Privacy policy

Date: 8 October 2024

At Switch Health Solutions Inc. (“Switch,” “we,” “us,” or “our”), we are committed to protecting your privacy and safeguarding your personal information. The purpose of this Privacy Policy is to inform you about our privacy practices, including how we collect, use, and disclose your personal information in connection with your use of our website or our patient portal.

If you are not a resident of Canada, you should note that we collect, use, and disclose your personal information as described in this Privacy Policy and in accordance with the privacy laws of Canada, which may be different from the privacy laws of the jurisdiction in which you reside, particularly those laws in the province of Ontario, such as the Personal Health Information Protection Act (PHIPA).

WHAT THIS PRIVACY POLICY COVERS

This Privacy Policy covers the following topics:

  • Personal Information We Collect
  • How We Use Your Personal Information
  • Our Use of Website Cookies
  • Interest-Based Advertising
  • How We Share Your Personal Information
  • Your Consent to the Collection, Use, and Disclosure of Your Personal Information
  • Opting Out of Marketing Communications
  • Retention, Storage, and International Transfer of Personal Information
  • Information Security
  • Accessing and Updating Your Personal Information
  • Third-Party Websites and Services
  • Information About the Tools We Use
  • Changes to This Privacy Policy
  • How to Contact Us

PERSONAL INFORMATION WE COLLECT

“Personal information” means information about an identifiable individual, as described under Canadian privacy laws. Generally, personal information does not include any business contact information that is solely used to communicate with you in relation to your employment, business, or profession, such as your name, position, work address, work email, or work telephone number.

This Privacy Policy does not apply to the extent we process personal information in the role of a service provider on behalf of our customers. In such cases, it is the customer’s privacy policy that applies; we conduct such activities strictly in accordance with our customer’s instructions and pursuant to our contractual arrangements with the customer. If you are an end-user with an existing relationship with one of our customers, you should refer to the customer’s website to understand their privacy practices and policies.

We may collect, use, and disclose different types of personal information depending on our relationship with you. Generally, the types of personal information we collect can be grouped into the following categories:

  • Identification information: such as your name, sex, date of birth, and passport number (for some travelers)
  • Contact information: such as your address, email address, and telephone number
  • Health information: such as your health history, provincial health card number, the results of your laboratory tests, and details about the healthcare services you receive from us
  • Financial information: such as your billing address
  • Technical and usage information: when you use our website, such as your internet protocol (IP) address, login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
  • Marketing and communications information: such as your preferences for receiving our marketing information

HOW WE USE YOUR PERSONAL INFORMATION

We generally use your personal information for the following purposes:

  • To verify your identity and provide you with services, such as diagnostic testing
  • To communicate your diagnostic test results to you, your healthcare providers, or where required, your local public health unit, and to notify you about other activities relating to your use of our services
  • To process your payment details and confirm that transactions or services have been completed
  • To facilitate and administer your access to and use of our website and patient portal
  • To respond to your inquiries, complaints, or requests
  • With your prior consent, to communicate with you about new programs and services that may be of interest to you
  • To conduct analysis and improve the effectiveness and efficiency of our operations, products, services, and programs, including by collecting opinions and comments about our services
  • To investigate legal claims and protect our rights, operations, or property
  • For such other purposes as you may consent to from time to time
  • As otherwise required or permitted by law

OUR USE OF WEBSITE COOKIES

We use cookies and other similar technologies, such as web beacons, to automatically collect information when you use our website and patient portal. Cookies help us analyze web traffic and improve our services. They also allow us to distinguish you from other users so that we can collect information about your preferences to tailor your experience when you use our website and patient portal. For example, we use cookies that allow you to remain logged in while you navigate the patient portal. We do not use personal information collected through cookies in our patient portal to engage in interest-based advertising.

You have a variety of tools to control the information collected by cookies and similar technologies when you use our website and patient portal. For example, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies. Note, however, that without certain cookies, you may not be able to use all the features of our website or patient portal. You can learn more about cookies here.

INTEREST-BASED ADVERTISING

We may engage in interest-based advertising (also known as targeted or behavioral advertising) in connection with your use of our website (www.switchhealth.ca).

