PRIVACY PHILOSOPHY:
PreMD Inc. (“PreMD”) is committed to protecting the privacy rights of its employees, officers, directors, shareholders, customers, patients, health care professionals, suppliers, and clinical trial participants, and we are committed to maintaining the accuracy, confidentiality, and security of your personal information. This policy explains how we collect, use, disclose and safeguard the personal information you provide to us.

BY PROVIDING PERSONAL INFORMATION TO US, YOU SIGNIFY YOUR CONSENT TO OUR COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

INTRODUCTION:
Ontario’s health information privacy legislation, the Personal Health Information Protection Act (PHIPA), 2004, and Canada’s federal private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), provide much of the foundation of PreMD’s privacy policy.  

For the purposes of this privacy policy, “personal information” shall include personal health information, as the term is defined by the Personal Health Information Protection Act, and any information that can identify an individual directly or through other reasonably available means. 

PRINCIPLES:
PHIPA and PIPEDA are each rooted by the same ten principles (the “Principles”) which are as follows: 

Principle 1 - Accountability
Principle 2 - Identifying Purposes
Principle 3 - Consent
Principle 4 - Limiting Collection
Principle 5 - Limiting Use, Disclosure and Retention
Principle 6 – Accuracy
Principle 7 - Safeguarding Customer Information
Principle 8 - Openness
Principle 9 - Customer Access
Principle 10 - Handling Customer Complaints and Suggestions

PreMD’s privacy policy adheres to these 10 policies and the following discusses each of the foregoing principles as they apply to PreMD’s practices.

Principle 1 - Accountability
We will maintain and protect the personal information under our control.  We have policies and procedures for ensuring confidentiality and security of data, which are strictly enforced to protect the individuals from whom we may collect personal information, or whose information we may have access to as a result of our business, clinical research and our website.

We have designated an individual who is accountable for compliance with the Principles.  Please see Principle 10 to obtain the contact information for our Vice President Finance/Chief Financial Officer, who acts as our Privacy Officer.  Our Privacy Officer is responsible for PreMD’s compliance with this policy is responsible for ensuring that our business activities including all clinical research studies and collection of personal information via our website is implemented in accordance with current legal requirements with regard to the protection of personal information.   

Principle 2 - Identifying Purposes
PreMD will identify to you the purposes for which it will use personal information before or at the time the information is collected.  

 

Purposes for the Collection of Your Personal Information:  

 

 

Clinical Research Purposes:
Data are used for research and statistical purposes only.  PreMD collects personal information on its clinical trial participants in order to assist the Principal Investigator of the clinical trial by monitoring the participant’s progress in the particular trial.   PreMD uses and/or collects only the information necessary to meet the pre-identified written and ethically-approved research purposes.   In almost all cases, a third party collects the information from individuals and only transfers aggregated, anonymized data (data which cannot identify any individuals), to PreMD.  However, even in the instances when PreMD only receives anonymized data, PreMD is still required to conduct audits at such third party’s facilities to ensure the integrity of the data.  As such, PreMD will have access to your personal information during such audits. 

Employee Relationships:
PreMD collects personal information on employees for purposes of hiring and managing the employer/employee relationship which includes, without imitation, activities such as processing payroll and providing certain employer sponsored benefit plans. 

Other/Commercial Purposes
Some other purposes for which we may collect and use your personal information include:

• The development and implementation of brand and consumer marketing programs that specifically tailor customer offers or communications to your specific needs;
• To reply to your requests, inquiries and comments;
• To provide our products and services and manage our business;
• To provide assistance and advice to health care professionals and administrators and other individuals with whom we have contact in the course of our business;
• To administer contests, promotions, and surveys;
• To develop and improve our products;
• To receive and access product inquiries, reports of adverse events, and product complaints;
• To provide you with health and product-related medical information;
• To monitor compliance with informed consent requirements when patients participate in clinical trials, and verify that clinical data collected by PreMD in the course of the clinical trial conforms to the source data available at the site of the clinical trial;
• To test and analyze our products for efficacy and safety; and
• To meet legal, regulatory, ethical and processing requirements such as adverse event and clinical reporting to Health Canada and other regulatory bodies.

We may also use your personal information for other purposes that are disclosed at the time of collection, or as otherwise permitted or required by law. If a new purpose is identified for the use of the information PreMD collected, the new purpose will be identified prior to its new use.  Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose. This may be done verbally, (i.e. by telephone) or in writing using a consent form. 

Principle 3 - Consent
The knowledge and informed consent of the individual is required for the collection, use or disclosure of your personal information.

