Privacy Policy隱私政策
Effective Date: April 1, 2026生效日期:2026年4月1日
Careby Solutions Inc. is a PHIPA Privacy Agent committed to protecting your personal and health information. This policy explains how we collect, use, and safeguard your data in compliance with Ontario's Personal Health Information Protection Act (PHIPA).
Careby Solutions Inc. 是一家PHIPA隱私代理機構,致力於保護您的個人和健康信息。本政策說明我們如何根據安大略省《個人健康信息保護法》(PHIPA) 收集、使用和保護您的數據。
1. Definitions1. 定義
Key terms used throughout this policy:本政策中使用的關鍵術語:
- Personal Data:個人數據:Information that identifies or can identify you, such as name, email, phone, and account details.可以識別您身份的信息,例如姓名、電子郵件、電話和帳戶詳細信息
- Protected Health Information (PHI):受保護的健康信息(PHI):Health records including medical history, blood panels, test results, clinical notes, and biometric data, governed by PHIPA.包括醫療歷史、血液檢查、測試結果、臨床筆記和生物識別數據的健康記錄,受PHIPA管轄
- Data Controller:數據控制器:Careby Solutions Inc., which determines how and why your data is collected and processed.Careby Solutions Inc.,決定如何收集和處理您的數據的組織
- Data Processors:數據處理器:Third-party service providers (e.g., Dynacare, GoToDoctor, Sensi.ai) who process data on our behalf under strict agreements.代表我們處理數據的第三方服務提供者(例如Dynacare、GoToDoctor、Sensi.ai)
- PHIPA:PHIPA:Ontario's Personal Health Information Protection Act, which governs the collection, use, and disclosure of health information.安大略省《個人健康信息保護法》,管轄健康信息的收集、使用和披露
2. Information Collection and Use2. 信息收集和使用
We collect information in the following ways:我們通過以下方式收集信息:
- Directly from you:直接來自您:When you sign up, complete a health assessment, or interact with our platform.當您註冊、完成健康評估或與我們的平台互動時
- From healthcare providers:來自醫療提供者:Medical records, lab results, and clinical notes provided by your physician or our partner network.您的醫生或我們的合作網絡提供的醫療記錄、實驗室結果和臨床筆記
- From partner services:來自合作服務:Data from Dynacare (labs), GoToDoctor (virtual consultations), and Sensi.ai (home monitoring), shared with your consent.Dynacare(實驗室)、GoToDoctor(虛擬諮詢)和Sensi.ai(家庭監測)的數據,經您同意共享
- Automatically:自動:Usage data, device information, and analytics to improve our services and ensure security.使用數據、設備信息和分析,以改進我們的服務並確保安全
3. Types of Information Collected3. 收集的信息類型
We collect the following categories:我們收集以下類別:
Personal Data (Non-Health)個人數據(非健康相關)
- Name, email, phone, address, date of birth姓名、電子郵件、電話、地址、出生日期
- Account credentials and login information帳戶憑據和登錄信息
- Payment information (processed securely by Stripe, PCI-DSS compliant)付款信息(由Stripe安全處理,符合PCI-DSS)
- Emergency contacts and family member details緊急聯絡人和家庭成員詳細信息
Protected Health Information (PHI)受保護的健康信息(PHI)
- Clinical records and medical history臨床記錄和醫療歷史
- Blood panel results and biomarker data血液檢查結果和生物標誌物數據
- Biometric information (e.g., from home monitoring devices)生物識別信息(例如來自家庭監測設備)
- Wellness and activity data from Sensi.ai monitoring來自Sensi.ai監測的健康和活動數據
- Care-related usage data (e.g., caregiver visit notes)護理相關的使用數據(例如護理人員訪問筆記)
Usage Data & Analytics使用數據和分析
- Pages visited, time spent, clicks, and interactions訪問的頁面、花費時間、點擊和交互
- Device information (OS, browser, IP address)設備信息(操作系統、瀏覽器、IP地址)
- Cookies and tracking data to improve user experienceCookie和跟蹤數據以改進用戶體驗
4. Your Rights Under PHIPA4. 您在PHIPA下的權利
As an Ontario resident, you have the following rights:作為安大略省居民,您擁有以下權利:
- Right to access:訪問權:Request a copy of your PHI at any time. We will provide it within 30 days.隨時請求您的PHI副本,我們將在30天內提供
- Right to amend:修訂權:Request corrections to inaccurate health information in your record.要求對您記錄中不准確的健康信息進行更正
