PREHOS has created this Privacy Policy to explain how it collects, uses, discloses and safeguards Personal Information in connection with the use of the Services or the Public Website. Anyone can contact PREHOS for any questions, comments or requests about this Privacy Policy.
We may collect Personal Information from a variety of sources, including:
Personal Information collected may include:
We use Personal Information we collect to:
THE SERVICES AVAILABLE VIA PREHOS’ APPLICATION AND/OR AUTHORIZED USER
WEBSITE ACCESS ARE INTENDED FOR USE BY AUTHORIZED USERS ONLY.
Note that PREHOS does not offer Services directly to Authorized Users’ Patients; as such the Authorized User shall ensure that its Patients be made aware of this Privacy Policy.
This Privacy Policy shall be reviewed carefully as it governs the provision and use of the Services and the Public Website as applicable.
PREHOS may change this Privacy Policy from time to time. Should any person object to any changes made, such person shall stop using the Public Website and the Services as applicable. By continuing to use the Public Website and the Services after the amendment of this Privacy Policy, such person will be deemed to adhere to its terms, as amended.
The Authorized User can contact us should any questions about this Privacy Policy arise.
2.1 In this Privacy Policy, the terms set forth below have the following meanings:
2.2 Unless the context requires otherwise: (i) grammatical variations of any term defined herein have a similar meaning; and (ii) words importing the singular number shall include the plural and words importing the masculine gender shall include the feminine and neutral genders and vice versa.
In the course of providing its Services, PREHOS will collect and/or process information about the Authorized User. The collection of Patients’ Personal Information by the Authorized Users will also be rendered possible on the Services’ platform, as described below. Finally, PREHOS will collect information about any Visitor when such Visitor accesses the Public Website or otherwise contacts PREHOS to enquire or make comments about the Services. In all cases, such Personal Information is only collected and used for the purposes detailed in this Privacy Policy and for no other purpose.
3.1 Information obtained directly from the Authorized User
3.1.1 Request a free demo
Should a new Authorized User wish to request a demo of the Services via the Public Website, the designated representative of the Authorized User (the “Super User”) will be required to disclose his/her first and last name, profession, organization, organization address and e-mail address. Such information is required to allow PREHOS to authenticate that Super User and to contact him/her to eventually create temporary accounts accessible via the Authorized User Website Access or the Application and provide the new Authorized User with such demo. The application form also includes a section where the Super User could disclose any additional information as he/she deems desirable.
3.1.2 Purchase of Services
In order to subscribe to the Services online, the Authorized User could:
Once the Services are purchased or the Application downloaded, the user accounts of the Authorized User will need to be created.
3.1.3 Creation of online accounts
User accounts will need to be created in order for the Authorized User to use the Services. In this regard, PREHOS will configure and open the number of accounts required by the Super User.
In order to create such user accounts, the Super User will be required to disclose to PREHOS the following Personal Information: name and surname of each user of the Authorized User, their e-mail address and staff unique identifier (such as OASIS unique identifier or certificate number). The foregoing information is required to create users’ unique account and to authenticate such users every time they sign in to the Authorized User Website Access or the Application.
The Super User will also be required to disclose to PREHOS the type of account needed (e.g. administrative, paramedic, etc.) for each user to ensure that such user be provided with the proper rights, levels and types of access to the Services, including as applicable the right to upload, edit, approve or delete files and edit records, or to review and consult information and records created or uploaded. As such, the users of the Authorized User will be given access only to the information including Personal Information they are entitled to consult, all in accordance with the instructions received from the Super User.
Users are responsible for changing their temporary password the first time they login (for another strong password). Note that such Personal Information will be linked to the Authorized User’s business to ensure that such accounts are created properly and interconnected with relevant information.
Should any user of the Authorized User have difficulty logging in or need to reset his/her password, then he/she may either contact PREHOS as provided for below or reset such password online. In both cases, some information will be required to be disclosed (e.g. full name and login name if applicable and different) to ascertain the user’s identity and provide the Authorized User with a new password for this particular user account.
