Updated October 2020
Protecting your privacy is important to Tactio Health Group Inc. (“Tactio,” the “Company”, “us” or “we”). This policy describes how the Company may use your data.
Tactio Health Group Inc. (“Tactio”, “we”, “us”, or “our”) operates the caresimple.com, tactiohealth.com websites, CareSimple Patient Application and CareSimple Clinical Portal to provide healthcare professionals with software solutions for their Remote Patient Monitoring programs.
For its websites, Tactio uses the data you leave in the various contact forms to communicate back with you for sales, marketing and support services
For its remote patient monitoring system, Tactio has no plan to sell neither your Personal data nor Health data to anyone. Tactio only sells to clinicians the secured data collection and patient engagement mechanisms, not the data itself. In essence for remote patient monitoring systems, Tactio may monitor system’s usage in order to improve the software’s user experience or performance, to use anonymized data in order to provide aggregated community stats and trends, add online features to expand the usability and depth of its software offering.
This policy describes the extent of the use, protection and precaution that Tactio will take in respect of your data.
Data controller (or HCP, healthcare professional including supporting staff) means the natural or legal person who determines the purpose and the means of the processing of the Personal data;
Data processor (or Tactio including subcontractors) means the natural or legal person processing the Personal data on behalf of the Data Controller;
Data subject (or User) means the physical person of which the Personal data has been collected pursuant to the Services;
Health data means data related to the physical and/or mental health of a natural person, including the provision of health care services, which reveal information about that natural subject;
Personal data means any information (including Health data) related to an identifiable natural individual and collected pursuant to the Services;
Services means the Tactio website and all apps and software operated by Tactio;
- Why we collect your information:
We collect, use, disclose and process Personal data to provide you with the Services and to improve your user experience and technical support. Tactio may use your Personal data to contact and correspond with you, to respond to your inquiries; to track communications with you; to perform safety backups of your Personal data; to assist you or your healthcare professional in tracking your Health Data; to generate global statistics (anonymized data will be used for this purpose); to help the Company develop new services and software features that meet your needs and to improve the Software.
- What information we collect:
We collect Personal data from you in several different ways when you interact with our Services such as:
- Active Personal data collection: You actively send information to us when you sign-up as a member of the Services, participate in surveys, respond to us or otherwise contact us. Depending on your choices, you may send us Personal data about yourself and/or others such as your email address, name, mailing address, phone number, birthday, and gender, as well as your child’s due date/birthday, name, gender or healthcare portal user key. At all times, you determine what information you want to actively share with us.
- Health Data Processing: If you are using the Services in the course of the remote patient monitoring program of a healthcare professional, you may actively send your Health Data throughout our Services to your healthcare professional. Tactio shall only act as a Data processor relating to your Health Data.
- Passive Information Collection: We also collect information about how you use and interact with our Services. The collected information includes your IP address, the pages you visit within our Services, the date and time when you visit the website, the URL that referred you to our services, the device that you use to visit the website, and the device used when operating the app. We also collect usage information, such as which feature you are using, for how long and when, and demographic information, such as your gender and age, which we may prompt you for. The data collected does not identify you and is used to improve our Services’ performance and appearance through your account connection.
- Necessary collection, use and disclosure:
Tactio shall collect and use your Personal data only to the extent that is necessary to provide the Services and will not use your Personal data for purposes other than those why your Personal data was initially collected.
We keep your Personal data secured, encrypted and confidential and we do not disclose it, but note the following clarifications and exceptions:
- Law enforcement: We may share your Personal data to respond to law enforcement requests, court orders or other legal process or if we believe that such disclosure is necessary to investigate, prevent or respond to illegal activities, fraud, physical threats to you or others or as otherwise required by any applicable law or regulation.
- Bluetooth devices: At the user’s discretion, the Services may be connected by Bluetooth technology to health measuring devices. The manufacturers of these devices have elected to use Bluetooth LE (low energy) communication as a means of providing a “real-time” experience to users allowing immediate retrieval of data from their devices. The Services does not use Bluetooth for any other purpose. If you do not wish to have your Personal data transmitted by Bluetooth you may disable Bluetooth on your smartphone or similar device in the settings application for that device, or you may simply not connect (or disconnect if you have already connected) the devices that require Bluetooth on the Software.
- 4G devices: At the user’s discretion, the Services may be connected by cellular technology to health measuring 4G devices. The manufacturers of these 4G devices have elected to use cellular communication as a means of providing a “real-time” experience to users allowing immediate retrieval of data from their devices. This cellular communication is part of the RPM service and does not use your own personal cellular connection. If you do not wish to have your Personal data transmitted by 4G you may ask to be remotely monitored by Bluetooth devices only.