- Right to withdraw consent:撤回同意權:Stop the collection, use, or disclosure of your PHI at any time, subject to legal obligations.隨時停止收集、使用或披露您的PHI,但須受法律条款義務限制
- Right to lodge a complaint:投訴權:File a complaint with the Information and Privacy Commissioner of Ontario (IPC) if you believe your privacy rights have been violated.如果您認為您的隱私權被侵犯,可向安大略省信息和隱私專員(IPC)提出投訴
5. Use of Your Information5. 您的信息使用
Personal Data (Non-Health) Uses個人數據(非健康相關)使用
- Create and manage your account創建和管理您的帳戶
- Process payments and billing處理付款和帳單
- Provide customer support and respond to inquiries提供客戶支持和回應詢問
- Send service updates and important notifications發送服務更新和重要通知
- Coordinate care with your caregiver or family members (with consent)與您的護理人員或家庭成員協調護理(經您同意)
- Improve platform functionality and user experience改進平台功能和用戶體驗
Protected Health Information (PHI) Uses受保護的健康信息(PHI)使用
- Provide health panels, clinical assessments, and test result delivery提供健康檢測、臨床評估和測試結果交付
- Support virtual doctor consultations and medical recommendations支持虛擬醫生諮詢和醫療建議
- Deliver home monitoring services and care intelligence alerts to your family提供家庭監測服務和護理智能警報給您的家人
- Coordinate care with your healthcare providers and Dr. Jerry Leung (Careby Medical Director)與您的醫療提供者和Jerry Leung醫生(康伴醫療主任)協調護理
6. Consent to Collection and Use of Data6. 數據收集和使用的同意
Personal Data Consent個人數據同意
When you create an account, you consent to the collection and use of your personal data for account management, billing, and service delivery. You may withdraw this consent at any time, though this may affect service availability.當您創建帳戶時,您同意收集和使用您的個人數據用於帳戶管理、計費和服務提供。您可以隨時撤回此同意,但這可能會影響服務的可用性。
Protected Health Information Consent受保護的健康信息同意
Express Consent Required: We obtain explicit, signed consent before collecting, using, or disclosing your PHI. This includes:需要明確同意:在收集、使用或披露您的PHI之前,我們獲得明確的書面同意,這包括:
- What PHI will be collected (e.g., blood panel results, home monitoring data)將收集的PHI(例如血液檢查結果、家庭監測數據)
- Why it will be collected (e.g., to provide health panels, deliver care intelligence)收集原因(例如提供健康檢測、提供護理智能)
- How it will be used and disclosed如何使用和披露
- To whom it will be shared (e.g., Dr. Jerry, GoToDoctor, your designated family member)將與誰共享(例如Jerry醫生、GoToDoctor、您指定的家庭成員)
How to Withdraw Consent: You may withdraw consent at any time by contacting us at hello@getcareby.ca. We will cease collection and use of new data, though existing data uses under prior consent remain valid.如何撤回同意:您可以隨時通過hello@getcareby.ca與我們聯繫來撤回同意。我們將停止收集和使用新數據,但根據之前同意的現有數據使用保持有效。
No Marketing Without Opt-In未經選擇加入的情況下不進行營銷
We do not use PHI for marketing or promotional purposes without your explicit opt-in consent. Marketing communications are sent only to those who have actively chosen to receive them.未經您的明確選擇加入同意,我們不將PHI用於營銷或促銷目的,營銷通訊僅發送給積極選擇接收的人
7. Retention of Personal Data and PHI7. 個人數據和PHI的保留
We retain your data as follows:我們保留您的數據如下:
- Active Account:活躍帳戶:While you maintain a subscription or active account, all data is retained to provide services.在您保持訂閱或活躍帳戶期間,所有數據都被保留以提供服務
- After Account Closure:帳戶關閉後:PHI is retained for 7 years in secure archive to comply with PHIPA requirements and support any necessary care continuity. Personal data is deleted within 90 days, except where required by law.PHI在安全存檔中保留7年,以符合PHIPA要求並支持必要的護理連續性,個人數據在90天內刪除,除非法律条款另有規定
- Regulatory Hold:監管保留:Data may be retained longer if required by law or for legal proceedings.如果法律条款要求或用於法律条款訴訟,數據可能會保留更長時間
8. Transfer of Data8. 數據轉移
PHI Stays in Canada: All Protected Health Information remains within Canada and is not transferred outside our borders without explicit legal authority.PHI保留在加拿大:所有受保護的健康信息保留在加拿大境內,未經明確的法律条款授權,不轉移到邊界外
