Privacy Policy

Last Updated: October 31st, 2024

LUME WOMEN + HEALTH INC. (“Lume”, “we”, “our” or “us”) respects your privacy and is committed to protecting it.

This Privacy Policy governs your access and use of our website, www.lumewomenshealth.com including any content, functionality or services offered through our website or related landing pages (collectively, “Site”) whether as a guest or a registered user. In this Privacy Policy “you” or “your” refers to you or any individual who accesses our Site.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING OUR WEBSITE

Lume is committed to protecting the privacy of your personal information, including your personal health information (collectively sometimes referred to as “personal information”). It explains how we collect, use, handle, and disclose your personal information.

This Privacy Policy applies to any personal health information or other personal information that we collect from you when you: (i) use the Lume’s online system, (ii) visit and receive care at a Lume health facility, (iii) visit our website where this Privacy Policy is posted (the “website”), or (iv) otherwise interact with us (collectively the “Services”).

Use of Site
You must be at least 16 years old to use our Site or the age of majority in your jurisdiction. No one under the age of 16 may provide any information to or on our website. We do not knowingly collect, use or disclose personal information about visitors under 16 years of age. If you are under 16 years of age you must immediately stop using our website and not provide any information to us through any function on our website. If you become aware that we have collected information from anyone under the age of 16 please contact us at INFO@LUMEWOMENSHEALTH.COM so we may delete that information.

TOPICS COVERED IN THIS PRIVACY POLICY

  1. Collection and Use of Personal Information
  2. Disclosures of Personal Information
  3. Storage and Location of Personal Information
  4. Information About Our Website
  5. Safeguards and Retention
  6. Your Choices
  7. Your Rights
  8. Updates to our Privacy Policy
  9. Contact Us

1.  COLLECTION AND USE OF PERSONAL INFORMATION

We may collect and use your personal information, including your personal health information, when you:

  • Visit or obtain health care services at a Lume health facility or through our virtual care services
  • Create an account to access and use your electronic record
  • Book an appointment
  • Purchase a service from Lume
  • Chat with us through our live chats
  • Sign up to receive marketing emails about Lume resources, services, offers and events
  • Participate in a Lume survey
  • Consent to participate in research
  • Download research or content through our website
  • Visit a clinic
  • Contact us
  • Apply for a job with Lume

Health Care Services:  We collect your personal health information to enable Lume health care providers to provide you with health care services when you visit our clinic, receive virtual care services, or otherwise engage with us. We may also collect relevant personal health information about you from your other health care providers, in order to enable Lume health care providers to provide you with our health care services. Your personal health information is stored in your medical record which is accessible to health care providers, employees, agents and contractors in our clinic and through virtual care technologies. We also collect personal information (which may include personal health information) to provide you with additional health related services.

While the nature of the personal health information you provide us will be unique to you and your health care needs, in general, we may collect information such as your name, gender, date of birth, health concerns, personal and family medical history (including information about any treatments, diagnosis, or prescriptions), physician and medical referral appointment information, health care documents (including reports and imaging results), health card number, and other relevant health information, for the purposes of determining suitability for, planning and delivering health care services to you.

Virtual Care Services: Lume health care providers offer virtual care services to provide non-urgent, non-emergency health care services remotely, either through real-time video or audio technology.  If you choose to use our virtual care services, Lume may request that you verify your identity such as by showing the health care provider your government-issued photo ID at the start of your virtual care session. Virtual care sessions are not recorded. If you and your health care provider exchange personal information through the chat functionality in a virtual care session, relevant information may be stored in your medical record.

We do our best to make sure that any information you give to us during virtual care visits is private and secure, however, as with all online communications, there is a risk that your health information may be intercepted or unintentionally disclosed. To help mitigate the risk, you should be in a private setting and should not use an employer’s or someone else’s computer/device.

Electronic Medical Record: As a Lume client, you will create an online account to access and use an electronic medical record (EMR) system in order to communicate with us, book and view appointments, view the status of your upcoming or past referrals, purchase products and services, access test results and use our virtual care services. In order to create and administer your account and authenticate you, we will collect your full name, email address, date of birth, and a password that you create. We also collect your provincial health card number to provide you with provincially funded health resources and to accurately identify and link your personal health information records. You will also have the option to add information to your account profile, such as your gender, address, preferred method of contact phone number, emergency contact information, marital status, employment status, workplace name, role which help us understand your needs and tailor our products, services, and pricing to you for non-OHIP services. The information in your account profile on the EMR system may be automatically updated to reflect information you provide to Lume when you book a Service or visit our clinic. You are required keep your username and password secure and not share it with anyone else. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages).

