Privacy Policy

Version française

1. GENERAL PRINCIPLE

PREHOS is committed to protecting the privacy of Personal Information. In order to bring to the attention of the Authorized Users, their Patients and the Visitors the privacy practices implemented, PREHOS has prepared this Privacy Policy, which summarizes: (i) the types of Personal Information collected, (ii) why PREHOS collects Personal Information, (iii) how PREHOS uses, processes and protects Personal Information, and (iv) under what circumstances Personal Information is shared with PREHOS Partners and other third parties when required or permitted under applicable law. This Privacy Policy further describes the decisions that can be made with respect to the collection, access, use and storage of Personal Information. 

2. DEFINITIONS AND INTERPRETATION

2.1 In this Privacy Policy, the terms set forth below have the following meanings:

• Anonymized Information means Personal Information from which the name or other identifier has been removed, so that it can no longer be linked to an individual. 

• Application means PREHOS’ mobile application compatible with various electronic devices, such as smartphones and tablets.

• Authorized User means the entities offering prehospital care to Patients and which have concluded a software as a service subscription agreement with PREHOS, including any of their respective directors, officers, employees, agents and other representative having access to the Services such as authorized administrative staff.

• Authorized User Website Access means PREHOS’ web interface available at a specific URL created for and to the exclusive use of any Authorized User and each of its own user.

• Cookies designates the small text files that are placed on the hard disk of devices as applicable when someone uses the Services or accesses the Public Website, which may either be temporary and disappear when such devices are turned off or be permanent and stay even after such devices are turned off.

• Other Forms of Technologies means web storage supporting persistent data storage and behaving similarly to persistent cookies and session cookies respectively.

• Patients means the individuals to whom the Authorized User provides prehospital care.

• Personal Information means any information which can be used to directly or indirectly identify an individual, including but not limited to contact information, address, e-mail address, photo or video and Internet Protocol address, as well as Patients’ health information as may be collected by any Authorized User.

• PREHOS designates Prehos inc., a corporation dully constituted under the Business Corporations Act (Quebec), CQLR c. S-31.1.

• PREHOS Partners designates the business partners involved in, collaborating with or otherwise assisting PREHOS in the development or provision of the Services, such as, but not limited to: (i) universities, governments, ambulance services and other businesses in the field of prehospital care, (ii) Google Maps and its road data, which enable PREHOS to offer and optimize its dispatching operations, and (iii) cloud providers such as Google Cloud and Microsoft Azure, providing servers location and cloud computing platforms for the storage of various information (including Personal Information).

• Public Website means PREHOS’ website available at https://prehos.com/ or any other URL, as may be applicable from time to time.

• Services means PREHOS’ e-services, namely: (i) the intelligent technological dispatch, fleet and material solutions; (ii) the fleet and material equipment management solutions; (iii) the electronic health record solutions; and (iv) the analytics management solutions, all of which are provided via the Authorized User Website Access or via the Application, both accessible after the conclusion of a software as a service agreement with PREHOS.

• Visitor means any person browsing on the Public Website.

• Anonymized Information means Personal Information from which the name or other identifier has been removed, so that it can no longer be linked to an individual. 

• Application means PREHOS’ mobile application compatible with various electronic devices, such as smartphones and tablets.

• Authorized User means the entities offering prehospital care to Patients and which have concluded a software as a service subscription agreement with PREHOS, including any of their respective directors, officers, employees, agents and other representative having access to the Services such as authorized administrative staff.

• Authorized User Website Access means PREHOS’ web interface available at a specific URL created for and to the exclusive use of any Authorized User and each of its own user.

• Cookies designates the small text files that are placed on the hard disk of devices as applicable when someone uses the Services or accesses the Public Website, which may either be temporary and disappear when such devices are turned off or be permanent and stay even after such devices are turned off.

• Other Forms of Technologies means web storage supporting persistent data storage and behaving similarly to persistent cookies and session cookies respectively.

• Patients means the individuals to whom the Authorized User provides prehospital care.

• Personal Information means any information which can be used to directly or indirectly identify an individual, including but not limited to contact information, address, e-mail address, photo or video and Internet Protocol address, as well as Patients’ health information as may be collected by any Authorized User.

