Privacy Policy

1. INTRODUCTION

This privacy policy (the “Privacy Policy”), in compliance with the Personal Health Information Protection Act (“PHIPA”) and the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and the General Data Protection Regulation (“GDPR”) where applicable, describes how MedsOnWheels Inc. (“MedsOnWheels”, “Company”, “we”, “us”, or “our”) collects, stores, uses, and distributes personal information, personal health information and data of Health Service Providers, their Patients, and any other individuals (collectively, “you” or “your”), in the course of accessing and using the Site, Platform, Materials, and/or Services, defined below.

This privacy policy complies with regulations overseen by the Office of the Privacy Commissioner of Canada, the Information and Privacy Commissioner of Ontario, and other relevant provincial privacy authorities, including PHIPA and PIPEDA.

In the event of a data breach, individuals are advised to:

• Immediately change passwords for any affected accounts
• Monitor financial statements and credit reports for suspicious activity
• Contact relevant financial institutions to place fraud alerts
• Follow specific guidance provided by MedsOnWheels regarding the specific breach
• Failure to take these precautionary steps may increase individual risk of further data compromise.

MedsOnWheels respects your privacy and is committed to keeping personal information and personal health information accurate, confidential, and secure. We expressly prohibit the sale of any personal health information to third parties under any circumstances. As a Patient, when you receive a delivery from your Health Service Provider, your privacy is the responsibility of that Health Service Provider. When your Health Service Provider accesses and uses the MedsOnWheels Platform to send a delivery to you, the Health Service Provider authorizes MedsOnWheels to act as their affiliate for the purposes of electronic processing of relevant personal and health information you provide to the Health Service Provider, to the extent permitted by applicable law.

By accessing the Site or submitting information to us (either independently or through your Health Service Provider), you consent to the collection, use, and disclosure of your information by MedsOnWheels for the completion of a delivery by your Health Service Provider in accordance with the Health Service Provider’s privacy policies, this Privacy Policy, and applicable privacy legislation. This Privacy Policy is intended to be subordinate to and supports the Health Service Provider’s privacy policies.

You are also deemed to have read and accepted the terms of the MedsOnWheels Website Terms of Use. In addition, when you use any current or future MedsOnWheels Services, you will also be subject to the MedsOnWheels Terms of Use Agreement or other agreement governing your use of our Services as applicable.

IF YOU DO NOT AGREE WITH OUR PRIVACY POLICY, YOU MUST NOT ACCESS OR USE THE PLATFORM AND/OR MATERIALS IN ANY CAPACITY, YOU MUST INSTRUCT YOUR HEALTH SERVICE PROVIDER IMMEDIATELY TO CEASE ACCESSING OR USING THE PLATFORM OR MEDSONWHEELS’ SERVICES IN THE COURSE OF PROVIDING HEALTH SERVICES TO YOU, AND YOU MUST DISCONTINUE ALL USE OF THE PLATFORM AND SITE IMMEDIATELY.

2. DEFINITIONS

For the purposes of this Privacy Policy:

1. “Health Service Provider” – any qualified and authorized provider (as defined by relevant legislation) of Health Services including, but not limited to, pharmacists, pharmacies and clinics contracting to make use of the Platform to deliver Health Services to Patients.
2. “Materials” – any content, materials, questions, options, results, reports, or information found on or provided by the Platform, as a result of any data, including but not limited to Patient Data provided by you.
3. “Minor” – any person under the age of majority in the jurisdiction.
4. “Non-Personal Information” – means information from which all personally identifiable information is removed, which as a consequence is neither Personal Information or Personal Health Information and does not identify you, as such information is defined in any applicable provincial and federal legislation.
5. “Patient” – any individual who receives a delivery from a Health Service Provider.
6. “Patient Data” – information about an identifiable Patient entered into the Platform by a Health Service Provider
7. “Patient Representative” – a person authorized to act on the patient’s behalf to manage the patient’s prescriptions and Health Services.
8. “Personal Health Information” – means information about an identifiable individual that may be collected when you engage a Health Service Provider for a Health Service as such term is defined in any applicable legislation.
9. “Personal Information” – means information about an identifiable individual, including any “Personal Information” as such term is defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and any applicable privacy legislation.
10. “Platform” – the MedsOnWheels user platform for Health Service Providers.
11. “Privacy” – an individual’s right to retain control over the collection, use and disclosure of their personal information and personal health information.
12. “Services” – all services, except Health Services, made available by or through MedsOnWheels, including but not limited to services access through the Platform or the Site.
13. “Site” – means www.meds-on-wheels.ca and its related webpages.
14. “User Generated Content” (UGC) – any content whatsoever that you submit, create, upload, transfer, or otherwise make available by access to the Site or through the Services, including but not limited to messages, information, comments, feedback, images, data or in-media screenshots, videos, audio or other content posted in any public or private area within the Site or Platform.

