Privacy Notice
EFFECTIVE DATE
This Privacy Notice is effective as of January 10, 2023.
PRIVACY NOTICE HIGHLIGHTS
By interacting with the website at easthma.ca
(the “Site”), the web application at
portal.easthma.ca
(“WebApp”), the eAMS: Asthma Management System mobile applications
(the “Mobile Apps”), and the
Decision Support System, either as a
visitor to the Site or a user of the Electronic Asthma Management System
(“eAMSTM”), you are agree to be bound by this Privacy Notice
which are incorporated in the
Terms And Conditions And End User License
Agreement (the “Terms”).
This Privacy Notice helps visitors to our Site and Users of the Web App, Mobile Apps, and Decision
Support System to better understand how we collect, use, and store Personally Identifiable Information
and Personal Health Information in providing the Services.
The eAMSTM assists Healthcare Providers to improve care for patients with asthma by using a Decision
Support System to provide patient-tailored asthma advice, including an action plan, which, once
approved by an authorized Healthcare Provider, is delivered to Patients through the WebApp or Mobile
Apps (together the “Services”).
The Site, WebApp, Mobile Apps, Decision Support System and the eAMSTM are owned and
operated by EAPOC Inc. (“EAPOC”).
The terms "we", "our" and
"us" mean EAPOC and the terms “you” and
“your” mean the visitors to or Users of the Site and the Users of the
WebApp, the Mobile Apps, and the eAMSTM Services.
Below are highlights of our Personally Identifiable Information and Personal Health Information
handling practices. Please refer to our
Detailed Privacy Notice for a full description
of our privacy and data security practices.
Capitalized words in these Privacy Notice Highlights are defined in the
Detailed Privacy Notice.
- Information We Collect
We collect your Personally Identifiable Information (“PII”) and
Personal Health Information (“PHI”) from the following
sources:
-
information you give us when you contact us through the Contact Us Page on our Site, open an
Account or subscribe for Services, when you submit customer service inquiries, or when you
submit customer feedback or reviews;
-
information that you provide in the course of receiving the Services or that we collect from
third parties whom you authorized to share your information with us;
-
information we collect automatically when you Use our Site, WebApp, Mobile Apps, and the
eAMSTM Services such as information about your browser settings, operating system, and other
information collected through cookies;
- How We Use and Disclose Your Information
-
We use your PII and PHI that we or our service providers collect from you to provide the
Services and to manage our business operations, such as to authenticate you when you sign
into your Account, to prevent loss of data and fraud, to process your subscription payment
(if applicable), and to monitor and improve the performance of our Site, WebApp, Mobile
Apps and Services;
-
We may combine or aggregate your de-identified and pseudonymized PII and PHI, so that it
will be unlikely to re-identify you from it, to monitor trends and provide and improve our
respective products and services, and we may share and/or sell that information;
-
We may share with or transfer your PII and PHI to service providers who help us run our
business. Those providers can only use the PII and
PHI we transfer to them for the specific purpose of assisting us with providing the Services.
If a service provider’s privacy and data security practices are inferior to ours, we will
enter into a Data Protection Agreement to protect your information.
- We may also disclose your PII and/or PHI if a court order requires us to do so.
-
With your consent, we may use your PII to contact you for marketing, promotional, or other purposes.
-
We may disclose, transfer or sell your PII and PHI without your consent in certain
circumstances. If we merge or sell our business to another entity, or in the event of our
insolvency or bankruptcy, your PII, PHI, and Account Record may be transferred to the new
owner without your consent. Please refer to Section 5 of the
Detailed Terms for further details.
- Your Choices and Consent
-
You can change your communication preferences for marketing and advertising e-mails,
participation in surveys, and to provide or withdraw consent for specific requests we
or our service providers may make to collect and use your information by clicking the
“Unsubscribe” link in our email correspondence.
-
You may withdraw your consent from our further use of your PII or PHI and you may close
your Account. If you do so, we may still use your PII and PHI for the purposes to which you
consented before you withdrew consent and we may keep information about you and your
previous transactions with us for audit purposes, to ensure the integrity of our data,
and to fulfill legal requirements.