• PREHOS designates Prehos inc., a corporation dully constituted under the Business Corporations Act (Quebec), CQLR c. S-31.1.

• PREHOS Partners designates the business partners involved in, collaborating with or otherwise assisting PREHOS in the development or provision of the Services, such as, but not limited to: (i) universities, governments, ambulance services and other businesses in the field of prehospital care, (ii) Google Maps and its road data, which enable PREHOS to offer and optimize its dispatching operations, and (iii) cloud providers such as Google Cloud and Microsoft Azure, providing servers location and cloud computing platforms for the storage of various information (including Personal Information).

• Public Website means PREHOS’ website available at https://prehos.com/ or any other URL, as may be applicable from time to time.

• Services means PREHOS’ e-services, namely: (i) the intelligent technological dispatch, fleet and material solutions; (ii) the fleet and material equipment management solutions; (iii) the electronic health record solutions; and (iv) the analytics management solutions, all of which are provided via the Authorized User Website Access or via the Application, both accessible after the conclusion of a software as a service agreement with PREHOS.

• Visitor means any person browsing on the Public Website.

2.2 Unless the context requires otherwise: (i) grammatical variations of any term defined herein have a similar meaning; and (ii) words importing the singular number shall include the plural and words importing the masculine gender shall include the feminine and neutral genders and vice versa.

3. COLLECTION AND USE OF PERSONAL INFORMATION

In the course of providing its Services, PREHOS will collect and/or process information about the

Authorized User. The collection of Patients’ Personal Information by the Authorized Users will also be rendered possible on the Services’ platform, as described below. Finally, PREHOS will collect information about any Visitor when such Visitor accesses the Public Website or otherwise contacts PREHOS to enquire or make comments about the Services. In all cases, such Personal

Information is only collected and used for the purposes detailed in this Privacy Policy and for no other purpose.

3.1 Information obtained directly from the Authorized User

3.1.1. Request a free demo

3.1.2. Purchase of Services

• contact PREHOS via the Public Website, in which case the Super User will be required to disclose their first and last name, profession, organization, organization address, phone number and e-mail address. Such information is required to allow PREHOS to authenticate the Super User, proceed with the registration process and contact the Super User to eventually create accounts accessible via the Authorized User Website Access and provide the Authorized User with the requested Services. During that process, the Super User could also disclose any additional information, including personal information for review by PREHOS, they wish to submit to PREHOS; or

• download the Application via PREHOS mobile device management system in accordance with the instructions given by PREHOS in this regard.

3.1.3. Creation of online accounts

3.1.4. Services Electronic health record features

• Patients’ medical health record: In order to use this feature, the Authorized User will first be required to create a specific e-record for each Patient. As such, the Authorized User will need to collect and upload some Patients’ Personal Information, namely: the name, surname, birthday, care center, notice, phone numbers, e-mail, address, living status, marital status, do not resuscitate order if applicable, referral number and reason, identifiers, medical and personal contacts. The Authorized User can then upload or keep on that record any additional information, including Patients’ Personal Information. Such information should be added at the Authorized Users’ discretion in accordance with Patients’ needs and ethical and legal obligations of the Authorized User. Once created, these records could be used to keep track of Patients’ medical history and preconditions, medical issues, medication, and other critical data, and of the urgent medical interventions performed. reconfigured by the users of the Authorized User. Such records could also be synchronized with or uploaded (in whole or in part) in the records maintained by other medical facilities to share information to healthcare institutions as may be required and in accordance with the legal, ethical and professional obligations of the users.

• Hospital dashboard: This feature sends alerts to emergency departments to enable optimal preparation prior to a Patient’s arrival. Critical data transmitted to emergency departments include Personal Information, such as Patients’ medication list, allergies and medical history, etc., or some of the information downloaded on that record, such as photos or videos taken in the course of prehospital interventions and Patients’ geolocalisation and vital signs.

• Other features: Other features of Patients’ health records as selected or used by the Authorized Users may request or lead to the collection or disclosure of Personal Information. For instance, the “Siri speech to text feature” would record the voice of users such as paramedics when recording information in Patients’ records. Likewise, the “digital signature feature” will record paramedics’ signature on relevant files. These other features use third-party technologies and are subject to their own terms and conditions, which users are required to be familiar with in accordance with Section 8 of this Policy.

