Privacy Policy

Effective Date: October 20th, 2024

At Korrelate Inc. ("we," "us," or "our"), we are committed to maintaining the accuracy, confidentiality, and security of your personal information. This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of personal information, in accordance with applicable laws in Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Scope of this Policy

This Privacy Policy applies to all personal information collected, used, or disclosed by Korrelate during the course of providing data science services. This includes information about clients, potential clients, employees, and other individuals whose personal information may be under our control.

2. What is Personal Information?

"Personal information" means any information that can be used to identify an individual, including but not limited to:

  • Name
  • Email address
  • Phone number
  • Address
  • Financial information
  • Demographic information (e.g., age, gender, etc.)
  • Employment-related information
  • Health attributes
  • Medications prescribed
  • Insurance authorization or benefits programs
  • Health service access information
  • IP addresses or device identifiers
  • Biometric data (e.g., fingerprints, facial recognition)
  • Location data and travel patterns
  • Online behavior and preferences
  • Social media profiles and activity
  • Communication preferences and history
  • Educational and professional credentials
  • Customer service interactions and support history
  • User authentication credentials and security questions
  • Payment and transaction history
  • Browser and device information
  • Cookies and tracking data
  • Survey responses and feedback

Note: Information that has been anonymized or aggregated such that it cannot be associated with a specific individual is not considered personal information and is not subject to this policy.

3. Purposes for Collecting Personal Information

We collect personal information for the following purposes:

  • To provide data science services to clients, such as data analysis, model development, and reporting.
  • To manage client relationships, including billing, communication, and marketing.
  • To comply with legal and regulatory requirements.
  • To improve our products and services based on client feedback and usage patterns.
  • For employment and human resource management (for employee personal information).

4. Consent

We obtain your consent before collecting, using, or disclosing personal information, except where permitted or required by law. Consent can be express (oral, written, or electronic) or implied (through actions such as the use of our services).

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. However, withdrawing consent may impact our ability to provide services to you.

5. Limiting Collection

We only collect personal information that is necessary to fulfill the purposes identified in this policy. We do not collect excessive information or use it for unrelated purposes. When we work with partner organizations, we take additional measures to qualify the necessity of data and exclude any data that can uniquely identify an individual patient or customer. In the event that this data use is necessary to meet service requirements, PHI is encrypted.

6. Limiting Use, Disclosure, and Retention

We use or disclose personal information only for the purposes for which it was collected, or as permitted or required by law. We retain personal information only as long as necessary to fulfill the purposes identified or as required by law.

Third-party service providers may be engaged to assist us in providing services (e.g., cloud service providers, payment processors). These providers may access personal information but are contractually obligated to protect it in accordance with this policy and applicable laws.

7. Accuracy of Personal Information

We take reasonable steps to ensure that the personal information we independently collect is accurate, complete, and up to date. You have the right to access and correct any personal information we hold about you.

8. Safeguarding Personal Information

We protect personal information using physical, organizational, and technological measures appropriate to the sensitivity of the information. These measures include:

  • Secure physical premises (e.g., locked offices, restricted access areas, locked server racks).
  • Technical safeguards (e.g., encryption, firewalls, location filtering, passwordless (key) logins).
  • Organizational measures (e.g., confidentiality agreements, staff training).

However, no method of transmission or storage is 100% secure. While we take appropriate steps to protect your personal information, we cannot guarantee its absolute security.

9. Access to Personal Information

You have the right to request access to any personal information we independently collect and hold about you. If you make such a request, we will provide you with access to your personal information within a reasonable time, subject to any exceptions provided by law.

You also have the right to challenge the accuracy and completeness of your personal information and request changes to it. If we make changes to your information, we will notify any third parties to whom we have disclosed your personal information, where appropriate.

10. Challenging Compliance

If you have any questions or concerns about our privacy practices, you can contact us at:

Email: service@korrelate.ca

We will respond to privacy complaints and inquiries in a timely manner. If you are not satisfied with our response, you may also contact the Office of the Privacy Commissioner of Canada.