By providing personal information to us, you signify your consent to the collection, use and disclosure of your personal information in accordance with this privacy policy. 

You may withdraw your consent at any time by contacting our Privacy Officer, within the bounds of legal and/or contractual restrictions and reasonable notice.

Consent for Clinical Trials:
Consent can be obtained in several ways: 

1. A study-specific, customized form will be used to seek informed consent, outlining the purpose of the study, the information to be collected, the risks and benefits of study participation, and a description of how the information will be used.  All the study components are described to the individual by the investigator/designate and all individuals will have the opportunity to ask questions and obtain further information.  By completing and signing the form, the individual is giving his or her explicit consent to the collection and the specified uses.
2. Third party researchers (who are sponsored by PreMD) will explicitly request the consent of study participants to the transfer of personal information obtained in the context of clinical trials to PreMD.  These third party researchers (or research organizations) sign confidentiality agreements and use data for research and statistical purposes only as allowed by PHIPA and PIPEDA. 
3. Consent may be given verbally when permitted by law.

Principle 4 - Limiting Collection
The personal information collected by us shall be limited to those details necessary for the purposes identified to you.

How and When We Collect Personal Information:

We collect your personal information where you provide it to us voluntarily, with your consent, or otherwise as permitted or required by law. We may collect your personal information when you:

• Request information, including PreMD news by email;
• Inquire or provide comments about our products and services;
• Participate in advisory boards;
• Participate in clinical trials;
• Participate in contests or other promotions;
• Fill out questionnaires or surveys;
• Provide your resume or personal information in connection with employment possibilities with us; or
• Provide your personal information in connection with the PREVU* POC training process.

What Sort Of Personal Information May We Collect:

The type of personal information we may request depends on and is related to the reason (or purpose) such personal information was provided to us.

In a clinical trial, the trial site will collect information from trial participants, as specified in the clinical trial protocol.  This data is reported back to PreMD on a case report form (CRF).  The patient’s identity is not disclosed on the CRF.  Only an alphanumeric code will appear on the CRF.  As per Good Clinical Trial Practices, all sponsors of clinical trials must visit the trial sites on a regular basis to ensure that the information reported on the CRF matches the information in the patient’s file. During these monitoring visits, the clinical trial monitor, who is a PreMD employee, will have access to all patient files.  This individual will verify that the data contained in the CRF matches the source documents, will remove a copy of the CRF for filing at PreMD but will not remove any patient files or documents that identify patients from the trial site.  Patient files at clinical sites may contain:  

 

• contact information, such as your name, mailing and/or e-mail address, and home telephone number
 
• demographic information, such as your age, gender, ethnic origin, and date of birth
 
• occupation
 
• existing medical conditions, medication prescribed and other medical information, including that which was collected at the clinical trials and the results from tests conducted as a result of the clinical trial.
 

 

The following is a description of the types of personal information that we may request from officers, directors and employees:

• contact information, such as your name, mailing and/or e-mail address, and home telephone number
• demographic information, such as your gender and date of birth
• social insurance number, income, and bank account information
• emergency contact information
• information you provide when you contact us

Principle 5 - Limiting Use, Disclosure and Retention
We will only use or disclose your personal information in accordance with the purposes for which it was originally collected unless you have otherwise consented, or when it is required or permitted by law.  We will retain your personal information only for so long as is required to fulfill the purpose for which it was collected or as required by law.

PreMD has agreements in place with third parties who may transfer personal information to PreMD.Such third parties have obtained the appropriate consents from the individuals, maintain the security of the information, are operating in accordance with all applicable laws, and only anonymized data (data which cannot identify an individual) is provided to PreMD.  As noted above, the only time PreMD may have access to the personal information that can identify an individual is when PreMD conducts audits of such third party to ensure the integrity of the data.  After the audit is conducted and PreMD has certified the integrity of its data upon which its research is based, PreMD does not retain any personally identifiable information.

Personal information that is no longer required to fulfill the identified purposes will be destroyed or erased after the agreed-upon retention period (and all retention periods required by law), have been met.   PreMD has developed guidelines and implemented procedures to govern the destruction of personal information.

Personal information may be transferred to third-party service providers, agents or affiliates we engage to provide data warehousing, fulfillment, distribution, printing, market research, contest management or other similar services on our behalf, some of which may be located in the U.S. or elsewhere outside of Canada.

