Privacy & Confidentiality – MedTechnologies

Privacy Policy

Scope and application
What Personal Information do we collect?
How do we collect your Personal Information?
How do we use your Personal Information?
a. Research and development purpose
When do we share your Personal Information with other organizations?
Automated data processing
What are your privacy choices?
a.Restricting collection, use and disclosure of your Personal Information
b.Changing your communication preferences
How do we protect your Personal Information?

Data Governance and Security Measures [Note: This section is a specific requirement of the new Québec privacy requirements coming into effect in September 2023.]

How long do we keep your Personal Information?
Cross-Border Transfers of Personal Information
Accessing and correcting your Personal Information
Changes to the Privacy Policy
Contact us

1. Scope and application

Med Technologies Inc. (collectively, “MedTech,” “we,” “our,” or “us”) provides software solutions to employers to optimize employee health, workplace integration and safety, as well as cost-efficiency and productivity.

MedTech is committed to respecting and protecting your privacy and the confidentiality of the information with which you have entrusted to us and which we collect about you. The purpose of this global privacy policy (the “Policy”) is to explain how and for what purposes we collect, use, share or otherwise process your personal information and how we safeguard the confidentiality of your personal information, whenever you interact with MedTech.

2. What Personal Information do we collect?

"Personal Information" means any information that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual. We collect personal information such as your age, contact details, birth date, personal health information (for example, relevant allergies, medical history, or other relevant background health information) and personal payment methods.

Personal information collected in connection with our services is subject to the MedTech Terms of Use.

3. How do we collect your Personal Information?

We collect Personal Information directly from you, or through our websites when:

you create an account;
we provide service to you, including technical support;
you visit one of our websites [or use our apps], or call us;
you submit your resume information;
we or our service providers, maintain and operate our websites.

We may also collect your Personal Information (i) on behalf or your employer, who may use it for employment or workplace wellbeing purposes, and/or (ii) from your healthcare professional, if you have consented to it.

4. How do we use your Personal Information?

Our pre-employment software is designed to reduce the number of applicants requiring a standard in-person pre-employment medical examination. The purpose of a standard pre-employment examination is to reduce the likelihood of placing an employee in conditions of higher risk of injury, and if applicable, to apply restrictions (or offer an alternative work assignment) to reduce the medical or injury risk.

The employee preventive screening solution provide recommendations using an algorithm in order to identify individualized employee needs and recommended targeted interventions (occupational and other health support programs), to optimize and individualize employee work environment and streamline the safety and work-site preventive health process.

Our adult well health routine screening tests are used to determine which, if any, screening tests should be discussed with your healthcare provider for consideration, based on information you provide about yourself, and your family history. The final report remains confidential for your use only, it contains no name or identifier, and only you can share it with your health care provider. Only your health care provider can order a test, following proper medical evaluation and informed consent.

We may also use your Personal Information for the following purposes:

to identify and assess opportunities for early targeted interventions (e.g. ergonomics);
for general business purposes such as managing our business and websites, processing job applications, preventing or reducing commercial risk, as well as for purposes relating to information, system or network security;
comply with legal, regulatory and professional obligations;
protection of our commercial interests, collect debts and assert our legal rights and interests;
creating, administering, and maintaining your account;
updating your Personal Information.

MedTech never uses your Personal Information to make final determination if you are unfit or fit for employment with restrictions.

a. Research and development purpose

We may use Personal Information to understand and assess your interests and changing needs with a view to improving our products and services and developing new ones, as well as to evaluate potential improvements or other modifications to the functionality of our websites. For instance, we may use third-party web analytics services, such as Google Analytics, to help us analyze how visitors use our websites. When required by law, we will use anonymized information for these purposes.

5. When do we share your Personal Information with other organizations?

All personal and health information (past or present) remains confidential, and is not shared with the employer or any other party. Only the recommendation of whether or not a pre-employment exam is exempt is made available via a secure portal to the employer, as well as the potential restriction(s) to be assessed if applicable.

In exceptional circumstances, we may share Personal Information without your consent, when authorized by law, such as:

to comply with a warrant or other order from a court or a governing regulatory authority.
to investigate the breach of an agreement or applicable law (for example, investigating potential theft).
to determine or verify eligibility to receive health care or related goods, services or benefits.
to detect, suppress or prevent fraud.
when required in the context of a prospective or completed business transaction, such as a transfer of assets or shares or merger, in accordance with applicable legal requirements. For example, we may make your Personal Information available to advisors or (potential) buyers of our business if necessary for concluding the transaction and continuing operating the business.

6. Automated data processing

We may use your personal information in your health profile to generate recommendations to your employer with an algorithm, as described in the above section. Our algorithm is not intended to make any decision on your inability to be employed as a candidate.

7. What are your privacy choices?

We rely on your express consent to process your Personal Information. You have choices about the way we handle your Personal Information.

