Privacy Policy
Effective: August 1, 2022
Overview
Hyivy’s mission is to provide a 3-in-1 pelvic rehabilitation system connecting patients and clinicians to improve the pelvic health journey, this system generates real-time information to provide the most comfortable and informed experience throughout pelvic health recovery.
This Privacy Policy (the “Privacy Policy”) sets out how Hyivy Health Inc. (“Hyivy”, “us”, “our”, “we”) collects, uses and discloses Personal Information provided to us through https://Hyivy.com/ (the “Website”), or the Pelvic Rehabilitation Device (the “Device”), the Hyivy Mobile Application (the “App”), and our Clinician Software (the “Software”) as part of, in connection with, or relating to our pelvic rehabilitation system services (collectively, our “Services”).
By using or accessing the Website or any of our Services, you consent to the collection, use and disclosure of your Personal Information, by us in compliance with this Privacy Policy. We reserve the right to update this Privacy Policy at any time without notice. We ask that you periodically check the date and review this Privacy Policy for the latest information on our privacy practices. The date at the top of this policy indicates when it was last updated. If you are not satisfied with any new terms, you may withdraw your consent. If you withdraw consent, we may not be able to provide our Services.
Hyivy is committed to ensuring that your Personal Information, including your Personal Health Information is protected. This Privacy Policy is guided Personal Health Information Protection Act (“PHIPA”) and the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”).
Terms
- “where permitted or required by applicable laws” means actions that we are permitted or required to take under applicable laws or regulations, or applicable rules, codes, guidelines, of any applicable government agencies and law enforcement or regulatory authorities;
- “Personal Information” means information about an identifiable individual and includes Personal Health Information and Usage Information;
- “Personal Health Information” means a subset of Personal Information and is defined as identifying information about an individual in oral or recorded form, if the information:
- relates to the physical or mental health of an individual, including information that consists of the health history of the individual’s family;
- relates to the providing of health care to an individual, including the identification of a person as a provider of health care to an individual;
- relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the individual,
- relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance,
- is the individual’s health number; or
- identifies an individual’s substitute decision-maker
- “Usage Information” this refers to data that is automatically collected through your use of the Website or Services. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Website and/or Services;
- “Patient” this refers to individuals using the Pelvic Rehabilitation Device for their pelvic health;
- “Hyivy Systems” this refers to our system that integrates the Pelvic Rehabilitation Device, Hyivy Mobile Application, and Clinician Software;
- “Clinician” this includes the patient’s pelvic health care provider such as their OBGYN or pelvic health therapist;
- “Clinician Software” this refers to the software that is used by a Clinician to onboard patients, and transmit information collected before, during, and after treatment session, and data collected from the Hyivy Mobile Application and the Pelvic Rehabilitation Device;
- “Session Data” this includes information collected during use of the Pelvic Rehabilitation Device;
- “Services” this refers to the Hyivy pelvic rehabilitation system services that may include use of the Website, the Pelvic Rehabilitation Device, the Hyivy Mobile Application, and the Clinician Software;
- “User Account” this refers to the account created by a Patient or Clinician that is required when onboarding, using, and accessing our Services;
- “Device” this refers to the Hyivy Pelvic Rehabilitation Device;
- “Device ID”
- “Hyivy Database” this refers to the central database where Personal Information and Usage Information from the Website and Services will be stored;
- “Hyivy Mobile Application” this refers to the mobile application that can be used when onboarding, using, and accessing our Services and is connected to the Pelvic Rehabilitation Device, the Clinician Software, and Hyivy Database;
- “Third-party Service Provider” means individuals or companies that are not owned or controlled by Hyivy and who perform services for Hyivy;
- “Website” refers to https://Hyivy.com/
How We Communicate With You
When you use our Website or use our Services, Hyivy may send you electronic messages as permitted under Canada’s Anti-Spam Legislation (CASL) for marketing communications. You may opt out of marketing communications at any time.