- How to Contact Us
If you have a privacy question or concern, please contact us at:
privacy@easthma.ca.
Please review our Detailed Privacy
Notice for more information about our practices.
DETAILED PRIVACY NOTICE
1. Background
By interacting with the website at easthma.ca
(the “Site”), the web application at
portal.easthma.ca
(“WebApp”), the eAMS: Asthma Management System mobile applications
(the “Mobile Apps”), and the
Decision Support System either as a visitor to the Site or a User of the
Electronic Asthma Management System (“eAMSTM”), you are agree
to be bound by this Privacy Notice, which is incorporated in the
Terms And Conditions And End User License
Agreement (the “Terms”).
The Site, WebApp, Mobile Apps, Decision Support System and the eAMSTM are owned and
operated by EAPOC Inc. (“EAPOC”).
2. Definitions
As used in this Policy Notice, capitalized terms not defined in this Privacy Notice here have the
meaning assigned to them in the Terms:
“Personally-Identifiable Information” or “PII”
means information that identifies you or could be combined by us or our service providers with other
information to identify you. Examples of this type of information include your name, date of birth, medical record
number, health card number, personal e-mail address, home telephone number,
personal cellphone number, your internet provider (IP) address and other similar information when
associated with you. PII may also include information about how you use the Site, the WebApp, the
Mobile Apps, and the eAMSTM Decision Support System if we can associate that PII with
you. PII does not include your business title, your business e-mail
and mailing address, or your business telephone number when we use that information to contact you
in your business capacity.
“Personal Health Information” or “PHI” means
information about you, while living or deceased, that relates to: your physical or mental health; any
health or medical services you received; your medical examinations, tests, and surgeries; whether you
donated any organs or fluids; and information collected in the course of, or related to, providing
health services to you. PHI may be found in your medical records, treatment and examination notes,
and communications between you and your healthcare providers.
"we", "us" or "our"
means EAPOC Inc. and any of our Affiliates.
"you" or "your" means an individual Using the
Site, the WebApp, the Mobile Apps, or the Content as a visitor, Patient or Healthcare Provider using
the eAMSTM Decision Support System.
3. Scope and Services
This Privacy Notice helps visitors to our Site and Users of the Web App, Mobile Apps, and Decision
Support System to better understand how we collect, use, and store Personally Identifiable
Information and Personal Health Information in providing the Services.
The eAMSTM assists Healthcare Providers to improve care for patients with asthma by using
a Decision Support System to provide patient-tailored asthma advice, including an action plan, which,
once approved by an authorized Healthcare Provider, is delivered to Patients through the WebApp or
Mobile Apps (together the “Services”).
4. Accountability
We take the privacy of your PII and PHI seriously and are committed to safeguarding it. We developed
and implemented policies, practices, and procedures to protect PII and PHI and we train our staff in
our PII and PHI handling practices.
We comply with privacy and data security legislation including the
Personal Information Protection and Electronic Documents Act
(“PIPEDA”) and the
Personal Health Information Protection Act (Ontario)
(“PHIPA”) and are compliant with
ISO/IEC 27002:2013 Code of practice for information security controls:
15.1: Information security in supplier relationships for both Canadian and
American service providers.
We have appointed a Chief Privacy and Security Officer (“CPSO”) who is
responsible for enforcing compliance with our privacy program including, by undertaking regular
Privacy Impact Assessment (“PIA”) and Threat and Risk Assessments
(“TRA”); adopting new policies and procedures or amending existing
policies and procedures based on the results of the PIAs and TRAs.
If you have a question or complaint about our information handling practices, please contact us at
privacy@easthma.ca.
5. Limiting Collection: What Information Do We Collect?
It is our policy to collect only PII and PHI necessary to allow visitors to the Site to interact with
us and to provide Users with the eAMSTM Services and to improve the performance of the
eAMSTM Services.
