Privacy Policy

WELLTIGO (www.welltigo.com) is a research platform [Website]. This Privacy Policy outlines the type of information WELLTIGO collects from individuals who have registered to join our platform [Members] and how and why this information is shared with third parties [Partners], including, but not limited to, pharmaceutical companies, medical device companies, non-profits, and research institutions. This policy also governs Platform Use Data (as described below) that we may collect from members and other visitors.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions.

The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Member/Patient means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Oromo Digital Group Inc., 250 Yonge Street, Suite 2201, Toronto, ON, M5B 2L7.

For the purpose of the GDPR, the Company is the Data Controller.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Account means a unique account created for You to access our Service or parts of our Service.
Platform/Website refers to WELLTIGO, accessible from www.welltigo.com
Service refers to the Website.
Country refers to: Ontario, Canada
Partners, third parties, including, but not limited to, pharmaceutical companies, medical device companies, non-profits, and research institutions.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

For the purpose of the GDPR, Service Providers are considered Data Processors.

Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.

Personal Data is any information that relates to an identified or identifiable individual.

For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Business, refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information.
Consumer, A resident, (1) every individual who is in the USA or Canada for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA or Canada who is outside the USA or Canada for a temporary or transitory purpose.
Sale, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal information to another business or a third party for monetary or other valuable consideration.
HIPAA, the acronym for the Health Insurance Portability and Accountability Act that was passed by US Congress in 1996. HIPAA does the following:

Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reduces health care fraud and abuse;
Mandates industry-wide standards for health care information on electronic billing and other processes; and
Requires the protection and confidential handling of protected health information

The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared. WELLTIGO has implemented policies and procedures to comply with HIPAA Privacy and Security Rules.

Collecting and Using Your Personal Data

Members should know that WELLTIGO takes reasonable and commercially technical precautions to help keep Member data secure, consistent with applicable EU and US (HIPAA) laws. We take these precautions in an effort to protect your information against security breaches. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such firewalls and secure server software (HIPAA compliant Amazon Web Services (AWS)). By using our Platform, you acknowledge that you understand and agree to assume these risks.

In the event of a breach, WELLTIGO will notify relevant regulatory authorities within 72 hours of becoming aware of the breach. We will notify you as soon as possible after that.

Types of Data Collected

Personal Data

Our goal is to provide a platform for patients who want to share their health experiences to create collective knowledge about disease, health, and treatments. We also want to share feedback on patient educational materials to our partners to better serve patient education in the future.

When a member enters what could reasonably be used to identify them, that data is treated as “Restricted Data.” Types of Restricted Data that members may submit on the Platform include:

Name, as collected as part of registration or in a Member’s Account Information;
Email address, as collected as part of registration or in a Member’s Account Information;
Password, as collected as part of registration or in a Member’s Account Information;
Mailing address, as collected via redemption of points for gift cards mail delivery program
Date of birth, as collected in your profile;
Any of the above entered as free text; and
Usage Data

WELLTIGO may de-identify Restricted Data, such that it no longer contains identifying information and is no longer Restricted Data, in which case such data shall be treated by WELLTIGO as Shared Data (described below). Examples of such de-identification include, but are not limited to, using age instead of birth date or using a zip code/postal code instead of a full address. WELLTIGO may also remove identifying information from free text entries like open text fields in surveys and other research activities. Once the identifying information is removed, WELLTIGO shall treat the free text as Shared Data

WELLTIGO may aggregate or statistically analyze Restricted Data, including from more than one member, in which case such resulting aggregated or statistically analyzed data shall be treated as Shared Data by WELLTIGO.

Restricted Data

We will never sell, share, or use your Restricted Data for non-WELLTIGO advertising purposes.

WELLTIGO uses Restricted Data internally, as needed, for maintenance and operation of the Platform, and to create the best possible tools and experience for patients and caregivers. We take steps to protect this data and limit access to only those who need it for their job.

If we have a Member's permission, their email address will be used to send them a variety of notifications, including survey invitations and newsletters. However, all Members receive administrative emails (like forgot password messages) and you cannot opt out of administrative emails while you remain registered with the Platform.

