MedStack Privacy Notice

Last updated: August 6, 2019
This MedStack Privacy Notice describes how we collect and use your personal information in relation to MedStack websites, products, services, and events that reference this Privacy Notice (together, “MedStack Offerings”).

This Privacy Notice does not apply to the “content” processed, stored, or hosted by our customers using MedStack Offerings in connection with a MedStack account. See the agreement governing your access to your MedStack account for more information about how we handle content and how our customers can control their content through MedStack Offerings. This Privacy Notice also does not apply to any products, services, websites, or content that are offered by third parties or have their own privacy notice.

Who we are

  • Our address is: MedStack, Inc., 600-10 Dundas St E, Toronto ON M5B 2G9, Canada
  • Our Chief Privacy and Security Officer (CPSO) and Data Protection Officer (DPO) is Simon Woodside
  • You can contact this officer by email: privacy@medstack.co
  • Any other questions can be directed to: info@medstack.co

Inquiries regarding health information

We do not directly collect, use or disclose personal health information that is protected by law (PHI). We provide technical services for companies who provide services to individuals, healthcare professionals, companies and institutions. If you have an inquiry about the collection, use or disclosure of PHI by one of our customers, please contact them directly.

Personal Information We Collect

We collect your personal information in the course of providing MedStack Offerings to you.

Here are the types of information we gather:

  • Information You Give Us: We collect any information you provide in relation to MedStack Offerings.
  • Automatic Information: We automatically collect certain types of information when you interact with MedStack Offerings.
  • Information from Other Sources: We might collect information about you from other sources, including service providers, partners, and publicly available sources.

How We Use Personal Information

We use your personal information to operate, provide, and improve MedStack Offerings. Our purposes for using personal information include:

  • Provide MedStack Offerings: We use your personal information to provide and deliver MedStack Offerings and process transactions related to MedStack Offerings, including registrations, subscriptions, purchases, and payments.
  • Measure, Support, and Improve MedStack Offerings: We use your personal information to measure use, analyze performance, fix errors, provide support, improve, and develop the MedStack Offerings.
  • Comply with Legal Obligations: In certain cases, we have a legal obligation to collect, use, or retain your personal information. For example, we collect contact information required for compliance notifications.
  • Communicate with You: We use your personal information to communicate with you in relation to MedStack Offerings via different channels (e.g., by phone, email, chat) and to respond to your requests.
  • Marketing: We use your personal information to market and promote MedStack Offerings. For example, we might show interest-based advertising on other websites.
  • Purposes for Which We Seek Your Consent: We may also ask for your consent to use your personal information for a specific purpose that we communicate to you.

To enable our systems to recognize your browser or device and to provide MedStack Offerings to you, we use cookies. For more information about cookies and how we use them, please read our Cookies Notice.

How We Share Personal Information

Information about our customers is an important part of our business and we are not in the business of selling our customers’ personal information to others. We share personal information only as described below:

  • Transactions Involving Third Parties: We make available to you services, software, and content provided by third parties for use on or through MedStack Offerings. You can tell when a third party is involved in your transactions, and we share information related to those transactions with that third party.
  • Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include: sending communications, processing payments, analyzing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management. These third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process that information in accordance with this Privacy Notice and as permitted by applicable data protection law.
  • Protection of Us and Others: We release account and other personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of MedStack, our customers, or others.
  • At Your Option: Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.

Location of Personal Information

We are located in Canada, and our affiliated companies are located throughout the world. Depending on the scope of your interactions with MedStack Offerings, your personal information may be stored in or accessed from multiple countries, including Canada. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.

How We Secure Information

At MedStack, security is our highest priority. We design our systems with your security and privacy in mind.

  • We maintain a wide variety of compliance programs that validate our security controls.
  • We protect the security of your information during transmission to or from MedStack websites, products, or services by using encryption protocols and software.
  • We delegate handling credit card data to Payment Card Industry Data Security Standard (PCI DSS) providers.
  • We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information. Our security procedures mean that we may request proof of identity before we disclose personal information to you.

Access and Choice

You can view, update, and delete certain information about your account and your interactions with MedStack Offerings. If you cannot access, update, or delete your information yourself, you can always contact us for assistance.

You have choices about the collection and use of your personal information. You can choose not to provide certain information, but then you might not be able to take advantage of certain MedStack Offerings.

  • Account Information: If you want to add, update, or delete information related to your account, please go to the MedStack Dashboard.
  • Communications: If you do not want to receive promotional messages from us, please unsubscribe or adjust your communication preferences in the MedStack Dashboard or by using the links at the bottom of promotional messages.
  • Browser and Devices: The Help feature on most browsers and devices will tell you how to prevent your browser or device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

Subject to applicable law, you have the right to:

  • ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
  • request that inaccurate personal information is corrected;
  • request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements; and
  • lodge a complaint with us regarding our practices related to your personal information.

You can exercise your rights of access, rectification, erasure, restriction, or complaint by contacting us. If you wish to do any of these things and you are a MedStack customer, please contact us. If you are not a MedStack customer, please contact us at the address stated under Notice and Revisions above.

Children’s Personal Information

We don’t provide MedStack Offerings for purchase by children. If you’re under 18, you may use MedStack Offerings only with the involvement of a parent or guardian.

Retention of Personal Information

We keep your personal information to enable your continued use of MedStack Offerings, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal information varies depending on the purpose for its use, and we will delete your personal information in accordance with applicable law.

Contacts, Notices, and Revisions

If you have any concerns about privacy at MedStack, please contact us with a thorough description, and we will try to resolve it. You may also contact us at the address: MedStack, Inc., 600-10 Dundas St E, Toronto ON M5B 2G9, Canada.

If you interact with MedStack Offerings on behalf of or through your organization, then your personal information may also be subject to your organization’s privacy practices, and you should direct privacy inquiries to your organization.

Our business changes constantly, and our Privacy Notice may also change. You should check our website frequently to see recent changes. You can see the date on which the latest version of this Privacy Notice was posted. Unless stated otherwise, our current Privacy Notice applies to all personal information we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of personal information collected in the past without informing affected customers and giving them a choice.

Examples of Information Collected

When you use this website, we may collect the following personal information:

  • Name
  • Email address
  • Phone number
  • Your company and information about it
  • IP address, technical information about your browser, how you arrived at the site, where you clicked and amount of time spent on pages