Last updated: June 1, 2022
The application of this policy is subject to applicable laws, including legislation, regulations and the orders or lawful requests of any courts or legal authorities.
2. Information we collect about you and how we collect it
For the purposes of this policy, “Personal Information” includes any information about an identifiable individual, or an individual whose identity may be inferred or determined from such information, that can be used on its own or with other information to identify, contact or locate a single person, but does not include names, titles or other information that is publicly available, such as business contact information or information found in a telephone directory.
Personal Information we collect might include, but is not limited to, your name, email address, telephone number, race, sex, date of birth, marital status, any identifier we may use to contact you, other personally identifiable information that you may choose to add to your user account profile in any Apps, records, and copies of your correspondence with us and with your health care providers through our Apps and Clinical Portal.
However, with respect to any of our Apps that allow you to use them anonymously, without the requirement for you to create a user account, we will not collect through such Apps any Personal Information about you, other than Personal Information forming part of any text or feedback message you send through such Apps.
Personal Health Information
We collect Personal Health Information. For the purposes of this policy, “Personal Health Information” includes identifying information about an individual that relates to:
an individual’s physical or mental health or family health history;
the provision of health care services to an individual, including the identification of persons providing health care services to an individual;
a plan of service for individuals requiring long-term care;
an individual’s payments or eligibility for health care or coverage;
the donation of body parts or bodily substances or the testing or examination of such body parts or substances;
an individual’s health number;
the identification of an individual’s substitute decision-maker; and/or
any other information about an individual that is included in a record containing Personal Health Information, to the exclusion of TryCycle employee records used primarily for purposes other than providing health care.
However, with respect to any of our Apps that allow you to use them anonymously, without the requirement for you to create a user account, we will not collect through such Apps any Personal Health Information about you, other than Personal Health Information forming part of any text or feedback message you send through such Apps.
Information you input into our App
We collect the information that you actively enter into our Apps, including, but not limited to, real-time behavioral input and free-form text entries (i.e. messages and logs). There is no mechanism for users of our Apps to edit, alter or delete this information after it has been submitted to TryCycle. Please see Section 10 “Correcting or updating information and withdrawing consent” below for more information on correcting, updating or withdrawing your consent to our use of your Personal Information or Personal Health Information.
Information from your device
When you use our Apps, our system collects your location data from sources such as the Global Positioning System (GPS), Wi-Fi networks, and cell towers. Your location data is only collected with your consent, which may be withdrawn at any time. We may also collect accelerometer samples, Wi-Fi network identifications and other activity data that is personally identifiable.
We may also collect information from your device, including but not limited to information about your device type, device identifier, IP address, operating system, browser type, time zone, pre-existing cookies installed on your device, carrier, language, battery performance, network connections, duration of use, number of notification messages sent or received, and times at which our Website, Clinical Portal and App were accessed and utilized. TryCycle collects both individual and aggregate data about a group or category of services or users of our Website, Clinical Portal or Apps.
In addition, most operating systems collect and make available to us health and fitness information shared by the user and other mobile health and fitness applications. This information might pertain to your physical activity, mindfulness, sleep patterns, nutrition, heart rate, reproductive health and other data logged in and tracked by your mobile device or other mobile applications.
As you navigate through and interact with our Website, Clinical Portal or Apps, we may also use automated technologies, such as cookies, to collect certain information about your equipment and browsing actions and patterns, including but not limited to details of your visits to our Website, Clinical Portal or Apps, including traffic and location data; web pages and products viewed; websites or search terms, which referred you to our Website; logs and other communication data; and the resources that you access and use on our Website, Clinical Portal and Apps.
However, with respect to any of our Apps that allow you to use them anonymously, without the requirement for you to create a user account, we will not collect through such Apps any information listed under the heading “Information from your device” other than a randomly-generated identification number assigned to your device. Such identification number will not be associated with your Personal Information.