The ways we collect PII and PHI can be broadly categorized into:
-
Information you provide to us directly: When you visit or use parts of our Site,
we might ask you to provide PII to us. For example, we may ask for your first and last name,
email address and/or phone number on our Contact Us page so we can reply to a message you post
there or to contact you by phone. We may also receive your contact information when you contact
us directly at the contact email provided on the Site.
We collect your PII and PHI when you open an Account and Use the eAMSTM Services.
For example, we will collect identification and contact information, such as your name, mailing
address, date of birth, and demographic information to be able to properly identify you, to
contact you, and if applicable, to process a payment for your subscription to our Services.
We also collect PHI such as your medical conditions, treatment information, symptoms, allergies,
and other information that is required to provide Decision Support as part eAMSTM
Services and may be used to determine if you are eligible for a Research Study.
If you do not wish to provide us with all or some of the PII or PHI required to open an Account
and to receive the Services you do not have to, but it might mean you cannot receive our Services.
Patient Users: To register for the
eAMSTM Services and create an account, you must provide your first name, last name and
email address to verify your account registration and so that we may contact you, as well as your
health card number, date of birth and the name of the healthcare setting in which you receive
health services (e.g., a clinic). The eAMSTM Services also log the information you
report related to your asthma, including your symptoms, triggers and medications. If your
healthcare setting is registered for eAMSTM Services, your account may be linked to
your Healthcare Provider’s electronic medical record. Depending on how your Healthcare Provider
uses the eAMSTM Services, you may receive periodic reminder emails when your attention
is requested by the eAMSTM Services.
If you provide consent, you may also be emailed with an invitation to participate in future
research studies about the eAMSTM.
Healthcare Provider Users: When you
register for an eAMSTM Account you must provide your email address to complete your
account registration. The eAMSTM records your actions in the decision support window.
-
Information from other Sources: We may
receive PII and PHI about you from other sources. For example, if you had a paid Account, we would receive PII from credit
card processors regarding whether the credit card details you entered have
been accepted or declined. We may also receive PII and PHI from sources you authorized to
provide such information to us.
-
Information we collect automatically:
We may automatically collect some technical information when you visit our Site, the WebApp,
the Mobile Apps, or the Decision Support System that platforms like Google Analytics may collect
about your interaction with our Platform. This includes the geographic location of your IP
address, the IP address itself, device type, what pages you looked at, what links you clicked on,
number of messages sent or received, your browser type and configuration, the date and time of
use, language preferences, and cookie data. We use this information to detect problems, improve
the navigation of our Site the WebApp, the Mobile Apps, or the Decision Support System so they
are easier to use and to determine which aspects of our Services may interest you. We may record
whether you looked for information about a particular topic or service to make inferences about
other products and services in which you might be interested. If you consented to receive these
types of communications from us, we may track whether you opened certain types of promotional
e-mails.
You may choose to set your web browser to refuse cookies, or to alert you when cookies are being
sent. If you set your web browser to disable cookies, some parts of the Site, WebApp, Mobile Apps
and the Decision Support System may not be accessible to you.
For Patient Users, the eAMSTM Services use cookies in to help facilitate the login
process, and authenticate Patient Users upon login. These cookies are automatically destroyed
when a Patient User logs out of the eAMSTM. For Healthcare Provider Users the
eAMSTM Services use cookies to
authenticate Healthcare Provider Users when the Decision Support System is accessed. These
cookies are automatically destroyed when a Healthcare Provider User exits the browser. For
details about our cookie practices, please refer to our
Cookie Policy.
6. Limiting Use: How Do We Use Your PII and PHI?
We use PII, PHI and non-personal information for the following purposes:
-
To communicate with you. This may include: (i) providing you with information you requested from
us or information we must send to you; (ii) operational communications, like information regarding
your Account, or your subscription to our Services; (iii) changes to our Site, WebApp, or
Mobile Apps, Decision Support System, or changes to this Privacy Notice, our
Terms or our
Cookie Policy; (iv) any questions,
reminders, notifications related to your Account or your use of your Account or addressing
customer service issues and troubleshooting problems with your Account; (v) to notify and alert
you about data breaches, actual or potential fraud, identity theft and other fraud or
security-related activities; and (vi) legal disclosures, communications about and related to
any legal action, or otherwise required under our legal obligations; and any other reason
notifications and alerts may be required by law.