3. RESPONSIBILITIES REGARDING THE PRIVACY OF PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION

In the event of a data breach, MedsOnWheels will immediately: (a) investigate the breach, (b) contain the breach to prevent further data loss, (c) assess the potential impact on Personal Information and Personal Health Information, (d) prepare a comprehensive incident response plan in consultation with affected Health Service Providers, and (e) notify the relevant Health Service Provider within 24 hours of discovering any data breach involving their patient information.

The Health Service Provider is responsible for the privacy of Personal Information and Personal Health Information for their patients as the ‘health information custodian’, as such term or other similar designation is defined in any applicable provincial legislation. If you have an inquiry about the collection, use and disclosure of information by Health Service Providers, please contact them directly.

In accordance with the MedsOnWheels Terms of Service Agreement (“Agreement”), Health Service Providers authorize MedsOnWheels to act as an affiliate for the purposes of processing relevant Personal Information and Personal Health Information, including Patient Data, in order for Health Service Providers to complete the delivery. MedsOnWheels shall adhere to the privacy policies of the Health Service Provider and all applicable legislation in accordance with the Agreement and Privacy Policy.

This Privacy Policy applies to Patients receiving delivery services by a Health Service Provider to the extent that it supports the Health Service Provider’s policies and clarifies MedsOnWheels approach to safeguards and compliance in relation to this obligation. At all times, the Health Service Provider’s policies and related agreements and applicable legislation they are subject to take precedence to this Privacy Policy.

4. ACCOUNTABILITY AND IDENTIFYING PURPOSE FOR COLLECTING PERSONAL AND PERSONAL HEALTH INFORMATION

MedsOnWheels has established policies and procedures to comply with this Privacy Policy. We have designated a Privacy Officer who is responsible for ensuring compliance with privacy legislation and addressing privacy-related inquiries. Any employee found in violation of healthcare privacy laws may face disciplinary action up to and including termination, and potential legal consequences as prescribed by PHIPA and PIPEDA. Our Privacy Officer can be contacted at privacy@meds-on-wheels.ca or 6477807109. [phone number]. 

MedsOnWheels will identify the purposes for which Personal Information and Personal Health Information is collected at or before the time the information is collected. If MedsOnWheels intends to use Personal Information and Personal Health Information for any other purpose, we will seek your consent, as required by law.

5. OBTAINING CONSENT

MedsOnWheels will obtain consent before or when we collect, use, or disclose Personal Information and Personal Health Information about you, except where otherwise required or permitted by applicable privacy legislation. We will maintain detailed records of all consent, including the date, method, and specific scope of consent. You can provide consent to the collection, use, and disclosure of Personal Information and Personal Health Information about you expressly, implicitly, or through an authorized representative, as required by applicable law. You can withdraw consent at any time, with certain exceptions required by law or necessary for service delivery, by contacting your Health Service Provider or our Privacy Officer at privacy@meds-on-wheels.ca. Please note that withdrawing consent may affect our ability to provide certain services.

MedsOnWheels will obtain explicit and informed consent before collecting, using, or disclosing any sensitive personal health information. Such consent will be specific, granular, and clearly explain the nature and purpose of collecting sensitive health data, ensuring patients fully understand the implications of sharing such information.

You may also choose not to provide us with your Personal Information or Personal Health Information. However, if you make this choice, we may not be able to provide you with the Services you request.