3.1.5. Intelligent dispatch feature

3.1.6. Trends features

The following features will either require the collection by the Authorized Users of various information, including some Personal Information or will need to robotically process such information to enable the Authorized User to obtain meaningful data:

• Record details: This feature will allow the Authorized User to compile Patients’ record details, including general information on the ambulance call report and Patients, pickup destination address, details as to any status change and revision and feedback reports. This information is required to provide the Authorized User wishing to use that feature with an overview of each intervention.

• Intervention record listings: In order to use that feature, the Authorized User will be required to sync its interventions records lists to the Services. The information contained in those lists is required to provide the Authorized User with a relevant registry for it to easily retrieve general information about each intervention using the advance search and filtering options.

• Intervention record details: To run properly, this feature will require the compilation and synchronization of all general information on the intervention, audio recording (when allowed under applicable laws), Patients’ lists and other information contained in the record details feature to enable any Authorized User to retrieve detailed information about each intervention using the advance search and filtering options.

• Trend analysis: The Patients’ Personal Information downloaded, obtained or otherwise added to Patients’ records will be analyzed robotically using automated algorithms. Such analysis will only occur after the Authorized User setups specific data rules; further to that algorithm analysis, the Authorized User will be provided with statistics and other data generated allowing the Authorized User to explore trends and analysis revealed by the Anonymized Information used on an aggregated basis. Note that the purpose of the trends features is not to learn or collect Personal Information about Patients, but rather to allow an Authorized User to learn more about and analyse the use made of its paramedics services and to improve such provision of services.

The features and functions to which users have access may vary depending on the type of account that such users have.

3.1.7. Financial features

This feature will require the use of some information, including some Personal Information, to be able to process payments properly and expeditiously:

• Bar code reader: This feature will read health card bar codes to expedite the collection of Patients’ information required for medical intervention and, as applicable, to expedite the billing process; and

• Automated billing: This feature will allow the Authorized User to invoice relevant persons for each reimbursable service. As such, only the information required to process payment of each reimbursable service, including the information collected by the barre code reader feature will be collected and sent to the relevant governmental body or other relevant entity.

The features and functions to which users have access may vary depending on the type of account that such users have.

3.1.8. Comments, requests for information and referrals

Should any person contact PREHOS to obtain information about the Services or about any other matter, then such person will be required to provide their contact information (including names and e-mail address). This information is required by PREHOS in order to communicate with such person, determine whether the Services are available in a geographic area and respond to their enquiries, comments or requests for information. Such person may also provide additional Personal Information, including when making comments, enquiries or suggestions.

Furthermore, should any person recommend that PREHOS communicate with any other Authorized Users’ representatives to provide them with information about the Services, then PREHOS will need the contact information of that individual for the above-mentioned purpose; such communication will thereafter be made in compliance with applicable laws.

3.1.9. Customer support

Customer support is provided via a service desk application for the regular Authorized Users or is provided directly by PREHOS’ representatives and employees for Visitors and new Authorized Users that requested a free demo.

Should an Authorized User or Visitor communicate with PREHOS’ customer support, either directly or via the service desk application, then PREHOS will have access to any information communicated or otherwise disclosed, such as the contact information, as well as any question asked, or comment or statement made. PREHOS will thereafter collect the information needed to (i) categorize the communication, (ii) respond to any enquiry, comment or request for information, (iii) send any information requested, and (iv) investigate any breach of the Privacy Policy or other applicable terms and conditions. Note that any Patients should contact the applicable Authorized User, and not PREHOS, should such Patient have any question with respect to Authorized Users’ services or wish to have access to their records; should a Patient contact PREHOS’ customer service, then PREHOS may collect necessary information to categorize that communication and redirect that Patient, as applicable.

3.1.10. Marketing

PREHOS may wish to provide information about its Services. In this regard, PREHOS may use the e-mail address or other contact information any person may provide from time to time to PREHOS to communicate information about new features or services or to send news and information regarding the Services. Such communications will be sent in accordance with applicable laws, and any recipient may withdraw their consent at any time as set forth below. Note that PREHOS does not sell or share Personal Information to third parties for marketing purposes and that no marketing initiative is intended for, concerns or targets Patients.