-
To provide Services. We use your PII and PHI
to provide the eAMSTM Services and to manage our business operations such as to
register your Account, to authenticate you when you log into your Account, to deliver the
Services, and may use it to send you reminder emails for your clinic appointments.
-
To improve our Site, WebApp, and Services and develop new ones
: We monitor how you use the Site, the WebApp, the Mobile Apps, and the
Services so we can improve our offerings, user experience, and design new features. We may
combine or aggregate your de-identified and pseudonymized PII and PHI (so that it will be unlikely
to re-identify you from it) and non-personal information to monitor trends and provide and
improve our products and services; including information we collect automatically (identified in
Section 5), questionnaire responses (Patient Users), selections in the decision support window
(Healthcare Provider Users), and action plans, chart notes and/or messages to the MRP generated
by the eAMSTM Services (Healthcare Provider Users).
We may share such aggregated de-identified and pseudonymized PII and PHI (which makes it unlikely
to identify you) and non-personal information with your Healthcare Provider and other members in
your circle of care, our service providers, and third parties to help us improve the
eAMSTM Services.
-
To detect and prevent any fraudulent or malicious activity
and to make sure that our Site, WebApp, Mobile Apps, Content, and
Services are used according to our Terms
and to protect the security or integrity of our Site, WebApp, Mobile Apps, our Services, and our
business.
-
With your consent, to send you targeted advertisement
such as general or personalized notices and promotional messages, or to
send news about us.
-
To comply with any laws and regulations.
7. Disclosure: When Do We Disclose Your PII and PHI to
Others?
We do not disclose or share your PI or PHI except as allowed by law and as outlined in this Privacy
Notice.
-
We run our business with the assistance of third-party service providers who help us to provide
the Services and other business operations such as marketing and promotional services. We engage
our service providers on separate terms, either their own terms of service or separate agreements,
as further detailed in Section 9. Those terms ensure the security of your information and limit
the service provider’s use and disclosure of that information to the purpose for which we
engaged each service provider, unless we or they obtain your explicit consent to use it for
any other purpose.
We may share your PII and PHI with our service providers and our Affiliates who help us with our
business operations. Some Patient Users’ PII and PHI may be disclosed to (i) Healthcare Provider
Users who participate in the eAMSTM Services, including the Patient User’s physician(s)
and other Healthcare Provider(s), and may become a part of your medical record, (ii) individuals
and companies managing those physicians and Healthcare Providers,
If you consented to receive marketing and promotional emails from us, we may share select PII
with service providers who help us with marketing and promotional services.
-
We may sell aggregated de-identified and pseudonymized PII and PHI (which makes it is unlikely
to identify you) and non-personal information related to usage data of the
eAMSTM such as choices in decision support screens, and the number and severity of
asthma patients under care.
-
We will not rent your PII or PHI we collect directly from you or as part of our Services. Other
than as identified in this Privacy Notice, we will not disclose, transfer, or sell your PII and/or
PHI; however, you acknowledge and agree that we may disclose, transfer or sell (as applicable)
your PII and PHI and your Account Record,
without your explicit consent under the following limited
circumstances:
-
Transfer and/or disclose PII and/or PHI to our service providers who assist us to provide the
Services and run our business;
-
Disclose PII to collect a debt from you or to prevent or investigate fraudulent or illegal
activity on your Account;
-
Disclose PII and/or PHI to comply with an order, subpoena, warrant or other legal requirement
issued by a court, tribunal, regulator or government body with competent jurisdiction to
compel disclosure of your PII or PHI, including to meet national security or law enforcement
requirements, to prevent, investigate, or take action against illegal activities, suspected
fraud, situations involving potential threats to the physical safety of any person, violations
of our Terms, this Privacy Notice,
to protect the security of the
Site, the WebApp, the Mobile Apps, our Services, and the security of your Account, or as
otherwise required by law;
-
Disclose PII and/or PHI to establish or defend our legal rights. Where possible and
appropriate, we will notify you;
-
Disclose and transfer PII and PHI to an actual or potential buyer of EAPOC (and its agents and advisers)
in connection with an actual or proposed corporate reorganization, assignment, merger, or sale of any
part of our business, including as part of insolvency or bankruptcy proceedings. In such case, your
PII and PHI will be disclosed solely for the purposes related to the transaction, including during
due diligence or to fulfill any audit requirements, and will be protected by security safeguards
appropriate to the sensitivity of the information and contractual confidentiality obligations,
including the return or destruction of confidential information (including PII and PHI) if the
transaction fails to close. Your Account record may be transferred upon a change of corporate control.
