Privacy Policy for the BEACON Online Platform

This Privacy Policy was last updated on May 1, 2018.

General Information

The website https://mindBEACON.com is owned by MindBEACON Software Inc. and the application is licensed to and operated by MindBEACON Health Inc. (MindBEACON Health Inc. and MindBEACON Software Inc. collectively referred to as “BEACON”). This Privacy Policy explains how your Personal Information (as hereinafter defined) is collected, used, and disclosed by BEACON when you use the BEACON website at https://mindBEACON.com and any and all sub-domains of such website (the “Site”), as well as the kinds of information we collect when you use our services through the Site or when contacting us. By providing us with your Personal Information, you agree to be bound by the terms and conditions of this Privacy Policy.

We respect the privacy of everyone who accesses the Site. We recognize the need for appropriate protections and management of Personal Information. This Privacy Policy will assist you to understand what information we collect, how we use that information, and how it is disclosed.

You may browse the Site without registering for an account or submitting any information to us.

You must be at least sixteen (16) years of age to use the Site or any BEACON service. By using the Site, you represent and warrant to BEACON that you are at least 16 years old.

In order to ensure that this Privacy Policy is kept up to date, we may change this Privacy Policy from time to time. Notice of changes to the Privacy Policy will be posted on the Site, and will be effective 30 days following notice of the changes on the Site. If you access or choose to continue to use the Site after the effective date of the change, you are deemed to have automatically accepted the change.  

What is “Personal Information”?

The term “Personal Information” (as used in this Privacy Policy) has the same meaning as set out in Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), and means any information about an identifiable individual including contact information, name, address, phone number or email address, gender, date of birth, and any data about yourself that you choose to provide through the Site.

The term “Personal Health Information” is meant to reflect each province and territories’ definition of “health information”, “personal health information” and  “personal information” as set out in the provinces and territories’ respective health protection acts, including: Alberta’s Health Information Act, R.S.A., 2000, c. H-5, British Columbia’s E-Health (Personal Health Information Access and Protection of Privacy) Act, S.B.C. 2008, c. 38, Manitoba’s The Personal Health Information Act, C.C.S.M. c. P33.5, the Northwest Territories’ Health Information Act, S.N.W.T. 2014, c.2, New Brunswick’s Personal Health Information Privacy and Access Act, Chap. P-7.05, Newfoundland’s Access to Information and Protection of Privacy Act, 2015, S.N.L. 2015, c. A-1.2, Nova Scotia’s Personal Health Information Act, 2010, c. 41, Ontario’s Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A, Prince Edward Island’s Freedom of Information and Protection of Privacy Act, Chapter F-15.01, Quebec’s Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information, c. A-2.1 and Act Respecting Health Services and Social Services, S-4.2, Saskatchewan’s The Health Information Protection Act, H-0.021, the Yukon’s Health Information Privacy and Management Act, S.Y., 2013, c.16, and any other applicable legislation (the “Applicable Legislation”), and includes information relating to your physical or mental health, as well as your health history, medical records, prescriptions, payment for health care provided, and your health card number.

In this Privacy Policy, the term Personal Information may include Personal Health Information as appropriate.

Any data that has been collected in which all personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered Personal Information or Personal Health Information. This type of de-personalized information may be used for research purposes in accordance with this Privacy Policy and PIPEDA or PHIPA, as applicable.

Consent

By using the Site, you agree to the terms of this Privacy Policy and that we may collect, use and disclose your Personal Information in accordance with the terms hereof. By creating an account to save information, and/or by submitting information for screening purposes and/or an assessment, and by using any BEACON platform and application, you consent to the Terms of Use and Privacy Policy as applicable to each and all of those actions.

BEACON will collect, use and disclose your Personal Information without your consent only in limited circumstances and as permitted by law. For example, Personal Information may be used or disclosed without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual. In certain limited circumstances, we may be called upon to release your Personal Information in response to a court order, subpoena, search warrant, law or regulation. We will cooperate in responding to such requests, taking appropriate measures to ensure that the requester understands the sensitive nature of the Personal Information that they may receive, and that disclosure is necessary to comply with applicable law.

