ThriveGuide Privacy Policy
Introduction
Health Innovation Platform Inc. “HIP Inc.” or “ThriveGuide” recognizes that your right to privacy is an important issue. We understand your interest in maintaining and protecting your private information. As a result, ThriveGuide manages your personal information as described in this Privacy Policy.
​
This Privacy Policy provides you with the safeguards set forth in the US FTC Privacy Laws and Canadian federal Personal Information Protection and Electronic Documents Act (PIPEDA), and in other applicable personal information protection legislation (“Privacy Laws”) such as the EU’s General Data Protection Regulation (GDPR). Nothing in this Privacy Policy will limit ThriveGuide’s rights and obligations pursuant to such Privacy Laws.
​
This Privacy Policy applies to personal information concerning ThriveGuide’s customers, business partners and suppliers (“you”) that is collected, used or disclosed by ThriveGuide. It also applies to the management of personal information in any form whether oral, electronic or written. The Privacy Policy does not apply to information that is protected by other ThriveGuide policies and practices or through contractual arrangements, unless specifically provided in such contractual arrangements.
Your Consent
Consent
BY SUBMITTING PERSONAL INFORMATION TO ThriveGuide OR ITS SERVICE PROVIDERS AND AGENTS, YOU AGREE THAT ThriveGuide AND ITS SERVICE PROVIDERS AND AGENTS MAY COLLECT, USE AND DISCLOSE SUCH PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY AND AS PERMITTED OR REQUIRED BY PRIVACY LAWS. Subject to legal and contractual requirements, you may refuse or withdraw your consent to certain of the identified purposes at any time by contacting the ThriveGuide Privacy Officer. If you refuse or withdraw your consent, we may not be able to provide you or continue to provide you with certain services or information which may be of value to you. If you provide ThriveGuide or its service providers and agents with personal information of another individual, you represent that you have all necessary authority and/or have obtained all necessary consents from such person to enable us to collect, use and disclose such personal information for the purposes set forth in this Privacy Policy.
What Personal Information Do We Collect?
Personal information is information about an identifiable individual, as defined in applicable Privacy Laws. Generally speaking, personal information does not include:
anonymous or aggregated information that does not allow an individual to be identified;​
information regarding companies and other “legal persons”; or
business contact information such as your name, title or position, business address, telephone number, fax number or email address.
The types of personal information that ThriveGuide may collect from you from time to time include: your name, telephone number, personal email address, billing and account information (such as credit card, or bank account number), your mailing preferences, delivery instructions, and customer service preferences. ThriveGuide also may collect certain health information to customize your program.
​
ThriveGuide will also collect the personal information you provide in order to access our services, including any information provided through our online chat functionality. Additionally, from time to time, we may ask you to provide us with more detailed information regarding your interests, occupation and background. For example, we sometimes ask our customers to complete surveys in order to get a better sense of who they are and what issues, products or services may be of interest to our clients.
The Privacy Principles ThriveGuide Follows
ThriveGuide collects, uses and discloses your personal information by employing “fair information practices” as described in the following ten privacy principles and embodied in Privacy Laws:
Accountability: ThriveGuide is responsible for personal information under its control and as a result has designated an individual as the person who is accountable for ThriveGuide’s compliance with the ten principles (“Privacy Officer”). As such:
accountability for ThriveGuide’s compliance with the principles rests with the Privacy Officer, even though other individuals within ThriveGuide may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals within ThriveGuide may be delegated to act on behalf of the Privacy Officer;
the identity of the Privacy Officer designated by ThriveGuide to oversee ThriveGuide’s compliance with the principles shall be made known upon request; and
ThriveGuide is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. ThriveGuide shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.
Identifying Purposes
In general, ThriveGuide collects, uses and discloses personal information about you in order to provide our customers with business forms development and processing services. More specifically, ThriveGuide collects, uses and discloses your personal information for the following purposes:
to establish and maintain commercial relationships with clients, suppliers and other third parties, including to issue invoices, administer accounts, collect and process payments, and to fulfill contractual and legal obligations;
to prepare customized service to you as a client, largely in an automated manner with the results visible to your own account and anyone with whom you have granted access to view your account. For example, therapy worksheets may be generated based on the age of your child and the answers you provide to the questionnaires we present to you.
to develop and manage our business and operations. This may include the sharing of personal information by and between ThriveGuide personnel and affiliated companies, and with third party service providers and agents (for example, psychometric test scoring), for such purposes;
to develop insights in order to create new and innovative solutions for our community.
to detect and protect ThriveGuide and other third parties against error, fraud, theft and other illegal activity, and to audit compliance with ThriveGuide’s policies and contractual and legal obligations;
to distribute our newsletters and other material to individuals on our mail and e-mail lists, including via third party mailing houses and e-mail service providers;
to engage in business transactions, including the purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, securitization or financing involving ThriveGuide;
to understand and respond to client, supplier and other third party needs and preferences, including to contact and communicate with such parties and to conduct surveys, research and evaluations;
to develop, enhance, market, sell or otherwise provide ThriveGuide’s products and services;
to market, sell or otherwise provide products and services of third parties with whom ThriveGuide has a commercial relationship;
as permitted by, and to comply with, any legal or regulatory requirements or provisions; and
for any purpose to which you consent.