BY PROVIDING PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION TO YOUR HEALTH SERVICE PROVIDER AND CONSENTING TO THE USE OF MEDSONWHEELS AS PART OF RECEIVING A HEALTH SERVICE FROM THEM, YOU AUTHORIZE YOUR HEALTH SERVICE PROVIDER TO USE THE MEDSONWHEELS PLATFORM AND SITE AND UPLOAD PATIENT DATA SPECIFIC TO YOU AND YOU AGREE THAT THE HEALTH SERVICE PROVIDER AND THEIR AFFILIATE(S), INCLUDING MEDSONWHEELS, MAY COLLECT YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION AND YOU CONSENT TO THE USE, DISCLOSURE, AND TRANSFER OF YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION TO FACILITATE RECEIVING THIS SERVICE, IN ACCORDANCE WITH THE HEALTH SERVICE PROVIDER’S PRIVACY POLICIES AND AS PERMITTED OR REQUIRED BY LAW.

6. TYPES OF INFORMATION WE COLLECT

MedsOnWheels collects Personal Information, including but not limited to, the following:

• information that relates to an individual’s name, location information, addresses, telephone numbers, government-issued identification numbers, other identifying numbers, and any other information you provide to us, so that MedsOnWheels can provide Services and the Health Service Provider can complete the delivery.
• We collect personal health information that may include: medical history, prescription details, medication records, health service provider notes, contact information related to health services, and any other health-related information necessary to facilitate medication delivery and health services.

MedsOnWheels collects Technical Information which includes information and data that is collected when you access our Platform and Site including usage details, login information, browser types and versions, time zone setting, browser plug-in types and versions, operating system, or information about your internet connection, the equipment you use to access our Platform and Site, and usage details. Technical Information also includes non-personal details about your Site and Platform interactions such as clickstream to, through and from our Site (including date and time), pages you viewed, searches you conducted, page response times, download errors, length of visits, page interaction information (scrolling, clicks, and mouse-overs), etc.

MedsOnWheels also collects Non-Personal Information. This information can also include anonymous usage data that is non-identifying and aggregated data that has been de-identified or anonymized in accordance with our agreements with and in compliance with the policies of the Health Service Provider and applicable legislation they are subject to. THIS PRIVACY POLICY DOES NOT RESTRICT OUR USE OF NON-PERSONAL INFORMATION FOR ANY LEGITIMATE BUSINESS PURPOSE AND MEDSONWHEELS RESERVES THE RIGHT TO USE NON-PERSONAL INFORMATION WITHOUT FURTHER NOTICE TO YOU OR CONSENT, IN ACCORDANCE WITH LAW.

7. HOW WE COLLECT PERSONAL AND PERSONAL HEALTH INFORMATION

MedsOnWheels collects information in different ways, including:

• When Personal Information and Personal Health Information is provided to us – for example when a Health Service Provider signs up with MedsOnWheels, or when a Patient or Patient Representative provides Personal Information and Personal Health Information to the Health Service Provider along with the Patient’s consent and the Health Service Provider uploads Patient Data to the Platform.
• Automated technologies or interactions – information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other technologies.
• Where permitted by law – MedsOnWheels may also collect information as otherwise permitted by law.

8. HOW WE USE PERSONAL AND PERSONAL HEALTH INFORMATION

As a Patient of a Health Service Provider, MedsOnWheels will only use your Personal Information and Personal Health Information in the manner and for the purposes authorized and directed by the Health Service Provider as part of delivering the medication to you, in accordance with Health Service Provider’s privacy policies, our agreements with them, this Privacy Policy, and applicable legislation they are subject to.

With your consent, MedsOnWheels uses Personal Information and Personal Health Information for the purposes of providing access to and enabling the use of the Platform and Site. When you voluntarily provide Personal Information and Personal Health Information, we use this information in the following ways:

• To provide you access to and enable the use of the Platform and Site;
• To present our Platform and Materials to you;
• To provide you with information or Services that you request from us;
• To provide you with notices regarding your account, including expiration and renewal notices;
• To process subscription transactions;
• To notify you about changes to our Site or Platform;
• To improve our Site, Platform, marketing, or customer relationships and experiences;
• To conduct internal business processes;
• In any other way we may describe when you provide the information; and
• For any other purpose with your consent.

