2. Personal and Personal Health Information
AgileIS collects information that personally identifies the user, such as the user’s name, address, mobile telephone number, e-mail addresses, medical history, and other information that the user provides to AgileIS or information on the AgileIS profile or account. Personal information may be collected in several ways, including in person, over the phone, by mail, over the Internet, and from third parties who you have authorized to disclose Personal Information to us. We make every reasonable effort to keep your Personal Information as accurate, complete, and up to date as necessary. If desired, you may verify the accuracy and completeness of your Personal Information in our records.
Some of the user’s Personal and Personal Health Information is disclosed to other users of the application, including the user’s Physician(s) and other Health Care Provider(s), individuals and companies managing those Physicians and Health Care Professionals, and AgileIS administrative and technology staff.
3. Collection, Use and Disclosure of Personal Information
AgileIS uses and discloses Personal and Personal Health Information for purposes consistent with such Personal Information’s collection. For example, AgileIS shall be allowed to collect, use and disclose Personal Information in a manner that is consistent with providing the services contemplated by the use of AgileIS’ mobile / web application.
Access to private, sensitive and confidential information, including user’s Personal Information, is restricted to authorized employees with legitimate business reasons. We require all of our employees to abide by AgileIS’ privacy standards. Our employees understand the importance of keeping your information private. For this reason, our employees are required to agree to a confidentiality agreement that prohibits the disclosure of any user information to unauthorized parties.
Employees are strictly prohibited from accessing or disclosing Personal Information without authorization. All employees are expected to maintain the confidentiality of Personal Information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.
AgileIS will never rent or sell an individual’s identifiable personal information or personal health information it collects.
AgileIS uses third-party service providers to host servers in Canada. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to AgileIS, but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.
The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.
Your Personal Information may be disclosed in situations where we are legally permitted to do so, such as in the course of employing reasonable and legal methods to enforce your rights or to investigate suspicion of unlawful activities. We may release certain Personal Information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.
Should AgileIS conduct market or product research, it will never use Personal nor Personal Health Information; rather, it would fully anonymize information, meaning that it would render it unlikely to be traced back to an individual.
4. Usage and Aggregate Data
AgileIS collects usage information from users to our services. The purpose of this collection is to understand how users access and use the services in order to enhance and optimize our services. Usage information and data could include but is not limited to the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of messages sent or received, and times at which the application was accessed and used. In addition, AgileIS will collect aggregate data about a group or category of services or users. This information, as well as the Personal Information collected, enables AgileIS to analyze trends, administer AgileIS’ services and products, troubleshoot, enhance, and improve AgileIS’ services. If and when appropriate, AgileIS may commercially leverage fully anonymized aggregate data to enable improvements in concussion protection/avoidance.
AgileIS maintains the right to inform our users about any change that may affect information collected or stored. We may be required to comply with a court order or governmental regulatory requirement or disclose information in connection to legal proceedings. If required to do so, we will make every effort to notify the relevant parties about the proceedings.
AgileIS reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.
AgileIS is not anticipating any changes in corporate status, however as we grow and develop that may change. You understand and agree that we may use your Personal Information and disclose your Personal Information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing Personal Information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your Personal Information for substantially the same purposes as those set out in this Policy. In the event the transaction does not go through, we will require, by contract, the other party or parties to the transaction not to use or disclose your Personal Information in any manner whatsoever for any purpose, and to return or destroy such Personal Information. Personal Information that is collected online remains subject to applicable legislation and corporate policy.
5. Data Retention
AgileIS reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law.
AgileIS processes and stores the user’s messages, logs, contact data, and other related information in order to provide AgileIS’ services to the user. AgileIS maintains security/privacy policies and procedures to ensure every step is taken to maintain the integrity of the data in our care. AgileIS will process the Customer Data only as long as is necessary to implement, administer and manage Customer and User’s Personal Information in the Service. Upon any expiration or termination of an agreement to provide the Service, AgileIS will continue to store Customer and User’s Personal Information in accordance with AgileIS’ retention policy, for certain business purposes, including but not limited to defense of a contractual claim, auditing, and as required to comply with applicable law. In order to appropriately manage system performance, Customer Data that has outlived its use as outlined above, is retained for no more than 90 days before it is destroyed. The data may remain in AgileIS backup files for up to an additional 35 days, as it is AgileIS policy to maintain database backups for a period of 35 days before those backups are destroyed.
6. Control of User Data
AgileIS takes reasonable steps to protect information collected from users to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.
AgileIS has appointed a Designated Privacy Contact who acts as Chief Privacy and Security Officer (CPSO) responsible for information system monitoring and information security policy and procedure management. The CPSO is responsible for compliance with AgileIS’ privacy program including,
- Undertaking privacy impact assessment and threat and risk assessments on a regular basis;
- Adopting policies and procedures on the basis of privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.
- AgileIS users may access their Personal Information by accessing their account and, should they require assistance, by contacting our CPSO. Our CPSO’s contact information can be found below.
Safeguard measures to ensure authorized access include: the use of a username and a password for authentication. Every user must keep their password and username safe and make sure that any person who has access to view such private information is permitted to do so. Users must contact AgileIS immediately if the user believes their password has been compromised or misused.
AgileIS stores all Personal and Personal Health Information in Canada, with Microsoft Azure. Microsoft Azure is hosting all AgileIS’ servers, databases and applications in the Microsoft Azure secure cloud. AgileIS uses Google Firebase for Authentication services in Canada. AgileIS uses Twillo for messaging services. Microsoft Azure, Google Firebase, and Twillo are certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the Standard also includes the right to audit Microsoft, Google, and Twillo for compliance.
7. Governing Law
8. Contacting AgileIS
Customers may contact our CPSO to make enquiries on our privacy practices or to the accuracy of their personally identifiable information and to request the update, correction or deletion of such information or account should they wish to do so. Any query, comments or concerns can be sent to us by email at support@agileIS.co or by mail at the following address:
Agile Intelligence Solutions Inc.
99 Bank Street
Ottawa, Ontario K1P 1H4