Third Party Disclosure:
Cloud Servers
ThriveGuide uses cloud servers for our technology, which can be in data centres in other locations apart from Canada. This will involve transferring your data outside of the North American Region if applicable. Whenever your personal data is transferred we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the Privacy Shield (North American Standard) and European Commission. For further details, see European Commission:
Adequacy of the protection of personal data in non-EU countries.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US/Canada. For further details, see European Commission:
Customer Relationship Management (CRM) system
The majority of customer personal data is held in our CRM which is a cloud-based system called User.com. This contains basic personal data including:
name
Email Address
record of engagement (for our website)
Dates in which you performed certain events like completed the Intake Questionnaire or generating your ThriveGuide
This data is held and retrieved to allow us to:
send promotional and non-marketing emails
understand your use of our website/s
Third party data processors
We work with third party data processors. These organisations help us to fulfil our obligations as a service provider and are themselves subject to their own policies as under law. These organisations include:
Email services
Amazon Web Services - Amazon Web Services, Inc. 410 Terry Avenue North, Seattle, WA 98109-5210, U.S.A.
Online surveys
TypeForm - Calle de Pallars 108 (Aticco), 08018 Barcelona (Spain), and C.I.F. (Spanish tax identification number) B65831836
Video conferencing, hosting and webinars
Zoom - 55 Almaden Blvd, Suite 600, United States Google Meets - 1600 Amphitheatre Parkway Mountain View, CA 94043
Website development and hosting technology
Wix - Mentor Digital, 4 West End, Somerset St, Bristol, BS2 8NE Microsoft Azure - 1 Microsoft Way, Redmond, Washington 98052-8300
Video hosting
Microsoft Azure CDN - 1 Microsoft Way, Redmond, Washington 98052-8300
HotJar User Session Recordings
ThriveGuide uses Hotjar in order to better understand our users’ needs and to optimise our service. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
​
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
​
HotJar Feedback & Consent: We may provide a voluntary feedback facility on some website pages from time to time, to gather user feedback for the purposes of improving our offering. In addition to submitting your feedback response, you can at the same time consent to provide additional data. Granting consent allows us to collect and combine the feedback responses with:
Any other feedback previously submitted from the same device
Location (limited to the country)
Language used
Device and Browser used
Custom Attributes (e.g. products or services being using)
Behaviour and Interactions on the page(s) visited
All Behaviour and Interaction data collected will be retained for no longer than one year. It will then be automatically deleted. All Feedback responses data submitted is stored in accordance with the HotJar Data Retention Policy.
​
Your right to withdraw this consent is present at any time. Requests to have your data removed can be actioned simply by contacting us – HotJar provide us with a Visitor Lookup tool. From the date when the withdraw of consent occurs, HotJar will no longer combine feedback responses with information about behaviour. Any data collected and combined from the date when consent was granted until the date of withdrawal would have been lawfully processed. The legal basis for processing this data, which might include personal data, if any provided, is Article 6(1)(a) EU General Data Protection Regulation.
​
Where appropriate, ThriveGuide has an HIPAA Business Associate Agreement with third party providers. The nature of the business relationships with these third parties is not one in which the data is used by the third party for their gain, except as per the fees they obtain from ThriveGuide for data usage and storage, meaning for example that they do not advertise to the people, communicate with the people, use the information to make any decisions or take any actions. ThriveGuide allows for the creation of Professional accounts. Your information will be visible to the professional who supervises your account and who has your permission given when you accept an invitation or request on behalf of the professional. ThriveGuide does not disclose any personally identifiable information to any third party who may use the information for their own purposes without your permission and without disclosing the identity of the third party. ThriveGuide has invited some users to actively submit their own information to Autism Digest magazine in order for them to receive a free subscription. ThriveGuide does share information on a need to know basis within its own system of companies and its own company structures.Those companies and company structures are not considered Third Parties.
​
ThriveGuide will collect, use and disclose only that personal information necessary for the purposes that have been identified.
Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except as permitted by Privacy Laws. Pursuant to this Privacy Policy, you acknowledge your consent to ThriveGuide’s collection, use and disclosure of your personal information, or the personal information of another individual which you provide to ThriveGuide, as stated above. Generally, should a different purpose to the collection, use or disclosure of your personal information be proposed by ThriveGuide, ThriveGuide shall seek your consent at the same time it collects the information. However, ThriveGuide may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed, for a new purpose. You may withdraw consent at any time to some or all of the purposes indicated below, subject to legal or contractual restrictions and reasonable notice. Please note, however, that in some circumstances, we may not be able to provide you with our services if you withdraw your consent to our use of your personal information.
​
NOTE: In certain circumstances under Privacy Laws, personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information.
​
Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by ThriveGuide. Information shall be collected by fair and lawful means and may be collected from other sources including but not limited to credit bureaus or other third parties who represent that they have the right to disclose the information. In most cases, collection shall be pursuant to appropriate contractual arrangements.
​
Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by Privacy Laws. Personal information shall be retained only as long as necessary for the fulfillment of those purposes or as required by law.