Personal Data: Non-health personal data may be transferred internationally to our service providers (e.g., Stripe for payments, AWS for hosting) where appropriate safeguards are in place.個人數據:非健康個人數據可能會轉移給我們的國際服務提供者(例如用於付款的Stripe、用於託管的AWS),其中有適當的保護措施。
9. Disclosure of Your Information9. 您信息的披露
PHI DisclosuresPHI披露
We disclose your PHI only with your express consent and in the following cases:我們只在您明確同意的情況下披露您的PHI,並在以下情況下:
| Recipient收件人 |
Purpose目的 |
| Dr. Jerry Leung (Medical Director)Jerry Leung醫生(醫療主任) |
Review blood panel results and provide personalized health recommendations查看血液檢查結果並提供個性化健康建議 |
| Healthcare Providers (Your Physician)醫療提供者(您的醫生) |
Coordinate care and share relevant medical history with consent協調護理並經同意與您的醫生共享相關醫療歷史 |
| GoToDoctor (Virtual Physician Partner)GoToDoctor(虛擬醫生合作夥伴) |
Provide virtual consultation and medical assessment提供虛擬諮詢和醫療評估 |
| Dynacare (Lab Partner)Dynacare(實驗室合作夥伴) |
Process blood tests and generate lab results處理血液測試並生成實驗室結果 |
| Sensi.ai (Home Monitoring Partner)Sensi.ai(家庭監測合作夥伴) |
Provide home monitoring and care intelligence alerts提供家庭監測和護理智能警報 |
| Family Members (Designated)家庭成員(指定) |
Alert to care events (e.g., falls, health changes) with your prior authorization在您的先前授權下,警報護理事件(例如跌倒、健康變化) |
Personal Data Disclosures個人數據披露
Non-health personal data may be disclosed to:非健康個人數據可能被披露給:
| Type類型 |
Purpose目的 |
| Service Providers服務提供者 |
Payment processing, hosting, customer support, analytics付款處理、託管、客戶支持、分析 |
| Legal Requirements法律条款要求 |
Respond to court orders, legal process, or regulatory requests回應法院命令、法律条款程序或監管請求 |
| Safety & Security安全和保安 |
Prevent fraud, detect abuse, enforce terms of service防止欺詐、檢測濫用、執行服務條款 |
| Business Transfer業務轉移 |
In case of merger, acquisition, or sale of assets在合併、收購或資產出售的情況下 |
10. Security of Your Information10. 您信息的安全
We implement industry-standard security measures to protect your data:我們實施行業標準的安全措施來保護您的數據:
- Encryption:加密:All data in transit and at rest uses AES-256 encryption (or equivalent).所有傳輸中和靜態數據都使用AES-256加密(或等效)
- Access Control:訪問控制:Only authorized personnel with a "need to know" can access PHI. Role-based access is enforced.只有具有"必要知道"的授權人員才能訪問PHI,強制執行基於角色的訪問
- Authentication:身份驗證:SMS-based login and optional multi-factor authentication (MFA) for high-security accounts.基於SMS的登錄和高安全帳戶的可選多因素身份驗證(MFA)
- Auditing & Monitoring:審計和監測:We maintain logs of all access to PHI and conduct regular security audits.我們維護所有PHI訪問的日誌並進行定期安全審計
- Secure Deletion:安全刪除:When data is deleted, it is securely wiped and cannot be recovered.當數據被刪除時,它被安全擦除並無法恢復
- Third-Party Security:第三方安全:Our service providers (Dynacare, GoToDoctor, Sensi.ai, AWS) maintain their own security standards and are contractually bound to protect your data.我們的服務提供者(Dynacare、GoToDoctor、Sensi.ai、AWS)維護自己的安全標準,並在合同上有義務保護您的數據。
11. Rights for EU/EEA Users (GDPR Compliance)11. 歐盟/歐洲經濟區用戶的權利(GDPR合規)
If you are located in the EU or EEA, you have additional rights under the General Data Protection Regulation (GDPR):如果您位於歐盟或歐洲經濟區,您在《通用數據保護條例》(GDPR)下擁有額外權利:
- Right to Access: Request a copy of your personal data in a portable format.訪問權:請求您個人數據的副本,採用可移植格式
- Right to Rectification: Correct inaccurate or incomplete data.修正權:更正不准確或不完整的數據
- Right to Erasure: Request deletion of your data under certain conditions ("right to be forgotten").刪除權:在某些條件下請求刪除您的數據("被遺忘的權利")
- Right to Restrict Processing: Limit how we use your data.限制處理權:限制我們如何使用您的數據