Appointment Booking: We collect personal information when you book an appointment with a health care provider through the EMR sytem, by phone, text message, email or in person. This information may include the type of visit you would like (i.e. in person, virtual or by phone), name, reason for booking the visit, medical history, and emergency contact information. We use this information to book your appointment and provide the health care provider with the information they need to deliver health care services to you. For certain products and services, we will request a credit card number at the time of booking as described below. You can manage some of your appointment bookings or view your past and upcoming appointment bookings through the EMR system or by contacting us.

Payment: If you purchase a product, service or other good from Lume that is not OHIP insured, we (or our authorized third party payment processor) will collect your full name, payment information (including billing address, credit card number, expiry data and CVV code), or if applicable, your private health insurance information, in order to process the transaction and enable Lume health care providers to provide you with the health care services you have purchased.

Marketing Communications:  The provision of health information and educational material is a core feature of the Lume service offering. When you join Lume (or, if we otherwise have your consent) we will collect and use your full name, email address and/or your mobile phone number to provide you with marketing communications including information about Lume resources, services, offers, events and promotions that may be tailored to your interests and interactions with Lume.

You can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of each email or by adjusting your preferences through your account profile in the EMR system. Alternatively, you can opt out of receiving email marketing communications by contacting us using the contact information provided in the “Contact Us” section below. Please note that you may continue to receive transactional, informational or account-related communications from us even if you unsubscribe from marketing communications.

Surveys: From time to time, we may offer you the opportunity to participate in one of our surveys. We may use the information we obtain through our surveys, which may include personal health information, to review and identify opportunities for improving our delivery of health care services to our clients and as otherwise explained to you at the time of the survey.

Research and Analytics: From time to time, Lume may participate in medical research projects utilizing personal health information previously and/or prospectively collected for the purpose of improving the health care services at Lume and advancing medical knowledge. Lume will not use or disclose your personal health information for these projects in a manner that can identify you without first obtaining your consent or in a manner consistent with applicable law, such as with the approval of a research ethics board. Lume may generate de-identified information and disclose this information to third parties who are part of the research project and bound to use the data for the purposes of the study. De-identified information is information that has had identifiers and other information removed so that it is not reasonably foreseeable that the information could be used, alone or in combination with other information, to identify an individual. Lume may also generate and analyze de-identified data to create comparative statistical benchmarking reports across client groups or sectors to better understand health trends and to improve Lume’s operations, products and services. Such benchmarking reports may be shared with third parties (such as corporate clients of Lume) in order to provide insight across client and corporate populations on an aggregate basis.

Perspective Papers: If you download one of our perspective papers or other publications through our website, we may collect your first and last name, name, and email address in order to facilitate the download. If you consent, we will also add you to our email marketing list.

Careers: If you use our website to apply for a job with Lume, you may provide us with certain personal information about yourself, such as information contained in a resume, cover letter, or similar employment-related materials. We use this information for the purpose of processing and responding to your application.

Visit a Clinic: We may conduct video recording for security purposes via the use of cameras located in public areas of our clinic, such as the reception area and the clinic entrance and exit area. In areas of our clinic where we conduct video recording, we will post signs to notify you.

Contacting Us: You may get in touch with Lume, including by telephone, email or by using the chat functionality on our website or through the EMR system When you contact us with a comment, question or concern, you may provide information that identifies you, such as your name, email and phone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future. In addition, we may monitor and record our telephone conversations with you for documentation, training, and quality assurance purposes. If you do not wish to have your call recorded, you have the option to speak with us in person or communicate with us by email.

We may also use your personal information to further the following purposes:

  • Provide our website and its contents to you;
  • To provide you with information, products or services that you request from us;
  • To carry out our obligations and enforce our rights arising from any contracts between you and us, including for billing and collection;
  • Collect statistical data and analyze trends for our use, and for use by third-parties to better understand your needs and interests;
  • Improve our Services, marketing and promotional efforts or troubleshoot issues on our website;
  • Contact you with additional educational information
  • To allow you to participate in interactive and social features on our website;
  • Improve the content, functionality and usability of this Site and provide a tailored and personalized experience for you when you visit our website;
  • Prevent fraudulent activities and security breaches;
  • Resolve disputes and assist law enforcement when necessary or respond to any legal claims or otherwise comply with our legal obligations; and
  • For any other purpose with your consent.

2. DISCLOSURE OF PERSONAL INFORMATION

We do not sell, rent or disclose your personal information to third parties without your consent, except as described below or as required or permitted by applicable law.