- Aggregated Statistics and Reports: We freely use and disclose data in anonymous form, for example, in statistics or reports.
- Our employees and authorized independent contractors (“Authorized personnel”): Authorized personnel may have access to your Personal data for the purpose of helping us administer and run our Services (and not for their own, independent purposes). Authorized personnel access and use such Personal data in accordance with our instructions, on a “need to know” basis, and under defined strict confidentiality and security obligations.
- Express consent: Tactio shall also disclose your Personal data at your express request.
- Data controller of your Health data:
By are using the Services in the course of your medical treatment by a healthcare provider, that healthcare professional shall obtain a verbal or written consent from you to collect, use and disclose your Personal data and Health data.
That healthcare professional may modify, add and/or erase your Personal data and Health data; may provide alerts to you through the Services and may share your Personal data and Health data with its clinical staff or healthcare partners who require access to patient information, within the requirements of the applicable regional privacy laws such as the Privacy and Security Rules of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In addition, your Personal data and Health data may also be used or disclosed by the healthcare professional for the his business partners or other purposes of healthcare treatment, payment (including but not limited to health insurance claims and reimbursement) and operations of the medical practice, as well as for other purposes permitted by applicable laws.
At all times, Your healthcare professional is the Data controller of Health data. Tactio shall act as the Data processor of your Health data for your healthcare provider.
- Personal data Hosting and Storing:
Except for non-identifiable and anonymized information which Tactio may store in perpetuity and in any reasonable location, Tactio shall host and store your Personal data for a maximum of 6 months after you delete your account, ask for the deletion of your account or have your account deleted by your healthcare professional. After such period, Tactio may delete your stored Personal data, with respect to the applicable laws.
Your Personal data may be stored in locations outside of your state or country with respect to the applicable regional laws, such as, but not limited to, the General Data Protection Regulation of the European Union, the HIPAA of the United States of America and the Personal Information Protection and Electronic Documents Act of Canada.
- Access and Update:
You have the right to access and obtain copies of your Personal data. You also have the right to update, rectify and correct any Personal data that you believe is inaccurate or incomplete. To do so, please contact our Privacy officer at email@example.com.
- Withdrawal of consent and Opt-out:
- Generally not suitable for children under the age of :
Tactio Services are not intended for children under the age of 13. We do not knowingly collect Personal data via the Services from users in this age group. We do, however, collect information about children and babies provided by the parents or legal guardians of such children or babies. We ask our Services’ users not to provide information about any baby or child without first getting their parents’ or legal guardians’ consent. By providing Personal data regarding any baby or child, you are affirming that you are legally authorized to do so. We encourage parents and legal guardians to talk to their children about their use of the Internet and the information they disclose pursuant to the Services.
In the event that the Services have been used by a child under the age of 13 to store information of that child without parental consent, Tactio shall be and is authorized to delete, in its entirety, any of the information stored. Tactio also reserves the right to revoke any license to use the Services which is being used by a child under the age of 13.
As we also do not intentionally collect or maintain information in the Services from those visitors and Users of the Services who are under 18 years old.
- Third-Party Programs:
Tactio uses commercially reasonable and appropriate physical, electronic, and managerial procedures to safeguard and secure the Personal data we collect. However, Tactio can’t fully eliminate security and/or privacy risks associated with Personal data created, stored or transferred using the internet and internet technologies.
Tactio, as the Data processor, shall not be liable for any breach, unauthorized disclosure or unlawful use of your Personal data or Health data that was, at the time of the breach, under the control of your healthcare professional.
- Electronic communications (E-mails):
Your email address may be used to send you Electronic Communications from time to time. At any time, you may ask us to stop sending you Electronic Communications by contacting firstname.lastname@example.org or using the unsubscribe clickable mechanisms provided at the bottom of such communication.
The collection, use and disclosure of your Personal data by Tactio will be governed by the latest version of this Policy. New versions of this Policy will be posted at https://www.tactiohealth.com/en/privacy-policy.
- End User License Agreements:
The End User License Agreement, available at https://www.tactiohealth.com/en/terms-of-use and governing your use of the Services (and which may be viewed from the info page of the software) contains important provisions disclaiming and excluding the liability of Tactio and others in relation to your use of the Services, and provisions determining the applicable law and exclusive jurisdiction for the resolution of any disputes regarding your use of the Services. Each of those provisions also applies to any disputes that may arise in relation to this Policy and the collection, use and disclosure of your Personal data, and are of the same force and effect as if they had been reproduced directly in this Policy.
- Do Not Track:
While many current browsers permit you to send a signal to us about your Do Not Track (“DNT”) preferences, we do not respond or support DNT signals sent from your browser.
- Access, Comments, and Questions