WELLTIGO will share Restricted Data, in some instances, with Vendors for the purpose of operating or improving our services. Before sharing Restricted Data with a Vendor, WELLTIGO will investigate potential Vendors to ensure that their security and privacy practices are compliant with relevant regulations and up to WELLTIGO standards. Specific examples where Restricted Data may be shared with Vendors include:

When a Member requests point redemption for gift cards, WELLTIGO may use Restricted Data, including sharing the Member’s Restricted Data with software/service Vendors, for the purpose of fulfilling the request.

Shared Data

“Shared Data” is all information, except Restricted Data, that Members provide about themselves when using the Platform or in other communications with WELLTIGO. Examples of Shared Data that Members may submit include:

Biographic and demographic information, e.g. gender, age, location (city, state/province, and country);
Condition/disease information, e.g. diagnosis or condition;
Individual and aggregated structured survey responses;
Non-identifying information shared via free text fields. e.g. surveys,

WELLTIGO may aggregate or statistically analyze Shared Data, including from more than one Member, in which case such resulting aggregated or statistically analyzed data shall also be treated as Shared Data by WELLTIGO.

Shared Data is shared with the Partners through aggregated reports.

WELLTIGO and its Partners are interested in better understanding the patient experience/journey and improving treatment options and health outcomes for everyone. For example, we may look at questions such as, “Do certain treatments work better for some types of people versus others?” WELLTIGO provides Shared Data, in aggregate format, to Partners for use in market research. When selling this information, WELLTIGO removes Members’ Restricted Data (de-identification) to reduce the possibility of re-identification and, where possible, contractually forbids Partners from trying to re-identify Members.

Adverse Event Reporting

WELLTIGO may also report individual adverse event and drug safety information to regulatory Partners like the FDA, CDC, and/or other bodies (US and international), as well as directly to pharmaceutical and biotechnology companies. WELLTIGO does not provide Restricted Data to such regulatory bodies, although we reserve the right to contact Members for follow-up at the request of agencies or Partners. The Shared Data that WELLTIGO reports may include free text on the surveys or evaluations. These Partners may have adverse event reporting requirements that relate to regulated products that are used by Members of our community and WELLTIGO assists such Partners with reporting adverse events to regulatory agencies.

Platform Usage Data

Usage Data may be collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We may use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.

We use both session and persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Tracking and Performance Cookies

Type: Persistent Cookies

Administered by: Third-Parties

Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new advertisements, pages, features or new functionality of the Website to see how our users react to them.

Who Uses Platform Data?

The Company uses the Platform Use Data for several purposes:

Authentication: We use Platform Use Data stored in cookies on your computer to indicate that you have logged into your WELLTIGO account and to enable you to use certain portions of our Platform.

Understand Our Users: We use Platform Use Data to analyze trends, track users' movements around the Platform, and gather demographic information about our user base as a whole. This provides us with the ability to determine aggregate information about our user base and usage patterns. Understanding how people use our Platform allows us to make the Platform better for everybody.

Administer Platform: We use Platform Use Data to help administer the Platform and Members’ use of the Platform. We may, in some circumstances, need to review this Platform Use Data in combination with specific Restricted Data to identify and resolve issues for individual users.

Advertising: We may use cookies or Platform Use Data to tailor advertisements about joining WELLTIGO, to promote certain participation opportunities to you, or to exclude you from advertising that is not relevant to you, including when you are visiting other sites or platforms.

Use of Your Personal Data

WELLTIGO believes that the above rights mean that any processing of your Personal Data must have a solid legal basis. GDPR sets out a few possible bases, three of which apply to WELLTIGO and the Platform.

We need to use some identifying information just to operate the service. This includes your email address, username, password, and IP address, among other items.
We may use identifying information for research with your consent. We will always ask for your explicit consent before sharing this information with our Partners. This is described further, below.
In rare cases we may need to share your identifying data to comply with a legal obligation. This is described further, below.As with data rights, we believe that all processing of any user’s Personal Data should be for a clear and transparent reason.

There are three broad groups of people with whom we share data, including Personal Data.

WELLTIGO – We use the data you provide internally, both to improve our services and to conduct our own research.

Our Partners – WELLTIGO frequently partners with other institutions to share research results. These Partners include, but are not limited to: pharmaceutical companies, diagnostic companies, and other research firms.

