ELNA Medical Group Inc. (“ELNA,” the “Enterprise,” “Us,” or “We”,) is dedicated to upholding the highest standards of privacy and protection regarding data and Personal Information in our care. We recognize our role as a trusted steward in the collection and management of sensitive information. We value your right to receive full transparency in how we handle and process data and we are dedicated to building privacy into every aspect of our services and systems.
In this Policy, we explain how we collect, use, disclose, and protect information, ensuring that you are fully informed about your rights and the measures we take to uphold the privacy and security of your information. The principles outlined in this Policy are applicable during your entire relationship with us.
ELNA further ensures that all of our business partners, third party affiliates, and subsidiaries are aware when they have an obligation to act in accordance with either this Policy, their own similar policies, or other relevant ELNA policies. ELNA encourages the review of all ELNA’s affiliates and subsidiaries privacy policies, procedures, and website, mobile, or cloud service standards.
By accessing or using the Website or by otherwise giving us your Personal Information or Personal Health Information through our Services, you indicate that you understand, accept, and consent to the privacy practices described in this Policy.
This policy is constructed in accordance with the Government of Québec’s Law 25 amendments to the Act Respecting the Protection of Personal Information in the Private Sector, the Act Respecting the Sharing of Certain Health Information, and in expectation of the in-force requirements of Bill 3, An Act Respecting Health and Social Services Information. The language and reporting process, however, have been written with ELNA’s national privacy obligations in mind. The legislative authorities for this policy may extend to the Government of Canada’s Personal Information Protection and Electronic Documents Act, 2000, the Government of Ontario’s Personal Health Information Protection Act, 2004, and the Government of Alberta’s Health Information Act, 2000.
Personal Information is any information which relates to a natural person, allowing that person to be identified. All Personal Information is considered confidential information and must be handled in accordance with relevant legislation.
Personal Health Information
Personal health information is a form of Personal Information and includes all registration, diagnostic, treatment, health service, and care information, obtained in any format (oral or recorded) that allows an individual, living or deceased, to be identified either directly or indirectly. Personal health information is highly confidential information and can include, but is not limited to:
Information Life Cycle
Information life cycle (“life cycle”) refers to any aspect of the collection, use, storage, retention, transfer, disclosure, accuracy, correction, disposal, or destruction of Personal Information and personal health information.
Aggregated / De-Identified / Anonymized Information
“Aggregated” information is when your information is grouped with a collection of other information large enough that it is virtually impossible for you to be identified. Aggregated data is commonly referred to as statistical data.
Information is “de-identified” if it no longer allows the person concerned to be directly identified.
Information is “anonymized” if, at all times, reasonably foreseeable in the circumstances that it irreversibly no longer allows the person to be identified directly or indirectly. Steps must be taken in the case of both de-identified/anonymized data to follow best practices and to take reasonable steps to ensure no re-identification takes place. While ELNA respects and abides by each relevant jurisdictional definition of these terms, for the purposes of this Policy, Québec’s definitions are utilized.
“Profiling” is the use of technology allowing a person to be identified, located or profiled. “Profiling” means the collection and use of Personal Information to assess certain characteristics of a natural person, in particular for the purpose of analyzing that person’s work performance, economic situation, health, personal preferences, interests, or behaviour.
ELNA may only collect, use, or communicate your Personal Information and Personal Health Information with your consent. ELNA must ensure that the consent you provide is clear, free and informed, and given for specific purposes. Specific purposes are purposes necessary for ELNA to fulfil its mission, carry out our activities, provide you services, or create new programs. Your consent must be sought for each specific purpose and presented in simple and plain language. Consent is only valid for the time necessary to achieve the purposes for which the consent was requested.
Your consent may be obtained, subject to legislative requirements, either implicitly or expressly. There are exceptions when consent is not required. ELNA will be transparent and demonstrate to you why such an exception may be invoked. You may withdraw your consent at any time, subject to legal and contractual restrictions and reasonable notice.
This Policy applies to information we collect, use, or disclose about our clients, visitors, and Website users as follows:
For greater certainty, this Policy does not apply in the following circumstances:
When you use our Services or Website, we may collect Personal Information about you directly from you, including, but not limited to, surveys, search queries, or fillable forms you submit on the Website, or when you communicate with us through any medium.
The Personal Information that may be collected about you includes:
Additionally, we obtain certain information about you automatically when you sign up to use our Wi-Fi or use our Website, through automated technologies, including cookies or other tracking technologies deployed by our third party advertisers. This information includes:
When ELNA collects your Personal Information, you will be informed of
and you have the right to further request
The information we collect automatically is used to help us improve our Website and to deliver better and more personalized services across the ELNA ecosystem. Our technological products are subject to ELNA’s Confidentiality Policy and we ensure those product settings provide the highest level of confidentiality by default.
Information collected in the Province of Québec has the possibility of being held, communicated, or used outside of the Province of Québec. The collection of information in Québec that is subsequently held, communicated, or used outside Québec by ELNA, our business partners, third party affiliates, our subsidiaries is subject to mandatory Privacy Impact Assessments (PIA).
