Dr. Inbox Platform Privacy Policy

as of November 1, 2023

Dr. Inbox Incorporated ["Dr. Inbox", "we", "us"] is committed to protecting personal information and safeguarding the privacy of all users of the Dr. Inbox Platform [the "Platform"] which is accessible through our website, www.drinbox.ca [the "Site" and collectively, with the Platform, the "Services"]. This privacy policy [the " Policy"] applies to information collected by Dr. Inbox through the Services. It does not apply to information or data collected through other sites, products, or services.

By using the Services, you consent to the collection and use by us, our agents, and your Health Care Provider of your Personal Information as described in this Policy.

Definitions

"Account" means the account used by Users to sign into and use the Platform.

"Practitioner(s)" means those employees of the Health Care Provider registered to be Platform users in order to access Health Care Provider and Patient content through the Platform.

"Health Care Provider" or "Provider" means a Practitioner, administrative team member, clinic or business which has subscribed for and created accounts for its Patients to the Platform. "Patient(s)" means those patients and clients of the Health Care Provider who are initially registered by the Health Care Provider with Dr. Inbox to access the Platform.

"Caregiver(s)" means a family member or helper who regularly looks after a child or a sick, elderly, or disabled Patient (collectively, with Patients, and Health Care Providers [the "Users"].

"Identifying Information" means personally identifiable information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual. This includes information such as your name, address, e-mail address and date of birth.

"Non-Personal Information" is information of an anonymous nature, such as an Internet Protocol Address (IP Address), the domain used to access the site, and the type and version of browser or operating system being used. Aggregate information, such as demographic statistics of our users (e.g. average age or geographical allocation of our users), number of visitors, what pages users access or visit, average time spent on the Site, and information volunteered by the user, such as survey information, is also considered Non-Personal Information.

"Personal Health Information" means identifying information about an individual, if the information:

  1. relates to the physical or mental health of the individual, including information that consists of the health history of the individual's family;
  2. relates to the provision of healthcare services to the individual, including the identification of a person as a provider of healthcare to the individual;
  3. relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the individual; or
  4. is the individual's health number.

"Personal Information" in the context of this Policy, means both Identifying Information and Personal Health Information.

Collection of Personal Information

Registration: Dr. Inbox collects and stores Personal Information to provide Users with services within the Platform. By consenting to this Policy, Dr. Inbox will collect and retain Patients' Personal Information as provided by their Provider, allowing for direct and convenient access to the Patient's Personal Health Information.

Personal Information is also collected from Providers to initiate Users' account setup and validation. This allows expedition of Users' enrolment and access to the Platform, and includes without limitation the User's name, e-mail address, home address, telephone number, and, in the case of a Patient, their health card number if known by the Provider.

Through Cookies: Dr. Inbox uses cookies within Users' web browsers to facilitate the sign in process and to deliver personalized services within the Services. The cookie is a small datafile that a website places on your computer's hard disk. This is a temporary or session cookie that uniquely identifies the User as they move from page to page on the Site. We need this information in order to operate the Services, but it does not collect Identifying Information.

Use of Personal Information

We do not (nor do we intend to) sell or otherwise market Personal Information to third parties. We limit the collection, use, retention and disclosure of Personal Information to that which is reasonably necessary for the purposes outlined below. By using the Services, you consent to our collection from, verification with and communication to the Provider and any third party for the purposes set out in this Policy, by Dr. Inbox and any corporation, company or other entity effectively controlling or controlled by Dr. Inbox or associated with others under common control or ownership, and includes, but is not limited to subsidiaries (the "Affiliates").Personal Information will not be used without your consent for any purpose other than those mentioned in this Policy.

Records

All Personal Information collected from a Patient or Provider is stored in a record [the "Record"] which can be accessed by the Provider through the Platform, unless specifically excluded in this Policy.

Personal Health Record: Patients can store and access their Personal Health Information through the Platform, including without limitation, Provider visits, medication, immunization records, and laboratory results. Personal Health Information can be viewed by the Users and are included in Records.

