The term “Personal Health Information” has the same meaning as set out under Ontario’s Personal Health Information Protection Act, 2004 (“PHIPA”) and includes information relating to an individual’s physical or mental health and health history. Personal Information also includes Genetic Information (described below), and includes any information collected through your use of the Site or the Rthm App, including but not limited to, heart rate information, sleep information, activity information, and mindfulness information.
All Personal Information and Personal Health Information collected by Rthm are treated and maintained in compliance with applicable privacy and health privacy legislation.
What Information Do We Collect?
When you sign up for an account on Rthm’s Site or one of the Associated Applications (“User Account”), you voluntarily provide us with certain personal information including your name, e-mail address, date of birth, age, gender, height, weight, and other data or information that has been requested by Rthm during the client account registration or renewal process (“Registration Data”). In order to purchase certain products or services from Rthm, your payment information, including credit card number or other form of payment, must be provided upon registration.
Collection of Genetic Information
Some or all of our users, may purchase, through the Rthm App or through the Rthm Site (but not through the Tau App), our genetic analysis services. If you do so, you will receive an Oragene-Dx DNA collection kit. By using the Oragene-Dx DNA collection kit and sending a saliva sample to Rthm, you are consenting to the processing, analysis, and storage of your DNA sample. Some users may upload previously acquired genetic data, such as data from a third party provider of genetic tests. By uploading your genetic data, you are consenting to the processing, analysis, and storage of your DNA information. The collection, processing and storage of your DNA sample (whether you receive an Oragene-Dx DNA collection kit or whether you upload your previously acquired genetic data), including the analyzed data is collectively referred to as your “Genetic Information”. You acknowledge that the analysis of your Genetic Information through Rthm may be used for the purposes as outlined below.
How Do We Use the Information We Collect?
We use the Personal Information and Personal Health Information we collect in order to:
- Provide you with the services offered by Rthm, including those provided through the Associated Applications.
- Help us create, develop, operate, deliver, and improve the Rthm service and other Rthm services, content and advertising, for loss prevention and anti-fraud purposes, and to comply with regulatory and legal requirements.
- Learn more about you and your product preferences by looking at your IP address and activity on websites. Rthm may also collect location data through the use of GPS technology and your IP address as part of the services provided by Rthm.
We may also use your Personal Information and Personal Health Information for:
- Marketing and Correspondence: From time to time, we may choose to keep you posted on Rthm’s latest products and service announcements, software updates and upcoming events that may be of interest to you. If you no longer wish to be on our contact list, you can opt-out any time by updating your preferences on your User Account.
- To promote services related to the Site or those of Rthm and/or our affiliates.
- Customer Support: If you contact our customer support with a comment, question or complaint, you may be asked for information that identifies you, such as your name and phone number in order to support any requests or inquiries made by you.
- To prevent, investigate or prosecute activity we think may be potentially illegal, unlawful or harmful.
Processing and Storage of your Personal Information
Personal Information and Personal Health Information will be collected, processed, stored and used by Rthm in connection with your use of the Site, creation of a User Account and use of the Rthm App, and may be transferred to third parties under the instruction of Rthm for processing and storage.
Your Personal Information and Personal Health Information may be processed and/or stored outside of Canada. Rthm undertakes measures to protect and keep confidential the Personal Information and Personal Health Information in its possession. However, if your Personal Information or Personal Health Information is stored and/or processed in other jurisdictions, the laws of other countries may not provide the degree of protection for Personal Information that is available in Canada. If your Personal Information is transferred outside of Canada, it may be available to the foreign government of the country in which the information or entity controlling it is situated under a lawful order made in that country and used for purposes other than those described herein. By providing us with your information, you acknowledge the above and are allowing your Personal Information and Personal Health Information to be transferred outside of Canada for the purposes specified above.
We will retain your personal information only for a time and to the extent necessary for the purposes for which it was collected as described in this Policy and for reasonable backup, archival, audit, or other similar purposes.
Sharing Your Personal Information
In accordance with this Policy, we may share your Personal Information or Personal Health Information with our affiliates and service providers who may be involved in delivering Rthm services to you, processing or storing data, providing customer support, and conducting customer research or satisfaction surveys. We may also share your Personal Information with our financial, insurance, legal, accounting or other advisors that provide such professional services to us. These service providers are obligated to protect your Personal Information and Personal Health Information, and they are only given the information necessary to perform their designated functions.
Rthm does not authorize any service providers to use or disclose your Personal Information or Personal Health Information for their own marketing or other purposes.