9. ELECTRONIC COMMUNICATIONS

When you visit the Site, Platform, or send emails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by email or by posting notices on the Site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing. It is your responsibility to ensure you provide an up-to-date and accurate email address regarding electronic communications.

If you have opted-in to receive marketing communications from us, we may send you promotional offers from time to time. You may unsubscribe at any time by clicking the unsubscribe link at the bottom of the message. This prevents any promotional emails from being sent to you unless you explicitly request that we re-add you to a promotion list.

10. HOW WE DISCLOSE THE DATA WE COLLECT FROM YOU

To the extent permitted by applicable law, we may disclose Personal Information and Personal Health Information that we collect, or you provide as Patient Data, as described in this Privacy Policy, with:

Our affiliates and subsidiaries may receive Personal Health Information for the following specific and limited purposes:

• 1. Delivering MedsOnWheels Services
• 2. Providing technical support
• 3. Providing administrative support
• 4. Conducting internal research and analysis
• 5. Making improvements to the Platform
• All such uses are strictly bound by confidentiality obligations and must comply with applicable privacy legislation including PHIPA and PIPEDA. Each purpose is limited to the minimum information necessary to achieve its specific objective.

Our contractors, service providers, and other third parties affiliated with MedsOnWheels include, but are not limited to:

• 1. Cloud service providers 
• 2. Payment processing partners
• 3. Technical support and maintenance vendors
• 4. Data analytics and research partners
• These third parties are obligated to protect Personal Information and Personal Health Information, and they are only given the information necessary to perform their designated functions. The collection and use of such information by third parties is subject to their own privacy policies and our strict contractual safeguards. These service providers include, without limitation:
• Uber Direct, a network of contracted drivers, offering secure delivery services across the country.  secure and compliant cloud hosting platform whose privacy policy can be found here or at https://www.uber.com/legal/en/document/?name=uber-for-business-dashboard-terms&country=canada&lang=en 
• Purolator, a shipping service, whose privacy statement can be found here: https://www.purolator.com/en/privacy-statement 
• Canada Post, a postal service, whose privacy statement can be found here: https://www.canadapost-postescanada.ca/cpc/en/our-company/transparency-and-trust/privacy-centre/privacy-policy.page 
• Chase, a payment processing platform, owned by JPMorgan Chase & Co. whose privacy policy can be found here or at https://www.chase.com/digital/resources/privacy-security/privacy/online-privacy-policy 
• ZenDesk, a customer service and relationship management service provider whose privacy policy can be found here or at https://www.zendesk.com/company/agreements-and-terms/privacy-notice/, and whose terms can be found here or at https://www.zendesk.com/company/agreements-and-terms/terms-of-use/.

We may share aggregate or anonymized information, including Non-Personal Information, with service providers, business partners, and other third parties, to the extent permitted by applicable law, including but not limited to for the purposes of evaluating the Services, research and analytical purposes, marketing, etc. We take steps to keep Non-Personal Information from being associated with you and we require our partners to do the same.

The choice to provide Personal Information and Personal Health Information to your Health Service Provider is yours. If you do not wish for MedsOnWheels to collect your Personal Information through the use of the Platform or Site, you can choose not to provide it. However, your decision to limit or withhold certain details may limit the Services that MedsOnWheels is able to provide the Health Service Provider. However, it is at all times your decision to provide, withhold, or withdraw your consent for the use of your Personal Information and Personal Health Information.

11. HOW WE LIMIT COLLECTION, USE, DISCLOSURE, AND RETENTION

MedsOnWheels collects Personal Information and Personal Health Information only by fair and lawful means and only collects the necessary amount of information as required for the purposes of providing the Services and in accordance with this Privacy Policy.

MedsOnWheels will use Personal Information and Personal Health Information only for the reasons as set out in this Privacy Policy. MedsOnWheels will keep Personal Information and Personal Health Information only as long as necessary for the identified purposes and as required by law, adhering to specific retention periods outlined in our Data Retention Policy and applicable healthcare privacy legislation. Upon expiration of the retention period, information will be securely destroyed or de-identified in accordance with industry standards. MedsOnWheels may share Personal Information and Personal Health Information to affiliates, subsidiaries, and other third parties only for the purposes of providing Services as set out in this Privacy Policy.