3.1.4 Services Electronic health record features
Various features are available on the Services through the use of PREHOS’ electronic health record, which will give the Authorized User the possibility to collect and store, and to access to some Personal Information (including Patients’ Personal Information) as stated below:
The features and functions to which users have access may vary depending on their type of account. Furthermore, Authorized Users’ administrative staff may have access to some sections of Patients’ medical records: (i) to edit any basic Patients’ Personal Information, (ii) to add information to the record as instructed by paramedics; and (iii) otherwise to use the Services as required and allowed. The triage staff of applicable healthcare institutions may also have access to the information sent to emergency departments to prioritize emergencies.
3.1.5 Intelligent dispatch feature
This feature will allow the collection by the Authorized Users of various information, including some Personal Information (namely, the addresses where medical interventions are required) to enable the Authorized Users to optimize emergency call reception and personnel dispatching while reducing response delays.
3.1.6 Trends features
The following features will either require the collection by the Authorized Users of various information, including some Personal Information or will need to robotically process such information to enable the Authorized User to obtain meaningful data:The features and functions to which users have access may vary depending on the type of account that such users have.
3.1.7 Financial features
This feature will require the use of some information, including some Personal Information, to be able to process payments properly and expeditiously:
The features and functions to which users have access may vary depending on the type of account that such users have.
3.1.8 Comments, requests for information and referrals
Should any person contact PREHOS to obtain information about the Services or about any other matter, then such person will be required to provide his/her contact information (including names and e-mail address). This information is required by PREHOS in order to communicate with such person, determine whether the Services are available in a geographic area and respond to his/her enquiries, comments or requests for information. Such person may also provide additional Personal Information, including when making comments, enquiries or suggestions.
Furthermore, should any person recommend that PREHOS communicate with any other Authorized Users’ representatives to provide him/her with information about the Services, then PREHOS will need the contact information of that individual for the above-mentioned purpose; such communication will thereafter be made in compliance with applicable laws.
3.1.9. Customer support
Customer support is provided via a service desk application for the regular Authorized Users or is ensured directly by PREHOS’ representatives and employees for Visitors and new Authorized Users that requested a free demo.
Should an Authorized User or Visitor communicate with PREHOS’ customer support, either directly or via the service desk application, then PREHOS will have access to any information communicated or otherwise disclosed, such as the contact information, as well as any question asked, or comment or statement made. PREHOS will thereafter collect the information needed to (i) categorize the communication, (ii) respond to any enquiry, comment or request for information, (iii) send any information requested, and (iv) investigate any breach of the Privacy Policy or other applicable terms and conditions. Note that any Patients should contact the applicable Authorized User, and not PREHOS, should such Patient have any question with respect to Authorized Users’ services or wish to have access to their records; should a Patient contact PREHOS’ customer service, then PREHOS may collect necessary information to categorize that communication and redirect that Patient, as applicable.
3.1.10 Marketing
PREHOS may wish to provide information about its Services. In this regard, PREHOS may use the e-mail address or other contact information any person may provide from time to time to PREHOS to communicate information about new features or services or to send news and information regarding the Services. Such communications will be sent in accordance with applicable laws, and any recipient may withdraw his/her consent at any time as set forth below. Note that PREHOS does not sell or share Personal Information to third parties for marketing purposes and that no marketing initiative is intended for, concerns or targets Patients.
3.1.11 Social media
PREHOS shares information about itself and its Services on Facebook. Similarly, if any person sends or accepts PREHOS’ “friend request” or otherwise “follows” PREHOS, then such person will share and PREHOS may consult the information that he/she and their “Facebook friends” posted on their Facebook pages. Since Facebook users can always choose the audience that can see what they share via their Facebook privacy settings or the Facebook audience selector, any person is deemed to have agreed to share such information with their “friends” or persons they “follow”, including PREHOS, as described in Facebook privacy policy and terms of use.
Other social media platforms such as Twitter, LinkedIn and Instagram will also allow any person to follow PREHOS and to add PREHOS to his/her contact list. In such a case, PREHOS will have access to such person’s web pages and profiles in accordance with the chosen settings, as more fully described in the privacy policies and terms of use of these social media operators. PREHOS will also get notification and access to any tweet, link or post in which PREHOS is tagged.