  • Other health care providers: We may share your personal information with your other health care providers and facilities (e.g. another physician or health care practitioner, an allied health professional or member of your clinical care team, a public hospital, pharmacy, laboratory, or ambulance service) for the purpose of supporting your continuity of care. We may also share your personal information if required for the purpose of contacting your family or a potential substitute decision maker in the case of an emergency or to leave a generic message.
  • Employers and Other Third Parties: Where Lume services are made available to you through your employer as part of your employment benefits plan, we may share aggregated, de-identified data regarding the use of Lume services with your employer. We may also share limited personal information with your employer for billing and invoice reconciliation purposes. Lume may create and share reports containing aggregated, de-identified data with other third parties such as benchmarking or other comparative reports.
  • Benefits Providers: We may disclose certain personal information to your benefits provider for the purposes of coordinating payment from them, including your name, date of service, and the service provided. We may also share certain personal information with provincial health plans for billing of publicly funded services.
  • Referrals to Other Clinics: Where Lume services are made available to you as part of a corporate benefit through your employer but we do not have a Lume clinic in your area, we may refer you to an affiliate health clinic and disclose certain information about you, such as your employer, full name, gender, address, phone number and email address, to that affiliated health clinic. We may also disclose this information to support your continuity of care and so that you can access and use health care services from non-Lume clinics in other locations outside of Ontario.
  • Service Providers: Your personal information may be transferred (or otherwise made available) to third parties that provide services to us or on our behalf. We use third parties to provide services to us such as laboratory testing, virtual care technology, printing, mail distribution, cloud storage services, payment card processing, and employment recruitment. Our service providers are only provided with the information they need to perform their designated functions. They are not authorized to use or disclose personal information for their own marketing or other purposes.
  • Research Partners: As described above, Lume may participate in medical research projects from time to time, including with third-party partners. Lume may generate de-identified information and disclose this information to third parties who are part of the research project and bound to use the data for the purposes of the study.
  • Legal and Compliance: We may be required to comply with any requirements to disclose personal information by law, such as to initiate or respond to any legal action or to protect the rights, property and safety of others. This includes sharing information with other parties to prevent security breaches, fraud or credit risks.  We and our Canadian, U.S. and other third party service providers may disclose your personal information in response to legally valid inquiries or orders, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S. or other law or legal process, which may include lawful access by Canadian or U.S. courts, law enforcement or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.
  • Sale of Business: We may transfer information we have about our clients as an asset in connection with a proposed or completed amalgamation, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Lume or as part of a corporate reorganization or other change in corporate control.
  • Other Disclosures: We may also disclose your personal information in relation to:
  • Administering our website and various tasks such as payment processing, hosting services, email delivery, communications and customer service;
  • Delivery of our Services;
  • Administering your account;
  • Entering into agreements and communication with you;
  • Analyzing data and trends, including partnering with third-party analytic companies;
  • Run and manage our ads to produce ads that appear when you visit our Site;
  • Protecting the security of our business and website; including to investigate and remedy any breach of any of our rights or policies, or as needed to obtain and maintain insurance coverage, manage risks, obtain financial or legal advice;
  • Any other reason necessary to comply with any legal obligation, to protect your interests, the interests of others or our business; or
  • With your consent.

3. STORAGE AND LOCATION OF PERSONAL INFORMATION

We use service providers who may access or store personal information or personal health information in the U.S., or other foreign jurisdictions in the course of providing services to us. Personal health information that forms part of your medical record is stored in Canada but may be transferred outside of Canada (for example, to specialists located outside of Canada for the purposes of providing health services to you).

4. INFORMATION ABOUT OUR WEBSITE

  • Visiting our Website: In general, you can visit our website without telling us who you are or submitting any personal information. However, we collect the IP (Internet protocol) addresses of all visitors to our website and other related information such as page requests, browser type, operating system and average time spent on our website. We use this information to help us understand our website activity and to monitor and improve our website.
  • Cookies: Our website use a technology called “cookies”. A cookie is a tiny element of data that our website sends to a user’s browser, which may then be stored on the user’s hard drive so that we can recognize the user’s computer or device when they return. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies from our website, you may not be able to take advantage of all of the website’s features.
  • Analytics: Our website also use web analytics services such as Google Analytics to help us gather and analyze information about the areas visited on the website (such as the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the website. For more information about Google Analytics or to prevent the storage and processing of this (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also obtain additional information on Google Analytics’ data privacy and security at the following links:

https://policies.google.com/technologies/partner-sites and

https://support.google.com/analytics/topic/2919631

  • Third Party Links: Our website may contain links to other websites that Lume does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. This Privacy Policy does not apply to information collected by the linked websites. They have separate and independent privacy policies, notices and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat personal information. We encourage you to read the privacy policy of every website you visit.
  • Tracer Tags & Web Beacons: The Websites may also use a technology called “tracer tags” or “Web Beacons”. This technology allows us to understand which pages you visit on the website. These tracer tags are used to help us optimize and tailor the website for you and other future visitors to the website.