We take contractual or other measures to ensure that your personal information that may be collected, used, disclosed or otherwise processed by these service providers or affiliates on our behalf is protected and not used or disclosed for purposes other than as directed by us, subject to legal requirements in foreign jurisdictions applicable to those organizations (for example, lawful requirements to disclose personal information to government authorities in those countries).  

Agents and Service Providers and Your Personal Information:
If your personal information is transferred to agents or service providers that perform services on our behalf, for instance IT service providers, we use contractual or other means to require such third parties to protect your personal information and not use or disclose it for any other purpose other than as directed by us or as permitted or required by law.

DISCLOSURE OF PERSONAL INFORMATION:

When Information May Be Disclosed to Outside Parties:

Except as specifically provided for in this privacy policy, or as otherwise consented to by you, we do not disclose any personal information to third parties.  The following are the limited instances where we may disclose your personal information to third parties:

• When required or permitted by law. 
• To investigate potentially fraudulent or questionable activities regarding your relationship with PreMD.
• In anticipation of and in the course of an actual or potential sale, reorganization, consolidation, merger or amalgamation of our business.
• For data warehousing and storage.

Principle 6 - Accuracy
We shall make every reasonable effort to ensure your personal information is maintained in an accurate, complete and up-to-date form.  

In the context of clinical trials, PreMD ensures that all information collected will be accurate, complete and up-to-date as possible at the time of collection.  This requirement ensures that the information derived from the study is valid.  PreMD will not update personal information collected in the context of clinical trials, unless such a process is necessary to fulfill the research purpose for which the information was collected initially.  Information that has been provided to PreMD in an anomymized form cannot be updated by PreMD, unless the organization collecting the data verifies and updates the information. 

PreMD will rely upon you to provide accurate and complete information and to advise us if circumstances change over time.  If you contact us with a request, we will take appropriate steps to update or correct the personal information in our possession that you have previously provided to us. You are entitled to challenge the accuracy and completeness of your personal information and have it amended, as appropriate.

Principle 7 - Safeguarding Information
PreMD considers the information we have to be highly sensitive.  PreMD will utilize industry standard technologies and maintain current security standards to ensure that your personal information is protected against unauthorized access, disclosure, inappropriate alteration or misuse.

The nature of the safeguards will vary depending on the type, amount, distribution and format of the information.    For instance, the information provided by employees, officers and directors is maintained on an Employee Data Sheet with a password on the Office Manager’s hard drive. A hard copy of the data sheet is kept in the employee’s personnel file and on the payroll. This information, as well as files pertaining to former employees, is locked in filing cabinets. Access is restricted. Data Sheets are printed, filed and then deleted from the Office Manager’s hard drive. 

Other methods of protection PreMD has in place include: 

1. Physical measures:  locked facility, locked filing cabinets and restricted access to offices.  Personal information pertaining to clinical trial participants is stored and maintained at clinical trial sites and is not stored or maintained at PreMD locations.
2. Organizational measures:  research agreements, employee confidentiality agreements (with dismissal as a sanction), access limited to need-to-know basis, audits; policies and procedures for the destruction of personal information. Our security practices are reviewed on a regular basis and we routinely employ current technologies to ensure that the confidentiality and privacy of your information is not compromised.
3. Technological measures: use of passwords to protect information, firewalls to prevent external access.  PreMD manages its server environment appropriately and our firewall infrastructure is strictly adhered to.
4. Anonymization of data: when information is provided to PreMD, we insist that it is provided to us in an anonymized fashion.  This means that the ONLY time PreMD has access to personally identifiable information is when PreMD conducts audits of such third party to ensure the integrity of the data. 

While we have enacted security measures, we cannot guarantee the security of any information that you submit via e-mail or over the Internet. Submissions of personal information using such networks is done at your own risk, since no Internet transmission is ever 100% secure or error-free (in particular, emails sent to or from our websites ma not be secure).  You should take special care in deciding what information you send to us via e-mail or posting on our websites.  Moreover, where you use passwords, ID numbers or other special access features on our web sites, it is your responsibility to safeguard them. 

Our Employees and Your Personal Information:
In the course of daily operations, access to private, sensitive and confidential information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it. As a condition of their employment, all employees of PreMD are required to abide by the privacy standards we have established. Employees are informed about the importance of privacy and they are required to agree to a code of conduct that prohibits the disclosure of any customer information to unauthorized individuals or parties. 

Unauthorized access to and/or disclosure of personal information by an employee of PreMD is strictly prohibited. All employees are expected to maintain the confidentiality of personal information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal. 

Principle 8 - Openness
If you would like a copy of our privacy policy we would be more than happy to provide one to you and if you have any questions regarding the policy, we are more than happy to discuss them with you.