If you do not wish to continue to receive services through the entity that acquires or with
whom we may merge our business, you may close your account.
8. Consent
-
When you provide PII or PHI to open an Account and receive Services, or to provide PII to
complete a transaction by credit card, you consent to our collecting your PII and PHI
required to complete these activities only.
-
You acknowledge and agree that by opening an Account we may contact you by email without your
explicit consent for any purpose directly related to our legal rights, our obligations, and our
ability to provide our Services to you such as: (i) providing you with information you requested
from us or information we must send to you; (ii) operational communications about your Account or
your subscription to the Services; (iii) changes to our Site or Platform, changes to this Privacy
Notice or the Terms;
(iv) any questions, reminders, notifications related to your account or your use of your Account or
addressing customer service issues and troubleshooting problems with your account; (v) to notify
and alert you about data breaches, and other fraud or security-related activities; and (vi) legal
disclosures, communications about and arising from any manner of legal action; and any other reason
notifications and alerts may be required by law.
-
We comply with Canada’s Anti-Spam Legislation (“CASL”). When you
register your Account, you can provide your consent to receive marketing and promotional e-mails.
We will ask for your explicit consent before we send you any marketing or promotional emails,
newsletters, invitations to participate in surveys, or other reasons that are not central to
providing the Services. You may withdraw your consent by using the “Unsubscribe” link available
in any of our emails to you, or by contacting us at
admin@easthma.ca.
-
YOU CAN WITHDRAW CONSENT FOR OUR USE OF YOUR PII OR PHI IN FUTURE USES WITHIN THE SCOPE OF YOUR
CONSENT BUT YOU CANNOT WITHDRAW YOUR CONSENT FOR OUR USE OF YOUR PII
OR PHI FOR USES THAT BEGAN BEFORE THE DATE ON WHICH YOU WITHDREW YOUR CONSENT. YOU WILL ALSO NOT
BE ABLE TO WITHDRAW YOUR CONSENT WHERE OUR USE OR DISCLOSURE OF YOUR PII OR PHI IS AUTHORIZED OR
REQUIRED BY LAW.
9. Safeguards: How Do We Protect Your PII and PHI?
We are committed to protecting your PII and PHI. Our staff understand the importance of keeping your
information confidential and are expected to maintain the confidentiality of your Information.
-
We take administrative, technical and physical measures to safeguard your PII and PHI against
unauthorized access, unauthorized disclosure, theft and misuse. This includes limiting access
of staff to your PII and PHI with passwords and graduated levels of clearance. We do not publish
all of our security measures online because this may reduce their effectiveness. We take
reasonable precautions against breaches of our security systems; however, no company can fully
eliminate the risks of unauthorized access to your information and no website or platform is
completely secure.