Any person shall review the privacy settings applicable to these accounts/pages to see the information to which his/her contacts have access and limit such access if required. Should PREHOS collect information available on social media accounts or pages, it shall do so on an aggregate and de-identified basis and for lawful purposes only. Note that the PREHOS intended use of social media is not to learn, be added by or to follow Patients, but rather to learn more about its current and potential Authorized Users.
3.1.12 Testimonials and promotional materials
Should an Authorized User and/or any other person wish (or agree) to render any testimonial, opinion, photo or any other material available online regarding their appreciation of the Services, then PREHOS will post such promotional materials on its Pubic Website or any other social media, and may include their name or nickname and any other information the they agreed to disclose. The Authorized User and/or such other person can thereafter request, at all times that such materials or other Personal Information be removed from the Public Website and any other social media. PREHOS does not however control the communications – if any – that such Authorized User and/or other person may receive in connection with any promotional materials. Should the Authorized User and/or any person wish to report any communication received regarding such promotional materials or other information, then the Authorized User or such person should contact PREHOS as described below.
3.1.13 Job applications
PREHOS collects Personal Information that is voluntarily provided to it when any person applies for a job position via PREHOS’ Public Website page. Such application is voluntary, and job applicants choose the information they wish to submit to PREHOS. The Personal Information submitted will be shared only with those people in PREHOS’ organization who need the information: (i) to assess and verify job applicants’ qualifications, knowledge, skills and experience; (ii) to conduct reference and background checks and otherwise to verify the information submitted to PREHOS; (iii) to communicate with job applicants; and (iv) to improve the recruitment process. In addition to the Personal Information obtained from job applications, PREHOS may also conduct its own verification and obtain additional Personal Information.
3.2 Information obtained from PREHOS Partners
Google Analytics can collect data about the interactions of any Visitor with the Public Website. Such information will then be processed and be updated every time a Visitor interacts with the Public Website. order to do so, Google Analytics will place codes on the Public Website, which will allow Google Analytics to see which information was consulted, the browser used, device and operating device. The information so collected may be shared (in whole or in part) with PREHOS in order for PREHOS to update, upgrade or otherwise improve the Public Website, or to develop new services.
3.3 Information collected using Cookies and similar technologies
When the Authorized User uses the Services or any Visitors navigates the Public Website, certain information, including Personal Information (such as general browser information, Internet Protocol addresses, the interactions with the Services and/or Public Website and any other information described below) may be collected by automated means, such as through the following types of Cookies and Other Forms of Technologies:
Other Forms of Technologies can also be used for similar purposes. Cookies and Other Forms of Technologies can be blocked unless they are required to allow the Services and/or the Public Website to run properly. For instance, while statistical Cookies can be blocked, the situation is different for process and security Cookies, as they are essential for ensuring that the Services function properly. However, even if they cannot be blocked without affecting one’s ability to use the Services, these Cookies are of a temporary nature and accordingly, they will disappear when the browser software is closed or the device is turned off. Anyone experiencing problems with the functionalities of the Services and/or the Public Website should contact PREHOS.
PREHOS does not sell, trade or rent Personal Information. Furthermore, Personal Information is not shared, used or disclosed to third parties for purposes other than those for which it was collected as described herein, unless required or authorized by law or unless proper consent was obtained, as applicable.
4.1 Personal Information
4.1.1 Sharing made in connection with the provision of Services
Personal Information (other than Patients’ Personal Information) may be disclosed to PREHOS Partners that facilitate the provision of any Service, such as by providing assistance to PREHOS with respect to the maintenance and development of its Services. Disclosure will be made on a “need-to-know” basis, and after ensuring that proper contractual and other measures are in place.
4.1.2 Business transaction
Some Personal Information may be rendered accessible to a potential purchaser or other business in connection with any business transaction or corporate reorganization, if such communication is necessary for the purposes of deciding whether to proceed with the sale or other transaction, and provided that such disclosure is made in full compliance with applicable laws and in absence of specific requirement with this Privacy Policy.
4.1.2 Law enforcement
Personal Information may be used and disclosed if PREHOS, acting reasonably, believes that such use or disclosure is necessary to comply with any applicable laws, legal process or governmental request, or is otherwise required to protect its rights or to fulfil any other purpose set forth in the applicable law allowing or requiring the disclosure of Personal Information.
