Health StoryLines Web & Mobile app
Privacy Policy
US & CANADA
Last update on 30 May 2024
Health StoryLines is a platform owned by Alira Health for use on a mobile or web-based device to assist in your personal healthcare and provide those who have referred you, information that in turn can be used for additional guidance to improve your healthcare decisions.
Alira Health is a global healthcare firm whose mission is to humanize healthcare and life sciences in partnership with patients. From development to medical care, Alira Health complements the expertise of Pharma, Biotech, and MedTech clients with a full spectrum of services across entire solutions lifecycle, including clinical operations, real-world evidence, and patient-centric technology offerings.
This Privacy Notice explains how your personal data are processed when using Health Storylines on a mobile or web-based device.
When using Health StoryLines, Alira Health can be qualified differently regarding different data processing.
Alira Health is responsible of the data processing for activities dealing with
the management of Health StoryLines app such as:
Handling requests and complaints regarding the functioning;
Use of cookies for the functioning and managing;
Any processing strictly related to platform usage
Answer Bot to help the user thanks to a FAQ section (not available on the web-based service)
to generate, through Health StoryLines app, real word evidence for patients based on the monitoring of their pathology, the occurrence of potential side effects and drug intake
To send users information about studies or registries they may be eligible for based on the data they provided.
To request users to participate in interviews
To analyze data for research purposes with or without a Partner/Client involvement.
Alira Health acts also as a Service Provider under the instructions of clients for all the health care personal data collected in a project-specific way, through forms for example, and processed in the context of the eligibility assessment for clinical trials, registries or any other patients involving projects. If applicable, please refer to the specific tab/inform consent linked to the project in which you are involved to have more information.
This Notice provides information covering both abovementioned cases.
Alira Health and its clients, as Data Controllers of personal data, have committed to comply with:
The California Consumer Privacy Act 2018 (hereinafter the "CCPA"), The California Consumer Privacy Rights Act 2020 (hereinafter "CPRA"), The Californian Online Privacy Protection Act 2003 (hereinafter the "CalOPPA");
Federal Trade Commission’s Health Breach Notification Rule (16 CFR Part 318);
The Canadian privacy laws, including but not limited to the federal Personal Information Protection and Electronic Documents Act S.C. 2000 (“PIPEDA”), c. 5 as last amended on 2019, June 21 and any applicable provincial laws.
Colorado Privacy Act (“CPA”);
Connecticut Data Privacy Act (“CDPA”);
Oregon Consumer Privacy Act (“OCPA”);
Texas Data Privacy and Security Act (“TDPSA”);
Utah Consumer Privacy Act (“UCPA”);
Virginia Consumer Data Protection Act (“VCPA”).
Collectively referred as "Privacy Laws".
With this Privacy Notice, Alira Health want to make sure that you understand what personal information is collected about you, how your personal information is used, by which party, and how it is kept safe.
1. GENERAL WARNING
Access to the Alira Health’ mobile or web platform implies the User’s full and unreserved acceptance of this Privacy Notice (hereinafter the “Notice”), as well as its general terms of use and its Cookies Notice. The User acknowledges having read the information below and authorizes Alira Health to process, in accordance with the provisions of the Notice, the personal data that he/she communicates on the Website.
The Notice is valid for all pages hosted on the Application. It is not valid for the pages hosted by third parties to which Alira Health may refer and whose privacy policies may differ. Alira Health held responsible for any data processed on these websites or by them.
All processing of information will take place in Canada. If you reside outside Canada, your information will be transferred to Canada securely, where it will be processed and stored under Canada privacy standards. For users in the United States, Alira Health operates as a HIPAA business associate to your healthcare provider or third party that has referred you. By using Platform and providing information, you consent to such transfer to, and processing in, Canada. If you have downloaded the Platform by mistake, please go to Section 4 concerning “Uninstalling the Application.”
2. INFORMATION COLLECTED
When you disclose personal data via project-specific questionnaires, forms or other, Alira Health is acting as Service Provider of its Customers, which acts as controllers of data. This information will be:
stored on AWS servers in Canada (ca-central-1 region) for the purpose of data backup;
shared only in an aggregated anonymized form with Alira Health’ Customers
shared in identifiable form with the Alira Health’s Customers for the purposes detailed in the study/project/registry specific documentation (i.e. Informed Consent and specific Privacy policy and Terms of Use, if applicable), upon your specific consent.
some identifiable data (like your e-mail address) could also be shared with Alira Health for managing the data collection of the purposes of the study/project/registry as explained in the below table.