5. SAFEGUARDS AND RETENTION

We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. The only Lume employees and service providers who have access to our clients’ personal information are those who “need-to-know” the information in order to carry out their job duties.

We retain personal information only for as long as necessary to carry out the purposes discussed in this Privacy Policy or to meet our legal or business requirements. Personal health information that forms part of your medical record will be retained in accordance with provincial and territorial retention guidelines.

Lume may also create and retain de-identified or anonymized personal information for internal research and analysis purposes, including to improve business operations.

6. YOUR CHOICES

  • Marketing Communications: If you receive our email marketing communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the email or by adjusting your preferences through your account profile in the EMR system. Alternatively, you can opt-out of receiving our marketing communications by contacting us at the contact information under “Contact Us” below.
  • Withdrawing your Consent: If you have provided consent to our collection, use or disclosure of personal information, you can withdraw your consent at any time (subject to our legal or contractual restrictions) by contacting us at the contact information set out below. If you withdraw your consent, we may not be able to provide certain products or services to you.
  • Closing your Account: You can also close your account on the EMR system at any time. To close your account or request to delete the personal information contained within your account profile, please contact us at the contact information below. If you choose to close your account or delete personal information contained within your account profile, we may retain certain information (including your medical record) to meet our legal or regulatory obligations. For more information review the “Safeguards and Retention” section above.

7. YOUR RIGHTS

We respect your rights to your personal information and data. You have the right to access, correct, request restriction or deletion of your information, or request how we use your personal information and data collected, as required by applicable law. Note that we may charge a reasonable fee for actions that you ask us to take with respect to your data. In addition, we reserve the right to first request you provide us with evidence verifying your identity before we take any action.

After we verify your identity, you have the right to:

  • Update or change any information you have provided to us. To update or delete your information, please contact us at info@lumewomenshealth.com   However, please note that your ability to update, change or delete information is subject to the legal requirements imposed on physicians and what is required to be in records they maintain.
  • Request that we confirm what data we hold about you, and for what purposes. You also have the right to confirmation of whether we process your data or deliver your data to third party processors, and for what purposes. We will supply you with copies of your personal data unless doing so would affect the rights and freedoms of others;
  • Change your consent to our use of your information. In such cases, we may require you to delete your account with us, as described above, and you may not have full access to our website;
  • Request a digital copy of the data that we hold about you. Your first request for a copy of your personal data will be provided free of charge; subsequent requests will incur a reasonable fee.
  • Request that we gather and transfer your data to another controller, in a commonly used and machine-readable format, unless doing so would cause us an undue burden;
  • Request that we delete all data that we hold about you, and we must delete such data without undue delay. There are exceptions to this right, such as when keeping your data is required by law, is necessary to exercise the right of freedom of expression and information, is required for compliance with a legal obligation, or is necessary for the exercise or defense of legal claims. Such a request may result in a termination of your account with us and you may have limited or no use of our website;
  • Opt-out of receiving future email correspondence from us by checking the appropriate box when you register for the account or make a purchase. You may change your communication settings by contacting us at info@lumewomenshealth.com];
  • Opt-out of receiving any third party marketing communications or having your personal information used for marketing purposes. You may do this by contacting us at info@lumewomenshealth.com];
  • In certain situations, restrict the processing of your data, such as when you contest the accuracy of your data or when you have objected to processing, pending the verification of that objection. When processing has been restricted, we will continue to store your data but will not pass it on to third party processors without your consent, or as necessary to comply with legal obligations or protect your rights, our rights, or those of others. In addition, you may opt-out of any processing of your data altogether. However, doing so may result in the termination of your account and loss of access to our website; and

If you wish to have any third-parties, including those to whom we’ve transmitted your information, delete your information, you will need to contact those third-parties directly to do so. Upon request, we will provide a list of all third parties to whom we have transmitted your information.

8. UPDATES TO THE PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes to our privacy practices. We encourage you to periodically review this policy to ensure you are familiar with those changes. We will indicate at the top of this Privacy Policy when it was most recently updated.

9. CONTACT US

If you have any questions, concerns or comments about this Privacy Policy or the manner in which we or our service providers handle your personal information, or wish to request access to or correction of your personal information in our records, please contact us at:

Privacy Officer: Dr. Woganee Filate

175 Bloor Street East, South Tower, Suite 1200

Toronto, ON M4W 3R8

(416) 646-1510

If you have any questions about our Privacy Policy or wish to exercise any of your rights you can contact us at info@lumewomenshealth.com .

You may also bring your questions or concerns to the Information and Privacy Commissioner of Ontario by visiting www.ipc.on.ca