Online Appointment Booking: Patients and Caregivers can book and manage appointments online with their Health Care Provider. The Platform displays a record of Patients' scheduled appointments, including the name of the Practitioner, scheduled date and time, and address of the appointment. This record will be displayed only until the expiry of the date of the appointment, and is visible only to the User.

Secure Communications and Messages: Users can exchange health-related secure communications [the "Messages"] through the Platform. All parties may receive e-mail or sms notifications upon receipt of Messages. Messages may include Personal Information and can be viewed by Patient, Caregiver, and Provider and are included in Records.

Law and Compliance / Other Uses: Dr. Inbox may hire other companies to provide services on its behalf [the "Agent"]. Dr. Inbox gives Agents only the Personal Information they need to deliver the service. Dr. Inbox requires Agents to maintain the confidentiality of the Personal Information and prohibits them from using such information for any other purpose.

Dr. Inbox and Agents may use your Personal Information for the following purposes:

  1. to provide Users with information about the Platform, including updates and notifications;
  2. to send Platform e-mail or sms communication;
  3. to receive Users' feedback;
  4. to invoice applicable service fees, if any;
  5. to maintain and administer Accounts;
  6. for support services; and
  7. to generate statistics and aggregate reports to improve the Platform.

Security

Our servers are located in Canada. Dr. Inbox uses commercially reasonable efforts to ensure that your Personal Information is stored and maintained in a secure environment. Dr. Inbox uses encryption technology such as TLS/SSL during transmission and the storage of Personal Information. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

Retention

Dr. Inbox will keep your Personal Information for as long as necessary in connection with the purposes identified in this Policy or as required by law, which may extend beyond the termination of Dr. Inbox's relationship with the Patient or Provider. You must notify Dr. Inbox at customercare@drinbox.ca if you no longer want your information to be retained by Dr. Inbox. If you request to close your Account, Dr. Inbox will delete your Record within ninety (90) days of your Account being closed.

You acknowledge and agree that if you request that your Personal Information be removed from our databases, it may not be possible to completely delete all Personal Information due to technological and legal constraints. In addition your Provider may have retained copies of your Record in accordance with their own privacy policies which Dr. Inbox does not have control over. An example of a legal constraint may include Dr. Inbox being requisitioned by provincial or federal government entities to disclose Personal Information for the purpose of a criminal investigation.

Third Party Websites

Through the Services you may be introduced to a variety of third parties and websites. The privacy policies of these third parties are not under the control of Dr. Inbox and may differ from this Policy. The use of any information that you may provide to any third party, or the use of "cookie" technology by any third party, will be governed by the privacy policy of the operator of the website that you are visiting. If you have any doubts about the privacy of the information you are providing on another website, we recommend that you contact that website directly for more information and review its privacy policy. An example of this scenario is your Provider directs you to a survey on another website via a link from the Platform.

Access to Personal Health Information

Users can access the Personal Information we hold about them by sending us an e-mail at Customercare@drinbox.ca. We will advise you in advance of any charges for copies of your file. We may be unable to provide you with some information in certain circumstances, such as if the information also refers to other individuals, is subject to legal privilege, contains confidential information, cannot be retrieved using your name or account number, or as otherwise permitted or restricted by law. If you wish to notify us of any changes to your Personal Information, or if you believe that any information we hold about you is inaccurate or incomplete, please send us an e- mail with the corrections to the e-mail address noted above.

Changes to This Policy

Dr. Inbox may amend and update this Policy at any time, which will be reflected by the "last modified" date above, and will notify you of this change upon your next logon. It is highly recommended that you read over this Policy occasionally to keep informed of our commitment to the protection of your private information and any changes to this Policy. You must agree to this Policy and any changes thereto to continue usage of the Services.

Contact information

Should you have any questions or concerns about this Policy, please send your correspondence to:

Chief Privacy Officer

Dr. Inbox Incorporated

410 -- 73 Water Street North

Cambridge, ON N1R 7L6

Customercare@drinbox.ca

All communications relating to privacy will be considered confidential and treated as such.