4.2 De-Identified Information used on an aggregated basis
Once uploaded and saved on the Services, Authorized Users’ data (including any Personal Information uploaded by these Authorized Users) will be accessible to them on the Services. Further to their upload, such data will also be automatically and robotically anonymized and then added to a consolidated dataset. PREHOS may thereafter have access to such dataset and use any De-Identified Information on an aggregated basis: (i) in order to conduct research; (ii) to identify pandemic or other emergency situations; or (iii) to improve the Services, and/or the Public Website. De-Identified Information may also be used for training, promotion and statistical purposes and any other purposes set forth in the software as a service subscription agreement concluded with Authorized Users, as such information does not constitute Personal Information. In any event, note that such information could not and will not be used to re-identify any individual.
5.1 Requests from the Authorized User
In accordance with applicable laws, the Authorized User may make requests for access or for corrections of Personal Information by contacting PREHOS. The Super User and any other users may also update or change the basic information available on their user account by editing their account profile. In order to do so, they will need to sign in to the Application or the Authorized User Website Access and enter the profile section.
Some user accounts are also attributed the right to delete any information uploaded, received, saved or stored on their accounts. Such deletion shall take place via a “soft deletion process” pursuant to which the deleted data will transition to a recoverable state for a certain period of time instead of being permanently erase to allow erroneously modified, deleted or overwritten data to be retrieved. Users may also shut down their accounts in which case all information so uploaded, received or stored (including any Patients’ Personal Information) will only be temporarily deleted, further to said mechanism. Note that a very limited number of PREHOS’ employees may have access to such information when such access is specifically requested and authorized by the Authorized User.
Furthermore, any Super User shall ensure to shut down the account of any other user who left Authorized User’s business or otherwise, stopped being employed by the Authorized User, used his/her account for improper purposes, etc. Each Authorized User is responsible for ensuring that all measures as may be required including to withdraw access to that account, be implemented by its Super User as PREHOS has no right and no access to features allowing the deletion of the information on any user account.
Following the termination of a software as a service agreement with an Authorized User, PREHOS will shut down all user accounts of the Authorized User and all the information stored on user accounts will then be permanently deleted following reasonable transition period. In this regard and as needed, the Authorized User is responsible to ensure that proper copy of Patients’ Personal Information (and any other information as applicable) be saved. PREHOS will, upon request, generate a backup file of the database and provide reasonable assistance to allow the migration of Personal Information to another service provider’s server.
5.2 Requests from Patients
Patients’ e-records are not readily accessible to Patients as they may be governed by and subject to specific set of laws. Should a Patient wish to have access to his/her medical information, then such request for access shall be made in accordance with the laws governing access to that type of records. Patients’ requests shall be solely directed to and dealt by applicable Authorized User. Should any Patients contact PREHOS, PREHOS will categorize the type of communication to redirect that Patient to the Authorized User, as applicable.
6.1 PREHOS uses measures as may be reasonably required to preserve the security and privacy of Personal Information. In this regard, PREHOS has notably put in place or currently implements the following measures:
6.1.1 Authorized User Website Access: Each Authorized User has its own Authorized User Website Access and encryption key, thereby allowing Personal Information collected by its users to be segregated from Personal Information collected by the users of any other Authorized Users.
6.1.2 Securing data in transit: Each time the Services are accessed via the Application or the Authorized User Website Access, an HTTPS protocol is used to transit information from servers to mobile devices. Also, every time the Public Website is consulted, Secure Sockets Layer (SSL) technology protects Personal Information by using server authentication and data encryption. No Personal Information will be communicated prior to such technology being activated, which can be confirmed by looking (i) at the address bar which will, depending on the browser, have a lock to the left of the website address (URL), and (ii) at the URL or the address bar of the browser, where the first characters of the address in that line should change from “http” to “https”.
6.1.3 Securing data at rest: Personal Information is encrypted by Google cloud Engine and Microsoft Azure when at rest. Patient’s Personal Information is also encrypted by PREHOS when at rest.