3.1.11. Social media

PREHOS shares information about itself and its Services on Facebook. Similarly, if any person sends or accepts PREHOS’ “friend request” or otherwise “follows” PREHOS, then such person will share and PREHOS may consult the information that they and their “Facebook friends” posted on their Facebook pages. Since Facebook users can always choose the audience that can see what they share via their Facebook privacy settings or the Facebook audience selector, any person is deemed to have agreed to share such information with their “friends” or persons they “follow”, including PREHOS, as described in

Facebook privacy policy and terms of use. Other social media platforms such as Twitter, LinkedIn and Instagram will also allow any person to follow PREHOS and to add PREHOS to their contact list. In such a case, PREHOS will have access to such person’s web pages and profiles in accordance with the chosen settings, as more fully described in the privacy policies and terms of use of these social media operators. PREHOS will also get notification and access to any tweet, link or post in which PREHOS is tagged.

Any person shall review the privacy settings applicable to these accounts/pages to see the information to which their contacts have access and limit such access if required. Should PREHOS collect information available on social media accounts or pages, it shall do so on an aggregate and de-identified basis and for lawful purposes only. Note that the PREHOS intended use of social media is not to learn, be added by or to follow Patients, but rather to learn more about its current and potential Authorized Users.

3.1.12. Testimonials and promotional materials

Should an Authorized User and/or any other person wish (or agree) to render any testimonial, opinion, photo or any other material available online regarding their appreciation of the Services, then PREHOS will post such promotional materials on its Pubic Website or any other social media, and may include their name or nickname and any other information they agreed to disclose. The Authorized User and/or such other person can thereafter request, at all times that such materials or other Personal Information be removed from the Public Website and any other social media. PREHOS does not however control the communications – if any – that such Authorized User and/or other person may receive in connection with any promotional materials. Should the Authorized User and/or any person wish to report any communication received regarding such promotional materials or other information, then the Authorized User or such person should contact PREHOS as described below.

3.1.13. Job applications

PREHOS collects Personal Information that is voluntarily provided to it when any person applies for a job position via PREHOS’ Public Website page. Such application is voluntary, and job applicants choose the information they wish to submit to PREHOS. The Personal Information submitted will be shared only with those people in PREHOS’ organization who need the information: (i) to assess and verify job applicants’ qualifications, knowledge, skills and experience; (ii) to conduct reference and background checks and otherwise to verify the information submitted to PREHOS; (iii) to communicate with job applicants; and (iv) to improve the recruitment process. In addition to the Personal Information obtained from job applications, PREHOS may also conduct its own verification and obtain additional Personal Information.

3.2 Information obtained from PREHOS Partners

Google Analytics can collect data about the interactions of any Visitor with the Public Website. Such information will then be processed and be updated every time a Visitor interacts with the Public Website. order to do so, Google Analytics will place codes on the Public Website, which will allow Google Analytics to see which information was consulted, the browser used, device and operating device. The information so collected may be shared (in whole or in part) with PREHOS in order for PREHOS to update, upgrade or otherwise improve the Public Website, or to develop new services.

3.3 Information collected using Cookies and similar technologies

When the Authorized User uses the Services or any Visitors navigates the Public Website, certain information, including Personal Information (such as general browser information, Internet Protocol addresses, the interactions with the Services and/or Public Website and any other information described below) may be collected by automated means, such as through the following types of Cookies and Other Forms of Technologies:

• Process Cookies: allow the Services and the Public Website to work properly in keeping track of requests, ensuring the integrity of web pages and allowing the Authorized User and Visitors to browse from one page to the other.

• Security Cookies: are used each time Services are purchased or an account is opened. These Cookies contain an encrypted, unique identifier that is tied to each account and placed in the browser, allowing PREHOS to identify the users of the Authorized User when they are logged in to their account.

• Statistical Cookies: collect data, such as the date and time when the Services, and/or the Public Website were last used and the frequency of such uses, the pages or content consulted and the manner the Services and/or the Public Website were used, the information provided and the features of their operating systems and connection information (e.g., Internet Protocol address). This information is collected for analytical and statistical purposes, such as to determine how often the Services, and/or the Public Website or certain specific pages are visited, and what kinds of features and content seem to be most interesting. This information helps PREHOS to improve its Services and/or Public Website, according to the needs and interests identified.