We may remove personal identifiers from your information and maintain and use it in anonymous form. De-identified information may be used in performing research, for educational purposes, business analytics, other commercial and non-commercial purposes, and may later be combined with other information to generate aggregated information. You agree that such anonymous, de-identified information and aggregated information may be sold, traded, rented, or shared with third parties.
We will not disclose, share, sell or rent your Personal Information or Personal Health Information in a personally identifiable form with any third party except if, you expressly consent, and to the extent necessary, in our good faith judgment, doing so is required to:
- comply with applicable laws or regulations;
- respond to a valid subpoena, order, or government request;
- establish or exercise the Rthm’s legal rights or defend against legal claims;
- investigate, detect, supress, prevent or take action regarding illegal or prohibited activities, suspected fraud, situations involving potential threats to the reputation or physical safety of any person; or
- as otherwise required by law.
You may also choose to independently share your Personal Information or Personal Health Information with individuals such as family members, friends, health care professionals or other individuals. If you choose to use third party services to share such information (i.e., social media, other websites or mobile applications), we remind you that Rthm does not have control over any of these third party service providers’ information practices or policies. Please review the privacy policies and terms of these third party service providers when accessing their services.
Rthm is responsible for Personal Information and Personal Health Information collected and under its control, including the transfer of Personal Information and Personal Health Information to a third party service provider for processing on our behalf.
Data integrity and security
We take data integrity and security seriously and aim to provide you with a safe experience. We have in place certain physical, electronic, technological, and organizational safeguards to appropriately protect the security and privacy of your Personal Information and Personal Health Information against loss, theft, and unauthorized access, disclosure, copying use or modification. Please note, however, that while we try to create a secure and reliable Site and application for users, the confidentiality of any communication or material transmitted to or from the Site, the Associated Applications, or via e-mail cannot be guaranteed.
Within Rthm, we limit access to your Personal Information and Personal Health Information to individuals on a need-to-know basis. In addition, your Personal Information and Personal Health Information is largely de-identified or anonymized to Rthm employees who have access to Personal Data.
Cookies and Similar Technologies
Limitation of Liability
THE LAWS OF CERTAIN JURISDICTIONS DO NOT ALLOW LIMITATIONS ON SOME TYPES OF DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE BELOW LIMITATIONS MIGHT NOT APPLY TO YOU.
WITHIN THE LIMITS ALLOWED BY APPLICABLE LAWS, YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT Rthm SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF Rthm HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), RESULTING FROM: (a) THE USE OR THE INABILITY TO USE THE SERVICES; (b) ANY ACTION YOU TAKE BASED ON THE INFORMATION YOU RECEIVE IN THROUGH OR FROM THE SERVICES, (v) YOUR FAILURE TO KEEP YOUR PASSWORD OR ACCOUNT DETAILS SECURE AND CONFIDENTIAL, (d) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES RESULTING FROM ANY GOODS, DATA, INFORMATION, OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO THROUGH OR FROM THE SERVICES; (e) UNAUTHORIZED ACCESS TO, USE OF, ALTERATION OF OR DESTRUCTION OF YOUR TRANSMISSIONS OR DATA, INCLUDING YOUR PERSONAL INFORMATION; (f) THE IMPROPER AUTHORIZATION FOR THE SERVICES BY SOMEONE CLAIMING SUCH AUTHORITY; or (g) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICES.
IN ANY EVENT, THE TOTAL LIABILITY OF 23ANDME, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS AND ADVISORS, TO YOU ARISING OUT OF ANY THEORY OF LIABILITY WHATSOEVER (INCLUDING NEGLIGENCE) SHALL BE THE TOTAL AMOUNTS PAID TO 23ANDME BY YOU.
Third Party Links
The Site and the Associated Applications may contain links to third parties' websites. We are not responsible for the privacy practices or the content of those websites. The Site may also contain links to terms and conditions and privacy policies of third party providers who provide tools or services on a website. Therefore, please read carefully any privacy policies on those links or websites before either agreeing to their terms or using those tools, services or websites.
Accessing and Updating your Information
At any time you can contact us to: stop receiving e-mails from us; review the personal information held by the Company in connection with your account; withdraw your consent for our use and disclosure of your information; request a list of third parties to which Rthm may have provided your personal information; close your account; and amend your personal information, where possible, by logging into your User Account.
If you contact us about your Personal Information or Personal Health Information, we will respond to your request within a reasonable time and at no cost to you. We may require you to provide sufficient information to allow us to identify you and tell you about the existence, use and disclosure of your Personal Information and this Personal Information will only be used for this purpose.
Attention: Privacy Officer
66 Gerrard Street East, Suite 202
Toronto, Ontario, Canada