Securing your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
Such measures include:
Secure Storage: Avvy Health stores all personal information and PHI in an Amazon Web Services (“AWS”) data center located in Canada. AWS is ISO 27001 certified and adheres to global privacy and data protection best practices.
Network Security: We have implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly-accessible systems.
End-to-End Encryption: We encrypt all written exchanges with you. Data transmissions and communications on the Platform are end-to-end encrypted using TLS version 1.2.
- Privacy Policies and Training: Avvy Health has implemented written policies and procedures that specifically address the privacy and security of your PHI. We deliver privacy training to our employees and contractors on how to safeguard personal information and mitigate operational risks. All Avvy Health employees and contractors are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy.
- SOC 2 Type II Compliance: Avvy Health’s Information Security Policy and its related policies and processes are compliant with the trust services criteria relevant to security (“applicable trust services criteria”) set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria), in accordance with CSAE 3000 and AICPA Guide to Reporting on an examination of Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and Privacy (SOC 2).
The website http://avvyapp.com is owned by Avvy Health Inc. (“Avvy”). The content on this website includes general information about home medical visits and our services. It is not meant to be taken as personal advice from a healthcare professional.
You must be at least 18 (18) years old to use the Site (as defined below) or any Avvy service. By using the Site, you represent and warrant to Avvy that you are at least eighteen (18) years old. Parental consent may be required in some provinces if you are under the age of eighteen (18).
What Personal Information does Avvy collect?
- to respond to your inquiries;
- to provide you with general (non personal) health information and industry information;
- to provide you with updates about the Avvy services; and
- to meet legal and regulatory requirements.
How is this Personal Information Used?
We will use your Personal Information only for the purposes for which it was collected, as outlined above, and as required or permitted by applicable law. Health information disclosed for the purpose of the appointment is kept until your appointment to help healthcare workers providing your service to understand your needs and concerns. We do not store your health information beyond the appointment. We do keep records of services you have purchased from Avvy, along with associated appointment dates and times.
Please note you may unsubscribe from Avvy communications using the link provided in the communication, or by contacting us at the contact information set out below.
We may also use aggregate data that does not identify an individual for the purposes of research, including academic and non-academic research, prospecting new business, artificial intelligence, promotion and advertisement in accordance with applicable law.
Other Information That We Log and Cookies
We may collect and use information about how users interact with the Site, including Internet Protocol addresses, Internet domain names, the web browser and operating system used to access the Site, the time spent on each page, and the time and date of each visit. This information is used for, among other things, auditing and tracking purposes, to improve the content of the Site, and to create a better experience for users of the Site.
Sharing of Personal Information
The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Website and App, you are responsible for selecting a unique password that you do not use with other platforms, and for keeping this password confidential. We ask you not to share your password with anyone.
Please also ensure that while using the Platform and particularly during Consultations, you are in a safe and private environment where the confidentiality of your personal information and your privacy are adequately protected.
Third-Party Service Providers
We have relationships with agents and third-party service providers that help us provide services to you including, but not limited to, designing, maintaining and improving the Site and our systems and computer security.
Sale of Business
We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Avvy Health or as part of a corporate reorganization or other change in corporate control.
We have record retention processes designed to retain personal information for no longer than necessary for the purposes set out herein or as otherwise required to meet legal or business requirements.
Links and Referrals to Third Parties
Our Security Measures
We are committed to protecting the security of your Personal Information. We have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access to your Personal Information. We apply security safeguards appropriate to the sensitivity of the Personal Information, such as retaining information in secure facilities and making Personal Information accessible only to authorized individuals on a need-to-know basis. We have clearly defined internal policies and practices.
Although we will make commercially reasonable efforts to protect Personal Information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk that an unauthorized third party could find a way to thwart our security systems. This risk is heightened if you are using unsecured/public Wi-Fi.
Except in the limited circumstances established by law, you may obtain access to your Personal Information. You may also request that we correct your Personal Information if you believe it to be out of date or otherwise inaccurate. Requests for access or correction of Personal Information or to adjust your subscription preferences should be made by contacting our Privacy Officer at the contact information set out below.
Attn: Privacy Officer
5667 Royalmount Ave.
Montreal, QB H4P 2P9