Privacy and Personal Information Protection Policy
Last Revised: 28 November 2021
*Please read the following policy attentively. The present Policy is an integral part of the website’s Terms and Conditions of Use.
IF THIS IS AN EMERGENCY, DO NOT USE THIS SERVICE – SEEK IMMEDIATE MEDICAL ASSISTANCE BY DIALING 9-1-1
You must consent to this Policy prior to using DermaGO services, by reading this Policy and checking the box to indicate Your acknowledgment and agreement, then click on “Login” or “Sign Up”. If you have any questions about this Policy please contact us by email: [email protected]
What is Personal Information?
Personal information and personally identifiable information (“Personal Information”) include information relating to You (the individual who created an account at DermaGO’s website or uses the DermaGO website account on behalf of another individual) which would allow Us to identify You and/or locate or contact You whether the information is used alone or in combination with other information. Personal Information may include but is not be limited to:
First and last name
Home or other physical address
Email address and/or telephone number or another online identifier requiring a username/password
Provincial health insurance number
Financial or payment card details
Date of birth
Health information (including but not limited to medical history, clinical notes, assessments, mental or physical condition, treatments)
Photographs of any part of You (this does not have to include Your face)
We may receive information about You from third-party services and organizations (such as a pharmacy)
Access and Use of Personal Information
DermaGO accesses Personal Information You provide via its website and will make all or a portion of this Personal Information available to its authorized dermatologists, nurses, staff and third-party licensor (ORO Health Inc). Your first and last name, home or other physical address, email address and financial or payment card details will be shared with Our third-party online payment platform, Stripe Inc.; the latter shall not have access to any other portion of Your Personal Information. Technical Data, described below, may be shared with DermaGO’s hosting provider or other information technology service provider. In addition, Your Personal Information may be shared for emergency purposes with a public authority or within a law enforcement request or for the immediate health and safety of Yourself of someone else.
DermaGO limits the access and use of Personal Information to what is necessary for the purposes outlined below:
To provide You with an account to use the DermaGO services;
To confirm Your identity, including for billing purposes;
To contact You and personalize the dermatology services You request;
To conduct market research to better meet Your needs and the needs of Our clients;
To monitor the activity on Our Site in an effort to detect and prevent fraud;
To improve the DermaGO website and services offered;
To comply with legal and regulatory requirements;
To use, copy, keep, adapt or make derivative works, transmit or display, any picture or video footage provided by You in the context of the services, in such a way where You cannot be identified;
To improve machine learning and artificial intelligence software used by Us in diagnosing dermatological conditions. You may opt out of having Your photographs used for such purposes by contacting [email protected] or by indicating You wish to opt out via the Terms and Conditions;
To send You electronic newsletters or marketing e-mails as per Your indication when creating Your account. You may opt out of receiving such correspondence at any time by using the hyperlink included in those newsletter and marketing e-mails;
If the collection of Personal Information is clearly in Your best interest and Your consent cannot be obtained in a timely manner - the same shall be collected and used; and
To comply with all provincial and/or federal laws and regulations as enforced against DermaGO.
Other Personal Information such as Your computer’s I.P. address, standard data from internet log files, the name and language of Your browser, the address and frequency of pages You have visited, including sites using different types of cookies and conversion tags or other similar metadata (“Technical Data”) may be used and transferred to DermaGO’s licensors, subcontractors and hosting partners (such partners are located in Canada and must respect privacy and data protection legislation related to Personal Information collected and used in Canada). DermaGO has also undertaken reasonable steps to ensure such Technical Data shared with such persons are subject to appropriate confidentiality agreements with DermaGO to prevent the unnecessary processing, storage, sale or sharing of Technical Data.
Security of Personal Information
DermaGO applies physical, organizational, and technological security measures to protect Your Personal Information from unauthorized access, disclosure, copying or changes, and against loss or theft. DermaGO’s computer systems, including DermaGO’s licensor’s, subcontractor’s and hosting provider’s systems from whom DermaGO purchases material, software, networks, storage space and related technologies to ensure the operation and maintenance of the website and the service, are password protected and configured to ensure only the individuals which must access the Personal Information or Technical Data for the purposes of their duties for DermaGO, are authorized to access DermaGO’s systems and secured databases.