- Right to Data Portability: Receive and transfer your data to another service.數據可移植性權:接收並將您的數據轉移到另一項服務
- Right to Object: Object to certain uses of your data.反對權:反對對您數據的某些使用
To exercise these rights, contact hello@getcareby.ca. We will respond within 30 days.要行使這些權利,請聯繫hello@getcareby.ca,我們將在30天內回應
12. California Privacy Rights (CCPA Compliance)12. 加州隱私權(CCPA合規)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):如果您是加州居民,您在《加州消費者隱私法》(CCPA)下擁有權利:
- Right to Know: Request what personal information we have collected about you.知情權:請求我們收集的有關您的個人信息
- Right to Delete: Request deletion of your personal information.刪除權:請求刪除您的個人信息
- Right to Opt-Out: Opt out of the sale or sharing of your personal information.選擇退出權:選擇不參與出售或共享您的個人信息
- Right to Non-Discrimination: We do not discriminate against you for exercising your CCPA rights.非歧視權:我們不會因您行使CCPA權利而歧視您
Do Not Track: We comply with the Do Not Track (DNT) browser setting. If you enable DNT, we will limit the collection of tracking cookies.禁止跟蹤:我們遵守禁止跟蹤(DNT)瀏覽器設置,如果您啟用DNT,我們將限制跟蹤Cookie的收集
13. Analytics and Cookies13. 分析和Cookie
We use cookies and analytics tools to understand how you use our platform and improve your experience:我們使用Cookie和分析工具來了解您如何使用我們的平台並改進您的體驗:
- Session Cookies:會話Cookie:Required to keep you logged in and authenticate your requests.需要保持您的登錄狀態並驗證您的請求
- Preference Cookies:偏好Cookie:Remember your language selection and UI preferences.記住您的語言選擇和UI偏好
- Analytics Cookies:分析Cookie:Track usage patterns to help us improve the platform. These are anonymized where possible.跟蹤使用模式,幫助我們改進平台,這些在可能的情況下是匿名的
You can control cookies through your browser settings. Disabling cookies may limit platform functionality.您可以通過瀏覽器設置控制Cookie,禁用Cookie可能會限制平台功能
14. Payment Processing & Security14. 付款處理和安全
All payment information is processed securely through Stripe, which is PCI-DSS compliant:所有付款信息都通過符合PCI-DSS的Stripe安全處理:
- Careby does not store or have access to your credit card details.康伴不存儲或無法訪問您的信用卡詳細信息
- All transactions are encrypted and processed in compliance with industry standards.所有交易都經過加密並按照行業標準進行處理
- For questions about payment security, contact Stripe directly at stripe.com/security.有關付款安全的問題,請直接聯繫Stripe:stripe.com/security
15. Links to Other Websites15. 指向其他網站的鏈接
Our website may contain links to third-party websites (e.g., GoToDoctor, Dynacare). We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any information.我們的網站可能包含指向第三方網站(例如GoToDoctor、Dynacare)的鏈接。我們對其隱私實踐不負責。我們鼓勵您在提供任何信息之前查看其隱私政策。
16. Children's Privacy16. 兒童隱私
Careby services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover that a minor has provided information, we will delete it within 30 days. If you believe a child has provided us with information, please contact us immediately at hello@getcareby.ca.康伴服務不適用於18歲以下的個人。我們不會有意收集未成年人的個人信息。如果我們發現未成年人提供了信息,我們將在30天內刪除它。如果您認為孩子向我們提供了信息,請立即通過hello@getcareby.ca與我們聯繫。
17. Changes to This Privacy Policy17. 本隱私政策的更改
We may update this policy from time to time. Material changes will be notified to you via email or through a prominent notice on the website. Your continued use of Careby after such changes constitutes your acceptance of the updated policy.我們可能會不時更新本政策。重大更改將通過電子郵件或網站上的顯著通知通知您。您在此類更改後繼續使用康伴表示您接受更新的政策。
18. Contact Us18. 聯繫我們
If you have questions about this privacy policy or your data, please contact us:如果您對本隱私政策或您的數據有疑問,請聯繫我們:
Privacy Commissioner: If you believe your privacy rights have been violated, you may lodge a complaint with the Information and Privacy Commissioner of Ontario (IPC):隱私專員:如果您認為您的隱私權被侵犯,您可以向安大略省信息和隱私專員(IPC)提出投訴: