Privacy Policy

Purpose

Protecting the Personal Information of its clients and their patients is of paramount importance to the company and a part of its mission. Conscious of its leading position in the field of healthcare solutions and services, the organization has implemented best practices to comply with privacy laws (https://laws-lois.justice.gc.ca/eng/acts/p-8.6/) to the best of its expertise and as per applicable standards. Purkinje’s Privacy and Personal Information Protection Policy outlines the responsibilities of Purkinje, Purkinje employees, consultants and temporary staff employed by Purkinje who are given access to Personal Information for work purposes, whether it be information about its clients or their patients.

Scope

The scope and application of Purkinje’s Privacy and Personal Information Protection Policy is as follows:

• it applies to the Personal Information of clients that is collected, used and/or disclosed by Purkinje.
• it applies to all forms of Personal Information management, whether electronic, written or oral.
• it takes into account legal requirements and provisions.

Definition of Personal Information

When used in this Privacy and Personal Information Protection Policy, Personal Information means any information about an identifiable individual—this may include, for example, personal health information, but not aggregated information that cannot be associated with an identifiable person.

Privacy Principles

Responsibility

Purkinje is responsible for handling its clients’ Personal Information with care and it has designated individuals to monitor its compliance with these principles. Purkinje has designated the Chief Data Security Officer as responsible for monitoring Purkinje’s compliance with its Privacy and Personal Information Protection Policy. The Chief Privacy Officer can be reached at: support@purkinje.com. Any information request or complaint is thus tracked and answered. Purkinje has implemented principles and procedures to uphold its Privacy Policy, such as:

• contractual privacy and personal information agreements with its employees, consultants and temporary staff;
• employee training and education regarding privacy and personal information protection, including an annual review of the Privacy and Personal Information Protection requirements;
• the implementation of data security standards that set out security requirements for Purkinje’s systems or network;
• Purkinje’s contractual agreements with customers and third-party suppliers include appropriate privacy requirements when Personal Information is collected, used and/or disclosed;
• mechanisms to receive and respond to requests for information and complaints.

Purkinje is responsible for the Personal Information it holds or manages, including information transferred to a third party for processing. Purkinje shall use appropriate means to provide a comparable level of protection when information is shared with a third party.

Purkinje may disclose, upon written request, the title of the person or persons designated to monitor its compliance with its Privacy and Personal Information Protection Policy.

How We Collect Personal Information

Purkinje must determine the purposes for which Personal Information is collected prior to or at the time of collection.

Purkinje collects Personal Information for the following purposes:

• to provide products and/or services to its customers in accordance with contractual obligations;
• to manage and develop its business and internal activities;
• to comply with legislative and regulatory requirements.

Purkinje shall make reasonable efforts to inform clients of the specific purposes for which Personal Information will be used and/or disclosed. These will be explained in terms that can be reasonably understood by the clients.

Unless required by law, Purkinje shall not use or share, for any purpose not previously specified, the Personal Information that was collected without first explaining and documenting the new purpose and obtaining the client’s consent (whether a corporate client or an individual).

Employees who collect Personal Information from corporate clients or individuals must ensure that the clients or individuals are informed of the purposes for which the Personal Information will be used or shared.

Consent for the Collection, Use or Disclosure of Personal Information

Individuals must be informed of and consent to the collection, use or disclosure of Personal Information, unless it is not appropriate to do so under applicable legislation.

Purkinje obtains consent:

• from corporate clients when Personal Information is collected by those clients. In general, these are not the individuals with whom the Personal Information is associated, but clients who declare to Purkinje that they have obtained such individuals’ consent to share their Personal Information with Purkinje and third parties, if applicable.
• directly from individuals when Purkinje collects Personal Information from these individuals.

Purkinje undertakes to use/disclose the Personal Information it collects only for the purposes set out in the consent request agreed to at the time of collection.

Purkinje may require clients to consent to the collection, use or disclosure of Personal Information as a condition to the supply of a product or service, when such collection, use or disclosure is required for the product or services to be provided.

When employees collect Personal Information, they must contact Purkinje’s designated individual to obtain appropriate consent prior to the collection, use or disclosure of the information.

When determining the appropriate form of consent, Purkinje must consider the sensitivity of the Personal Information, the context, and its clients’ reasonable expectations. Clients may withdraw their consent at any time, subject to legal or contractual restrictions, and with reasonable notice.

