Privacy Notice

Introduction

This Privacy Notice is intended to provide you with information with respect to the practices of Circle Health (“Circle”, “we” or “us”) with respect to the collection, use and disclosure of Personal Information through the Circle applications for web and mobile devices (the “App”), the Circle website (the “Website”), and the content, information, and services performed or provided by or through the App and the Website (collectively the “Services”) provided in accordance with the Terms of Use available here.

Please read this Privacy Notice carefully. By using the Services, you consent to the collection, use and disclosure of your Personal Information in accordance with the terms of this Privacy Notice. You maintain control over your Personal Information and if you do not want us to collect, use or disclose your Personal Information in the ways identified in this Privacy Notice, you should not use the Services.‬‬‬‬‬‬‬

We may amend this Privacy Notice from time to time and will post any changes to this Privacy Notice. Please refer back to this Privacy Notice on a regular basis. Your continued use of the Services following the posting of changes to this Privacy Notice will signify your acceptance of those changes.‬‬‬‬‬‬‬

Summary

We are committed to ensuring our compliance with Canadian provincial and federal personal information and personal health information protection legislation, and other applicable legislation, which protects the Personal Information that will be collected, used and disclosed by us when you use the Services.

By using the Services, you agree to our Privacy Notice (this document) and our Terms of Use.  

This is a summary of our Privacy Notice.  If you do not want us to collect, use or disclose your Personal Information in the ways identified in the full Privacy Notice, you should not use the Services.‬‬‬‬‬‬‬‬‬‬‬‬‬‬

Personal Information

“Personal Information” is information about an identifiable individual; it includes but is not limited to contact information (email address, phone number), personal health information, name, age, and gender. To the extent that this information is collected or provided through the Services and can be used to identify an individual, we will treat it as Personal Information in accordance with this Privacy Notice.‬‬‬‬‬‬‬

Collection of Personal Information

When using the Services, you will be asked to provide certain Personal Information including age, gender, allergies, medical history, description of symptoms, summary of problem and images (“Services Information”). We will use Services Information to provide you with the services, products, and functionalities for which you sign up. Unless you withdraw your consent, we may also use Services Information to improve our products and services. 

With your consent, we may also use your Personal Information for research purposes in limited circumstances, and to send you information on our products or services that may be of interest to you. ‬We may also collect and use your Personal Information for other purposes, with your consent.  

Unless the purposes for collecting Personal Information are obvious and you voluntarily provide your Personal Information for those purposes, we will communicate the purposes for which Personal Information is being collected before or at the time of collection. ‬‬‬‬‬‬‬

You may refuse to supply Personal Information or withdraw your consent to the collection and use of your Personal Information, but be aware that this can prevent you from engaging in certain activities in relation to the Services.‬‬‬‬‬‬‬

Summary

We only collect the Personal Information required for the services, products, and functionalities for which you sign up and to improve our products and services.‬‬ You will have the opportunity to participate, if you consent, in optional research projects and to receive optional information about our products and services that may be of interest to you. We may also collect and use your Personal Information for other purposes, though only with your consent. ‬‬‬‬‬‬‬

Information Sharing

We may remove personal identifiers from your information and maintain and use it in a de-identified form that may be combined with other information to generate aggregated information. Other information includes, but is not limited to, technical information about the device, system and application software, and peripherals. We will ask for your consent before sharing this de-identified information with a third party, such as for research purposes. We may use this de-identified information for any reasonable purpose internally, especially to improve our products and services and perform statistical analyses and generate data related to how users use our Services.

Other Information

Personal Information is only shared through the Services with organization(s) of your choice (each, an “Organization”), by accepting an invitation from an organization, using an Organization’s registration code, or signing up in any similar way through the Services.  An Organization could be a healthcare provider, a clinic, a hospital or other healthcare organization, your employer, a business you are visiting, or another similar organization. Except as provided in this Privacy Notice, your Personal Information will not be shared with any other Organization via the Services without your consent, approval, or sign up. We make every effort to ensure that you are aware of what data is being shared with each Organization and to ensure that the receiving Organization receives only the information it is legally entitled to. Once in receipt of your information, the receiving organization is solely responsible for ensuring your Personal Information is available to the appropriate people within their organization.

