Slimband Inc. is a Health Information Network Provider under the Personal Health Information Protection Act, 2004 S.O. 2004, c.3 (hereinafter PHIPA) and as such has certain obligations under PHIPA respecting the protection of Personal Health Information.
"Personal Information" has the meaning ascribed thereto in the Personal Information Protection and Electronic Documents Act (Canada), S.C. 2000, c.5 and the regulations made thereunder and all amendments to that Act and its regulations.
"Personal Health Information" has the meaning ascribed thereto in PHIPA.
"Services" Means services provided to custodians.
LIMITING COLLECTION OF INFORMATION
Collection of Personal Health Information shall be limited to that which is necessary for the fulfillment of services.
LIMITING DISCLOSURE AND RETENTION OF INFORMATION
Personal Health Information will not be disclosed except in accordance with Slimband's obligations under its client agreements.
Slimband is committed to the proper classification, secure retention, and timely disposal of any record containing Personal Health Information that is deposited to or generated in client projects or collected by Slimband on behalf of client organizations, regardless of the media or format, including electronic and paper records, records in Slimband's possession or control, and records in the possession or control of contractors, outsourced service providers, consultants, or external parties performing tasks on behalf of Slimband.
Slimband will ensure that appropriate reviews are executed for client data integrity, will report any data integrity issues to appropriate management, and will correct all data integrity issues in a timely manner.
A process for the correction of any Personal Health Information will be designed as deemed necessary, to handle issues that cannot be corrected through normal system use or update mechanisms.
Slimband will implement security safeguards appropriate to the sensitivity of the information to protect Personal Health Information against loss or theft, as well as unauthorized use, access, disclosure, copying, modification, or disposal.
- Disseminate to each client organization and to the public a plain language description of the services that is appropriate for sharing with the individuals to whom the Personal Health Information relates. This description will include a general description of the safeguards in place to protect against loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal, and to protect the integrity of the Personal Health Information.
- Disseminate to the public any directives, guidelines, and policies of Slimband that apply to the client services to the extent that these do not reveal a trade secret or confidential scientific, technical, commercial, or labour relations information.
- Disseminate to the public a general description of the safeguards implemented by Slimband in relation to the security and confidentiality of the Personal Health Information.
Slimband has a documented process and procedure, with clear lines of accountability, to comply with applicable sections of PHIPA referring to individual access.
Slimband has in place systems and processes to produce audit trails, which if necessary can be used to trace privacy and security violations and breaches.
In order to meet its governance obligations under PHIPA and its agreements with its clients, Slimband will:
- Assign a privacy and security officer (PSO) to ensure compliance with obligations related to privacy and security.
- Assign an information security officer (ISO) to be responsible for overseeing the information security aspects of the solution(s) being used.
- Develop a RACI (responsible, accountable, consulted, and informed) chart to clearly define all privacy and security roles and responsibilities as they relate to Slimband obligations in client systems.
- Develop key performance indicators to assess and report on privacy or security metrics reports for the particular engagement.
- Review the Slimband privacy and security policy, and privacy and security practices, processes, and procedures annually to ensure that they comply with applicable legal, contractual, industry and regulatory standards and requirements, and to determine whether changes are necessary or appropriate based on changes in laws and regulations or significant legal or other developments.
Slimband shall use and develop practices, processes, and procedures to ensure that employees, consultants, or permitted agents who perform services or otherwise have access to Personal Health Information will:
- Sign a confidentiality agreement and code of conduct.
- Be informed of all privacy and security-related policies and procedures and ensure that all privacy and security-related policies and procedures are readily accessible to all personnel.
- Obtain a satisfactory background screening of all employees, consultants, or permitted agents who perform services or otherwise have access to Personal Health Information, in accordance with its client agreement(s).
TRAINING AND AWARENESS
Slimband believes that a culture of privacy and security is necessary to meet the individual and collective responsibilities of its organization, and delivers comprehensive training and ongoing awareness initiatives to its employees and agents.
AUDITING POLICY AND PROCEDURES
For each project, Slimband will draft policies, procedures, and processes to regularly, and with predefined frequency, audit projects to monitor that Slimband is in accordance with agreements and legislation, and to identify privacy incidents and breaches.