Your information will be used exclusively for processing your request of participation to the project described. Your personal information will be treated in strict confidence and will not be disclosed to third parties, unless specified in project-related specific tab of this privacy notice.
Depending on the purpose for which we process your personal data, Alira Health and its customers, as data controllers, need to process one or other personal data. Data provided will not be kept for longer than necessary to fulfill the purposes for which they have been collected, including any legal requirements. Depending on each case, the processing will therefore be as follows:
| Purposes | Types of personal data | Responsible for collection | Retention period |
|---|---|---|---|
| Account creation for Health StoryLines platform | Name, surname , phone, email address, age, sex | Alira Health | As long as you use the platform and 3 years after you stop using it |
| Improving personal health care | Healthcare information (specific to each project – see specific tab related to the project for which you participate) | Alira Health’s clients | As long as you use the platform and 10 years after you stop using it, but this can be longer depending on the regulations related to the project (for example clinical trial). |
| Improving personal health care | Aggregated healthcare data | Alira Health and its Clients | These data will be de-identified (cannot be linked back to you anymore) and aggregated. No retention period is required for this data. |
| To answer to your queries either by email or through the contact form | Name, email address, project associated (if applicable) Please note that other Personal Data may be processed by Alira Health’ clients depending on your request and the information you provide us. |
Alira Health and Clients (if applicable) | We will process your data for the time necessary to meet your request. The retention period is 3 years, to ensure customer issues are resolved and for accountability purposes, but this can be longer depending on the regulations related to the project (for example clinical trials). |
| To answer your questions thanks to an Answer Bot ( mobile app. Only) The Bot only provides information based on a FAQ | Name, email, conversation history |
Alira Health and it’s vendor Zendesk | NA – Conversations are stored only if you opt to contact a support agent |
| To send you newsletters and educational material | Name, email address | Alira Health and its Clients (see specific tab related to the project in which you are involved) | We will process your data until you unsubscribe to the Newsletter or after 3 years of non-activity. |
| To send you information about clinical study you may be eligible for based on the data you provided. | Name, Email address, Healthcare information | Alira Health | As long as you use the platform and 3 years after you stop using it |
| To invite you to an interview in which we gather your preferences and feedback about the platform. | Name, Email address, Healthcare information |
Alira Health |
As long as you use the platform and 3 years after you stop using it. |
| For statistical purposes | Aggregate statistical data (e.g., Company page on Twitter, Facebook, Instagram, LinkedIn, YouTube and Flickr). | Alira Health | Statistical information is stored by Twitter, Facebook, Instagram, LinkedIn, YouTube and Flickr and consequently subject to their retention policy. We may export statistical reports, but we guarantee that this is only in an anonymous form. |
| Use of cookies for the functioning and managing of our website | Cookies may store in certain circumstances personal data which may include IP addresses, browser type, location, operating system,… | Alira Health | Please, see our Cookies Notice |
3. DISCLOSURE TO THIRD PARTIES
We do not sell or trade to outside parties your identifiable personal data.
Nevertheless, we may disclose User Provided Information and Automatically Collected Information we collect from you to third parties, including client pharmaceutical companies, for their own market research purposes where it is not prohibited by applicable laws. Prior to any disclosure to third parties, your User Provided Information and Automatically Collected Information is de-identified as described herein so that the information cannot be linked back to you.
You can always disable the access of the User Provided Information and/or Automatically Collected Information by written request. If you need help with this, Alira Health Privacy and Security Official will assist you.
De-identification will be accomplished using the safe harbor method as described by 45 CFR § 164.514(a) in the Guidance on De-identification of Protected Health Information September 4, 2012, published by the U.S. DHHS.
De-identified data files will be transmitted to the third-party purchaser using a Secure FTP or other encrypted transmission methodology.
In some particular case we may disclose your email address (or other identified data; see project-specific tab) following specific demand from our customers. Such disclosure, if any, its purpose and third parties concerned are described in the customer’ specific tab of this privacy notice.
In case we transfer your data outside your country of residence, this will be carried out in one of the ways permitted by :
PIPEDA, including relevant Provincial requirements for Canada, such as based on a contract including the appropriate provisions necessary for the protection of such information in accordance with the applicable privacy legislation;
For the U.S., by any applicable requirements provided by privacy laws.
You can contact our Data Protection Officer, hereinafter as DPO, (see contact details below), if you want to have more details about the mechanism supporting data transfer.