Information from third-party websites
We may also collect information from publicly available sources such as Twitter, Facebook, LinkedIn and other social media platforms, to provide additional feedback and insights to your authorized health care providers. You may withdraw your consent to the collection of this information at any time by communicating such preference to your health care provider(s).
Information provided by your health care providers
Your health care providers may record in the applicable Apps or through the Clinical Portal, information such as interactions with you, test results, evaluations, records and notes consistent with treatment and other information related to your personal health and/or health care. By using our App, you agree that your chosen health care providers are authorized to disclose your Personal Information and Personal Health Information to us.
3. How we use your Personal Information and Personal Health Information
We use your Personal Information to:
- Present our Website, Clinical Portal and Apps and their contents to you and your health care providers;
- Understand how individuals access and utilize features and services on our Website, Clinical Portal and in our Apps in order to troubleshoot, enhance, improve and optimize our products and services;
- Facilitate communications between you and us;
- Send essential automated SMS, mobile and email notifications relevant to TryCycle system events to the mobile number and email address you provided during registration (note that notification preference settings will be provided to allow you to turn off non-essential/informative notifications only);
- Facilitate communications and provide a platform on which information and documentation can be shared between you and your health care providers;
- Carry out our obligations and enforce our rights arising from any contracts with you or to comply with our legal obligations;
- Complete transactions with you, where applicable;
- Screen for potential credit risks and fraud;
- Estimate our audience size and usage patterns and analyze trends and track movements around our Website, Clinical Portal and Apps;
- Gather demographic information about the users of our Website, Clinical Portal and Apps;
- Store information about your preferences, which allows us to customize our Apps to provide you with a personalized experience;
- Recognize you when you return to our Clinical Portal or Apps;
- Fulfill the purposes for which you provided the information or that were described when the information was collected; or
- Fulfill any other purpose with your consent.
The Personal Information and Personal Health Information that we collect may be assigned to a successor entity in connection with a corporate merger, consolidation, sale of assets or other corporate change respecting TryCycle, our Website, Clinical Portal and/or Apps. In such an event, TryCycle will attempt to notify you before your information is transferred.
We only use your Personal Health Information strictly as is necessary in the course of providing our Apps and Clinical Portal technology services to you and your health care providers.
TryCycle may also conduct system analysis of non-identifiable patient data, using machine learning techniques or other artificial intelligence, which may include health information to which you have provided us access, as part of application service development to enable better healthcare outcomes and to provide your authorized health care providers with information including, but not limited to: (a) a triaged view of their patient population, based on risk assessments; (b) a current risk assessment of each patient; (c) a view of immediate and historical patient data collected; and (d) patient demographic information. The identity of individual users will remain anonymous in such analysis.
Should TryCycle conduct market or product research, it will never use Personal Information or Personal Health Information; rather, it would fully anonymize information, meaning that it would render it unlikely to be traced back to an individual.
4. When and to whom we disclose your Personal Information and Personal Health Information
TryCycle may disclose your Personal Information:
As required or as authorized by law or by order or requirement of a court, administrative agency or other governmental tribunal;
To enforce or apply our Terms and Conditions and other agreements;
Where we believe, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group, including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction;
Where it is necessary to permit us to pursue available remedies or limit any damages that we may sustain; or
Where the information being disclosed or used is in the public domain.
We may also disclose your Personal Information to third parties in order to carry out our objectives listed in “How we use your Personal Information and Personal Health Information” above. For example, we use Google Analytics to help us understand how our Users use our Website. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
If we need to use or disclose your Personal Information in a way that is not identified in this policy, we will notify you and/or obtain your consent as required under applicable privacy laws. Where we are obliged or permitted to disclose information without your consent, we will not disclose more information than is minimally required in the applicable circumstances.
Personal Health Information
We disclose your Personal Health Information only to your authorized health care providers or as otherwise authorized by law or by order or requirement of a court, administrative agency or other governmental tribunal. Your Personal Information or Personal Health Information may be disclosed by your health care provider to other health care providers providing health care services to you, to individuals or companies managing those health care providers or to insurance companies. Please speak with your health care providers for more information with respect to how and to whom they may disclose your Personal Information or Personal Health Information.