Marketing
We may send you information about existing and new Services, and special offers available by email, telephone, mail, or by means of any other contact details you provide to us.
Each advertising electronic communication we send includes an unsubscribe link or other means allowing you to stop delivery of that type of communication. If you elect to unsubscribe, we will remove you from the relevant list within ten (10) business days.
Transactional
We may provide notifications and other similar communications for certain activities relating to your use of the Services. Examples of transactional communications include sending you an email when you fill out a contact form on the Website, establish a User/Device Account or when we provide you with updates relating to ongoing Services.
What Information Do We Collect?
The types of information we collect, use and disclose depends on who you are and how we interact with you.
Hyivy collects Personal Information from you or a Third-party Service Provider for the purpose of administering, operating, hosting, configuring, designing, maintaining, and providing internal support for the Website and Services. Personal Health Information that Hyivy collects or collects through a Third-party Service Provider includes Usage Information and Personal Information.
Usage Information Collected
When you access our Website or use our Services we may collect certain information by automated means, such as cookies, web beacons, and log file.
Website | Pelvic Rehabilitation Device | Hyivy Mobile Application | Clinician Software |
· IP address
· Web browser information, such as Google Chrome or Apple Safari
|
· Device settings
· Device ID · Resettable device identifiers · Time stamp of when the device is turned on for use · Device temperature throughout the session · Pressure on each balloon providing the therapy throughout a session · Overall duration · Protocol information including any overrides on the device (any buttons pressed – ending session early, pausing, reducing the therapy temperature/ inflation size) · Device functions
|
· IP address used to connect your mobile phone
· Your mobile network provider and your location (based on your IP address) · App response times and updates · Pre-session and post-session questionnaire which may include information such as current pain levels, menstrual cycle (currently mensurating, or ovulating, experiencing bleeding outside of menstruation period), pain or other rescue medications, feeling/pain levels post-session · App usage information · Crash Logs · Mobile OS and Version · Device usage information |
· IP address used to register your software account
· Software load and response times · Web browser information · Version history for updates · Crash Logs\ Feature usage information · App usage information · Device usage information
|
Personal Information We Collect Directly From You
When you access our Website and/or use our Services we may collect Personal Information directly from you. The types of Personal Information we may collect directly from you depends on your interaction with the Website and the nature of the Services you request. This information includes:
Website/Services | Patients | Clinicians |
Website | · First name
· Last name · Mobile number · Social media account · Insurance information · Medical History · Pelvic health history questionnaires which may include information such as how you are feeling physically and mentally, symptoms (standard set of 5 symptoms), menstrual cycle ( currently mensurating, or ovulating, experiencing bleeding outside of menstruation period) |
· First name
· Last name · Mobile number · Social media account · User Account
|
Hyivy Mobile Application | · First name
· Last name · Mobile number · User Account · Insurance Information · Medical history · Pelvic health history questionnaires · Pre-session and post-session questionnaire which may include information such as current pain levels, menstruation cycle, pain or other rescue medications, feeling/pain levels post-session |
See “Personal Information We Collect or Receive About You” for personal information that may be collected on the App. |
Clinician Software | See “Personal Information We Collect or Receive About You” for personal information that may be collected by a Clinician for Patient onboarding, treatment, and monitoring. | · First name
· Last name · User Account · Mobile number · Social media account · Background check · Clinician credentials which may include medical centre/clinic name, clinic address/email/phone, practice insurance number, year established, clinic authorization sign off, therapists requesting access, license number and certification level |
Device | · User Account
· Session Data, which can include information collected from device during your treatment sessions, such as body temperature and device settings
|
Not Applicable. |
Personal Information We Collect or Receive About You
Depending on who you are and how we interact with you we may collect or receive Personal Information (for example and without limitation, Patient insurance number, Clinician credentials, Clinician background check information). We may collect Personal Information from the following categories of parties:
- Clinician information from Patients;
- Patient information from Clinicians;
- Government institutions, government agencies or regulatory authorities;
- Public records;
- Law enforcement;
- Insurers; and
- Third-party Service Providers
When you are onboarded to the Hyivy Systems by a Clinician who is using the Software, your Personal Information is collected by your Clinician for the purposes described in this Policy. Clinicians are required to obtain express consent to collection of Patient Personal Information as a condition of using and administering our Services. When you download the App to onboard to the Hyivy Systems, we collect Personal Information. When using the Device, the Patient is linked to the device through a Device ID which is unique across all devices. The Patient can have multiple devices linked to their account and all the Session Data is aggregated on our server.
