Scope of Policy
This Policy addresses personal information about identifiable individuals and does not apply to information collected, used or disclosed with respect to corporate or commercial entities.
This Policy does not impose any limits on our collection, use or disclosure of the following information:
- your business contact information; and
- certain publicly available information.
MD Analytics Inc. (“MDA”) is accountable and responsible for personal information under its control. MDA has designated a Privacy Officer to ensure compliance with this Policy by MDA.
When collecting personal information from you, MDA will explain the purpose of the collection and will answer your questions about the collection.
Most of your personal information will be collected directly from you through the surveys and other documents you complete and through discussions with our representatives. Some of your information may be collected from other sources such as third-party recruitment firms.
We disclose aggregate survey responses to our customers; however, we do not disclose personally identifiable information about you to our customers without your prior written consent (unless we are required or authorized to do so by law).
Your personal information and survey responses may be disclosed to our affiliates, legal advisors, service providers, regulatory and governing bodies (such as colleges of physicians and surgeons), government departments and agencies, and other third parties for the purposes described below.
MDA and its representatives may collect, use and disclose your personal information for the following purposes:
- authenticating your identity and confirming your credentials;
- determining your eligibility to participate in surveys;
- contacting you to participate in surveys;
- clarifying your responses to surveys;
- determining your eligibility for prizes;
- providing and administering requested products and services to you;
- protecting MDA, yourself and others from fraud and error;
- managing or transferring MDA’s assets or liabilities, for example in the case of an acquisition or merger, the provision of security for a credit facility or
- the change of a supplier; and
- complying with legal requirements and acting pursuant to legal authorizations.
If we want to use your personal information for a new purpose, we will obtain your consent to do so unless the use is authorized or required by law.
We will obtain your consent to collect, use or disclose personal information except where we are authorized or required by law to do so without consent. For example, we may collect, use or disclose personal information without your knowledge or consent where:
- the information is publicly available, as defined by statute or regulation;
- we are obtaining legal advice; or
- we reasonably expect that obtaining consent would compromise an investigation or proceeding.
Other exceptions may apply.
Your consent can be express, implied or given through an authorized representative such as a lawyer, agent or broker. It can also be given verbally, in writing, electronically, through inaction (e.g. if we notify you that we want to collect, use or disclose your personal information for various purposes and you do not object) or otherwise.
You may withdraw consent at any time (subject to legal, contractual and other restrictions) if you give reasonable notice to us. After we have received such notice, we will inform you of the likely consequences of withdrawing consent, which may include our inability to provide certain services to you or to continue our relationship with you.
Limits on Collection of Personal Information
We will not collect personal information indiscriminately and will limit our collection of your personal information to what is reasonably necessary to provide a product or service either directly or indirectly and which is reasonably necessary for the purposes which you consented to. We may also collect information as authorized by law.
Limits for Using, Disclosing and Retaining Personal Information
We will only use and disclose your personal information for the purposes to which you have consented unless otherwise authorized or required by law.
We will keep personal information used to make a decision affecting you for at least one year after using it to make the decision.
We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that: (a) the original purpose is no longer being served by retention of the information, and (b) retention is no longer necessary for legal or business purposes.
We will take due care when destroying personal information to prevent unauthorized access to the information.
MDA will make a reasonable effort to ensure that personal information it is using or disclosing is accurate and complete. In most cases, we will rely on you to ensure that certain information, such as your street address, e-mail address or telephone number, is current, complete and accurate.
If you demonstrate the inaccuracy or incompleteness of personal information, MDA will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed.
When a challenge regarding the accuracy of personal information is not resolved to your satisfaction, MDA will annotate the personal information under its control with a note that a correction was requested but not made.
Safeguarding Personal Information
MDA protects the personal information in its custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
MDA will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by its suppliers and agents who assist in providing products and services to you. Some specific safeguards include:
- physical measures such as locked filing cabinets;
- organizational measures such as restricting access to files and databases as appropriate; and
- electronic measures such as encryption, passwords and firewalls.
We will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by the suppliers and others whom we ask to assist in providing services to you and us.
Note that confidentiality and security are not assured when information is transmitted through e-mail or wireless communication.
You have a right to access your personal information held by us.
Upon written request and authentication of identity, we will provide you with your other personal information under its control, information about the ways in which that information is being used and a description of the individuals and organizations to whom such information has been disclosed.
We will make personal information available within 14 days or provide written notice where additional time is required to fulfil the request.
In some situations, we may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purpose of an investigation or where disclosure of the information would reveal confidential commercial information that, if disclosed, could harm our competitive position. We may also be prevented by law from providing access to certain personal information.
Where an access request is refused in whole or in part, MDA will notify you in writing, giving the reason for refusal and outlining further steps which are available to you.
Upon your request, we will provide information regarding our complaint procedures.
Any inquiries, complaints or questions regarding this policy or our compliance with privacy legislation should be directed in writing to our privacy officer through our website.