In addition, any Personal Health Information that you disclose in any text message that you send through one of our Apps to a third party will be delivered to such third party.
Third-Party Service Providers
TryCycle uses third-party service providers, such as Microsoft, Raygun and Mailgun to host servers in Canada and the United States; track and prevent errors in our software; and send, receive and track emails and user login invitations. These third-party service providers may have access to Personal Information and Personal Health Information as an incidental result of the services provided by such third parties to TryCycle, but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.
Data Sharing in the Free Trial Version of our Clinical Portal and the TetherAll App
5. How we protect your Personal Information and Personal Health Information
The safety and security of your Personal Information and Personal Health Information is very important to us. While we cannot guarantee complete protection of your Personal Information or Personal Health Information, we follow commercially reasonable practices to protect Personal Information and Personal Health Information collected from you against accidental loss and unauthorized access, use, alteration, disclosure and destruction.
We store all Personal Information and Personal Health Information with either Microsoft Azure or IBM Cloud at a data centre in Canada for Canadian residents and at a data centre in the United States for residents of the United States. Both Microsoft Azure and IBM Cloud providers are responsible for the hosting and security of all servers, databases and applications in a secure cloud and are certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the ISO Standard also includes the right to audit Microsoft and/or IBM for compliance.
Because the transmission of information via the Internet is not completely secure, any transmission of Personal Information or Personal Health Information is at your own risk. Although we maintain security measures to maintain the integrity of the data in our care, including the encryption of all Personal Information and Personal Health Information, while in transit or at rest, we are not responsible for circumvention of any of our privacy settings or security measures. Your Personal Information and Health Information may be transmitted over various networks and may be subject to changes to confirm and adapt to technical requirements of connected networks or devices. We urge you to be cautious about giving out information in any public areas of our Website, Clinical Portal or App.
Safeguard measures to ensure authorized access to your account on our Apps and Clinical Portal include the use of a username and a password for authentication. You are responsible for keeping your personal password and username private. Please contact us immediately if you believe that your password has been compromised or misused.
Access to private, sensitive and confidential information, including your Personal Information and Personal Health Information, is restricted to authorized TryCycle employees who are required to abide by our privacy standards. Our employees are bound by a confidentiality agreement, which strictly prohibits access to or disclosure of your information without authorization. Our employees are subject to appropriate disciplinary measures, including dismissal, if they fail to abide by our confidentiality agreement or privacy standards.
Our Website, Clinical Portal or App may contain links or references to other websites and services owned or operated by third parties. These third-party platforms and websites are not governed by this policy. This policy does not extend to the collection of information by third parties, and we are not responsible for the privacy practices, policies or actions of third parties. When visiting third party websites or platforms, you do so at your own risk, and you assume all responsibility associated with the same. We encourage you to review the privacy policies and terms and conditions of each website and platform visited prior to using them or disclosing information to third parties.
6. Retention of your Personal Information and Personal Health Information
Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information and Personal Health Information for as long as is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements or to protect us from liability in the event of a dispute.
Unless you explicitly withdraw your consent, we will retain your name and contact information so that we may archive your participation in our services. When you explicitly withdraw your consent to our retention of your Personal Information or Personal Health Information, or if we decide that your Personal Information or Personal Health Information is no longer necessary or relevant for the identified purposes or is not required to be retained by applicable laws, we will take steps to have it deleted, destroyed, erased, aggregated or made anonymous.
We reserve the right to use and to publish anonymous and de-identified data that we have collected from you for any legitimate business purpose, including performing analytical procedures to improve, extend and promote our App and services, without further notice to you and without your consent. We also reserve the right to reject, suspend, alter, remove or delete data if it breaches our Terms and Conditions, if it is necessary to protect ourselves or others, where we have reasonable grounds to believe that a criminal act has been committed, or if required to do so by law.