6.1.4 Role-based security measures: The Services allow for the creation of various types of accounts each of which has its own access limitations and restrictions. This offers reliable means to ensure that administrative staff, paramedics, etc. only access, review, process, share, edit, etc. the information they are entitled to access, review, process, edit, share, etc.
6.1.5 Limited access: Access to any Personal Information is granted to PREHOS’ employees, representatives and as applicable sub-contractors on a “need-to-know” basis only, and is given through access credentials which are kept confidential.
6.1.6 Secured datacenters: PREHOS’ platform and servers are located in Canada and are currently being hosted in the Google Cloud Engine (Montreal city) and Microsoft Azure (Quebec city). Furthermore, these cloud providers use a multi-zonal datacenter to ensure that data is never hosted outside of Canada. Additional information regarding these clouds can be obtained by reviewing Google cloud “Privacy and Security” page available here and Microsoft “Trust center” available here, as of the effective date of this Privacy Policy (as may be amended from time to time or rendered available via other hyperlinks).
6.1.7 Protocol and other security strategies: PREHOS has a data breach protocol and also implements a disaster recovery strategy which is tested regularly Likewise, PREHOS implements a network security strategy to protect network and servers access by segregating each application of an electronic device within its own network.
6.1.8 Secure authentication process: A response time is imposed between each failed login attempt. The authentication process enables real-time monitoring of invalid authentications by PREHOS.
6.1.9 Firewall: PREHOS’ platform and servers are hosted by cloud providers which use an Internet Protocol-based firewall to control who can connect to these datacenters.
6.1.10 Mobile management: Personal Information uploaded, stored or saved via the Services is protected by several measures and restrictions imposed to access such Services, such as the attribution of a unique encryption key for each device, the possibility for PREHOS to remotely lock and wiped the mobile device, etc.
6.1.11 Signature of reports: To preserve data integrity, every report prepared by a user and added to Patients’ e-record needs to be uniquely signed by such user using his/her personal identification number.
6.1.12 Backup strategy: Information is backed-up automatically by Google on a daily basis and backed up manually by PREHOS prior to any update of the Services and this backup strategy is tested regularly. In addition, Personal Information which has been erroneously modified, deleted or overwritten can be easily retrieved because it cannot be permanently erased by a user of the Authorized User.
6.1.13 Audit trail/logs: Users’ activities such as: (i) successful and failed login requests; (ii) access to the Services to consult information; and (iii) access to the Services to add or edit information on any user accounts are tracked and logged. If for any reason the secure server cannot be accessed or the use of the Services does not provide the assurance required, the Authorized User or any person shall feel free to contact PREHOS.
6.2 DESPITE THE FOREGOING, THE AUTHORIZED USER AND ANY OTHER PERSON SHALL BE AWARE OF THE FOLLOWING:
6.2.1 GENERAL CONSIDERATIONS: EVEN IF PREHOS USES TECHNOLOGIES, WHICH ARE OF MERCHANTABLE QUALITY SUITABLE FOR THE PROVISIONS OF SERVICES, ANY ELECTRONIC PLATFORMS AND SERVERS – AS WITH ANY OTHER FORM OF FILE – IS NOT INFALLIBLE AND FULLY SHELTERED FROM UNFORESEEABLE OR FORCE MAJEURE EVENTS, CYBERATTACKS OR UNAUTHORIZED USES AND ACCESS, AND THE AUTHORIZED USERS AND ANY OTHER PERSON SHALL BE AWARE THAT THERE IS A RISK IN TRANSMITTING ANY DATA ELECTRONICALLY. THIS RISK IS INHERENT IN ALL ELECTRONIC DEALINGS, AS WELL AS TO ALL OTHER FORMS OF COMMUNICATIONS. CONSEQUENTLY, PREHOS CANNOT GUARANTEE THAT INFORMATION WILL NEVER BE INTERCEPTED OR VIEWED OR SUBJECT TO OTHER INCIDENTS. SUCH EVENTS MAY OCCUR, PURSUANT TO WHICH DEVICES OR SYSTEMS CAN BE ACCESSED OR CONTROLLED BY UNAUTHORIZED PERSONS, AND UNDESIRABLE COMMUNICATIONS AND INVITATIONS MAY BE RECEIVED. SHOULD THE AUTHORIZED USER OR ANY PERSON RECEIVE A COMMUNICATION THAT LOOKS LIKE IT IS FROM PREHOS ASKING FOR PERSONAL INFORMATION, THE AUTHORIZED USER OR SUCH PERSON SHALL AVOID RESPONDING TO SUCH COMMUNICATIONS. PREHOS WILL NEVER REQUEST FINANCIAL AND OTHER SENSITIVE INFORMATION THAT WAY. IF THE AUTHORIZED USER OR ANY PERSON HAVE COMMUNICATED PERSONAL INFORMATION IN RESPONSE TO A SUSPICIOUS E-MAIL, POP-UP OR PHONY WEBSITE CLAIMING TO BE AFFILIATED WITH PREHOS OR IF ANY OF THE FOREGOING EVENTS TAKES PLACE, PLEASE CONTACT PREHOS IMMEDIATELY.