Except in limited circumstances as permitted by applicable law, we will obtain your consent before collecting, using or disclosing your Personal Information for new purposes unrelated to the purposes described in this Privacy Policy.

In certain cases, you may choose not to provide us with some or all of your Personal Information. However, should you choose not to provide necessary Personal Information to us, that decision may impact your ability to interact with us or for us to provide you with certain services. For example, we require that you provide us with current emergency contact information, and we cannot provide any services or the BEACON course without emergency contact information.

You may withdraw your consent at any time by notice to us in writing. Please contact our Information Officer listed below to find out how.

What Personal Information does BEACON collect?

We may collect Personal Information about you for the purpose of administration, billing, and providing services through the BEACON platform, including, without limitation, information such as:

  1. Your name;
  2. Your contact information, emergency contact information, date of birth;
  3. Health insurance information (including your OHIP number), benefits insurance coverage information, if applicable, and payment information, if applicable;
  4. The services you will and have received (diagnostic assessment, non-diagnostic assessment, BEACON course, etc.), dates, etc.;
  5. Responses to your screening and/or online assessment;
  6. Your assessment report;
  7. Secure messaging communications between you and your eTherapist;
  8. Any information that you send to us through the Site, email or the BEACON platform;
  9. Notes and records of assessment and information relating to your assessment for suitability for the course, and notes and records relating to your progress through the course;
  10. Outcome data from self-report measures; and
  11. Your responses to requests for information and/or treatment questions at follow-up intervals three (3) and six (6) months after you have completed the course.

How is this Personal Information used?

We will use your Personal Information in several capacities including, without limitation, for billing purposes, to provide you with information about possible services and treatments, to help us better understand your needs, and to deliver the services related to the BEACON platform and the BEACON course to you as required. For example, we may use your Personal Information to:

  1. Communicate with you, including setting up an assessment phone call, and to provide other reminders, prompts and feedback about your progress through the BEACON course;
  2. Deliver services to you, including assessments, help with your course, and course materials;
  3. Bill you for the products/services you purchase;
  4. Provide you with ongoing service and support; and/or
  5. Where relevant, provide assessments and reports to third party insurance or wellness center partners through which you have contacted us for services and treatment.

eTherapists and others delivering services through the BEACON course work as a team, and your Personal Information may be shared with and used by other BEACON team members.

Your Personal Information may be de-personalized and, in some cases, aggregated with de-personalized information from other clients. This de-personalized information will be used to assess various factors, including trends in client health, and adherence and compliance rates, which are useful to understand and improve upon our health care services and delivery.

Other Information/Logging and Cookies

We may collect and use anonymized information about how users interact with the Site, including Internet Protocol addresses, Internet domain names, the web browser and operating system used to access the BEACON platform, the time spent on each page, and the time and date of each visit. This information is used for, among other things, auditing and tracking purposes, to improve the content of the Site, and to create a better experience for users of the Site.

We may use cookies on some pages of the Site. Cookies are identifiers that can be sent from a web site via your browser to be placed on your computer’s hard drive. Thereafter, when you visit a web site, a message is sent back to the web server by the browser accessing the web site. You may elect not to accept cookies by changing the designated settings on your web browser or by browsing anonymously. However, not utilizing cookies may prevent you from using certain functions and features of the Site. The information collected from the use of cookies is used and analyzed to improve the functioning of the Site, the services provided to you, and to personalize your online experience. We may link the information available to us through the use of cookies to the Personal Information that you may choose to provide elsewhere on the Site and the BEACON platform. We use the information we collect through the use of cookies for our research and business purposes, including operation of the Site and the BEACON platform.

Our Relationship to Insurance and Wellness Center Partners

You may be using BEACON through one of our third party insurance or wellness center partners. If this is the case, we will require you to agree to an additional third party consent which allows us to provide reports and other information about your treatment to these partners.

Confidentiality

The BEACON platform is strictly confidential. That means that the information you share with your eTherapist is known only to you, your eTherapist and the eTherapist supervisor. Neither BEACON nor any member of a regulated health profession working with BEACON will release any information about you to anyone without your written permission, except as required by applicable law.