Principle 9 – Individual Access
Upon your request, we shall inform you of: (i) the type of personal information we have collected; (ii) how we have used your personal information in the past, and how we may in the future; and (iii) whether or not we have disclosed your personal information to any third parties (and, if so, to whom).  Individuals may verify the accuracy and completeness of their personal information, and may request that it be amended, if appropriate.   

However, please keep in mind that if PreMD has obtained only aggregated, anonymized data, we cannot tell you what information you provided that contributes to the aggregated data.  For those instances, you will have to contact the party who collected the information from you originally.   In this circumstance, if you can tell us what study you were a part of, we will do everything we can to assist you in providing you contact information for such third party. 

Please note that before we are able to provide you with any information or correct any inaccuracies we may ask you to verify your identity and to provide other details to help us to respond to your request.

Principle 10 - Handling Customer Complaints and Suggestions
Customers may direct any questions or enquiries with respect to the Principles, about PreMD’s information handling practices, or challenge PreMD’s compliance with these Principles, by contacting PREMD at:

Attention: Vice President Finance/Chief Financial Officer
PreMD Inc.
4211 Yonge Street,
Suite 615,
Toronto, Ontario,
Canada
M2P 2A9
Phone: (416) 222-3449
Fax: (416) 222-4533
Email: rhosking@premdinc.com

Individuals with inquiries or complaints will be informed in a timely fashion by PreMD about relevant procedures.  PreMD will investigate all complaints in a timely fashion.  If a complaint is found to be justified, PreMD will take appropriate measures including, if necessary, amending its policies and procedures.

Please contact us to withdraw your consent or with any enquiry, request or complaint related to this Privacy Statement, our Privacy Policy or our privacy practices concerning personal information about you.

Web Sites Governed by this Privacy Policy:
The web sites that are governed by the provisions and practices stated in this privacy policy are: www.premdinc.com, www.premd.ca, www.prevu.com, and www.prevu.ca (the “Websites”).

Some areas of our web sites may ask you to submit personal information in order for you to benefit from specified features or to participate surveys or other promotions. Our web sites clearly indicate what information is required and what information is optional.

Certain non-personal information is recorded by the standard operation of PreMD’s Internet servers. Information such as the type of browser being used, its operating system and your IP address is collected in order to enhance your online experience at our web sites.

What are Cookies: Cookies are pieces of information that a web site transfers to an individual's computer hard drive for record keeping purposes. Cookies make using our web sites easier by, among other things, saving your passwords and preferences for you. These cookies are restricted for use only on our web sites, and do not transfer any personal information to any other party. Most browsers are initially set up to accept cookies; however, you can reset your browser to refuse all cookies or indicate when a cookie is being sent. (Note: you will need to consult the help area of your browser application for instructions.) If you choose to disable your cookies setting or refuse to accept a cookie, some parts of PreMD's web sites will not function properly or may be considerably slower.

What are IP Addresses: An IP address is a number that's automatically assigned to your computer by your Internet provider whenever you're surfing the Internet. When you request pages on the web sites, our servers log your IP address. PreMD collects IP addresses for the purposes of system administration, to report aggregate information to our advertisers, and to audit the use of our web sites. We do not link IP addresses to anything personally identifiable, which means that your session will be logged, but you will be anonymous to us. We may use your IP addresses in cooperation with your Internet provider to identify you if we feel it is necessary to enforce compliance with our Terms of Use or to protect our service, web sites, customers, or others.

PreMD’s web site may contain links to other third party sites that are not governed by this privacy policy. Although we endeavour to link to only those sites with high privacy standards, our privacy policy will no longer apply once you leave PreMD’s web site. Additionally, we are not responsible for the privacy practices employed by other third party web sites. Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed.

 

BY PROVIDING PERSONAL INFORMATION TO US, YOU SIGNIFY YOUR CONSENT TO OUR COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

Updating this Privacy Policy:
Any changes to our privacy policy and information handling practices will be acknowledged in this policy in a timely manner. We may add, modify or remove portions of this policy when we feel it is appropriate to do so. You may determine when this policy was last updated by referring to the modification date found at the bottom of this privacy policy.

Last revised Wednesday, January 3, 2007 

 

---

Contact Us • Privacy Policy • Legal Notice
This site is published by PreMD Inc. which is solely responsible for its content.
This site is intended for visitors from Canada, the European Union, and the US only.
Last Updated: 5/6/2011 • © PreMD Inc. • *Trademark ®Registered Trademark