Summary

Your Personal Information is only shared via the Services with Organizations you choose.  It will not be shared with other Organizations without your permission. We ensure that you are aware of what data is being shared with each Organization and that the Organization does not receive more than it is legally entitled to. Recipient organizations are fully responsible for controlling who in their organization can access your personal information.

Consent

By giving us Personal Information when you use our Services, you consent to your information being collected, used, disclosed and stored by us, only as described in this Privacy Notice.‬‬‬‬‬‬‬

At any time and without penalty, you can withdraw your consent to the use and disclosure of your information and delete your account. To delete your account, send an email to privacy@getcircle.health. We will let you know by email within five (5) business days when your account will be removed.

You may also withdraw your consent to the use of your Personal Information for research purposes only (without deleting your account).‬‬‬‬‬‬‬ This can be done at any time by sending an email to privacy@getcircle.health.

We may also collect, use and/or disclose Personal Information for other purposes with your consent, or to the extent necessary for the purposes of meeting relevant regulatory, legal, insurance, audit, security and processing requirements, or to the extent permitted or required by applicable law.‬‬‬‬‬‬‬‬‬‬‬‬‬‬

Summary

By giving us Personal Information when you use our Services, you consent to your information being collected, used, disclosed and stored by us, only as described in this Privacy Notice. You have control over how your Personal Information is used and can withdraw your consent at any time and without penalty.‬‬‬‬‬‬‬

Using and Disclosing Personal Information

We will use your Personal Information for the purposes described above. We may also use Personal Information to:

  • Assist you with technical support issues. Most technical issues can be resolved without our support team viewing your Personal Information.
  • Assist you in obtaining various health and wellness related services you may require.
  • Comply with any laws, regulations, court orders, subpoenas, or other legal process or investigation and to protect ourselves and other individuals from harm.

With your consent, the Services Information may be disclosed to a third party for the purposes identified in this Privacy Policy or for a purpose reasonably related to those purposes. ‬‬‬‬‬‬‬

We may disclose your information to other third parties in relation to a merger, acquisition, or any form of sale of some or all of our assets or business. Your information may be provided to the entities and advisors involved, for the purposes of determining whether to proceed with the transaction and, where applicable, to conclude the transaction. Your information may be transferred to a successor business as part of the process of assigning all or part of our assets to the successor business.  The successor business may use and disclose the information for the purposes described in this Privacy Notice.‬‬‬‬‬‬‬

We will not use or disclose your Personal Information for any additional purpose unless we obtain your consent to do so.

We do not sell your Personal Information.‬‬‬‬‬‬‬

Summary

With your consent, your Personal Information may be disclosed to a third party for the purposes identified in this Privacy Notice.

We hope this never happens, but if in the future we are sold to another company, your Personal Information may be shared with them.

We do not sell your Personal Information. ‬‬‬‬‬‬

Retaining Personal Information

If we use Personal Information to make a decision that directly affects you, we will retain that Personal Information for at least one year after making that decision so that you have a reasonable opportunity to request access to it. ‬‬‬‬‬‬‬

Subject to the above, we will retain Personal Information only as long as necessary to fulfill the identified purposes or as permitted or required by law. Because one purpose is to assist you with the management of your Personal Information, including the personal health information that you provide when using our Services, we will keep your Personal Information until you delete your account or let us know that you no longer require our assistance.

We keep your Personal Information for as long as necessary to fulfill these purposes or until you ask us to delete it.

Ensuring Accuracy of Personal Information

We rely on you to ensure that the Personal Information you provide while using the Services or a related Service is accurate, complete and up-to-date. You are welcome to make changes, request deletion or corrections to Personal Information at any time by updating your settings or by contacting us at privacy@getcircle.health.

Summary

You are responsible for keeping your Personal Information up to date and accurate.

Safeguards

We maintain appropriate storage and processing practices and security measures to protect your Personal Information from unauthorized access, collection, use, disclosure, copying, modification or disposal or destruction. We train our team to follow privacy and security practices.‬‬‬‬‬‬‬

Using contracts, we ensure that any third party acting on our behalf in respect of your Personal Information maintains reasonable and appropriate safeguards.‬‬‬‬‬‬‬

We will use appropriate security measures when destroying Personal Information such as deleting electronically stored information.

We will review and update our security policies and controls as technology changes to ensure ongoing Personal Information security, however, please bear in mind that no internet or email transmission is ever fully secure or error free and no security system is impenetrable. We cannot fully guarantee the confidentiality of any information that you share with us.

