Effective: December 12, 2018.
What this policy covers
Your privacy is important to us, and so is being transparent about what we collect and how we use, share, secure, and control information about you. This policy is intended to help you understand:
When the Services are made available to you through an organization (for example, your employer or the organization that provides your care), that organization is referred to as the “Customer” which controls the contents and uses of the Services. Many of the actions relating to privacy and information that we describe below can be requested through an administrator who is authorized to act on behalf of the Customer. For more information, please see Notice to End Users below.
What information we collect about you.
We collect information about you when you provide it to us, when you use the Services, and when other sources provide it to us, as further described below.
Information you provide to us
We collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and profile information. We collect information about you when you register for an account or edit your profile or preferences through the Services. For example, you provide your name and email address when you create your account and you change your communication preferences within the Services.
Content you provide through the Services. The Services include the MemorySparx Services which collect and store content that you choose to post, send, receive, and share. Examples of content we collect and store include: Day, Life, and Health photos, entries, and voice recordings you create and messages you exchange in Chat.
The Services also include our websites owned and operated by us which collect content that you choose to submit to these websites. For example, you provide content to us when you fill in web forms or when you participate in any interactive features, surveys, activities or events.
Information you provide through our support channels. The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Information we collect automatically when you use the Services
We collect information about you when you use the Services, including browsing our websites and taking certain actions with the Services.
Your use of the Services. We collect information about you when you visit and interact with any of the Services. This information includes which features you use; the nature of your interaction these features such as a view, add, edit, or delete; how you interact with others through the Services; and the quantities of your interactions.
Device and connection information. We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use the Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address in order to approximate your location to provide you with a better experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Information we receive from other sources
We receive information about you from other users of the Services and from our business partners.
Other users of the Services. Other users of the Services may provide information about you when they submit content through the Services. For example, you may be mentioned in a Day, Life, or Health entry or voice recording; a Chat message; or your image may be added in a photo. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the Account Manager or Care Manager on your company’s account.
How we use information we collect.
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and enhance your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. For example, we use the name you provide in your account to identify you to other Service users. Beyond this basic data, we encourage you to get the most out of the Services by providing us with a wide range of information about the Care Recipient at the heart of the Services, be it yourself, your loved one, or another person under your care. When the care team knows more about you, a Care Recipient, such as your likes and dislikes, your personal history, what medical conditions you have, and other information about your schedule, then they can provide better care to you. When the care team communicates more about you, such as your daily activities, updates to your care plan, and observations of your wellness, then other care partners including your loved ones get better visibility and opportunity to participate in your care. You are providing us with this information or this information is being provided on your behalf to enhance your quality of life. The more information that your care team and loved ones provide us, the better the Services can assist you.
For research and development. We are always looking for ways to make the Services smarter, faster, and more secure, integrated, and useful to you. We use collective learnings about how people use the Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services.
To communicate with you about the Services. We use your contact information to send transactional communications via email and within the Services, including resetting your password, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We may also send you communications as you onboard to a particular Service to help you become more proficient in using that Service. These communications are part of the Services and in most cases, you cannot opt out of them. If an opt out is available, you will find that option within the communication itself or as a checkbox in the personal account management screen within the Services.
To market, promote and drive engagement with the Services. We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you via email. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We may also communicate with you about new product offers, promotions and contests. You can control whether you receive these communications as described below under "Opt out of communications."
Customer support. We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
For safety and security. We use information about you and your use of the Services to verify accounts and activity, to monitor suspicious or fraudulent activity, and to identify violations of Service policies.
To protect our legitimate business interests and legal rights. Where required by law or where we believe it is necessary to protect our legal rights and interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent. We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish featured customer stories to promote the Services, with your permission.
How we share information we collect.
Sharing with other Service users. A Care Recipient experiences the benefits of the Services when their care team and loved ones communicate and collaborate about their care and well-being. This is done by sharing information through the Services among members of a Care Recipient’s Care Circle. The Customer who procures the subscription and creates a Care Circle for a Care Recipient is responsible for ensuring that the Care Recipient or their legal designate such as a Power of Attorney authorizes the members of the Care Circle, thereby acknowledging that those members can view the Care Recipient’s information. An administrator, such as the Care Manager, is able to set permissions that restrict access to some content for any members of the Care Circle. We share the Care Recipient’s information through the Services among all authorized members of a Care Recipient’s Care Circle as per the designated permissions.
Managed accounts and administrators. If you access the Services using an email address with a domain that is owned by your employer or organization, certain information about you including your name, content, and past use of your account may become accessible to that organization’s administrator and other Service users sharing the same domain. If you are an administrator for a particular site or group of users within the Services, for example, an Account Manager or Care Manager, we may share your contact information with current or past users of the Services for the purpose of facilitating Service-related requests.
Compliance with enforcement requests and applicable laws and enforcement of our rights. In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements; (b) enforce our agreements, policies and Terms of Service; (c) protect the security or integrity of our products and services; (d) protect Emmetros, our customers, our users, or the public from harm or illegal activities; or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
How we store and secure information we collect.