Other Forms of Technologies can also be used for similar purposes. Cookies and Other Forms of Technologies can be blocked unless they are required to allow the Services and/or the Public Website to run properly. For instance, while statistical Cookies can be blocked, the situation is different for process and security Cookies, as they are essential for ensuring that the Services function properly. However, even if they cannot be blocked without affecting one’s ability to use the Services, these Cookies are of a temporary nature and accordingly, they will disappear when the browser software is closed or the device is turned off. Anyone experiencing problems with the functionalities of the Services and/or the Public Website should contact PREHOS.

Finally, many web browsers allow individuals to manage your Cookie preferences. Visitors and Authorized Users can set their browser to refuse Cookies or to suppress certain Cookies. Visitors and Authorized Users may also be able to manage Other Forms of Technologies in the same way. However, if they do so, they may find it difficult to navigate the Public Website or use some of the Services. 

4. SHARING OF PERSONAL INFORMATION COLLECTED

PREHOS does not sell, trade or rent Personal Information. Furthermore, Personal Information is not shared, used or disclosed to third parties for purposes other than those for which it was collected as described herein, unless proper consent was obtained or unless otherwise allowed or required under applicable laws, as applicable.

4.1 Personal Information

4.1.1. Sharing made in connection with the provision of Services

Personal Information (other than Patients’ Personal Information) may be disclosed to PREHOS Partners that facilitate the provision of any Service, such as by providing assistance to PREHOS with respect to the maintenance and development of its Services, including providing software development, data hosting and backup, billing and subscription management and professional advice. Disclosure will be made on a “need-to-know” basis, and after ensuring that proper contractual and other measures are in place to ensure the protection of any Personal Information shared in this way.

4.1.2. Business transaction

Some Personal Information may be rendered accessible to a potential purchaser or other business in connection with any business transaction or corporate reorganization, if such communication is necessary for the purposes of deciding whether to proceed with the sale or other transaction, and provided that such disclosure is made in compliance with applicable laws and in absence of specific requirement with this Privacy Policy.

4.1.3. Law enforcement

Personal Information may be used and disclosed if PREHOS, acting reasonably, believes that such use or disclosure is necessary to comply with any applicable laws, legal process or governmental request, or is otherwise required to protect its rights or to fulfil any other purpose set forth in the applicable law allowing or requiring the disclosure of Personal Information.

4.2 Anonymized Information used on an aggregated basis

Once uploaded and saved on the Services, Authorized Users’ data (including any Personal Information uploaded by these Authorized Users) will be accessible to them on the Services. Further to their upload, such data will also be automatically and robotically anonymized and then added to a consolidated dataset. PREHOS may thereafter have access to such dataset and use any Anonymized Information on an aggregated basis: (i) in order to conduct research; (ii) to identify pandemic or other emergency situations; or (iii) to improve the Services, and/or the Public Website. Anonymized Information may also be used for training, promotion and statistical purposes and any other purposes set forth in the software as a service subscription agreement concluded with Authorized Users, as such information does not constitute Personal Information. In any event, note that such information could not and will not be used to re-identify any individual.

5. ACCESSING, CORRECTING AND DELETING PERSONAL INFORMATION

5.1 Requests from the Authorized User

In accordance with applicable laws, the Authorized User may make requests for access or corrections of Personal Information or other requests allowed under applicable laws by contacting PREHOS. The Super User and any other users may also update or change the basic information available on their user account by editing their account profile. In order to do so, they will need to sign in to the Application or the Authorized User Website Access and enter the profile section.

Some user accounts are also attributed the right to delete any information uploaded, received, saved or stored on their accounts. Such deletion shall take place via a “soft deletion process” pursuant to which the deleted data will transition to a recoverable state for a certain period of time instead of being permanently erase to allow erroneously modified, deleted or overwritten data to be retrieved. Users may also shut down their accounts in which case all information so uploaded, received or stored (including any Patients’ Personal Information) will only be temporarily deleted, further to said mechanism. Note that a very limited number of PREHOS’ employees may have access to such information when such access is specifically requested and authorized by the Authorized User.