4. UNINSTALLING THE APPLICATION
You can stop all collection of information by uninstalling the Platform through use of the uninstall processes available on your mobile device, the mobile platform marketplace, or network.
5. Children's Online Data.
It is not our intention to collect personal information from children under the age of 13 through our website. If you are under 13, please do not give us any personal information through our website. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Notice by instructing their children never to provide us personal information. Consistent with the requirements of the Children’s Online Privacy Protection Act (COPPA), If we have reason to believe that a child under age 13 has provided personal information to us through our website, we will use that information to contact and inform the child that he/she cannot use the website. Consequently, we will endeavor to delete that personal information from our records, unless other applicable law requires us to retain that information
6. YOUR PRIVACY RIGHTS
You may update/correct your personal information and your preferences, including opting out of particular communications by contacting our Privacy Officer for assistance:
Alirahealth.HSL.dpo@mydata-trust.info.
If you are part of a project, please refer to the specific tab/informed consent linked to the project in which you are involved to have the specific email address for privacy enquiries.
If you are based in Canada, the rights listed in the ‘Additional States Specifics’ for PIPEDA shall apply to you when we process your Personal Information.
If you are established in one of the U.S. states listed in the section ‘Additional States Specifics’, please note that you are entitled to the to the specific additional rights mentioned in the corresponding section.
7. Additional right’s Country or US States’ Specifics
Canada
If you are a Canadian resident, we shall comply with all the Canadian privacy laws, including but not limited to the federal Personal Information Protection and Electronic Documents Act S.C. 2000 (“PIPEDA”), c. 5 as last amended on2019, June 21 and any applicable provincial laws (altogether referred as “Canadian Privacy Laws”).
Under PIPEDA, you have the rights to have access to your personal information, to request for rectification of inaccurate information (right to accuracy and completeness), to withdraw your consent at any time when our processing is based on your consent. Please note that all these rights are not absolute and will be assessed on a case-by-case basis by our Privacy Officer :
Alirahealth.HSL.dpo@mydata-trust.info.
In case we transfer your personal information outside Canada, this will be carried out in compliance with Canadian Privacy Laws requirements, including a contract containing the appropriate provisions necessary for the protection of such information in accordance with the applicable privacy legislation.
You can also lodge a complaint to the Office of the Privacy Commissioner of Canada to report any concern : https://www.priv.gc.ca/en/report-a-concern/.
United States
Depending on your residency in the U.S., you may have certain additional information and rights. These information and rights are entitled by U.S. States providing for a specific privacy framework, including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah and Virginia.
When you are established in one of the states listed above (unless otherwise specified) you benefit the following rights.
You have the right to request access from Alira Health, the information or categories of information collected about you, the information or categories of information shared with third parties, or the specific third parties or categories of third parties to which the information was shared; or some combination of similar information.
You can request from Alira Health the deletion of personal information about you under certain conditions that will be provided by the Privacy Officer.
Right to portability. You can request your personal information be disclosed in a common file format.
Right to opt out for sales/share of your personal information: We will not sell/share any personal information we collect about you.
You also have the right to opt-out of processing for profiling/targeted advertising purposes (not applicable under Iowa Consumer Data Protection Act and the California privacy laws). This means that you can direct us not to treat your personal information for profiling and targeted advertising purposes.
You have the right to opt in for sensitive data processing (not applicable under Iowa Consumer Data Protection Act, California privacy laws and Utah Consumer Privacy Act). This means that we will only process your sensitive personal information with your consent.
Right against automated decision making (not applicable under Utah Consumer Privacy Act): We will not make decisions about you based solely on an automated process without human input.
Do Not Track ("DNT") requests (only applicable under the Californian Online Privacy Protection Act and the Delaware Online Privacy and Protection Act).
Some web browsers incorporate a "do-not-track" that signals to websites with which the browser communicates that a visitor does not want to have his/her online activity tracked. As of the October 2023, not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, Alira along with many other digital service operators do not currently respond to DNT signals. Therefore, if you don’t want to be tracked, please select the refuse Button available on the Cookies Banner or select your preference under the cookie settings. For more information about DNT signals, visit allaboutdnt.com.
Californian additional rights
If you are a Californian resident, we shall comply with The California Consumer Privacy Act 2018 (hereinafter the "CCPA"), The California Consumer Privacy Rights Act 2020 (hereinafter "CPRA"), The Californian Online Privacy Protection Act 2003 (hereinafter the "CalOPPA").
Under CCPA/CPRA and CalOPPA provisions, additional information and rights shall be provided as follows:
"Shine the Light "and "Eraser" Laws.