Information storage and security
We are committed to maintaining the security of your data and the availability of the Services. We invite you to read our Security Overview that highlights some of our safeguards. Although we have implemented these safeguards, no security system is impenetrable and we cannot guarantee that your data, while being transmitted through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. Your personal information and other data may be lost during transmission or may be accessed by unauthorized parties. We do not accept any liability for direct or indirect losses as regards the security of your personal information during its transfer via the Internet.
How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information. We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to reactivate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve the Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of the Services, not to specifically analyze personal characteristics about you.
Information you share on the Services. If your account is deactivated or disabled, some of your information and the content that you have provided will remain in order to allow other members of your Care Circle(s) to make full use of the Services. For example, we continue to display the content that you provided relating to a Care Recipient to existing users in that Care Recipient’s Care Circle who have appropriate permissions.
Managed accounts. If the Services are made available to you through an organization (e.g., your employer or the organization that provides your care), we retain your information at least as long as required by the administrator of your account. For more information, see ‘Managed accounts and administrators’ above.
Marketing information. If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in the Services, such as when you last opened an email from us or ceased using your account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
How to access and control your information.
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
Care Recipient choices. If you are a Care Recipient, the Terms of Service for Customers grants you the right to authorize the choice of members within your Care Circle, who each will have access to current and future information added within your Care Circle. You can see a list of members at any time through the Members screen within your account or the account of any member of your Care Circle. You can request a change to the choice of members within your Care Circle at any time by contacting an administrator, such as the Care Manager also named within the list of members. Further, you have the right to request a change to access permissions for some or all members. For example, you can request to restrict a member of your Care Circle from accessing your Health content. Your Power of Attorney can exercise these rights on your behalf when he/she has the legal right to do so.
Customer and user choices. If the Services are made available to you through an organization, then that organization (known as the Customer) has the ownership and rights to all information that is added through your account and the accounts of the other members within the same Care Circle(s). The Customer has the right to request a copy of this information from us and the right to request the correction, deletion, or restriction, or export of this information. If you wish to request access, correction, deletion, restriction, or export of any of this data, you may contact an administrator on behalf of the Customer, such as the Care Manager named within the Members screen of your account. We can only execute these requests for you with authorization from the Customer.
We do not take any responsibility for any consequences of you failing to provide accurate information to the Services or of you failing to keep it up to date.
Information requests and choices may be limited in certain cases: for example, if fulfilling a request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Access and update your information. The Services and related Documentation give you the ability to access and update certain information about you from within the Services. For example, you can access and update your name and email address information within the personal account management screen within the Services.
Deactivate your account. If you no longer wish to use the Services, you can request to deactivate your account at any time. You can do so by contacting an administrator on behalf of the Customer, such as the Care Manager named within the Members screen of your account. We will deactivate your account following authorization from the Customer. Please be aware that deactivating your account does not delete information that you have previously added to the Services; your information remains visible to other Service users based on your past participation within the Services.
Request that we stop using your information. In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe an account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable) and you should cease using the Services.
Opt out of communications. You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within the personal account management screen in your account, or by contacting us as at firstname.lastname@example.org. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding the Services.
Turn off cookie controls. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit, If you do not accept cookies, however, you may not be able use all portions or functionalities of the Services.
Send “Do Not Track” signals. The Services does not have the capability to respond to “Do Not Track” signals received from various web browsers.
Data portability. Data portability is the ability to obtain some of your information in a format you can move from one service provider to another. Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information.
How we transfer information we collect internationally.
We may process your information outside the country where you live. By using the Services, you consent to the transfer of information outside the country you live in. You understand that if your information is processed in a foreign country, it may be accessible to law enforcement and national security authorities within that jurisdiction.
Other important privacy information.
Notice to End Users
The organization that makes the Services available to you (e.g. your employer or the organization that provides your care) is known as the Customer and is responsible for the Services and usage of the Services which it has procured from us. This will include one or more Care Circles and all activities and information of MemorySparx users within these Care Circles. One or more administrators is given authority to act on behalf of the Customer, for example the designated Account Manager(s) and Care Manager(s) for the Care Circle(s) it has procured. Please direct your data privacy questions or requests to an administrator. Your use of the Services is further subject to the Customers policies. We are not responsible for the privacy or security practices of the Customer which may be different than this policy.
Administrators are able to:
Restrict, suspend or terminate your access to the Services
Access information in and about your account
Access or retain information stored as part of your account
Invite additional users who can access information about you and information that you add or have previously added to the Services
Restrict, suspend or terminate your account access
Restrict your ability to edit, restrict, modify or delete information
Please contact your organization or refer to the organization’s policies for more information.
Our policy towards children
The Services are designed for those 13 years of age and older. We do not knowingly collect information from anyone under the age of 13. If we become aware that we have received such information or any information in violation of our policy, we will use reasonable efforts to delete such information. No part of the Services is designed with the purpose of attracting any person under the age of 13.
Accelerator Centre, West Entrance
295 Hagey Blvd.
Waterloo, ON, N2L 6R5
If, having shared your concerns with us, you are still not satisfied, you may file a complaint with the Office of the Privacy Commissioner of Canada by mail at 30 Victoria Street Gatineau, Quebec K1A 1H3 or by calling 1-800-282-1376.