No information that we have about you will be communicated directly or indirectly to any third party without your prior informed and written consent, except when we have the following legal obligations to release confidential information:

  1. Harm to self: If your eTherapist has reason to believe that you are in danger of physically harming yourself in ways that may be life-threatening, s/he will have to make a referral to a hospital and/or contact a family member, close other, or another person such as a police officer who may be able to help protect you. There may be other emergency health care related circumstances where disclosure is reasonably necessary for the protection of your health, in which case your eTherapist will disclose Personal Information to other health care professionals as long as you have not expressly prohibited your eTherapist from doing so.

  2. Harm to others: If your eTherapist has reason to believe that you are seriously threatening physical violence against another person, or if you have a history of physically violent behaviour, and if s/he believes that you are an actual threat to the safety of another person, s/he is required to take some action (such as contacting the police, notifying the other person, seeking hospitalization, or some combination of these actions) to ensure that the other person is protected.

  3.  Abuse/Neglect
    1. If your eTherapist has reason to believe that a child under the age of 16 is being abused or neglected, s/he is legally obligated to report this situation to the Childrens’ Aid Society.

    2. If your eTherapist suspects or is informed of unlawful conduct that resulted in harm or risk of harm to a resident of a Long Term Care Facility or Retirement Home, or that a resident is being harmed or is at risk of being harmed in any way (e.g., sexual or physical abuse, neglect, misappropriation of resident’s funds), s/he may be required to contact the applicable Ministry or Regulatory Authority and report all relevant information.
  4. Sexual Abuse: If you have been sexually abused by a member of a regulated health profession, this information must be reported to the appropriate regulatory body if you share the information with your eTherapist.

  5. Court Order: Your eTherapist and clinical record can be subpoenaed by a court order. Your eTherapist can be required to testify and give information obtained during sessions. Without a court order, this information would never be provided voluntarily without your direct request or consent.

  6.  Quality Control:
    1. On occasion, your eTherapist may be randomly selected to participate in a Peer Assisted Review by his/her regulatory college (for example, the College of Psychologists of Ontario). As part of this process, your file may be potentially reviewed by a member of the regulatory college. Regulatory colleges have confidentiality policies in place to protect your information.

    2. Your eTherapist may be supervised in his/her clinical work by a more senior eTherapist or a psychologist. You will be informed of any such supervisory arrangement. That supervisor may access your clinical file for the purposes of quality control.

Exceptions to confidentiality are rare. If disclosure of Personal Information is required, your eTherapist will release only the information required to be released to comply with our obligations in accordance with applicable law.

Our Relationship to Third Parties

We have relationships with agents and third party service providers who help us provide services to you including, but not limited to, administering our business, including administrative and billing matters, and designing, maintaining and improving the Site and the BEACON platform and our systems and computer security.

We also use third parties to analyze de-personalized data collected on the Site and the BEACON platform for research purposes. We will not disclose your Personal Information to anyone other than to our employees and those of our affiliates and our respective agents and those third parties that require such information in order to help us provide services to our clients and administer our business. To the extent we allow a third party service provider to access to your Personal Information for the purposes outlined herein, they will only be permitted to collect it or use it for purposes consistent with this Privacy Policy and applicable law.

In order to facilitate our provision of services to you, your Personal Information may be used, stored, processed, and/or accessed by an affiliate or a third party service provider outside Canada. All such information will be protected in accordance with this Privacy Policy, and we require affiliates and third parties to protect your Personal Information under terms that are at least as protective of your privacy as this Privacy Policy. However, your Personal Information would be subject to the laws of the country to which it is transferred and stored.

We may provide de-personalized data to third parties for analysis, as described above. You cannot be identified from de-personalized data, and de-personalized data is no longer Personal Information.

Links to Third Parties

We may provide links to third party websites for your convenience and information. If you access those links, you will leave the Site or the BEACON platform. BEACON does not control those sites or their privacy practices, which may differ from this Privacy Policy. Please review the privacy policies of each web site that you visit.

Our Security Measures

We are committed to protecting the security of your Personal Information. We have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use your Personal Information. We apply security safeguards appropriate to the sensitivity of the Personal Information, such as retaining information in secure facilities and making Personal Information accessible only to authorized employees on a need-to-know basis. We have clearly defined internal policies and practices.