MedsOnWheels will share Personal Information and Personal Health Information only under the following limited circumstances:

• With explicit consent from the individual
• When required by law or a legal proceeding
• To protect the health, safety, or welfare of an individual
• For treatment, payment, or healthcare operations as defined by applicable healthcare privacy regulations
• To affiliated healthcare providers directly involved in the individual’s care
• When anonymized or de-identified in a manner that prevents individual identification
• Any disclosure will be limited to the minimum necessary information required to fulfil the specific purpose.

We implement comprehensive security measures to protect Personal Information and Personal Health Information, including: (1) technical safeguards such as encryption, secure servers, and regular security assessments; (2) administrative controls including mandatory comprehensive healthcare privacy law compliance training for all employees, access controls, and confidentiality agreements; and (3) physical security measures for our facilities. We regularly audit these security measures to ensure their effectiveness and compliance with PHIPA and PIPEDA requirements.

We retain Personal Information and Personal Health Information only as long as your Health Service Provider directs us to, in accordance with the Health Service Provider’s policies, our agreements with them, this Privacy Policy, and applicable legislation they are subject to.

12. DATA RETENTION POLICY

MedsOnWheels retains personal information and personal health information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our specific retention periods are as follows:

• Account Information: We retain account information for Health Service Providers for 7 years after account closure to comply with tax and business record requirements.
• Patient Data: We retain patient delivery information for 2 years from the date of delivery to support potential inquiries and quality assurance.
• Transaction Records: Financial transaction records are retained for 7 years to comply with tax regulations and financial reporting requirements.
• Communication Records: Customer service communications and support tickets are retained for 3 years from the date of last communication.
• Usage Data: Platform usage data is retained for 18 months to support system improvements and security monitoring.

The criteria used to determine these retention periods include:

1. Legal and regulatory requirements applicable to the healthcare and delivery industries
2. Operational needs for providing ongoing services and support
3. Contractual obligations with Health Service Providers
4. Industry best practices for data security and privacy.

When personal information and personal health information is no longer required, it will be securely deleted or anonymized in accordance with our data destruction protocols. Upon termination of any data sharing arrangement, all personal health information will be promptly returned to the Health Service Provider or securely destroyed within 30 days, with a detailed destruction certificate provided to confirm compliance. In certain circumstances where required by law or for legitimate business purposes, we may retain certain information for longer periods with appropriate safeguards in place.

You may request deletion of your personal information by contacting us at support@meds-on-wheels.com, subject to our legal obligations to retain certain information for specified periods.

Currently, MedsOnWheels or our third-party service providers retain, and store information collected by, or provided to, us in the cloud and on secure servers in Canada. Some of our third-party service providers may retain and store limited information outside of Canada in accordance with their respective privacy policies and as permitted by applicable data protection laws. While we undertake measures to protect Personal Information and Personal Health Information, when it is stored and/or processed in other jurisdictions, the laws of other countries may not provide the degree of protection for Personal Information and Personal Health Information that is available in Canada.  Where feasible, you will be notified of international data transfers and, in cases where such transfers are not essential to core service delivery, you will have the option to decline such transfers while still maintaining access to essential services.

13.  INTERNATIONAL DATA TRANSFERS

MedsOnWheels may transfer your Personal Information and Personal Health Information to service providers or third parties located outside of Canada only when necessary and in compliance with PHIPA and PIPEDA requirements. When we transfer your information across borders, we implement robust safeguards as required by Ontario privacy laws to ensure your data remains protected according to Canadian privacy standards, including:

1. Technical and Organizational Measures: We implement industry-standard encryption, access controls, and security protocols during all international transfers to protect data in transit and at rest.
2. Contractual Safeguards: We use standard contractual clauses and data processing agreements with all international service providers that legally require them to provide comparable levels of protection to those required under Canadian privacy laws, including PIPEDA.
3. Before engaging any international service provider, we conduct thorough due diligence to verify they maintain adequate data protection standards, including reviewing their security certifications, privacy policies, and compliance history. Health Service Providers retain the right to conduct independent audits of our data handling practices and third-party data management to ensure compliance with privacy regulations and contractual obligations.
4. Risk Assessment Process: We perform comprehensive risk assessments for all international transfers to identify and mitigate potential privacy risks, and we regularly review these assessments to ensure ongoing compliance.
5. Compliance Frameworks: Our international data transfer practices adhere to recognized privacy frameworks including ISO 27001 and SOC 2 standards to ensure consistent application of privacy principles across borders.