Each PIA will assess whether the information will receive “adequate protection” to that which it would receive if the data was maintained within Québec. Should such due diligence result in ELNA not being satisfied that the adequate protection standard is upheld, we must and will refuse to release the information.
We may use your Personal Information for the following purposes:
ELNA shall inform you of any usage of your Personal Information that renders a decision regarding your care or services based exclusively on the automated processing of information. You have the right to submit observations regarding the automated processing decision.
Your Personal Information or Personal Health Information may be disclosed to physicians, health care professionals, and staff directly involved in your health care with your consent. In addition, the Company may disclose your Personal Information under the following circumstances:
We may also engage certain third-party service providers or agents to provide services to us, including information technology services. To the extent that these service providers have access to your Personal Information, they are obligated by us to protect your Personal Information to a level of security similar to that which we provide.
Québec Residents: Before sharing your Personal Information outside of Québec, ELNA is obligated to conduct a privacy impact assessment to ensure your information will receive adequate protection in the province or state in which the information will be shared.
All ELNA clients may contact our Privacy Officer at the contact information set out below in order to obtain written information about our policies and practices with respect to service providers and affiliates outside Canada, or to ask questions about the use, disclosure or storage of Personal Information by such service providers and affiliates outside Canada.
It is ELNA’s ethical and legal responsibility to ensure the adequate handling, protection, usage, retention, disposal, and safeguarding of all Personal Information and personal health information in its custody. ELNA’s privacy governance program establishes an accountability framework encompassing the entire life cycle of data collected by us.
We have also established appropriate physical, technical, organizational, and administrative safeguards to protect the Personal Information we collect from or about our users, such as facility access control and workstation security. In addition, our patient information system uses passwords and firewalls to protect from inappropriate access, our Patient Portal accounts are password-protected and sensitive information is secured, whenever possible or practical, through encryption technologies. ELNA monitors, logs, notifies relevant authorities, and makes every effort to rectify and suspected or discovered compromise of information. We conduct privacy impact assessments, when required by law, for new projects and partnerships.
You understand that no method of communication of Personal Information, in-person or technological, can be guaranteed to be 100% secure. ELNA’s information system safeguards, however, are structured with privacy by design as a central tenet to ensure we have taken all adequate and reasonable steps to protect your Personal Information.
If you have any questions about security or have reason to believe your interaction with us is no longer secure, we encourage you to notify us immediately at our contact information below.
We will retain your Personal Information to meet our contractual and care obligations to you, while any account you activate on or through the Website is operational, and for the length of time necessary to comply with our legal and ethical obligations, resolve disputes, and enforce our agreements. We retain Personal Health Information for at least the minimum retention period required by applicable provincial medical regulators. When the purposes of collecting your Personal Information is achieved, it will be securely destroyed, permanently anonymized, or de-identified as required or permitted by applicable privacy laws.
Access and Rectification Rights
You have the right to know of the existence of the Personal Information we hold about you, the right to have that information communicated to you in a structured and intelligible format, the right to challenge the accuracy of the information about you, and the right to have inaccuracies rectified.
Please contact us at the contact information below (10. Contact Us) to request access to your Personal Information or change your preferences.
We will request documentation to confirm your identity prior to providing access to Personal Information, and we may not grant access in all circumstances (for example, where granting access would likely reveal the Personal Information of another party and the record is not severable). If the Personal Information is of a sensitive medical nature, we may grant access through a medical practitioner. If you have made a request and are not satisfied with our decision, you may submit a formal complaint to your relevant privacy commissioner, who may be able to review our decision.
Where you have provided your consent to us processing your Personal Information, you may have the legal right to withdraw your consent, subject to reasonable notice and certain restrictions. Certain personal health information cannot be withdrawn as it is essential for the provision of care services to you.
To withdraw your consent, if applicable, contact us at our contact information below. Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.
Do Not Track
Some web browsers have a “Do Not Track” feature. This feature allows you to tell websites you visit that you do not want to have your online activity tracked over time and across websites. These features are not yet uniform across browsers. The Website is not currently set up to respond to those signals.
Depending on your jurisdiction, you may also have other rights, which can be exercised by contacting the relevant contact information set out below. These rights may include:
We reserve the right to change this Policy from time to time in our sole discretion. When we do, we will also revise the “last updated” date at the top of this Policy. We encourage you to periodically review this Policy in order to ensure that you are familiar with our data protection practices.
If you have questions or concerns about this Policy, our information handling practices, or any other aspect of privacy and security of your Personal Information, or if you would like to make a complaint in relation to the protection of your Personal Information, please contact us at:
ATTN: Privacy Officer
ELNA Medical Group Inc.
5990 Ch. de la Côte-des-Neiges
For more information on your privacy rights, you may also contact the following privacy commissioners, depending on your jurisdiction. Their contact information can be found at their respective websites.