PRIVACY POLICY
MyHSA-POL-015
3. POLICY
3.1 GENERAL
-
myHSA assumes full accountability for the personal information within its possession and control.This organization has appointed a Privacy Officer as custodian of all privacy matters and legalcompliance with privacy laws.
-
We obtain personal information directly from the individual to which the information belongs.Individuals are entitled to know how we use personal information and will limit the use of any personalinformation collected only to what is needed for those stated purposes.
-
We will obtain individual consent if personal information is to be used for any other purpose. We willnot use that information without the consent of the individual. Under no circumstances will we sell,distribute, or otherwise disclose personal information or contact lists to third parties. However, limiteddisclosure may be required as part of us fulfilling our stated business duties and day-to-dayoperations. This may include our consultants, suppliers, or business partners but only with theunderstanding that these parties obey and abide by this Privacy Policy, to the extent necessary offulfilling their own business duties and day-to-day operations.
-
We will retain personal information only for the duration it is needed for conducting business. Oncepersonal information is no longer required, it will be destroyed in a safe and secure manner andaccording to our Data Retention and Destruction Policy. However, certain laws may require thatcertain personal information be kept for a specified amount of time. Where this is the case, the lawwill supersede this policy.
-
We vow to protect personal information with the appropriate security measures, physical safeguards, and electronic precautions. As per our Data Breach Response Policy, we will notify all affected individuals of a security event or breach that pertains to their personal information.
-
myHSA is a paperless environment so we maintain personal information through electronic files. Where required by law or disaster recovery/business continuity policies, older paper records may be stored in a secure, offsite location.
- Access to personal information will be authorized only for the employees and agents who require the information to perform their job duties, and to those otherwise authorized by law.
- Our computer and network systems are secured by complex passwords. Only authorized individuals may access secure systems and databases.
- Routers and servers connected to the Internet are protected by a firewall and are further protected by virus attacks or "snooping" by sufficient software solutions.
- Personal information is not transferred to volunteers, summer students, interns, or other non-paid staff by e-mail or any other electronic format.
3.2 WEBSITE
-
myHSA is committed to providing safe web sites for visitors of all ages and has implemented thisPrivacy Policy to demonstrate our firm commitment to your privacy. myHSA complies withCanadian Federal and Provincial privacy laws and regulations including the Personal InformationProtection and Electronic Documents Act and the Personal Information Protections Act.
-
We use your Personal Information only for providing and improving the Site. By using the Site,you agree to the collection and use of information in accordance with this policy.
-
There may be links from our Site to other web sites; note that this Privacy Policy applies only toour Site and not to web sites of other companies or organizations to which our Sites may belinked. You must check on any linked sites for the privacy policy that applies to that site and/ormake any necessary inquiries in respect of that privacy policy with the operator of the linked site.These links to third party websites are provided as a convenience and are for informationalpurposes only. The Company does not endorse, and is not responsible for, these linked websites.
3.2.1 Information Collection and Use
-
While using our Site, we may ask you to provide us with certain personally identifiable informationthat can be used to contact or identify you. Personal Information is information about you thatidentifies you as an individual, for example, your name, address, e-mail address, or telephonenumber. ("Personal Information").
3.2.2 Log Data
-
Like many site operators, we collect information that your browser sends whenever you visit ourSite ("Log Data"). This Log Data may include information such as your computer's InternetProtocol ("IP") address, browser type, browser version, the pages of our Site that you visit, thetime and date of your visit, the time spent on those pages and other statistics. In addition, we mayuse third party services such as Google Analytics that collect, monitor, and analyze this.
3.2.3 Communications
-
We may use your Personal Information to contact you with information pertaining to your myHSA account(s).
-
If user/client requires access to their personal information that we have on file, a request can be made to our Privacy Officer. Also, if user/client wishes myHSA to destroy or delete sections or their entire information, it will be done so based on myHSA’s Data Retention and Destruction Policy. Your request for access, additions and/or deletions will be recorded and filed by myHSA.
-
If myHSA requires more personal information that we currently have to successfully provide you proper service, we will communicate the information required via email. Response to that email will constitute consent.
-
If you do not permit us to use your Personal Information, your access to our services may be denied. You can appeal this decision by sending an email to cchromiak@contegosecurity.com or writing to:
Privacy Officer
myHSA Inc.
311-933 17th Ave SW
Calgary, AB T2T 5R6
-
User/clients consents that it may take up to 10 business day in order for myHSA to respond toand Inquiries, Complaints and/or Disputes.
3.2.4 Cookies
-
•myHSA, in common with many web site operators, may use standard technology called "cookies"on its Sites. For security and confidential reasons, we do not use cookies to store any confidentialinformation such as passwords. Cookies are small data files that are downloaded onto yourcomputer when you visit a particular web site. You can disable cookies by turning them off in yourbrowser: however, some areas of the Site may not function properly if you do so.
3.2.5 Security
-
•We have put in place physical, electronic, and managerial procedures to safeguard and helpprevent unauthorized access, maintain data security, and correctly use the information we collectonline. myHSA applies security safeguards appropriate to the sensitivity of the information, suchas retaining information in secure facilities, encryption of sensitive data and making personalinformation accessible only to authorized employees on a need-to-know basis.
-
•The security of your Personal Information is important to us but remember that no method oftransmission over the Internet, or method of electronic storage, is 100% secure. While we striveto use commercially acceptable means such as SSL and encryption to protect your PersonalInformation, we cannot guarantee its absolute security.
3.2.6 Storage of Information
-
Personal information you share with us is securely stored on our database servers at AWS datacenters in Montreal, Canada.
3.2.7 Changes To This Privacy Policy
-
This Privacy Policy has been in effective as of 01/01/2017 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
-
We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
-
If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.