BREACH RESPONSE PROTOCOL
Slimband promises the ability to promptly and appropriately respond to, contain, and mitigate the impact of any privacy or security breach or incident. Accordingly, Slimband will have a documented breach response protocol to identify, manage, and resolve privacy and security breaches and incidents which occur as the result of loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal of Personal Health Information.
Slimband has documented procedures, with clear accountabilities, to ensure that it:
- promptly notifies the client's Service Delivery Lead by email, followed by written notification, of any enquiry or complaint received by Slimband relating to the processing of Personal Health Information; and
- promptly complies and fully co-operates with all instructions of client management with respect to any action taken in response to such enquiry or complaint.
Slimband has practices, processes, and procedures in place to ensure that it meets all requirements of PHIPA and of its client agreements.
INFORMATION WE COLLECT
USE OF PERSONAL INFORMATION
Slimband may use or collect Personal Information about you to help us provide services to you, such as to respond to your requests, verify your identity, provide services to you, process payments, process changes or updates to your account, send you notifications, conduct customer satisfactory surveys, provide information regarding our products or services, develop or enhance our products and services, manage and develop our business and operations, or generally maintain our relationship with you.
DISCLOSING YOUR PERSONAL INFORMATION
Slimband will never sell your Personal Information to anyone.
Any disclosure to third parties is made on a confidential basis, with the information to be used only for the purposes for which it was disclosed. Your Personal Information may also be shared if Slimband becomes part of a merger, amalgamation, joint venture, joint project delivery, or otherwise sells its business or part of its business. Slimband currently has partnerships or may act as a reseller of products such as Slimband Weight Loss Services, New Form Health Inc. or Younique Genomics and hence may share personal information for the sole purpose of packaging or delivery of services or products.
PROTECTING YOUR PERSONAL INFORMATION
We follow industry standards to safeguard the confidentiality of your Personal Information. We use a variety of physical, electronic, and procedural safeguards to protect personal information. We do not warrant that the safeguards we implement are sufficient to protect Personal Information you transmit over the Internet. Most of your Personal Information is stored in Canada, Iceland, or the USA. Some companies providing services to Slimband may be located outside of Canada (including the USA) and your Personal Information may be stored in those jurisdictions. As such, your Personal Information may be made available to the government or its agencies under a lawful order made in that country (including the USA). For further information, please contact us at 700 Lawrence Avenue West, Suite 400, Toronto, Ontario Canada, M6A 3B4 or firstname.lastname@example.org
Google Analytics employs cookies to define user sessions, which allows for the collection of data about how visitors are using the websites. Google Analytics uses only first-party cookies for data analysis. This means that the cookies are linked to a specific website domain, and Google Analytics will only use that cookie data for statistical analysis related to your browsing behavior on that specific website. According to Google, the data collected cannot be altered or retrieved by services from other domains.
If you choose, you can opt out by turning off cookies in the preferences settings in your web browser. For more information on Google Analytics, please visit Google Analytics
Google Analytics Terms of Service http://www.google.com/analytics/tos.html
Google Analytics Cookie Usage on Websites https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
By way of any communication received from you, you are consenting to the collection, use, and disclosure of your Personal Information by providing us, our agents or partners, or such other third parties with your Personal Information. We may contact you by phone, email, or text to provide you with notifications, updates, or other information regarding our services and products.
You may withdraw your consent by mailing us at 700 Lawrence Avenue West, Suite 400, Toronto, Ontario, Canada, M6A 3B4 or emailing us at email@example.com. Please understand that your withdrawal of consent may affect or limit our ability to provide services or products to you.
Please contact us by mail if you have any questions or concerns about our handling of your Personal Information.
Access to personally identifiable information that is collected from our sites and that we maintain may be available to you. For example, if you created a password-protected account within our site, you can access that account to review the information you provided.
You may also send an e-mail or letter to the following e-mail or street address requesting access to or correction of your personally identifiable information. For verification purposes please include your first name, last name, e-mail address and the password you use for such service.
700 Lawrence Avenue West
Suite 400, Toronto, Ontario
Canada, M6A 3B4