KRA Health Solutions ("Company" or "We") respect your privacy and are committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit the website www.krahealthsolutions.ca (our "Website") and our practices for collecting, using, maintaining, protecting and disclosing that information. This policy applies to information we collect:
- on this Website;
- in e-mail, text and other electronic messages between you and this Website; and
- through web portal or other applications on this Website.
It does not apply to information collected by:
- us offline or through any other means, including on any other website operated by Company or any third party;
- or any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Children Under the Age of 18
Our Website is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Website. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Website or on or through any of its features/register on the Website, transact any business through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website, including information:
- by which you may be personally identified, such as name, postal address, e-mail address or telephone number ("personal information");
- that is about you but individually does not identify you; and/or
- about your internet connection, the equipment you use to access our Website and usage details.
We collect this information:
- directly from you when you provide it to us.
- automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses and information collected through cookies.
Information You Provide to Us
The information we collect on or through our Website may include:
- information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to any web portal or other service, posting material or requesting further services. We may also ask you for information when you report a problem with our Website.
- records and copies of your correspondence (including e-mail addresses), if you contact us.
- your responses to surveys that we might ask you to complete for research purposes.
- details of transactions you carry out through our Website and of the fulfillment of your requests.
- referral requests and/or business inquiries made through our Website, including through use of referral forms, email and/or web portals. Notwithstanding anything to the contrary, you agree that any such requests are also governed by the terms of our Terms of Service located at www.krahealthsolutions.ca (the “Terms of Service”).
If the Website permits, you also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we may limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Usage Details, IP Addresses and Cookies
As you navigate through and interact with our Website, we may automatically collect certain information about your equipment, browsing actions and patterns, including:
- details of your visits to our Website, including traffic data, location data, logs and other communication data and the resources that you access and use on the Website.
- information about your computer and internet connection, including your IP address, operating system and browser type.
The information we collect automatically is statistical data. It helps us to improve our Website and to deliver a better and more personalized service by enabling us to:
- estimate our audience size and usage patterns.
- store information about your preferences, allowing us to customize our Website according to your individual interests.
- speed up your searches.
- recognize you when you return to our Website.
We do not collect personal Information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- to present our Website and its contents to you.
- to provide you with information, products or services that you request from us.
- to fulfill any other purpose for which you provide it.
- to provide you with notices about your accounts/subscriptions.
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- to notify you about changes to our Website or any products or services we offer or provide through it.
- to allow you to participate in interactive features on our Website.
- in any other way we may describe when you provide the information.
- and for any other purpose with your consent.
Disclosure of Your Information
- to our subsidiaries and affiliates.
- to contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.
- to fulfill the purpose for which you provide it. For example, if you give us information to make a referral through the Website, we will transmit the contents of that form for the purpose of scheduling a referral.
- for any other purpose disclosed by us when you provide the information.
- with your consent.
We may also disclose your personal information:
- to comply with any court order, law or legal process, including to respond to any government or regulatory request.
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the company, our clients or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any information provided through a referral form or through a web portal will be encrypted using SSL technology. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information and the other information you may submit through our Website, we cannot guarantee the security of your personal information and other information transmitted to our Website. Any transmission of personal and other information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Notification of Breach
KRA Health Solutions understands that the “breach of security safeguards” is defined in PIPEDA as: the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards that are referred to in PIPEDA, or from a failure to establish those safeguards. KRA Health Solutions ensures it meets PIPEDA requirements to report and notify of breaches of real risk of significant harm, and keeps records of all breaches. KRA Health Solutions reports any breach involving personal information under its control if it is reasonable in the circumstances to believe that the breach creates a “real risk of significant harm”. Significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property. Factors that are relevant to determining whether a breach of security safeguards creates a real risk of significant harm include the sensitivity of the personal information involved in the breach of security safeguards and the probability the personal information has been/is/will be misused.
The real risk of significant harm is determined by KRA Health Solutions based on an assessment of the sensitivity of the personal information involved in the breach and the probability the personal information has been/is/will be misused. KRA Health Solutions pursuant to PIPEDA keeps records of all breaches of personal information under its control – whether there is a real risk of significant harm or not. KRA Health Solutions’ records contain any information that enables the OPC to verify compliance, for every breach and with breach reporting and notification requirements in PIPEDA. This includes:
- date or estimated date of the breach;
- general description of the circumstances of the breach;
- nature of information involved in the breach;
- whether or not the breach was reported to the Privacy Commissioner of Canada/individuals were notified; and
- if the breach was not reported to the Privacy Commissioner/individuals, a brief explanation of why the breach was determined not to pose a “real risk of significant harm.”
The notification by KRA Health Solutions will contain the following information specified in PIPEDA:
- a description of the circumstances of the breach;
- the day on which, or period during which, the breach occurred or, if neither is known, the approximate period;
- a description of the personal information that is the subject of the breach to the extent that the information is known;
- a description of the steps that the organization has taken to reduce the risk of harm that could result from the breach;
- a description of the steps that affected individuals could take to reduce the risk of harm that could result from the breach or to mitigate that harm; and
- contact information that the affected individual can use to obtain further information about the breach.
KRA Health Solutions has developed a framework for assessing the real risk of significant harm, and ensures that all breaches are addressed consistently. Notification of individuals by KRA Health Solutions will be given as soon as feasible after it has determined a breach involving a real risk of significant harm has occurred.
You have the right to withdraw consent at any time to the use or dissemination of your private information, subject to legal or contractual restrictions and reasonable notice. If you wish to withdraw consent at any time you must contact our privacy officer, being the individual accountable for the organization’s compliance with this policy, at 1.905.771.9153.
2255 Sheppard Avenue East, Suite 300, Toronto, Ontario M2J 4Y1