You may request a list of all third parties to which we have disclosed certain information for those third parties’ direct marketing purposes.
The right to know.
You may have the right to request that we disclose to you the personal information we have collected or sold about you and how it is used and shared. Here is the information you may have access to:
the categories of personal information collected;
the categories of sensitive personal information collected;
the categories of sources from which the personal information or sensitive personal information is collected;
the business purpose for such collection, sharing, or selling;
the categories of third parties to whom to personal information or sensitive personal information is disclosed to;
the specific pieces of personal information collected;
the length of time that the business intends to retain each category of personal information and sensitive personal information.
The right to limit use of sensitive personal information
You have the right to direct us to limit the use of your sensitive personal information to what’s necessary or reasonably expected to perform the service or provide the goods. This right can be exercise through emailing alirahealth.dpo@mydata-trust.info.
The right to not be subject to discrimination (“right to equal service and price”)
You have the right not to be denied of goods or services, to be charged for different prices or rates for goods or services or provided a different level or quality of goods or services.
You can also file a complaint with the California Privacy Protection Agency and, where appropriate, the California Attorney General’s office.
8. How to exercise your rights?
You may exercise your rights by contacting us at Alirahealth.HSL.dpo@mydata-trust.info.
You also have the right to lodge a complaint if you consider that your Personal Information has not been processed in accordance with the Privacy Laws applicable in your State of
8.1 US:
California:
California Privacy Protection Agency: info@cppa.ca.gov
Attorney General Website: https://oag.ca.gov/contact
Colorado:
Attorney General website: https://complaints.coag.gov/s/contact-us
Connecticut:
Attorney General website: https://portal.ct.gov/AG/Contact-the-Attorney-Generals-Office/Contact-the-Attorney-Generals-Office#:~:text=For%20all%20general%20inquiries%2C%20please,call%20860%2D808%2D5318.
Oregon:
Attorney General website: https://www.doj.state.or.us/consumer-protection/contact-us/
Texas:
Attorney General website: https://www.texasattorneygeneral.gov/contact-us
Virginia:
Attorney General website: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint
Utah:
Attorney General website: https://www.attorneygeneral.utah.gov/contact/complaint-form/
8.2 Canada:
Office of the Privacy Commissioner of Canada or to the Commission d’Accès à l’Information if you are established in Québec, or the Office of the Information and Privacy Commissioner for British Columbia
8. COOKIES
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, this may restrict the functionality and your use of our website, and you may not be able to use some portions of our Service.
As a general rule, if you use the Website, we will only collect information that is required for the provision of our service to you. We may ask you for additional information that may be disclosed on a voluntary basis.
9. SECURITY
Alira Health process your personal information in a confidential manner and provides for a sufficient and adequate level of protection of your personal data.
Your personal data are contained behind secured networks and are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
We provide physical, electronic (including encryption), and procedural safeguards to protect the information we process. For example, we limit access to this information to authorized employees and contractors who need to know the information to operate, develop, or improve our Platform. Please be aware that although we endeavor to provide reasonable security for information we process, no security system can prevent all potential security breaches.
You are responsible for protecting your data that resides on your mobile device or computer used to access our applications. Alira Health is not responsible for the loss or theft of the data that is on your own device, and we encourage all users to implement security features on your devices.
10. CHANGES
This Privacy Statement may be updated from time to time for any reason. We will notify you of any changes to our Privacy Statement by posting the new Privacy Statement here https://www.healthstorylines.com/privacy-policy.
You are advised to consult this Privacy Statement regularly for any changes.
11. U.S. Health Breach Notification Rules
User acknowledges that Alira Health or its licensors, in their sole discretion, have taken necessary measures to ensure the privacy, integrity and security of the data entered by the user when transmitting the data between the user’s device(s) such as iPhone, iPad, Android, or a web browser and the servers that will host/store the data. Despite these security and privacy measures, it is possible that there can be a breach in the data security resulting from non-malicious actions of Alira Health and/or malicious actions of external parties. In this case Alira Health for such effects, have obligation to furnish any maintenance and support services with respect to the Health Storylines™ application.
12. CONTACT US
Alira Health Inc
30 Adelaide St. E, 12th Floor (Industrious)
Toronto, ON M5C 3G8, Canada
Website : https://www.healthstorylines.com/
Privacy Officer
MyData-TRUST SA
Alirahealth.HSL.dpo@mydata-trust.info.
If you are part of a project, please refer to the specific tab/informed consent linked to the project in which you are involved to have the specific email address for privacy enquiries.