-
Although we cannot guarantee that unauthorized access, hacking, data loss or breaches of our
security systems will never occur, we try to minimize these risks by: (1)
active monitoring: monitoring access to your PII and PHI through
activity logs and regular audits to ensure that no unauthorized access attempts have been made,
(2) secure storage: we store your PII and PHI over which we have
custody and control in Canada in reputable data centers that are ISO 27001 and ISO Standard
27018:2019 (Code of Practice for personal identifiable information (PII) protection in
public clouds acting as PII processors) certified and adhere to global privacy and data protection
best practices, (3) network security: we implemented controls to
protect against unauthorized access, including segregating our internal systems from our
publicly-accessible systems, (4) end-to-end encryption: we encrypt
all data transmissions and communications on the Site, WebApp, and Mobile Apps, and our Services
from end-to-end using industry-standard transport layer security (“TLS”) or secure socket layer
(“SSL”) encryption technology, and (5) training: we implemented
policies, procedures that address and train our staff on the handling of PII and PHI. All our
staff members and contractors are legally bound to confidentiality.
-
We expect our service providers to protect your PII and PHI that they collect from you directly.
If our service provider’s data collection and security practices are inferior to ours, we will
enter into separate Data Collection and Sharing Agreements to ensure that any PII or PHI we
may need to share with them is protected.
-
For paid accounts, we do not store your credit card information. Payments are handled by a
reputable direct payment gateway provider. The data they collect is encrypted according to
the Payment Card Industry Data Security Standard (PCI-DSS) and they additional implement
generally accepted industry standards.
10. Data Breach
-
We take precautions against breaches of our security systems, but you acknowledge and agree that
no company can eliminate the risks of unauthorized access to your PII and PHI and no transmission
over the internet is 100% secure. Therefore, you provide your PII and PHI to us and our service
providers at your own risk.
-
Despite our rigorous precautions against data breaches, the risk of a data breach remains. In the
event of a data breach, we will comply with the breach notification requirements outlined in PIPEDA.
-
IN THE EVENT OF A BREACH OF YOUR PII OR PHI THAT IS IN THE CUSTODY OR CONTROL OF ONE OF OUR
SERVICE PROVIDERS, THEN THAT SERVICE PROVIDER’S BREACH POLICIES APPLY FIRST.
11. Data Storage and Transfer
-
As custodians, we remain responsible for the security and privacy of your PII and/or PHI
at all times. EAPOC and our service providers do not store your information outside of Canada.
-
We expect our third-party service providers who are not bound by the same laws we are to provide
comparable levels of data protection and security. We will enter into Data Protection Agreements
with service providers whose data protection and security practices are inferior to those we
outlined in this Privacy Notice.
12. Data Retention: How Long Do We Keep your PII and PHI?
We collect only PII and PHI for which we have a legitimate business need to provide the Services.
-
We maintain a records retention and destruction policy to destroy information when we no longer
have a business need for it and are not required by law to keep it. PII and PHI collected with
your consent by our service providers that is under their custody and control is subject to their
data destruction policies and the data retention laws applicable in that provider’s jurisdiction.
-
For paid accounts, PII collected by our direct payment gateway provider to process a transaction
is stored only as long as it is necessary to complete your transaction, then it is deleted. We do
not collect or store any information related to your payment transactions.
-
We retain your Account Record in active use until you close your Account. We employ an automatic
data backup and archiving system and a data retention and destruction schedule to ensure data
security. Once you close your Account, your PHI in active use will be deleted within 30 days
but PHI in rolling automatic backups will be stored until it is overwritten in accordance with
our data retention and destruction schedule. We will keep limited PII and PHI for as long as we
have a legal or legitimate business need to keep it, such as to comply with data retention laws,
enforce our Terms, comply with audit
requirements, and take other
actions permitted by law.
-
We and our service providers may continue to store and use aggregated de-identified PII and PHI
to improve our respective products and services.
13. Accounts and Credentials
-
Patient Users must be at least 16 years old to subscribe to open an Account to receive the
Services and access the WebApp and the Mobile Apps.
-
Only Healthcare Providers who have been authorized by a qualified administrator at the
healthcare setting using the eAMSTM can Use the eAMSTM Decision Support
System and eAMSTM Services.
-
The security of your Account depends on you keeping your Account login credentials safe and not
sharing them with anyone else. If you believe that your login credentials have been compromised
or misused, you must contact us immediately.