6.2.2 Measures to be implemented: The Authorized Users acknowledge and agree in their name and on behalf of their respective users that said Authorized Users and their respective users are responsible for implementing and strictly adhering to all physical, electronic, technological, organizational, contractual and other security measures, process and safeguards to ensure that the confidentiality of the files and information they sent or received is preserved. In this regard, the Authorized Users shall notably ensure that their respective users: (i) choose strong accounts passwords meeting platform’s minimal criteria, (ii) change their passwords regularly; (iii) maintain the security and confidentiality of their usernames/personal identification numbers; and (iv) carefully consider enabling the two-factor authentication process, by which an e-mail or SMS validation code is required in addition to the password to connect to the Services.
Subject to applicable laws, PREHOS shall retain and store Personal Information for use and disclosure consistent with this Privacy Policy, as long as necessary for the purposes detailed herein. To that end, PREHOS may retain Personal Information after a specific purpose has been fulfilled if reasonably necessary: (i) to comply with applicable laws or prevent any contravention; (ii) to resolve disputes; and (iii) to enforce this Privacy Policy. Once no longer required, the information will either be erased or stored on an aggregated and de-identified basis.
Should any link to third-party websites be provided on the Public Website or via the Services, then the Authorized User and any other person shall be aware that these sites operate independently and are subject to distinct terms of use and privacy policies. Likewise, should the Services seem available on other websites, then such websites shall not be seen as affiliated to PREHOS or otherwise related to the Services. In both cases, it is strongly recommended that the Authorized User and any other person as applicable, review the distinct terms of use and policies of such third-party websites, as PREHOS is not responsible for the content or practices of any such websites.
9.1 Questions, comments and requests
All questions and comments regarding this Privacy Policy or requests made in furtherance of said policy should be directed to PREHOS by one of the means set forth here.
Requests and demands made will be dealt with as soon as possible.
9.2 Withdrawal of consent
PREHOS may communicate with the Authorized User or with any Visitor for promotional and marketing purposes. PREHOS will generally use the same means of communication the Authorized User or such Visitor chose to contact PREHOS or the preferred means specified by the Authorized User or that Visitor. Should any recipient wish to be removed from one or more of PREHOS’ promotional mailing lists, then such recipient should click on the ready-to-use “unsubscribe” mechanism provided at the bottom of each e-mail or simply reply to that e-mail with the word “STOP” or “Unsubscribe”.
PREHOS reserves the right to change or modify this Privacy Policy from time to time. Any material change will be notified prior to the change taking effect via a web banner or by any other means. Thereafter, the Privacy Policy as updated will be made available and easily accessible. Furthermore, an updated version of this Privacy Policy will be published each time a minor change is made. Anyone may determine whether this Privacy Policy has changed by looking at the effective date appearing at the top of said Privacy Policy. PREHOS recommends that this Privacy Policy be reviewed periodically in order to assess PREHOS’ current practices, as the continued use of the Services and/or Public Website shall constitute acceptance of any amendment thereto. Should the Authorized User or any other person as applicable, disagree with the amendments made to this Privacy Policy or other applicable terms and conditions, the Authorized User or such person shall immediately stop accessing or using the Services and/or Public Website.