Your Personal Information is stored on our database servers or hosted by third parties who have entered into agreements with us that require them to observe the terms of this Privacy Policy and comply with all applicable laws including PIPEDA and PHIPA. Data centres are designed to be physically secure and protected from unauthorized access by unauthorized persons.

Although we will make commercially reasonable efforts to protect Personal Information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk that an unauthorized third party could find a way to thwart our security systems. This risk is heightened if you are using unsecured/public Wi-Fi.

Retention

We retain your Personal Information only for as long as is necessary for the purpose for which it was collected in accordance with the laws, ethics and standards applicable to members of the College of Psychologists of Ontario or such other applicable regulatory body in jurisdictions in which we operate. When your Personal Information is no longer required or required to be maintained, it will be destroyed or de-personalized in accordance with applicable laws.

You understand that BEACON retains your personal information only for as long as is necessary for the purpose for which it was collected in accordance with the ethics and standards of the College of Psychologists of Ontario or other applicable regulatory body. When personal information is no longer required, it will be destroyed or de-identified 

If you create an account on the Site but do not submit your answers to the screening or the online assessment questionnaire within seven (7) days from the date upon which you create your account, then we will automatically delete your answers. If you create an account but do not use it, your account will be deleted within 30 days from the date upon which you created your account.

Your record will be maintained, as required, in accordance with the laws and standards set out by the College of Psychologists of Ontario or any other applicable regulatory body governing the provision of services as a clinician.

Verification

We will engage in periodic assessments to verify that our privacy practices continue to comply with this Privacy Policy.

Questions about this Privacy Policy

In addition to this Privacy Policy, we comply, as appropriate, with all laws, ethics and standards applicable to members of the College of Psychologists of Ontario and any other applicable regulatory body governing the provision of services as a clinician.

Except in the limited circumstances established by law, individuals may obtain access to their Personal Information.  Individuals may also request us to correct their Personal Information where they believe it to be out of date or otherwise inaccurate.  Requests for access or correction must be made in writing and should be addressed to our privacy officer. We may decide to share your Personal Information with you through a health care provider, where appropriate.

We will assist you if you inform us that you need assistance in preparing a request concerning Personal Information. Administrative charges may apply.

For more information on your privacy rights, you may contact the Office of the Privacy Commissioner of Canada at 1-800-282-1376,  the Office of the Information and Privacy Commissioner or Alberta at 1-888-878-4044, the Office of the Information & Privacy Commissioner for British Columbia at 250-387-5629, the Manitoba Ombudsman at 1-800-665-0531, the Office of the Integrity Commissioner for New Brunswick at 1-877-755-2811, Newfound and Labrador’s Office of the Information and Privacy Commissioner at 1-877-729-6309, Northwest Territories’ Information and Privacy Commissioner at 1-888-270-3318, Nova Scotia’s Office of the Information and Privacy Commissioner at 1-866-243-1564, Information and Privacy Commissioner of Nunavut at 1-888-521-7088, the Ontario Information and Privacy Commissioner at 1-800-387-0073, Prince Edward Island’s Office of the Information and Privacy Commissioner at 902-368-4099,  Commission d’acces a l’information du Quebec at 418-528-7741, Office of the Saskatchewan Information and Privacy Commissioner at 1-877-748-2298 and the Yukon Information and Privacy Commissioner at 1-800-661-0408.

BY SUBMITTING PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION THROUGH THE SITE, THE BEACON PLATFORM, OR THE BEACON APPLICATION, YOU SIGNIFY YOUR ACCEPTANCE OF THE TERMS OF THIS PRIVACY POLICY. BY USING THE SITE, THE BEACON PLATFORM, OR THE BEACON APPLICATION, YOU ALSO ACCEPT THE TERMS OF USE POSTED ON THE SITE, THE BEACON PLATFORM, AND THE BEACON APPLICATION.

You can update your account through the BEACON website, or by contacting our Information Officer. If you have any questions about this Privacy Policy or the handling of your Personal Information, please contact the BEACON Information Officer at informationofficer@cbtassociates.com.