will also be shown on your Service Website; however, since your other health information and emergency contact information are also shown on the Service Website, you may still choose to restrict the scanning of your NexID QR code to if an emergency situation arises.
If you use the App to enter information about any of your medications, you will be given an option to set a periodic reminder to take such medication. A notification will be pushed to your device at the time you have set for the reminder. However, at this time, no information regarding your response to the notification (i.e. whether you have taken the medication, not taken the medication, or dismissed the notification) is collected or stored by the App or the Service.
Personal information of Emergency Contact
If you are designated as an emergency contact by a user of the Nexus Health Service, we collect personal information from the user about you, including name, phone number, email address. The information is displayed through a website (the user’s Service Website) when the NexID QR code printed on the user’s NexID wristband is scanned and is intended to allow third parties (such as health care providers) to contact you in case the user experiences an emergency. We may also collect, at the user’s option, the user’s relationship with you in order to allow health care responders to determine whether you might have the authority to consent to treatment or make care decisions on behalf of the user in situations where the user may be incapable of doing so.
If you do not wish to have your information displayed on the user’s Service Website, including if you wish for us to delete your information completely from our databases, please contact us using our contact information set out below. Please note that if you ask us to delete your contact information, third parties may not be able to contact you if the person who designated you as an emergency contact experiences an emergency.
We operate our website using Shopify. When you buy something through our website, we collect your personal information through Shopify such as your name, address, email address, and phone number, to allow us to process and deliver your order.
We use third-party service payment processors to allow you to buy any of our products or to pay for the Service online. You may be asked by these third-party providers to supply certain payment information including, your credit card number, the expiration date of your credit card, and your billing address. Currently we use Shopify Payments as our payment processor, and you may view its terms of service, including how it handles privacy, here: https://www.shopify.ca/legal/terms-payments-us
When you visit either our Shopify website or a website that displays a Service Record, our Web servers, like all Web servers across the Internet, log certain information about your visit including your IP address, your browser, and the time of your visit. We may use this information on an anonymous basis for the purposes of analyzing web traffic, ensuring the security of our systems and fraud detection. In addition, our websites may place a small file in your browser, also called a “cookie” in order to optimize your experience.Websites and content on the internet owned or operated by third-parties have different privacy policies from our own and may treat your information in a different manner than we do. You may encounter third-party content or websites on our website in the following instances: • Our websites may contain embedded content from third-parties - embedded content may track you as though you visited their native sites. • You may also find links to third-party websites from our website, and you may be tracked by these websites if you click on or follow these links.
Anonymous Information for Improving our services
We collect de-identified or anonymized information from the App, the Service, the Nexus Health Shopify Website, and Service Websites to develop new or improve existing services.
Accessing and managing your Information
Your account profile information can be accessed and changed by logging into the App. You can also view, change, or delete your medical and health information that is in your Service Record (and appears on your Service Website) through the App. Your updates are applied automatically and any changes are usually reflected in the Service Record within a few minutes, although sometimes there may be a delay due to, for example, maintenance to our systems.
If you find any of your personal information on your Service Record or Service Website that you are unable to correct or update, please contact us using the contact information provided below (“Contact Information”).
At this time, the information that we collect from you as a customer of our online store is not linked to your account through the App. Please contact us if you would like to view or delete the information that we have collected from you when you purchased a NexID wristband.
Sharing and transfers of personal information
Your personal information may be shared by us with third-parties in accordance with the intended use of the Service. For example, those attempting to assist you in an emergency may view (by scanning the NexID QR code on your NexID wristband) may view any health information that you previously entered into the App and set as publicly visible.
We do not sell your personal information to third-parties. However, we may need to share your personal information if required by law, such as under a warrant or subpoena. Further, we may use service providers located in countries outside of Canada, and as a result your personal information may be transferred to those countries. The privacy laws of those countries may be different from those applicable in Canada.
Storage and retention
To allow you to have access to your information through your personal Service Website on a long-term basis, we allow you keep your personal information in our database indefinitely until you choose to have it removed from our systems. However, if you do not have a paid subscription, we may occasionally (no more than once per year) send you an email to remind you that we hold your personal information and providing you the opportunity to take some action, such as by clicking on a link, if you do not want us to store your personal information. If you take this action we will permanently delete your information from our databases.
Security of your information is important to us. However, while we endeavour to protect your personal information, no means of Internet transmission or electronic storage is completely secure, and we cannot guarantee its absolute security.
If you are contacting us with regard to your personal profile, please note that, for security reasons, we will ask you for certain information to verify your identity before giving you access. The information that you provide to us during the verification process is not retained (other than what already exists in your personal profile).