You have the right to request information about which countries your data may be transferred to and stored in, and to receive details about the privacy and security measures in place for such transfers. As required by PHIPA, we maintain a detailed record of all cross-border data flows and associated safeguards. For specific information about our international data transfer practices or to exercise your rights regarding your data, please contact our Privacy Officer at privacy@meds-on-wheels.ca.

14. INDIVIDUALS UNDER THE AGE OF 16

Generally, if you are under the age of 16, your parent, a children’s aid society, or another person who is legally entitled to give consent on your behalf, will act as your Patient Representative. That person can consent to the collection, use or disclosure of your information, except in certain circumstances.

MedsOnWheels will implement a robust age verification process to ensure appropriate consent is obtained. This may include requesting age-related documentation from the patient or patient representative during the registration or consent process. For individuals 16 and older, direct consent will be required, while for those under 16, consent must be obtained from a legally authorized representative. Our system will prompt and validate age-related consent requirements to ensure compliance with privacy regulations.

MedsOnWheels does not knowingly collect or use any Personal Information and Personal Health Information from individuals under the age of 16 unless provided by the Health Service Provider with the consent of the Patient Representative in accordance with the terms of this Agreement.

If you are 16 or older and capable of consenting, only you can consent to the collection, use or disclosure of your Personal Health Information unless you have designated a Patient Representative.

15. ACCESSING AND MAINTAINING ACCURACY OF YOUR PERSONAL AND PERSONAL HEALTH INFORMATION

Patients have the following fundamental rights under healthcare privacy laws: 

(a) Right to access their personal health information, 

(b) Right to request correction of inaccurate information, 

(c) Right to be informed about collection, use, and disclosure of their personal health information, 

(d) Right to withdraw consent for information use, 

(e) Right to file a complaint about privacy breaches, and, 

(f) Right to know how their information is protected. 

Access or correction requests may be denied in the following circumstances: 

(1) When the request could reveal personal information about another individual, 

(2) When the information is protected by legal privilege, 

(3) When the request is frivolous or made in bad faith, 

(4) When the information cannot be disclosed for legal reasons. 

Except as restricted by law, upon written request by you or an authorized representative, an individual will be informed of the existence, use, and disclosure of their Personal Information and Personal Health Information and will be given access to that information. All access and correction requests will be processed within 30 calendar days of receipt, with potential extension of an additional 30 days if necessary, with written notification of the reason for delay.

To request access to personal health information, individuals must follow these specific steps: 

(1) Submit a written request to MedsOnWheels’ Privacy Officer, 

(2) Include full name, contact information, and specific details of the requested information, 

(3) Provide government-issued photo identification to verify identity, 

(4) Specify the preferred method of receiving the information (email, mail, in-person review), 

(5) Include any relevant supporting documentation. Requests can be submitted via:

 (a) Email to privacy@medsonwheels.com, 

(b) Registered mail to the company’s official address, 

(c) In-person at the company’s primary office during business hours. 

MedsOnWheels will review and respond to access requests in a timely manner, typically within 30 calendar days. You are responsible for notifying MedsOnWheels, through your Health Service Provider, about the accuracy and completeness of your Personal Information and Personal Health Information and may have it amended as appropriate.