Why Do We Collect Personal Information?
When you access our Website and/or use our Services as a Patient or Clinician we may collect your Personal Information. We collect, use and disclose your Personal Information where permitted or required by applicable laws for the following purposes:
- Verify your identity;
- Verify the information you give us;
- Administer and perform our Services, including carrying out our obligations arising from any agreements entered into between you and us;
- Conduct preliminary user testing;
- Provide Patients with pelvic rehabilitation assistance;
- Onboard you into the Hyivy Systems via the App or Software;
- Insurance;
- Comply with applicable laws, regulatory requirements or enforceable government requests;
- Detect and address security incidents;
- Protect you and us against error;
- Assess and manage our operations and relationship with you;
- Help us recover any debt or enforce an obligation owed to us by you;
- Conduct research and analysis for the development of Website and Services;
- Communicate to you any benefit and information about Website and Services that may be of interest.
If you provide any comments, information, or feedback regarding our Services, you grant us a license to use that information for any purpose not inconsistent with this Privacy Policy, including but not limited to display on the Website or marketing materials, without notice or compensation to you.
The purposes for which we collect, use, and disclose your Personal Information may vary depending on your relationship or interactions with us. Please note that you can interact with us in more than one way. In addition to the above, we may collect, use, and disclose your Personal Information for the additional purposes described in the following section:
● To recruit for preliminary user testing;
● To communicate with you, send you information about user testing, existing and new Services available by email, telephone, mail, or by means of any other contact details you provide to us; ● Insurance purposes; ● To support Patients with any technical issues; ● To provide access to Device; ● To conduct ongoing research and development of pelvic rehabilitation; ● To improve the quality of health care through the performance of quality reviews and similar activities; ● To share patient data with Clinicians for patient onboarding, treatment, and monitoring; ● To onboard you to Hyivy Systems including: o Downloading and use of App o Creating User Account and Device ID o Onboarding Patients to Software ● To manage User Accounts and Device ID. |
● To recruit for preliminary user testing;
● To communicate with you, send you information about user testing, existing and new Services available by email, telephone, mail, or by means of any other contact details you provide to us; ● For background checks; ● To certify Clinician credentials; ● To set up, and use Software; ● To improve the quality of health care through the performance of quality reviews and similar activities; and ● To provide access to Device; ● To support Clinicians with any technical issues; ● To conduct ongoing research and development of pelvic rehabilitation; and ● To manage User Accounts.
|
How Do We Collect Personal Information?
How we collect Personal Information from you depends on how you interact with us. We may collect Personal Information when: 1) you provide information via the Website; 2) you provide information via the App, for example, personal information you provide when you create your personal User Account/Device ID; 3) you provide information when setting up and using the Software to provide pelvic rehabilitation services to Patients in connection with the Device, such as applicable details of your Clinician credentials.
Please note that you can interact with us in more than one way. While Patients can buy a Device, it can only be unlocked and used as directed by Clinicians who will oversee and monitor patient treatment and sessions.