You may withdraw your consent to the collection, use and disclosure of Personal Information in accordance with this Privacy Policy at any time upon reasonable notice to MedTech in writing, subject to legal or contractual restrictions.

The withdrawal of your consent may affect our ability to provide recommendations to employers about the likelihood of placing an employee in conditions of higher risk of injury, and, if applicable, to apply restrictions (or offer an alternative work assignment) to reduce the medical or injury risk. In some circumstances, legal requirements may prevent you from withdrawing consent.

8. How do we protect your Personal Information?

We take appropriate measures and controls aimed at safeguarding your Personal Information. These measures include restricting physical access to our offices and records, restricting access to your Personal Information to only those employees or agents who require access to fulfill their responsibilities, restricting unauthorized access, disclosure, use and misuse of your Personal Information in our custody and control, having archival documents stored with reliable third parties offsite at secure premises, using firewalls, passwords and file encryption for online activities.

Our goal is to prevent unauthorized access, loss, misuse, sharing or alteration of Personal Information in our possession. We also use these safeguards when we dispose of or destroy your Personal Information.

Data Governance and Security Measures

We maintain policies and practices which ensure the protection of your Personal Information. Depending on the volume and sensitivity of the information, the purposes for which it is used and the format in which it is stored, we implement a combination of measures to protect your Personal Information, including:

Please note that despite the protective measures we put in place, in is technically not possible to completely secure personal information.

9. How long do we keep your Personal Information?

We keep your Personal Information only as long as it is reasonably needed or relevant for the identified purposes, or as permitted or required by law or provincial associations and colleges. We may keep certain Personal Information for an extended period of time (for example, for required tax and financial record keeping, security, fraud prevention, and to manage business operations). Once no longer required, your Personal Information will be securely destroyed or anonymized, in compliance with applicable laws.

10. Cross-Border Transfers of Personal Information

Your Personal Information is only stored, accessed or used in Canada (Montréal).

We may engage third-party service providers to assist us in providing our services to you; for example, in order to process payment, fulfil product orders, provide e-commerce functions, or manage our communications with you. We use our best efforts to ensure that all of our third-party service providers take reasonable security measures to protect your Personal Information (this includes technical, administrative, and physical safeguards to protect your Personal Information). We use our best efforts to ensure our service providers only use your Personal Information for authorized purposes we have made known to you or which are otherwise permitted by applicable law.

11. Access to your Personal Information and other individual rights

You may be entitled to access your Personal Information and request the rectification information that is inaccurate, incomplete or no longer up to date, subject to limited exceptions set out in applicable laws. You may also request information about MedTech’s processing activities regarding your Personal Information.

Other Rights in the European Union or United Kingdom: If you are in the European Union or the United Kingdom, you may have additional rights which are described in Section 14 of this Policy.

For any request, please contact us in writing using this address: support@medtechnologies.net.

12. Changes to the Privacy Policy

We may make changes to this Privacy Policy from time to time. Any changes we make will become effective when we post a modified version of the policy on our websites [and apps]. If the changes we make are significant, we will provide a more prominent notice when required by applicable laws. By continuing to use our services or purchase our products after the modified version of the Privacy Policy has been posted or you have been informed of such update, you are accepting the changes to the Privacy Policy. If you do not agree to the changes in our Privacy Policy, it is your responsibility to stop using our services or purchasing our products. It is your obligation to ensure that you read, understand and agree to the latest version of the Privacy Policy. The “Effective Date” at the top of the Privacy Policy indicates when it was last updated.

13. Contact us

If you have any questions or complaints about how we handle your Personal Information, please contact us as indicated below:

Person Responsible for Protection of Personal Information : Allison Ready, COO

For any request regarding your job application or your employment, please contact the employer.

14. GDPR/UK Notice

This section applies when the processing of your personal information is subject to the General Data Protection Regulation or the UK Data Protection Act 2018, for instance because it is handled by MedTech located in the European Union or the United Kingdom or because you are located in a Member State or in the United Kingdom.

What are the legal basis we rely upon to process your personal information?

We may rely on the following legal basis to process your personal information:

Where it is necessary to enter into or to perform a contract between us (for instance when you use our services);
Where it is necessary for our legitimate interests or for the legitimate interests of a third party to do so;
Where you have given us your consent;
Where it is necessary to comply with our legal obligations;
Where it is necessary to protect the vital interests of an individual.

What are your rights?

In addition to the rights mentioned under Section 11, you may have the following rights:

Right to erasure: you have the right to request from us erasure of your personal data (for instance, if it is no longer necessary to provide our services to you or if you have withdrawn your consent).
Right to object or restrict our processing: you have the right to request from us to stop processing all or some of your personal information (for instance if we use if for direct marketing purposes) or to restrict its use (for instance, if it is inaccurate).
Right to data portability: you have the right to ask us, if technically feasible, to transfer your personal data to a third party or to provide it to you directly in a structured, commonly used and machine-readable format. Please note that this right is subject to certain restrictions.
Right to withdraw consent: where we process your personal information on the basis of your consent, you may withdraw your consent, for instance by contacting us.

