PRIVACY POLICY
Testmetrix Privacy Officer contact information :
Aaron Garcia
Technical Coordinator
Privacy Officer
agarcia@testmetrix.ca
514-938-4166
Lifecycle of personal and medical information
The confidentiality and privacy of personal and medical information are governed by the Act respecting the protection of personal information in the private sector (chapter P-39.1).
The information collected by our customers (referring professionals) using our Testmetrix system is useful for at least six months, in order to guarantee follow-up of the individuals concerned if this is deemed necessary for the progress or management of their case.
If the Testmetrix file remains inactive for 6 months after opening, it will be set to inactive status and the information will be anonymized.
All other reports or documents containing personal information, whether in electronic or paper format, will be destroyed after being sent to customers (referring professionals).
No reports on the health of the individuals concerned are kept on our servers, our online storage, on external or portable devices, or on paper. Files received on paper will be shredded after use.
Data collection: objectives and sources
The information collected by Testmetrix concerns the application of psychometric questionnaires completed online at e-testmetrix.ca or on paper.
Collection: Nature of the information
The information requested must be limited to that which is essential for the management of your Testmetrix file. The type of information previously collected by your service provider (with your written consent) and used on the e-testmetrix.ca website is :
- Full name
- Gender
- Date of birth
When completing a Testmetrix questionnaire, the following information will be requested:
- Names of prescribed drugs and doses
- Type of psychotherapy and frequency of sessions
On our websites and applications: No personal information is collected for marketing or statistical purposes.
We only use cookies that support the proper functioning of the website (to limit the duration of a session for security reasons and to make a choice about the language used).
Our web server may collect the IP address and domain you used to access our website, the type and version of web browser and operating system you use, and the number, duration and frequency of visits to our website.
We may use this data to monitor website performance for systems administration purposes.
Use and communication
The information collected through our questionnaires is only used and consulted by the people responsible for managing files with your health and well-being service provider (psychologist, counselor, doctor, employee assistance program or other program/organization with which you have signed a service agreement).
Communication is also consented to by default when the patient participates in an employee assistance program or other program with which you have signed a consent for the transmission of information.
Beyond the normal transmission of information to the referring professional (psychologist, counselor, doctor, employee assistance program or other program/organization with which you have signed a service agreement), no communication to a third party is permitted without your express written consent.
Storage
Only information of future use is retained. Information collected by our customers (referring professionals) using our system is useful for at least six months, in order to guarantee follow-up of the individuals concerned if necessary.
Destruction
In the event that the Testmetrix file remains inactive for 6 months after opening, it will be set to inactive status and the information will be anonymized. All other reports or documents containing personal information, whether in electronic or paper format, will be destroyed after being sent to the applicants. No reports on the health of the individuals concerned are kept on our online storage, on internal, external, or portable devices, or in paper form. Paper files received will be shredded after use. Any information that should not be kept must be destroyed. Destruction and deletion must apply to all copies of this information.
Request for access or correction, processing of complaints and incidents
Anyone who has provided personal or medical information has the fundamental right to know its nature, receive a copy or request a correction.
Request access
A person wishing to consult the nature of the information that Testmetrix holds about them, or to obtain a copy of it, must do so in writing, by sending an email to the person responsible for the protection of personal information at Testmetrix:
Aaron Garcia
Technical Coordinator
Responsible for the protection of personal information (RPRP)
agarcia@testmetrix.ca
514-938-4166
The written request must clearly indicate that it is a “request for access to personal data” and contain sufficient information to identify the person. This does not apply to reports from completed questionnaires. You are advised to contact your service provider in this regard. Before processing a request, the RPRP must diligently validate the identity of the requester. If validation is impossible, the request will be refused. We are asking for 30 days to take the necessary measures.
Correction request
Any participant in an Employee Assistance Program or any other program, or any individual who is required to complete a Testmetrix questionnaire by a mental health professional may request the communication and correction of their personal information. You can contact us at any time by telephone or email. We are asking for 30 days to take the necessary measures.
Procedure for processing requests
After receipt of the request, we will contact our client to transmit the request for communication or correction of personal information from the individual concerned. After receiving a response to our opinion, we will transmit their data found on our system in a format that suits them using secure means, such as an encrypted email. If this is a modification/correction request, we will correct the data on our system.
Incident reporting
EVMED has implemented organizational, physical, and technological
measures to protect against the loss, misuse or alteration of
personal information under our control. Security practices are also
reviewed regularly. EVMED remains proactive in protecting personal
information by using prevention practices such as employee training,
minimizing data at rest, protecting documents with passwords,
encryption, use of double authentication systems, the application of
a policy for the destruction of personal information and the use of
security software, among others.
In the event of a data leak or confidentiality incident, EVMED will
take reasonable measures to minimize the damage including launching
an investigation aimed at identifying the compromised data, the
circumstances of the incident, the persons responsible for the leak
and also the identification of situations at the technological level
that could be the cause of the leak. The level of sensitivity of the
information and the likelihood of its use for harmful purposes will
be identified. The possibility that serious harm will be caused will
be determined. The Commission and the persons concerned will be
informed in the event that serious harm may be caused.
Privacy Impact Assessment
All information collection and processing activities by electronic means have been subject to an assessment of privacy factors to ensure the protection of the information obtained by Testmetrix.
Policy enforcement
All Testmetrix employees and suppliers are trained in and required to comply with Testmetrix's personal and medical information governance policy.