Last revised: March 4, 2021
Vector Health Laboratories Ltd. operating as Vector Health Labs (“Vector”, “our”, “us”, “we” and similar terms as the context dictates) respects your privacy and is committed to protecting it. This policy describes our approach to privacy and how we treat your personal information.
This policy describes:
- The types of information we may collect from or about you, or that users (“you”) may provide when you download, register with, access, or use the Vector website (“Website”); and
- Our practices for collecting, using, maintaining, protecting, and disclosing that information.
We will only use your personal information in accordance with this policy and with applicable federal and provincial privacy laws. We collect, use and disclose your personal information only for purposes that a reasonable person would consider appropriate in light of the original intent and use to which you consented. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and used for limited purposes.
Please read this policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with our policies and practices, do not download, register with, or use the Website.
In this policy, references to “law” or “laws” includes references to all applicable legislation and regulations.
INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We collect information about you through:
- Direct interactions with you when you provide it to us, for example, completing self-attestation forms, responding to questions, or corresponding with us.
- Digital system or test results portal, for example, if you choose to register for testing services and results reporting through our digital system or the Website.
- Automated technologies or interactions, when you use the Website, for example, usage details, IP addresses, and information collected about your location.
We may collect and use the following information about you:
- Your name, birth year, photo(s) that you provide to us, email address, recent travel history, personal health information and any other information from which you may be identified (collectively, “personal information”).
- When you register for testing services, your name, contact information, health provider information, symptoms, health history and COVID-19 test results (“personal health information”).
- Non-personal information that does not directly or indirectly reveal your identity or directly relate to an identifiable individual, such as demographic information, or statistical or aggregated information. We may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the demographics of users accessing a specific feature of the Website.
- Technical information, including your login information, device type, time zone setting, and usage details.
Information You Provide to Us
When you register with, or use this Website, we ask you to provide:
- Information by filling in forms on the Website. You will be asked to register and to complete a consent form when you use this Website.
- Information about your connected organizations. A connected organization is typically a company, institution, or other entity (i) with which you have a pre-existing relationship; and (ii) which has enrolled in a COVID-19 workplace screening program. For example, this could be your employer or your place of work.
- Information when you report a problem with the Website. We use this information to troubleshoot and help correct performance issues.
- Information about your health status and testing results. We may also ask you to provide information about your health so that we can provide you, your connected organizations and their administrator(s), and other third parties with updates relating to your health status and testing. We will always ask for your consent before we collect, use, or disclose your personal health information.
Automatic Information Collection and Tracking Technologies
When you download, access, and use the Website, we may automatically collect:
- Usage details. Certain details of your access to and use of the Website, including location data, logs, and other communication data.
- Device information. Information about your mobile device and internet connection, including the device’s unique device identifier, operating system, browser type, and mobile network information.
The information we collect automatically is statistical information and may include personal information. We may maintain it or associate it with personal information that you provide to us (see How We Use Your Information).
Third-Party Information Collection
When you use the Website, certain third parties may collect information about you or about your device. These third parties include:
- Your mobile device manufacturer.
- Your mobile and internet service provider.
- Our push notification service provider.
- Our cloud storage service provider.
- Our analytics and performance diagnostics providers.
We do not control these third parties’ tracking technologies or how they use them.
HOW WE USE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any personal information:
- To provide you with the Website and its contents.
- To improve our Website and enhance the user experience overall.
- For any other purpose with your consent.
We will not use the information we have collected from you to display advertisements to you.
In addition to the above, we use personal health information that you provide to us to schedule appointments; to provide testing services to you either directly or through our third party service provider(s) and physician(s); to provide you and, with your consent, your connected organization(s) and their administrator(s) with, testing results; and to comply with applicable legal and professional regulatory reporting obligations.
DISCLOSURE OF YOUR INFORMATION
We may disclose aggregated information about our users that does not identify any individual.
We may disclose personal information that we collect or that you provide:
- To your connected organizations on the Website and to their administrator(s).
- To comply with any court order, law, or legal process, including to satisfy the disclosure requirements of any governmental health agency, respond to any government or regulatory request, in each case according to applicable law.
- To enforce our rights arising from any contracts between you and us, including the Website’s Terms and Conditions.
TRANSFERRING YOUR PERSONAL INFORMATION
CANADA’S ANTI-SPAM LEGISLATION AND ELECTRONIC COMMUNICATIONS
Where applicable, we will seek your express consent to contact you, including by way of commercial electronic messages. You can unsubscribe at any time from receiving commercial electronic messages by following the instructions in the message.
Even if you have opted out of receiving marketing communications from us, please be aware that we may still contact you electronically for other purposes. For example, we may contact you to provide communications you have consented to receive, regarding the services we provide to you, or if you contact us with an inquiry.
With your consent, we may communicate limited personal health information via email or text in the interest of promoting timely communication. The use of technology may increase the risk of your personal information being unintentionally disclosed or intercepted by third parties. Technical failures and technological issues may result in a loss of personal information and/or delay or interruption of the services we provide to you. We assume no responsibility or liability for any technical failures or technological issues associated with communicating through electronic communications, and you hereby indemnify us and hold us harmless from any damages you may suffer as a result of such failures or issues.
The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us either directly on your device or with our third-party cloud storage service provider(s). Information stored on your device (iOS or Android) is stored using a minimum AES-256bit encryption and in a secure hardware enclave located on your device. Information that is stored in the cloud is encrypted at rest and in transit and is stored using a minimum AES-256bit encryption on the server.
We only use cloud storage service providers that maintain high industry standards, including globally recognized security and data use & protection certifications.
Except as otherwise permitted or required by applicable law, we will only retain your personal information for as long as necessary to fulfill the purposes for which it was collected and for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize or aggregate your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you and without your consent.
CHILDREN UNDER THE AGE OF 13
Our Website is not intended for children under 13 years of age. No one under age 13 may directly provide any personal information to or on the Website. If you are under 13, do not use this Website.
If we learn that we have collected or received personal information from or about a child under 13 without parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. You have the right to request access to and to correct the personal information that we have on record in your regard.
If you want to review, verify, correct, or withdraw consent to the use of your personal information you may also send us an email at email@example.com to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change or delete information if we believe the change would violate any law or legal requirement, cause the information to be incorrect, or would put the health or safety of others at risk.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
WITHDRAWING YOUR CONSENT
Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at firstname.lastname@example.org. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you make your decision.
CONTACT INFORMATION AND CHALLENGING COMPLIANCE
Attn: Privacy Officer
Vector Health Labs
If you are not satisfied with our privacy practices, you may bring a complaint to the Office of the Privacy Commissioner or provincial information and privacy commissioner, as applicable.