Patients
If you are a customer accessing the Website or using our Services, we may collect Personal Information about you in the following manner:
- When you setup a User Account/Device ID, we may collect your name, email address, phone number, your pelvic health history and any information you voluntarily enter on the Website or App;
- If you enter the Website, we may access your browsing history (including but not limited to time spent at the Website, time and date of your visit, and links you click), number of bytes transferred, the material and pages you accessed, the number of clicks, and other actions taken at the Website with your identity to determine your potential interests in our Services;
- When you complete a form on the Website, ask to sign up for our mailings or updates, or send us a communication, we may collect your name, email address, phone number, and the specific contents of your communication to us;
- If you interact with us on social media, we may collect your social media account username and the contents of your interaction with us;
- When you agree to use our Services and when entering into an agreement with us, we may collect your name, address, telephone number, email address and other personal information, and
- We may receive your name, email address, phone number, User Account/Device ID, and any other information you voluntarily provide to us or your Clinician for the purposes of using our Services.
Clinicians
- When you agree to use our Services and when entering into an agreement with us, we may collect your name, address, telephone number, email address, background checks, Clinician credentials and other personal information;
- When you set up and use the Software;
- If you enter the Website, we may access your browsing history (including but not limited to time spent at the Website, time and date of your visit, and links you click), number of bytes transferred, the material and pages you accessed, the number of clicks, and other actions taken at the Website with your identity to determine your potential interests in our Services;
- When you complete a form on the Website, ask to sign up for our mailings or updates, or send us a communication, we may collect your name, email address, phone number, and the specific contents of your communication to us;
- If you interact with us on social media, we may collect your social media account username and the contents of your interaction with us;
- When you agree to use our Services and when entering into an agreement with us, we may collect your name, address, telephone number, email address, other contact details, and Clinician credentials; and
- We may receive your name, email address, phone number, and other personal information when Patients install and use the App.
How We Share Your Personal Information?
We may transfer Personal Information that we collect about you outside of Canada, including the United States, for the purposes set out above, including for processing by Third-party Service Providers in connection with those purposes.
Hyivy and/or Third-party Service Providers may be permitted or required by applicable laws to disclose your Personal Information to the courts, government authorities, law enforcement or regulatory authorities of the country where Personal Information is being stored in response to a valid demand or request.
We require all our Third-party Service Providers to implement and maintain technical and organizational measures to protect your Personal Information in a manner consistent with this Privacy Policy.
If you are a Patient using our Services as directed by a Clinician, we will collect, use and disclose your Personal Information which your Clinician submits via the Services solely for the purposes outlined in this Policy.
Hyivy Database
Personal Information and Usage Information collected from the Website and Services will be collected and stored in the Hyivy Database. Information collected from the Device is processed and sent to the Software over an encrypted TLS (HTTPS) channel, Clinician Software processes and stores this information in the Hyivy database.
Clinician Access to Hyivy Database
Clinicians will only have access to the Personal Information of their own Patients using the Services. Access to Personal Information is dependent on permissions established at the clinic level in accordance with clinic governance practices. Access to the Software at clinics is controlled and protected by using role based permissions and MFA-Multi Factor Authentication. Hyivy does not control viewing or access permissions and this is an internal matter within a clinic/practice. Depending on permissions enabled at a local clinic, clinicians will also be able to view their practice trends against an aggregate of their peers.
Where Is Your Information Stored and For How Long?
Your Personal Information will be retained by Hyivy only for as long as necessary to accomplish the identified purposes for which it was collected, or as required by law, whichever is longer. The standard retention period will be 6 years but can be longer based on individual clinic policies. If you choose to delete your User Account, or your User Account becomes inactive, information associated with your User Account may remain stored on our server for a period of time that can vary subject to our data retention policies and legal obligations. When we are no longer required to retain your Personal Information, we will destroy it or render it anonymous.
The Personal Information that we collect from you may be stored and processed outside of Canada, including the United States.
How Do We Protect Your Protect Your Personal Information?