16. SAFEGUARDS

The safety and privacy of Personal Information and Personal Health Information is our top priority. Personal Information and Personal Health Information will be protected by security safeguards appropriate to the nature and format of the information being stored through physical, electronic, and administrative measures, including industry-standard encryption protocols for data at rest and in transit (such as AES-256 encryption for stored data and TLS 1.2 or higher for data transmission). We strive to protect Personal Information and Personal Health Information from theft, loss, and unauthorized access, copying, modification, use, disclosure and disposal. We conduct audits and complete investigations to monitor and manage our privacy compliance. We ensure that all of our officers, directors, employees and agents protect your privacy and only use Personal Information and Personal Health Information for the purposes to which you have consented.

We may transfer Personal Information and Personal Health Information that we collect or that Health Service Provider’s provide as Patient Data as described in this Privacy Policy to contractors, service providers, and other third parties we use to support our business purposes and who are contractually obligated to keep Personal Information and Personal Health Information confidential, use it only for the purposes for which we disclose it to them, and to process the Personal Information and Personal Health Information with the same standards set out in this policy.

There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, electronic, or administrative safeguards. We follow all privacy and security requirements as outlined in legislation. By sharing your Personal Information and Personal Health Information with us, you acknowledge that your Personal Information and Personal Health Information may be at risk should an external party breach our systems. As required by law, we will inform you of any breaches which would create a reasonable risk of harm to you. We will take reasonable steps to mitigate such risks and to prevent them from occurring again in the future.

17. DATA INCIDENTS

A Data Incident involves an unauthorized access, use, or disclosure of Personal Information and Personal Health Information, loss of Personal Information and Personal Health Information, or other breach in the protection of your Personal Information and Personal Health Information. In the event of a Data Incident, we will immediately implement our comprehensive Incident Response Plan, which includes: 1) Immediate containment of the breach, 2) Assessment of the incident’s scope and potential impact, 3) Notification of affected individuals and relevant authorities within required timeframes, which will include a detailed description of the nature, extent, and potential consequences of the data breach, 4) Forensic investigation to determine the cause, 5) Remediation strategies to prevent future incidents, 6) Documentation and reporting of the incident, and 7) Post-incident review and improvement of security measures. We will investigate to assess whether the incident poses a risk of serious injury to you. In these circumstances, you will be notified at the first reasonable opportunity or as otherwise required by law.

We recommend affected individuals take the following steps to mitigate potential adverse effects: 

1) Monitor financial statements and credit reports for suspicious activity, 

2) Consider placing a fraud alert or credit freeze with major credit bureaus, 

3) Change passwords for potentially compromised accounts, and 

4) Be vigilant about potential phishing attempts or identity theft.

A dedicated Data Breach Response Team will be established with clearly defined roles and responsibilities. The team will consist of key personnel including: 

1) Incident Coordinator: Responsible for overall management of the breach response, 

2) Technical Investigator: Conducts forensic analysis and determines technical cause, 

3) Legal Compliance Officer: Ensures regulatory compliance and manages legal reporting requirements, 

4) Communications Specialist: Manages internal and external communications, 

5) Security Analyst: Develops and implements remediation strategies. 

Each team member will have specific, documented responsibilities to ensure a coordinated and efficient response to any data incident.

18. OPENNESS ABOUT OUR POLICIES AND PROCEDURES

We will readily make available specific information about our policies and practices related to the management of Personal Information and Personal Health Information. Individuals will have access to this information through this Privacy Policy. The information will be available in a format that is easy to understand.

19. UPDATES AND CHANGES TO OUR PRIVACY POLICY

MedsOnWheels reserves the right to modify, update, or revise this Privacy Policy at any time. Updates may be made to reflect changes in legal requirements, organizational practices, or to improve our privacy protections. We will notify patients and health service providers of any material changes through the following methods: (1) email notification to registered users, (2) prominent posting on our website, and (3) direct communication through our platform’s messaging system. Any material changes to this policy will be communicated in advance to ensure transparency and allow affected individuals to understand and respond to the modifications.

It is our policy to post any changes we make to our Privacy Policy on this page. We include the date the Privacy Policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Site and this Privacy Policy to check for any changes. Your continued use or access of the Platform or Services after the effective date signifies your acceptance of and agreement to any changes.

20. QUESTIONS AND COMPLIANCE

We welcome your questions, comments, and requests regarding your Personal Information, Personal Health Information, this Privacy Policy and our privacy practices.

Last Updated: March 2025