Furthermore, any Super User shall ensure to shut down the account of any other user who left Authorized User’s business or otherwise, stopped being employed by the Authorized User, used their account for improper purposes, etc. Each Authorized User is responsible for ensuring that all measures as may be required including to withdraw access to that account, be implemented by its Super User as PREHOS has no right and no access to features allowing the deletion of the information on any user account.

Following the termination of a software as a service agreement with an Authorized User, PREHOS will shut down all user accounts of the Authorized User and all the information stored on user accounts will then be permanently deleted following reasonable transition period. In this regard and as needed, the Authorized User is responsible to ensure that proper copy of Patients’ Personal Information (and any other information as applicable) be saved. PREHOS will, upon request, generate a backup file of the database and provide reasonable assistance to allow the migration of Personal Information to another service provider’s server.

Similarly, any complaints pertaining to the processing of Personal Information can be made by contacting PREHOS. Such complaints will be processed in accordance with all applicable laws and as further detailed in PREHOS’ summary of Personal Information governance policies, available here. 

5.2 Requests from Patients

Patients’ e-records will not be provided by Prehos to the Patients, as such records may be governed by and subject to specific set of laws. Should a Patient wish to have access to their medical information, then such request for access shall be made in accordance with the laws governing access to that type of records and to the applicable Authorized User (acting as controller of the Personal Information). Patients’ requests shall be solely directed to and dealt with by applicable Authorized User. Should any Patients contact PREHOS, PREHOS will categorize the type of communication to redirect that Patient to the Authorized User, as applicable.

6. SECURITY MEASURES IMPLEMENTED

6.1 PREHOS uses measures as may be reasonably required to preserve the security and privacy of Personal Information. In this regard, PREHOS has notably put in place or currently implements the following measures:

6.1.1. Authorized User Website Access: Each Authorized User has its own Authorized User Website Access and encryption key, thereby allowing Personal Information collected by its users to be segregated from Personal Information collected by the users of any other Authorized Users.

6.1.2. Securing data in transit: Each time the Services are accessed via the Application or the Authorized User Website Access, an HTTPS protocol is used to transit information from servers to mobile devices. Also, every time the Public Website is consulted, Secure Sockets Layer (SSL) technology protects Personal Information by using server authentication and data encryption. No Personal Information will be communicated prior to such technology being activated, which can be confirmed by looking (i) at the address bar which will, depending on the browser, have a lock to the left of the website address (URL), and (ii) at the URL or the address bar of the browser, where the first characters of the address in that line should change from “http” to “https”.

6.1.3. Securing data at rest: Personal Information is encrypted by Google cloud Engine and Microsoft Azure when at rest. Patient’s Personal Information is also encrypted by PREHOS when at rest.

6.1.4. Role-based security measures: The Services allow for the creation of various types of accounts each of which has its own access limitations and restrictions. This offers reliable means to ensure that administrative staff, paramedics, etc. only access, review, process, share, edit, etc. the information they are entitled to access, review, process, edit, share, etc.

6.1.5. Limited access: Access to any Personal Information is granted to PREHOS’ employees, representatives and as applicable sub-contractors on a “need-to-know” basis only, and is given through access credentials which are kept confidential.

6.1.6. Secured datacenters: PREHOS’ platform and servers are located in Canada and are currently being hosted in the Google Cloud Engine (Montreal) and Microsoft Azure (Quebec City). Furthermore, these cloud providers use a multizonal datacenter to ensure that data is never hosted outside of Canada. Additional information regarding these clouds can be obtained by reviewing Google cloud “Privacy and Security” page available here and Microsoft “Trust center” available here, as of the effective date of this Privacy Policy (as may be amended from time to time or rendered available via other hyperlinks).

6.1.7. Protocol and other security strategies: PREHOS has a data breach protocol and also implements a disaster recovery strategy which is tested regularly Likewise, PREHOS implements a network security strategy to protect network and servers access by segregating each application of an electronic device within its own network.

6.1.8. Secure authentication process: A response time is imposed between each failed login attempt. The authentication process enables real-time monitoring of invalid authentications by PREHOS.

6.1.9. Firewall: PREHOS’ platform and servers are hosted by cloud providers which use an Internet Protocol-based firewall to control who can connect to these datacenters.