As described above, we use cookies to collect information about how you use our website, such as the duration of your visit or the pages you view. We (or our third-party service providers, such as Google Analytics and Meta Pixel) use this information to provide you with tailored advertising elsewhere on the internet that is relevant to you and your interests. We may also use this information to track the effectiveness of our marketing efforts. You may “opt out” of receiving some interest-based advertising by following the instructions at www.aboutads.info/choices or www.networkadvertising.org/choices.

HOW WE SHARE YOUR PERSONAL INFORMATION

We generally identify to whom and for what purposes we disclose your personal information at the time we collect the information from you and obtain your consent to such disclosure. We may disclose your personal information in the following circumstances:

  • We may disclose your personal health information to your physician or other healthcare providers within your “circle of care” under the Personal Health Information Protection Act (PHIPA) for the purposes of communicating your test results to them or otherwise providing you with healthcare. If you are a resident of Ontario, your diagnostic results may be automatically uploaded into Ontario’s Laboratory Information System (OLIS) and accessible to your “circle of care.” You may specifically request that your diagnostic results not be uploaded into OLIS, except if you test positive for certain communicable diseases.
  • If you test positive for certain communicable diseases, we may disclose your personal health information to public health authorities as required by federal or provincial legislation.
  • In connection with the services we provide to the Government of Canada through the Federal Border Testing Program for inbound international travellers, we may disclose your personal information, including your name, date of birth, address, phone number, traveller document number, and COVID-19 test results, to the Public Health Agency of Canada.
  • We work with Voyce Global (“Voyce”) to provide real-time translation services during your telehealth appointments and when you call our customer service agents. If you request that a professional translator be present during your telehealth appointment with us, or at any other time when we are providing services, you may disclose your personal information to Voyce. Voyce may then collect, use, and disclose your personal information for the purpose of providing translation services. Voyce’s privacy policy can be found here.
  • We may disclose your information to a third party when we believe such disclosure is required or permitted by law. For example, to comply with a court order, warrant, subpoena, or summons, or to eliminate or reduce a significant risk of serious bodily harm to a person or group of persons.
  • We may disclose your personal information to a third party in the event of any significant business transaction, such as a merger or reorganization.
  • We rely on service providers to perform a variety of services on our behalf, such as laboratories, payment card processors, transportation and delivery service providers, and cloud data storage and processing service providers, including Microsoft Azure. If we transfer your personal information to a service provider, we require that they maintain the confidentiality and security of your personal information through appropriate safeguards, such as encryption and access controls.
  • We also require that our service providers comply with applicable privacy laws, including Ontario’s Personal Health Information Protection Act (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA), and only use your personal information for the limited purposes for which it is provided.
  • In cases where personal information is transferred or stored outside of Canada, we ensure that contractual agreements, such as Data Processing Agreements (DPAs), are in place with service providers to maintain the confidentiality and security of your personal information in accordance with Canadian privacy laws.

YOUR CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION

We collect, use, and disclose your personal information with your consent or as permitted or required by law. How we obtain your consent, including whether it is express or implied, will depend on the circumstances and the sensitivity of the personal information in question. Generally, we will seek your consent at the time we collect your personal information, either orally, electronically, or in writing. In certain circumstances, PHIPA allows for implied consent when the use of personal health information is necessary to provide health care within the “circle of care”.

If you provide personal information about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use, and disclose their personal information as described in this Privacy Policy.

If you wish to withdraw your consent to our collection, use, or disclosure of your personal information, please contact us using the contact information in the “How to Contact Us” section below. We will accommodate requests to withdraw consent subject to legal or contractual restrictions. We will also accommodate requests to place conditions on your consent to the collection, use, or disclosure of your personal health information. In some cases, withdrawal of your consent may mean that we will no longer be able to provide you with certain products or services.

OPTING OUT OF MARKETING COMMUNICATIONS

If you no longer want to receive marketing-related communications from us, you may opt out by clicking the “unsubscribe” link included in any marketing-related communication you receive from us. You may also opt out by contacting us directly using the contact information in the “How to Contact Us” section below.

Please note that if you opt out from receiving marketing-related communications, we may still need to send you communications about your use of our products or services or other matters.

RETENTION, STORAGE, AND INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

We will retain your personal information for as long as necessary to fulfill the purposes for which we collected it and as permitted or required by law.

We store personal information that is collected through our patient portal on servers located in Microsoft Azure data centers in Canada Central.

