This policy is concerned with the protection of personal information only. Personal information includes any data that can be used to identify you as an individual, including your name, income, personal opinion, interests, home contact information, identification numbers, user IDs, passwords, ethnic origin, age and device location. Under Canadian law, in a business context, personal information does not include the name, job title, business address, or business telephone number of an employee in an organization.
This policy describes the following practices:
- Collection, use and disclosure of information that we collect from you when you use our MetricWire Mobile Application
- Security Approaches we use to protect your information
- Sharing of your personal information
- Maintaining your personal information
- Contacting our Privacy Officer
Collection, Use and Disclosure of information that we collect from you when you use our MetricWire Mobile Application
The Research Team conducting the study determines the types of data and information collected from you through the MetricWire Mobile Application. This may include:
- Identity Data such as your name, age, date of birth, ethnicity, race, sex or gender
- Contact Data such as your address, email, telephone number and if applicable, contact information of emergency contact
- Data from connected devices/wearables: we may collect this data after you authorize and connect your wearable devices to the MetricWire platform if researchers enable these features.
- Location/Sensor Data: this data is collected in the background on the mobile applications if the researchers enable these features. You will be prompted for authorization for background data via in-app permission dialogs, and can allow or decline these permissions based on your preferences. This data includes the longitude, latitude, altitude and speed during the use of the MetricWire application. This data may also be used for prompting assessments in geofences that a researcher may set. The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements.
- Usage Data: MetricWire’s software and services contain features that automatically collect information from users, such as usage statistics, and other tracking information. Although this information will not identify you personally, it nevertheless provides certain information about you, and we, therefore, treat it as personal information. Additionally, use of MetricWire’s website and/or software may result in the collection of technical information such as your computer’s or phone’s IP address, operating system, browser name/version, the referring web page, requested page, date/time, and sometimes a “cookie” (which can be disabled using your browser preferences); such information is used to help us understand the overall usage pattern of our website and software.
The Research Team is responsible for obtaining your informed consent prior to collecting ANY data from you using the Metricwire Mobile Application. At a minimum, such consent should include:
- Nature, purpose, and duration of the research study
- Study procedures, risks, and benefits to the participating in the research study
- Information about confidentiality and handling of data (including any sharing with third parties)
- A point of contact for questions
- The withdrawal process
The Research Team is responsible for ensuring the study (including consent materials) has been approved by an Ethics Review Board.
All of the data and information collected through the MetricWire Mobile Application as part of your participation in this research is owned and controlled by the Research Team. MetricWire has no commercial interest in the data and information you submit through the MetricWire Mobile Application and; we will never access, use or disclose your data to any third party except as required to support your participation in the study and the research team’s administration of the study.
Security Approaches we use to protect your information
Our Software was built to protect the most sensitive research data and comply with the Health Insurance Portability and Accountability Act (HIPAA) and 21 CFR Part 11 (Electronic Signatures in Clinical Research) in the United States and, the General Data Protection Regulation (GDPR) in the EU.
We enter into Data Protection Agreements and regularly audit our relationships with all of our service providers to ensure they have administrative, physical, and technical safeguards to protect your data. All MetricWire employees providing application support to you or the Research Team have access to the minimum amount of data necessary to do their jobs and; MetricWire requires all employees to participate in on-going data privacy & security awareness training.
When you submit response data using the MetricWire Mobile App or sensor data is passively logged and your mobile device is connected to the internet, your data are immediately synced to HIPAA-Compliant servers located in the United States and removed from your mobile device. The data are encrypted end-to-end during transmission using TLS (1.2 &1.3) Protocol. MetricWire servers use an Encryption Token to verify that the data is coming from the correct source (authenticity) and that the data have not been modified in-transit (integrity).
If you are not connected to the internet, the data are temporarily stored on your mobile device until the next time you are connected to the internet. The MetricWire Mobile Application stores your response and sensor data in an encrypted format without any additional identifying information using AES-256 encryption keys. The data cannot be accessed using the Mobile Application Interfaces. Additionally, MetricWire has implemented security features such as a PIN code on the app itself to ensure only you are able to access your MetricWire study materials. When the MetricWire Mobile Application detects an internet connection, your encrypted data are securely transmitted to MetricWire servers and removed from your device.
When the study is over, the Research Team will delete your data from the MetricWire servers. MetricWire does not retain any additional copies of your data on our servers or in the MetricWire Mobile Application. If you would like to access any of your data at any time during your participation in this study, please contact the Research Team or reach out to [email protected] and we will help facilitate your request.
Sharing your personal information
Subject to any exceptions stated above in the collection of information section, should MetricWire collect any of your personal information, we will follow these practices regarding the distribution of that information.
We only share your information with your consent
MetricWire provides your information to third parties only for purposes to which you have consented – which consent shall be deemed if you choose to respond to assessments, allow sensor/location tracking or connect your wearables through the MetricWire software and services – and we require such third parties to keep your information confidential.
In a few situations, MetricWire may be required to disclose your information without your prior consent. For example, MetricWire may disclose your information if we are required to do so by law, or if we believe in good faith that such disclosure is necessary to:
- comply with the law or legal process
- protect and defend our rights and property, or the rights and property of a third party
- protect against misuse or unauthorized use of any of MetricWire’s products, software, services, or other proprietary materials
- protect the personal safety of any person
MetricWire will always try to provide you with prior notice of such disclosure; however, such notice may not always be possible or reasonable given the circumstances.
Subscriber information will never be sold/shared with 3rd parties for their direct marketing purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Maintaining Your Personal Information
MetricWire has established the following practices regarding the maintenance of your personal information.
You can request access to your personal information at any time
If, for any reason, you wish to review your personal information that MetricWire has in its possession, you can contact our Privacy Officer, who will provide you with all your personal information that MetricWire has on file.
You can request changes to your personal information at any time
Sometimes, it will be necessary for you to update your personal information MetricWire has on file. For example, if you change email addresses or phone numbers, you may have to update your information in order to keep using the services provided by MetricWire.
If you wish to make any changes or corrections to your personal information, please contact our Privacy Officer who will implement the changes. This will help us ensure our records are always up-to-date.
You can opt out of communications at any time
Additionally, you always have the choice of whether you wish to receive information – such as e-mail updates – from MetricWire. In some cases, you may do so simply by changing the preferences in the software application through which MetricWire provides the services.
If you do choose to opt out of communications respecting products and services provided by MetricWire, you may not obtain all the benefits we could otherwise provide, such as updates or warnings. MetricWire will not have any liability to you for your loss of those benefits or any negative effects respecting your use of MetricWire’s products or services.
You can request that your personal information be destroyed at any time
A situation may arise where you desire to have all of your personal information that is contained in MetricWire’s records deleted or destroyed. If this is what you wish, please submit your request to our Privacy Officer by email. However, there may be situations where we are obligated to retain one archival copy of your information to allow us to comply with laws or respond to legal processes. We will inform you of all such situations, and will only use your retained personal information to the limited extent necessary to comply with such laws or respond to legal processes.
For the purposes of GDPR, Metricwire has appointed Prighter Group as our privacy representative in both the European Union (EU) and United Kingdom (UK). If you want to contact our representative or make use of your data subject rights, you can do so via our compliance page.
Contacting Our Privacy Officer
Charles De Souza
Privacy Officer | Metricwire Inc.
PO Box 22015 Westmount PO
Waterloo, Ontario, Canada