DermaGO proposes the use of security questions by Users upon creating their account. These questions aim to protect You in the event you forget your password or need to be able to identify yourself to DermaGO. The use of the security questions is optional to You.
The databases and the files used in the provision of DermaGO’s service to You are kept in a browser and encrypted via the SSH protocol. The databases of the website are encrypted via the SSL protocol (https). DermaGO ensures access to these databases is limited to its employees, doctors and the employees of the storage and hosting provider to whom an access is necessary to operate the website. DermaGO will make every reasonable effort to advise You of disruptions of services on its website.
Further, authorized doctors, nurses, and staff must comply with privacy legislation and medical record-keeping obligations to which they are subject.
In the event of a breach of DermaGO’s security measures resulting in unauthorized access to Your Personal Information, DermaGO undertakes to report such a breach to the Commission d’accès à l’information and to notify You as soon as possible where such report will include a description of the Personal Information affected if the breach presents a risk of serious injury to You. In circumstances where a security breach presents a risk of serious injury to You, DermaGO shall also include the steps it proposes to take to rectify the matter.
DermaGO cannot view Your computer’s profile or extract information from Your hard drive. The default settings of most browsers are set to accept cookies, but You can change the settings to block or limit their use.
Representations and Warranties of DermaGO
DermaGO will not process Personal Information for any other purpose or in a way which does not comply with data protection and privacy legislation as enforced in Quebec and in Canada. DermaGO will update, change, amend, transfer or delete Personal Information stored by DermaGO upon written request to [email protected]
DermaGO will not sell, rent, disclose or share Your Personal Information to third parties, nor will DermaGO use or disclose Your Personal Information for purposes other than those for which it was collected, without Your consent and as described above.
DermaGO shall comply with all requests to stop processing Your Personal Information, including Your request to stop receiving electronic marketing communications, within a reasonable period, upon reception of Your written request. Such requests must be made via email to [email protected]
DermaGO’s contractors (such as independent doctors, nurses and information technology specialists) may have access to different aspects of Your Personal Information in order to contribute to the provision of services to You. DermaGO represents it shall only ensure specific Personal Information is accessed by such personnel in a secure manner (this may include limited access, password protected access or strict need to know access). As such, DermaGO warrants it has instructed all such personnel to maintain strict confidentiality of such Personal Information and to manipulate the same only as directed by DermaGO to ensure the confidentiality and limited processing of Your Personal Information.
This Policy shall remain in effect for as long as You remain a user of DermaGO. Where You indicate Your desire for DermaGO to delete Your information the same shall be done within a reasonable delay and result in the removal of all Personal Information about You from DermaGO. Information which DermaGO must retain for legislative compliance (including tax reporting, regulatory audit and medical record keeping compliance) shall not be deleted. Where You indicate Your desire to cancel Your account or cease using the services, Your Personal Information may be retained in an anonymized and secure format in accordance with applicable legislation allowing DermaGO to retain such information (such as the Regulation respecting the records, places of practice and cessation of practice of a physician (Quebec) and the Personal Information Protection and Electronic Documents Act). If any Personal Information or pertinent information regarding Your account or use of the services of DermaGO is incorrect or inaccurate, we invite You to correct such information directly via the site or to contact Us in order to have the same rectified, updated or changed as necessary. You also have the right to access the information DermaGO has on file about You in an easy-to-read format. You may access Your information either by signing in to Your account and consulting Your file or contacting Us to obtain a copy of Your information in another format.
The Act respecting the protection of personal information in the private sector (Québec), the Personal Information Protection and Electronic Documents Act (for interprovincial transactions), the Canada Anti-Spam Legislation (CASL) and the Regulation respecting the records, places of practice and cessation of practice of a physician (Quebec) shall govern this Policy.
Should You have any further questions or concerns about this Policy or DermaGO, or wish to exercise any of Your additional rights as mentioned above, we invite You to contact the Data Privacy officer at [email protected] .