It’s important to guard your privacy when you are online. If our Services contain links to other websites, this Privacy Notice does not govern those websites. Whether we have posted those links or other organizations or individuals have, you should read their privacy policies and make an informed decision about whether you want to use those websites or their services.‬‬‬‬‬‬‬

Summary

We use security best practices and take reasonable steps to protect your Personal Information. We train our team to follow privacy and security best practices.‬‬‬‬‬‬‬

Location of Services

In order to provide Services, Circle will be using third party service providers, namely, Thrive Health and Integra, and the employees of these third party service providers (located in Canada) who will require it for the purposes of their duties, will have access to your personal information for these purposes. 

The Platform is operated by Thrive Health Inc. as a service provider to Circle as described in the Terms of Use. While your personal health information is stored securely in Canada, we also make use of the following third party applications for specific functions that enable or support our platform.

Circle Services
3rd Party Service
Data Elements Shared with this Service
Usage/Purpose
Yes
N/A
We use Amazon Web Services to provide infrastructure services to host our software platform. Our platform hosting within AWS is contained with their CA-Central region, which is geographically located in Canada.
Our business agreement with AWS prevents Amazon from accessing your data that is stored on the Circle platform. In addition we encrypt your data using encryption keys that we control.
Yes
Auth0 (USA)
Email address
Password hash
Auth0 provides our user account management and authentication system. If you have created a Circle account your email address and a cryptographic hash of your password are stored in Auth0.
None of your health information is shared with Auth0.If you sign up using your Gmail account, Auth0 records your Email address only, and none of your health information is shared with Google. Your Gmail address is only used so you can login and not have to remember a separate password for the Circle platform. The Circle platform does not have access to your Gmail password or account.
This only applies if you have created a login for the Circle platform.
Yes
Sendgrid (USA)
Email address
Sendgrid is a transactional email service that we use to send email notifications and alerts to you from our platform.
Yes
Email address
Our marketing team uses Mailchimp to manage email campaigns. If you have opted-in to receiving occasional product updates from us we will use Mailchimp to send you email.
Yes
Zendesk (Canada)
Technical Support
Email Address
We use Zendesk to manage customer support requests from our users.
Yes
User event data
We use Datadog for log aggregation and alert services.
Yes
Full name, email address, & medication information
We use MedNow Pharmacy for managing prescriptions.
Yes
Anonymized event data 
We use Pendo for analyzing how the application is used, in-app guides, and collecting feedback. Pendo only has access to the data elements configured by Thrive Health. PII/PHI is not sent to or stored by Pendo.

Individual Access

You may request access to, make corrections to, or delete the Personal Information we hold about you at any time, subject to limited exceptions. Upon written request, we will also provide you with a list of individuals or entities (e.g. third party service providers) to whom we have disclosed your Personal Information, if applicable. Please contact our Privacy Officer at privacy@getcircle.health for additional information.‬‬‬‬‬‬‬

Summary

At any time, you can request access to your Personal Information (subject to limited exceptions) or delete your account by contacting us at privacy@getcircle.health.‬‬‬‬‬

Changes to this Privacy Notice

We may update this notice to reflect changes to our information practices but we will not reduce your rights under this Privacy Notice without your explicit consent. We’ll post any changes to this page and, if the changes are significant, we will provide a more prominent notice (including email notification if appropriate). Prior versions of this Privacy Notice are archived for your review here.‬‬‬‬‬‬‬

We encourage you to periodically review our Privacy Notice for the latest information on our privacy practices and to contact us if you have any questions or concerns.

Summary

We may make changes to this notice but we will not reduce your rights without your explicit consent. We will notify you of any changes and/or modifications to our information practices when appropriate.

Questions and Complaints

You may send your privacy-related questions, concerns or complaints to our Privacy Officer who is responsible for ensuring our compliance with this notice and with the appropriate privacy legislation.‬‬‬‬‬‬‬

Email: privacy@getcircle.health

130 King Street West, Suite 1320, 

Toronto, Ontario, Canada, M5X 2A2

If our Privacy Officer is unable to resolve your concern, you may also write to the Information and Privacy Commissioner of British Columbia, Information and Privacy Commissioner of Ontario or equivalent for your province.

You can email privacy@getcircle.health for more information.‬‬‬‬‬‬‬