Limiting Use, Disclosure and Retention of Personal Information

Purkinje shall not use or disclose Personal Information for any purpose other than the purpose for which it was collected unless the corporate client or individual consents to it or when required by law.

Purkinje may disclose a client’s Personal Information only in cases permitted under the terms of the contractual agreement with that client or when required by law.

Purkinje shall retain Personal Information for the period required to fulfill the purpose for which it was collected, or as may be required by law.

Accuracy of Personal Information

The Personal Information used by Purkinje must be sufficiently accurate, complete and up-to-date to minimize the possibility of inappropriate information being used for the procurement of goods and services.

However, it is the corporate client’s responsibility to verify the accuracy of Personal Information that it provides to Purkinje when such information is not provided directly by individuals.

Purkinje relies on the corporate client to provide information that is accurate, complete and up-to-date.

Purkinje shall, where appropriate and when possible, update its clients’ Personal Information when asked to do so.

Safeguards

In accordance with its security policies and Data Security Policy, Purkinje will take all reasonable precautions to safeguard Personal Information against risks such as loss or theft, as well as unauthorized access, disclosure, copying, use, modification, or destruction, with security safeguards that are appropriate to the sensitivity level of the information.

Purkinje will protect Personal Information disclosed to third parties through contractual requirements that provide for, among other things, information confidentiality, the intended purposes, and the retention time. The retention period is usually defined based on the purpose for which the information was collected.

All Purkinje employees who have access to Personal Information are required to handle Personal Information with utmost confidentiality. Employees who fail to comply with Purkinje’s Privacy and Personal Information Protection Policy may be subject to disciplinary action up to and including termination of employment.

Purkinje shall protect Personal Information by using security safeguards that are appropriate to the sensitivity level of the information.

Transparency of Purkinje’s policies and practices

Purkinje makes its policies and practices accessible to all on its website.

Purkinje shall provide, upon written request to support@purkinje.com, the title and e-mail address of the person(s) responsible for monitoring Purkinje’s compliance with this Policy.

Purkinje shall make available to its clients the information necessary to assist them in making choices about the use of their Personal Information, when applicable.

Access to Personal Information

Upon written request, Purkinje shall inform clients of the existence, use and disclosure of their Personal Information, and give them reasonable access to it. Personal Information must be provided in an understandable form within a reasonable period and at a reasonable cost to process the request or at no charge.

Clients may challenge the accuracy or completeness of their information and have it corrected as necessary.

Purkinje shall promptly correct or complete any Personal Information deemed inaccurate or incomplete. Any unresolved dispute about accuracy or completeness will be recorded in the person’s file. Where necessary, Purkinje shall transmit to third parties with access to the Personal Information in question any information that has been modified or inform them of the existence of an unresolved dispute.

In some cases, Purkinje may not be able to give clients access to their Personal Information. Purkinje cannot, for example, give access to information if such access:

• is requested by a corporate client, individual or legal institution whose identity could not be verified or confirmed with certainty, or whose identity does not give it the right to access the information;
• is the responsibility of a corporate client (e.g. Purkinje cannot modify patient data because it is confidential, and the patient’s clinic is the one responsible for making any corrections);
• presents a reasonable risk of a third party’s Personal Information being revealed;
• is reasonably likely to endanger the life or safety of another person;
• is available through other, more appropriate means, or if it requires exorbitant effort or cost.

Purkinje may not be able to provide access to information if its communication:

• is the responsibility of a corporate client (e.g. Purkinje cannot share patient data because it is confidential, and the patient’s clinic is the one responsible for sharing it);
• presents a reasonable risk of confidential corporate information being revealed;
• risks compromising the security of other information;
• is protected by solicitor-client privilege;
• contravenes the fact that the information was obtained as part of a formal dispute resolution procedure or if the information was collected as part of an investigation into a breach of a contract or contravention of a federal or provincial law.

If Purkinje cannot give access to Personal Information, it will provide the reasons for its refusal upon written request sent at support@purkinje.com.

Challenging Policy Compliance

Purkinje shall have a mechanism in place to receive, process and log its clients’ information requests and complaints. Purkinje may seek external advice before proceeding with various requests or complaints.

Purkinje shall investigate any complaints related to its compliance with this Policy. If a complaint is found to be valid, Purkinje shall take appropriate action to remedy the situation—including, if necessary, making changes to its policies and practices. Clients will be kept informed of the progress and outcome of the investigation of their complaints.