Vendors – We also contract with various service providers for business and technical services like email delivery, site hosting, e-commerce, and others. Details of how these different groups use your data is provided below.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of

Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data

Service Providers have access to Your Personal Data only to perform their tasks on Our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

We may use Email Marketing Service Providers to manage and send emails to You.

Behavioral Remarketing

The Company uses remarketing services to advertise on third party websites to You after You visited our Service. We and Our third-party vendors use cookies to inform, optimize and serve ads based on Your past visits to our Service.

Google Ads (AdWords)

Google Ads (AdWords) remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Facebook

Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation

Usage, Performance and Miscellaneous

We may use third-party Service Providers to provide better improvement of our Service.

Invisible reCAPTCHA

We use an invisible captcha service named reCAPTCHA. reCAPTCHA is operated by Google.

The reCAPTCHA service may collect information from You and from Your Device for security purposes.

The information gathered by reCAPTCHA is held in accordance with the Privacy Policy of Google: https://www.google.com/intl/en/policies/privacy/

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.

There are instances, not covered above, where Shared Data, Restricted Data, and Platform Use Data may be used and disclosed including, but not limited to, the following:

WELLTIGO may use a Member’s data in the case of an emergency or other circumstance that we determine requires a member of the management team to directly contact the Member. For examples, a data breach that put the Member at risk would prompt someone to be in touch.
WELLTIGO may share or disclose a Member’s data where required to comply with lawful requests from public authorities, including for national security or law enforcement requests, to comply with legal process, to resolve disputes, to enforce our agreements (including this Privacy Policy and the Terms of Use ), or if in our reasonable discretion use is necessary to protect our legal rights or to protect third parties.
WELLTIGO may transfer the Shared Data, Restricted Data, and Platform Use Data to any successor to its business as a result of any merger, acquisition, asset sale, bankruptcy proceeding, or similar transaction or event, with such successor bound by the terms of this Privacy Policy with respect to its use and disclosure of such information.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

All individuals have rights regarding data that is identified or connected to their identity/personal data.. The European Union’s (EU) General Data Protection Regulations (GDPR) describes these rights in law, but WELLTIGO believes they apply to all individuals. These rights include:

You have the right to clear and transparent communication about your personal data. We want to make this policy as clear as possible and provide a friendlier version to help you understand it.
You have the right to request a copy of your personal data in a common digital format. To request this information, please contact our WELLTIGO team.
You have the right to edit or correct any Personal Data. You can edit most of your information on the site. If you need help with this contact our WELLTIGO team.
You have the right to request that your Personal Data be deleted. To do this, contact our WELLTIGO team.
You have the right to be notified of any breach involving your Personal Data. We will notify the appropriate data protection authority within 72 hours of detecting a breach involving your data. We will notify you as soon as possible after that.
You have the right to object to the processing of your data. For clarity, we may still share with our Partners data regarding you that does not identify you and is not connected with you (“De-Identified Data”). You may withdraw consent at any time, though that will not change any processing that has already occurred or research where analysis has started or is completed. You may also request to close your account at any time (see Close Your Account below).

In some cases, these rights might be restricted. Some examples would include where the information requested is the subject of legal proceedings or investigation. Additionally, processing that has already occurred cannot be undone. Further, these rights to edit, delete, be notified of a breach, and object to processing all apply to Personal Data and do not apply to De-Identified Data that, for example, has been shared by us with our Partners and Vendors.

If you have questions or complaints about our handling of these rights, see the information at the end of this policy.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting the WELLTIGO team. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

Children's Privacy

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Close your Account

Members are free to stop using this platform at any time. If a Member chooses to deactivate his/her account, WELLTIGO will not display or sell the Member’s Personal Data as of the date of deactivation. However, the Member’s Personal Data, including Shared and Restricted Data, will remain in the system for up to 6 years unless you contact our WELLTIGO team to request that your data be deleted.

It is important to note that, even if you request deletion, any research conducted, or in progress, prior to deactivation will still include your data.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

Oromo Digital Group Inc.

Attn: Chief Privacy Officer

250 Yonge St. Suite 2201

Toronto, ON, M5B 2L7

privacy@welltigo.com

AdverseEventReporting