With respect to any of our Apps that allow you to use them anonymously, without the requirement for you to create a user account, all text messages (other than feedback messages) sent through such Apps, and any Personal Information and/or Personal Health Information contained in said text messages, if any, will be deleted, destroyed, or erased upon termination of the chat session during which said text messages were sent.
7. Knowledge and consent
When you voluntarily provide us with your Personal Information, we will typically seek consent for the use or disclosure of such Personal Information at the time of collection. In certain circumstances, consent may be sought after the information has been collected but before use (for example, when we want to use information for a purpose not previously identified).
The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Information and the reasonable expectations of the individual in the circumstances. When you fill out a form on one of our Apps, for instance, you imply that we may use that information for the purpose for which you filled out the form.
You may withdraw consent to the collection, use or disclosure of your Personal Information or Personal Health Information at any time, subject to legal restrictions (such as information required to protect us from liability) and reasonable notice. If you wish to withdraw your consent, please contact us. We will inform you of the implications of withdrawing your consent as appropriate, which may include our inability to offer our services to you.
We reserve the right to modify this policy at any time. The policy posted on our Website, Clinical Portal and in our Apps shall be deemed to be the policy in effect. A current policy can also be obtained by contacting us. If we make any material changes to this policy regarding how we treat your Personal Information or Personal Health Information, we will notify you through a notice on our Website and Clinical Portal homepages and on our Apps, and/or by email to your last known email address and will obtain your express consent as required under applicable privacy laws. We also include the date this policy was last revised at the top of the policy.
You are responsible for ensuring that we have an up-to-date, active and deliverable email address for you and for periodically visiting this policy to check for any changes.
9. Governing law
This policy shall, in all respects, be governed by and interpreted, construed and enforced in accordance with applicable provincial and federal laws of Canada and the applicable laws within the United States, including HIPAA and HITECH.
For users in First Nations Communities, TryCycle works with community leaders to ensure compliance with the First Nations Principles of ownership, control, access and possession (OCAP) of First Nations data.
10. Correcting or updating information and withdrawing consent
It is important that the Personal Information and Personal Health Information we hold about you is accurate and current. The accuracy, integrity and completeness of your Personal Information and Personal Health Information you input into our Apps or allow someone to input into our Apps on your behalf, is your responsibility. Please keep us informed if your information changes. By law, you have the right to request access to and to correct the Personal Information and Personal Health Information that we hold about you. You may contact us if you would like to review, verify, correct or withdraw consent to the use of your Personal Information or Personal Health Information. We may request certain Personal Information for the purposes of verifying the identity of the individual seeking access to their Personal Information or Personal Health Information records.
We may not accommodate a request to view or change information if we believe that:
The identity of the person requesting access cannot be confirmed;
The information is not readily retrievable, and the burden or cost of providing it would be disproportionate to the nature or value of the information;
The requested information does not exist, is not held or cannot be found;
Disclosure of the information would compromise the confidentiality of another individual or threaten the safety of another person; and/or
Non-disclosure of the information is required or permitted by law.
Where a request for access to information is made, to protect vulnerable populations, TryCycle reserves the right to verify communications, including with your health care providers, before taking action. Where a request for access or alteration of Personal Information is declined, the individual making the request will be provided with the reason(s) for declining the request, subject to any legal or regulatory restrictions.
11. Contacting us
TryCycle has appointed a designated privacy contact who acts as Chief Privacy Officer (“CPO”) responsible for information system monitoring and information security policy and procedure management by:
Undertaking privacy impact assessment and threat and risk assessments on a regular basis; and
Adopting policies and procedures based on privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.
If you have questions about this policy or would like to submit a request, you may contact our CPO, Geoff Schaadt, by e‑mail at firstname.lastname@example.org or by regular mail using the details provided below:
TryCycle Data Systems Inc.
1296 Carling Ave
Ottawa, ON K1Z 7K8
TryCycle Data Systems Inc.
University of Connecticut
Technology Incubation Program Building
400 Farmington Ave
Farmington, CT 06032