Further, where French data protection law (Loi Informatique et Libertés) is applicable, you also have the right to set guidelines for the retention and communication of your personal information after your death.

If you wish to exercise any of these rights, please use the contact information listed under the Contact Us Section. You also have the right to lodge a complaint before the supervisory authority of the country where you are located or where the relevant MedTech entity is established.

How do we secure your personal information transferred outside of the European Economic Area?

When we transfer your personal information outside the European Economic Area (including the United Kingdom), we enter into contractual arrangements to ensure the adequate protection of your personal information. For instance, we rely on contracts that incorporate standard contractual clauses approved by the European Commission or other lawful mechanisms under the GDPR to transfer personal information related to our activities in the EU/UK to countries outside of the European Economic Area that are not covered by an adequacy decision.

15. California Notice

This California notice supplements the Policy set forth above with respect to specific rights granted under the California Consumer Privacy Act (“CCPA”) to natural person California residents (“California Resident,” “you,” or “your”) with regards to “personal information.” If you are a California Resident, please review the following information about our privacy practices surrounding how and why we collect, use, disclose and share your personal information and your potential rights with regard to your personal information under the CCPA. The rights described herein are subject to exemptions and other limitations under applicable law.

Terms used in this California notice have the meaning ascribed to them in the CCPA. We are a “business.” “Personal information” for the purposes of this section has the same meaning as in the CCPA. For purposes of this California notice, personal information does not include deidentified information, aggregate consumer information, or publicly available information as those terms are defined in the CCPA.

Notice at Collection and Use of Personal Information

Information We Collect

Depending on how you interact with us, we may collect the categories of personal information listed above in the How do we collect your personal information?

How We Use Collected Information

We also may use personal information from California Residents for the business or commercial purposes described above in the section How do we use your personal information?

Our Disclosure and Sharing of Personal Information

We do not sell your personal information.

In the preceding 12 months, we may have disclosed for a business purpose your Personal Information, to the following categories of third parties: (i) service providers and corporate affiliates (only as necessary or appropriate to perform legitimate business purposes); and (ii) other third parties as may otherwise be permitted by law.

California Residents’ Rights under the CCPA

The CCPA provides California Residents with certain rights related to their personal information. This section explains those rights. If you are a California Resident and would like to exercise any of those rights, please see How to Exercise Your CCPA Rights below for more information on how to submit a request, subject to certain exemptions and other limitations under applicable law.

Notice: You have the right to be informed, at or before the point of collection, of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used.
Right to Know: You have the right to request that we disclose to you certain information regarding our collection and use of personal information specific to you over the last twelve (12) months.
Right to Delete: You have the right to request that we delete certain of your personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with federal, state, local and non-U.S. laws, rules and regulations.
Right to Non-discrimination: We will not discriminate against you for exercising of any rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.
Opt-Out of Sale: You have the right to opt out of the “sale” (as that term is defined in the CCPA) of your personal information if a business sells your personal information (we do not).

The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. We also reserve the right to retain, and not to delete, certain personal information after receipt of a request to delete from you where permitted by the CCPA.

How to Exercise Your CCPA Rights

If you are a California Resident and would like to exercise any of the CCPA rights identified above, you may submit a request by writing to [support@medtechnologies.net] or by calling us at [insert telephone number] (toll-free). [NTD: You need to provide a toll-free number under the CCPA.]

We are required to provide certain information or to delete personal information only in response to verifiable requests made by you or your legally authorized agent. When you submit a Right to Know or a Right to Delete request, we may ask that you provide clarifying or identifying information to verify your request. Such information may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, [your name and email address.] Any information gathered as part of the verification process will be used for verification purposes only.

You are permitted to designate an authorized agent to submit a Right to Know or a Right to Delete request on your behalf and have that authorized agent submit the request through the aforementioned methods. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on your behalf. We may also require that you directly verify your own identity with us and directly confirm with us that you provided the authorized agent permission to submit the request.

We will deliver responses to verifiable consumer requests, free of charge, either through your online account with us, if you have such an account already, or, if you do not have a pre-existing online account, by mail or electronically, at your election. Our goal is to respond to any verifiable consumer request within forty-five (45) days of our receipt of such request. We will inform you in writing if we cannot meet that timeline. Keep in mind that we are not required to provide information in response to Right to Know requests more than twice in a 12-month period and any response to a Request to Know will only cover the 12-month period preceding the verifiable request.

Additional California Privacy Rights

Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our sites are not currently set up to respond to those signals.