Commitment to Security: Hyivy intends to protect your Personal Information and to maintain its quality. We use commercially reasonable technical, administrative, and physical safeguards and security measures designed to protect your Personal Information from unauthorized access, use, disclosure, loss, misuse, alteration, or destruction. We limit access to your Personal Information to those who have a genuine business need to access it and in accordance with the identified Purposes. We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Security of Username/Password: You are ultimately responsible for ensuring the security of your username, password, and User Account information from unauthorized access, use or disclosure to others. When using the Services, you are not permitted to circumvent the Services’ security features. You agree to: (a) immediately notify us of any unauthorized use of your username, password and/or User Account, and/or any other breach of security; and (b) ensure that you log out from your User Account at the end of each session.
No Liability for Acts of Third Parties: We will exercise all reasonable efforts to safeguard the confidentiality of user Personal Information. However, transmissions protected by industry standard security technology and implemented by human beings cannot be made secure, and we do not represent or warrant that those transmissions will be free from delay, interruption, interception, or error.
Links to Other Sites
The Website may now or in the future contain links to other sites such as professional organizations, and third-party businesses that advertise on the Website. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites. This Privacy Policy applies only to the Website and Services. We are not responsible for the information collection practices of other organizations that link to the Services, or to which the Services link. Please refer to the privacy policies of those Websites in order to determine their usage of your Personal Information and your rights.
How Can You Update Your Personal Information?
You can make a request to update your Personal Information collected through the Website or Services by sending a request to our Privacy Officer:
Email: [email protected]
Phone: 1-647-296-2811
Address :151 Charles St W, 44 Francis St S, Kitchener, ON N2G 1H6
We may take steps to verify your identity before providing you access to your Personal Information. You can help us to maintain the accuracy of your information by notifying us of any change to your mailing address, phone number, or email address.
How Can You Access Your Personal Information?
You have the right to access Personal Information we hold about you. You can access some information we hold about you through your User Account. You can also ask us for a copy of some or all by contacting us at:
Email: [email protected]
Phone: 1-647-296-2811
Address :151 Charles St W, 44 Francis St S, Kitchener, ON N2G 1H6
We will require you to put your request in writing. We ask that you provide us with enough specific details to help us understand your request and conduct our search for your information. We will need you to verify your identity before searching for, or providing you with, access to your information. We will let you know in advance whether there will be a fee to provide access to your information. We may also ask you for additional information to confirm the scope of your request, or a specific description of the information you are seeking to access.
Once we receive your written request, verify your identity, and understand the scope of your request, we will provide a written response to your access request within the time frame set by the applicable privacy law.
There may be limits on your right to access your information, for example, if the information is subject to legal privilege, contains confidential commercial information, relates to an investigation of a breach of an agreement or law, or contains information of other individuals that cannot be separated.
We are committed to making our Website and our Services accessible for all our users. You may request your information in an alternative format. If we already have this format, we will provide it. Otherwise, we will convert the information into the requested format if it is reasonable and in accordance with the applicable privacy law to enable access.
Children
The Website and Services are not intended for or If we discover we have collected Personal Information of an individual under the age 16, we will immediately delete such Personal Information. If you are the parent or legal guardian of a child under the age of 16 and you believe we are in possession of Personal Information of that child, please contact our Privacy Officer using the contact information provided below.
By using the Services, you affirm that you are at least 16 years of age or the age of majority in your jurisdiction, or possess parental or legal guardian consent, and are fully able and competent to enter into the terms, conditions, obligations, affirmations, representations, and warranties set forth in this Privacy Policy, and to abide by and comply with this Privacy Policy.
What If You Have A Privacy Concern?
Your privacy is important to us, if you have any further privacy concerns or questions, please do not hesitate to contact our Privacy Officer.
Email: [email protected]
Phone: 1-647-296-2811
Address :151 Charles St W, 44 Francis St S, Kitchener, ON N2G 1H6
If your privacy concern remains unresolved, you may consider contacting the Office of the Privacy Commissioner of Canada (OPC)
Telephone:1-800-282-1376
Website: www.priv.gc.ca
Write to: 30 Victoria Street, Gatineau, Quebec K1A 1H3