14. Accuracy: How Do You Modify Your Information?
-
We want to ensure that the PII and the PHI we collect from you and that is in our custody and
control is accurate, complete, and up-to-date for the purpose of providing the Services and will
destroy any information that is out-of-date.
-
We use reasonable means to ensure that the information in your Account record is accurate. You
may update certain PII directly in your Account, while other information may need to be updated
directly through your Healthcare Provider. If you have questions or identify any errors in your
Account Record, please contact us at
privacy@easthma.ca.
We will strive to address any correction requests promptly. If we dispute a correction
request, we will log the reason for the disagreement.
15. Access: Right to your Data
-
You may access your Account Record and port the information from us to another entity. If you
request a copy of your Account Record, we will provide it to you at no charge. You can request
access to your Account record by contacting us at
privacy@easthma.ca.
-
Before we grant you access to your Account records we will first authenticate you to confirm
your identity. We will handle all access requests promptly, subject to applicable privacy laws.
We will provide you the legends for any special codes, acronyms or other similar information in
the disclosed material, so your right of access is meaningful.
16. Account Closure: Data Deletion
-
To close your Account or to request that the PII or PHI we have about you be deleted,
please email us at to
admin@easthma.ca. Once we receive
your request and authenticate your identity, we will remove your Account from active use and
will delete your Account Record within 30 days, but we will keep some PII as described in
Section 12.
-
To close your account please contact our Chief Privacy Officer at
privacy@easthma.ca. Once we
receive your request and authenticate you, we will close your account and delete your Customer
Data within 30 days of receiving your request to terminate your subscription to the Services.
17. Governing Law
This Privacy Notice shall in all respects be governed by and interpreted, construed and enforced in
accordance with the laws of the Province of Ontario and the laws of Canada applicable therein.
18. Third-Party Services and Links
We may provide links to third-party websites on our Site, the WebApp, Mobile Apps, and/or the
Decision Support System. These links are provided for convenience only. We do not have control over
those third-party websites, and they are not subject to this Privacy Notice or our
Terms. Your use of hyperlinked websites is at
your own risk and subject to the privacy notices of those websites.You acknowledge that these links
may lead you to third-parties that may operate in a different jurisdiction than either yours or ours.
If you provide your PII or PHI to these entities, then your information may become subject to the
laws of the jurisdiction(s) in which that site operates or where its facilities are located.
19. Challenge Compliance
If you believe that we have not adhered to this Privacy Notice you may challenge our compliance with
this Privacy Notice and our compliance with applicable privacy laws.
We are not responsible for the PII or PHI handling practices of third-party service providers to whom
you consented to access your information, whether on our behalf or otherwise. If your complaint
concerns the privacy practice of those providers, we will direct you to them.
Please notify our CPSO of your complaint by emailing at
privacy@easthma.ca.
You can also reach us at:
EAPOC Inc.
279 Yonge St.
PO Box 47087
Toronto, ON
Canada
M5B 0A1
We pledge to address your complaint promptly. If you are unsatisfied with the response you receive
from us, we hope you would contact us to resolve the issue. If we cannot resolve your complaint to
your satisfaction you can file a complaint with the
Office of the Privacy Commissioner of
Canada or the
Office of the Privacy Commissioner of Ontario.
20. Changes to This Privacy Notice
We reserve the right to update or change this Privacy Notice. All updates to this Privacy Notice will
be highlighted in the Change Log below. A banner on the Site will notify Visitors of updates or
changes to the Privacy Notice. Account holders will be notified by e-mail, using the email associated
with their account.
Changes to the Privacy Notice take effect on the date on which they were made or on the effective date
indicated in the notice we sent you about such changes.
By continuing to use the Site, the WebApp and the Mobile Apps, or eAMSTM after you receive
the notice you IMPLICITLY CONSENT TO BE BOUND BY THE PRIVACY NOTICE TERMS IN EFFECT ON THE DATE ON
WHICH YOU VISIT THE SITE OR USE THE SERVICES.
LAST UPDATED on January 10, 2023.