6.1.10. Mobile management: Personal Information uploaded, stored or saved via the Services is protected by several measures and restrictions imposed to access such Services, such as the attribution of a unique encryption key for each device, the possibility for PREHOS to remotely lock and wiped the mobile device, etc.

6.1.11. Signature of reports: To preserve data integrity, every report prepared by a user and added to Patients’ e-record needs to be uniquely signed by such user using their personal identification number.

6.1.12. Backup strategy: Information is backed-up automatically by Google on a daily basis and backed up manually by PREHOS prior to any update of the Services and this backup strategy is tested regularly. In addition, Personal Information which has been erroneously modified, deleted or overwritten can be easily retrieved because it cannot be permanently erased by a user of the Authorized User.

6.1.13. Audit trail/logs: Users’ activities such as: (i) successful and failed login requests; (ii) access to the Services to consult information; and (iii) access to the Services to add or edit information on any user accounts are tracked and logged. If for any reason the secure server cannot be accessed or the use of the Services does not provide the assurance required, the Authorized User or any person shall feel free to contact PREHOS.

6.2 DESPITE THE FOREGOING, THE AUTHORIZED USER AND ANY OTHER PERSON SHALL BE AWARE OF THE FOLLOWING:

6.2.1. GENERAL CONSIDERATIONS: EVEN IF PREHOS USES TECHNOLOGIES, WHICH ARE OF MERCHANTABLE QUALITY SUITABLE FOR THE PROVISIONS OF SERVICES, ANY ELECTRONIC PLATFORMS AND SERVERS – AS WITH ANY OTHER FORM OF FILE – IS NOT INFALLIBLE AND FULLY SHELTERED FROM UNFORESEEABLE OR FORCE MAJEURE EVENTS, CYBERATTACKS OR UNAUTHORIZED USES AND ACCESS, AND THE AUTHORIZED USERS AND ANY OTHER PERSON SHALL BE AWARE THAT THERE IS A RISK IN TRANSMITTING AND/OR PROCESSING ANY DATA ELECTRONICALLY. THIS RISK IS INHERENT IN ALL ELECTRONIC DEALINGS, AS WELL AS TO ALL OTHER FORMS OF COMMUNICATIONS. CONSEQUENTLY, PREHOS CANNOT GUARANTEE THAT INFORMATION WILL NEVER BE INTERCEPTED OR VIEWED OR SUBJECT TO OTHER INCIDENTS. SUCH EVENTS MAY OCCUR, PURSUANT TO WHICH DEVICES OR SYSTEMS CAN BE ACCESSED OR CONTROLLED BY UNAUTHORIZED PERSONS, AND UNDESIRABLE COMMUNICATIONS AND INVITATIONS MAY BE RECEIVED. SHOULD THE AUTHORIZED USER OR ANY PERSON RECEIVE A COMMUNICATION THAT LOOKS LIKE IT IS FROM PREHOS ASKING FOR PERSONAL INFORMATION, THE AUTHORIZED USER OR SUCH PERSON SHALL AVOID RESPONDING TO SUCH COMMUNICATIONS. PREHOS WILL NEVER REQUEST FINANCIAL AND OTHER SENSITIVE INFORMATION THAT WAY. IF THE AUTHORIZED USER OR ANY PERSON HAVE COMMUNICATED PERSONAL INFORMATION IN RESPONSE TO A SUSPICIOUS E-MAIL, POP-UP OR PHONY WEBSITE CLAIMING TO BE AFFILIATED WITH PREHOS OR IF ANY OF THE FOREGOING EVENTS TAKES PLACE, PLEASE CONTACT PREHOS IMMEDIATELY.

6.2.2. Measures to be implemented: The Authorized Users acknowledge and agree in their name and on behalf of their respective users that said Authorized Users and their respective users are responsible for implementing and strictly adhering to all physical, electronic, technological, organizational, contractual and other security measures, process and safeguards to ensure that the confidentiality of the files and information they sent or received is preserved. In this regard, the Authorized Users shall notably ensure that their respective users: (i) choose strong accounts passwords meeting platform’s minimal criteria, (ii) change their passwords regularly; (iii) maintain the security and confidentiality of their usernames/personal identification numbers; and (iv) carefully consider enabling the two-factor authentication process, by which an e-mail or SMS validation code is required in addition to the password to connect to the Services.