INFORMATION SECURITY

We have implemented physical, organizational, contractual, and technological security measures to protect your personal information from loss or theft, unauthorized access, use, or disclosure. For example:

  • We train our employees and agents on the importance of safeguarding personal information.
  • We restrict access to your personal information to those employees or agents who need access for authorized purposes.
  • We protect personal information in electronic form using technological means, including but not limited to Azure Security Center, firewalls, access controls, monitoring, and encryption.

Despite these measures, no security system is completely secure. A breach of security safeguards can result in such risks as phishing and identity theft. In such cases, we will act promptly to mitigate the risks and to inform you where there is a real risk of significant harm or as otherwise required by law. In particular, PHIPA requires that we report any significant breaches involving personal health information to the Ontario Information and Privacy Commissioner and notify affected individuals.

We may also require that you assist us in safeguarding your personal information. For example, if you create an account to use our patient portal, you should use a unique and strong password and not share your password with others.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact us immediately using the contact information in the “How to Contact Us” section below.

ACCESSING AND UPDATING YOUR PERSONAL INFORMATION

We expect you to supply us with updates to your personal information when required. We will not routinely update your personal information unless such a process is necessary.

You have the right to access any personal information we hold about you and to request the correction of inaccuracies in our records.

You may make a request to review any personal information about you that we have collected, used, or disclosed. We will provide you with any such personal information to the extent required by applicable laws, including PHIPA and PIPEDA.

You may also challenge the accuracy or completeness of your personal information in our records. If you demonstrate that your personal information in our records is inaccurate or incomplete, we will amend your personal information as required.

We may require that you provide sufficient identification to fulfill your request to access or correct your personal information. Any such identifying information will be used only for this purpose. We will attempt to respond to your access or correction request no later than 30 days after receipt of such a request and will advise you in writing if we cannot meet your request within this time limit. We will not charge you any fees to access your personal information in our records without first providing you with an estimate of the approximate fees, if any. You may have the right to make a complaint to the Privacy Commissioner of Canada or the applicable provincial privacy commissioner if you object to how we handle your request.

If we are processing your personal information on behalf of our customer, we may refer your access or correction request to that customer.

THIRD-PARTY WEBSITES AND SERVICES

We may provide links to third-party websites for your convenience and information. We may also make opportunities available to you to purchase, subscribe to, or use other products or services from third parties with different privacy practices. Those other websites, products, or services are governed by the privacy statements and policies of the respective third party. This Privacy Policy does not extend to any websites, products, or services provided by third parties. We do not assume responsibility for the privacy practices of third parties, and we encourage you to review all third-party privacy statements and policies before using third-party websites, products, or services.

INFORMATION ABOUT THE TOOLS WE USE

In connection with the operation and management of our business, website, and services, Switch uses certain software and tools that assist us in implementing and adhering to lawful, transparent, and fair privacy practices. The following is a summary of the software and tools we use to help you make an informed decision about sharing your personal information with us:

  • Microsoft Azure: Our platform is hosted on Azure data centers located in Canada Central. Azure also provides computational and security capabilities that assist us in the operation of our business and in providing services.
  • Azure Key Vault: We use Azure Key Vault to store and manage sensitive credentials, securely encrypting them and ensuring their safe use in our systems.
  • Microsoft 365: We use Microsoft Office Suite, including Outlook, Exchange, and SharePoint, to manage our internal systems and operations.
  • Shopify: We use Shopify to power our online store and offer you a convenient way to purchase our services, including Shopify’s payment processing platform to process payments made through our website or in connection with our services.
  • SRFax: We use SRFax software to send electronic faxes to share certain personal information with public health units.
  • Zoho: We use Zoho’s software to provide a channel of communication between you and our customer service team. Calls with our customer service team may be recorded for training and monitoring purposes.

This list may not be exhaustive and is updated from time to time without notification to you. Please contact us using the contact information in the “How to Contact Us” section below if you have any questions about the software and tools we use to process your personal information.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy was last revised as of the date that appears at the top of this page.

From time to time, we may make changes to this Privacy Policy. When changes are made, they will become immediately effective when published in a revised Privacy Policy posted on our website, unless otherwise noted. We may also communicate the changes to this Privacy Policy by other means.

HOW TO CONTACT US

All comments, questions, concerns, or requests regarding your personal information or our privacy practices should be forwarded to our Privacy Officer as follows:

contact@switchhealth.ca
30 Eglinton Avenue West, Suite 400, Mississauga, ON, L5R 3E7