7. STORAGE OF PERSONAL INFORMATION

Subject to applicable laws, PREHOS shall retain and store Personal Information for processing consistent with this Privacy Policy, as long as necessary for the purposes detailed herein. To that end, PREHOS may retain Personal Information after a specific purpose has been fulfilled if reasonably necessary: (i) to comply with applicable laws or prevent any contravention; (ii) to resolve disputes; (iii) to enforce this Privacy Policy; and/or (iv) as allowed or required under applicable laws. Once no longer required, the information will either be erased or stored on an aggregated and de-identified basis.

PREHOS is a Quebec company operating in Canada and using servers and infrastructure located in Canada. However, to enable PREHOS to provide its Services, PREHOS may do business with third-party service providers who may themselves be located outside Canada. As such, any processing of personal information by such a service provider may, for example, take place in the United States, for the purposes detailed in this Policy. Please note that privacy laws in these jurisdictions may differ from Canadian and Quebec privacy laws. The reasonable measures, contractual or otherwise, that PREHOS may take to protect your personal information while it is being processed or handled by these service providers are subject to applicable foreign legal requirements, including lawful requirements to disclose personal information to government and law enforcement authorities in certain circumstances. By providing your personal information in connection with the Services offered by PREHOS, you consent to such transfer and hosting.

If you would like more information about PREHOS' policies and practices regarding the transfer and processing of personal information outside Quebec and/or Canada, please contact PREHOS' Data Privacy Officer in one of the ways described in the Contacting PREHOS section of this Policy.

8. THIRD-PARTY WEBSITES

Should any link to third-party websites be provided on the Public Website or via the Services, then the Authorized User and any other person shall be aware that these sites operate independently and are subject to distinct terms of use and privacy policies. Likewise, should the Services seem available on other websites, then such websites shall not be seen as affiliated to PREHOS or otherwise related to the Services. In both cases, it is strongly recommended that the Authorized User and any other person as applicable, review the distinct terms of use and policies of such third-party websites, as PREHOS is not responsible for the content or practices of any such websites.

9. CONTACTING PREHOS

9.1 Questions, comments and requests

All questions and comments regarding this Privacy Policy or requests made in furtherance of said policy should be directed to PREHOS’ data Privacy Officer at the following contact information: 

Data Privacy Officer
Email: privacy@prehos.com
Address: 115-2327, boul. du Versant Nord, Québec QC G1N 4C2 CANADA
Telephone: +1 844 311 6367

Requests and demands made will be dealt with as soon as possible.

9.2 Withdrawal of consent

PREHOS may communicate with the Authorized User or with any Visitor for promotional and marketing purposes. PREHOS will generally use the same means of communication the Authorized User or such Visitor chose to contact PREHOS or the preferred means specified by the Authorized User or that Visitor. Should any recipient wish to be removed from one or more of PREHOS’ promotional mailing lists, then such recipient should click on the ready-to-use “unsubscribe” mechanism provided at the bottom of each e-mail or simply reply to that e-mail with the word “STOP” or “Unsubscribe”. 

Visitors and Authorized Users should note that if they request the deletion of certain Personal Information or withdraw their consent to the collection of their Personal Information, PREHOS may not be able to provide them with certain Services. The consequences of deletion shall be explained by PREHOS when receiving a request for deletion or for withdrawal of consent to assist Authorized Users or Visitors in their decision.

10. CHANGES TO THIS PRIVACY POLICY

PREHOS reserves the right to change or modify this Privacy Policy from time to time in accordance with applicable laws. Any material change will be notified prior to the change taking effect via a web banner or by any other means. Thereafter, the Privacy Policy as updated will be made available and easily accessible. Furthermore, an updated version of this Privacy Policy will be published each time a minor change is made. Anyone may determine whether this Privacy Policy has changed by looking at the effective date appearing at the top of said Privacy Policy. PREHOS recommends that this Privacy Policy be reviewed periodically in order to assess PREHOS’ current practices, as the continued use of the Services and/or Public Website shall constitute acceptance of any amendment thereto. Should the Authorized User or any other person as applicable, disagree with the amendments made to this Privacy Policy or other applicable terms and conditions, the Authorized User or such person shall immediately stop accessing or using the Services and/or Public Website.