ThriveGuide may collect from and/or disclose your personal information to:
a person who, in the reasonable judgment of ThriveGuide, is providing or seeking the information as your agent;
any of the companies and business entities that form part of ThriveGuide;
an organization or individual retained by ThriveGuide to perform functions on its behalf, such as contractors, consultants, auditors, software developers (including web-site developers and hosts), data processing, document management and office services;
an organization or individual retained by ThriveGuide to evaluate your creditworthiness or to collect debts outstanding on an account;
a financial institution, on a confidential basis and solely in connection with the assignment of a right to receive payment, the provision of security or other financing arrangements;
our auditors and professional advisors;
another person or corporation as part of conducting business together or pursuant to the sale of all or substantially all of ThriveGuide’s assets related to one or more specific lines of business, subject to the other person or corporation agreeing to manage personal information in accordance with Privacy Laws;
another company or person for the development, enhancement, marketing or provision of any of ThriveGuide’s products or services;
an agent or third party retained by ThriveGuide in connection with ThriveGuide ‘s administration or the provision of ThriveGuide ‘s products or services;
credit grantors and reporting agencies; and
a public authority or agent of a public authority, if in the reasonable judgment of ThriveGuide, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of this information.
Except as permitted in this principle, ThriveGuide does not provide or sell its customer lists to any outside company for use in marketing or solicitation.
Accuracy: Personal information shall be as accurate, complete, and up-to-date as is possible. ThriveGuide will update personal information as and when necessary to fulfill the identified purposes or upon notification from you. ThriveGuide will not routinely update personal information, unless such process is necessary to fulfill the identified purposes. If ever your contact and/or other personal information changes, please feel free to contact us so that we can update our records.
Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. The security safeguards are designed to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. The methods of protection include:
physical measures, such as locked filing cabinets and restricted access to offices;
organizational measures, such as security clearances and limiting access on a “need-to-know” basis; and
technological measures, such as the use of passwords, firewalls and encryption.
Openness: ThriveGuide shall make readily available to you information about its Privacy Policy and practices relating to the management of personal information. For example:
ThriveGuide shall be open about its Privacy Policy and practices with respect to the management of personal information. This information shall be made available in a form that is generally understandable;
the information made available shall include:
the name or title, and the address, of the Privacy Officer to whom complaints or inquiries can be forwarded;
the means of gaining access to personal information held by ThriveGuide;
a description of the type of personal information held by ThriveGuide, including a general account of its use;
a copy of any brochures or other information that explain ThriveGuide’s policies, standards, or codes; and
what personal information is made available to related organizations, i.e.: affiliated companies; and
ThriveGuide may make information on its Privacy Policy and practices available in a variety of ways. The method chosen depends on the nature of its business and other considerations. For example, ThriveGuide may choose to make brochures available in its place of business, mail information to its customers, provide online access, or establish a toll-free telephone number.
This includes rights under GDPR to Subject Access Request (SAR) to know
What personal information pertaining to the user is being processed
Why this information is being processed
Who has access to this personal information about the user
How this personal information is being used in automated decisions
What processes are using this information
NOTE: In certain situations, under Privacy Laws, ThriveGuide may not be able to provide access to all of your personal information it holds. The reasons for denying access will be provided to you upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
Challenging Compliance: You may wish to address a concern regarding ThriveGuide’s compliance with the above principles to ThriveGuide’s Privacy Officer. ThriveGuide shall investigate all complaints. If a complaint is found to be justified, ThriveGuide shall take appropriate measures to resolve the complaint, including, if necessary, amending this Privacy Policy and practices. You have the right to complain to the U.S. Department of Health and Human Services if you feel your privacy rights have been violated.
Individual Rights
ThriveGuide respects the rights of individuals we work with. These include:
The right to receive information in a manner he or she understands
The right to collaborate in decisions about the care and therapy or services
The right to give or withhold informed consent
The right to give or withhold informed consent to produce or use recordings, films, or other images of the individual served for purposes other than his or her care
The right to receive information about the staff responsible for his or her care, therapy, or services
The right to be free from neglect; exploitation; and verbal, mental, physical, and sexual abuse
The right to an environment that preserves dignity and contributes to a positive self-image
The right to have complaints reviewed by the organization.
The right to access protective and advocacy services
The right to complain to the U.S. Department of Health and Human Services if you feel your privacy rights have been violated
A client has the right to request that otherwise permitted uses and disclosures of Personal Health Information (PHI) be restricted. Specifically, the patient may request restrictions on:
he use and disclosure of PHI for treatment, payment or health care operations
The disclosures to family, friends or others for involvement in care and notification purposes
The Facility is not required to comply with such requests for restriction, but will consider and may agree to a restriction. The Facility will consider the need for access to PHI for treatment purposes when considering a request for a restriction. A request for restriction must be made in writing. The Facility HIPAA Compliance Officer (“Privacy Officer”) will notify the patient of its determination with respect to the request.
Privacy and our Website
Cookies – When you access the ThriveGuide website, we may use a browser feature called a “cookie” to collect information, such as the type of Internet browser and operating system you use, the domain name of the website from which you came, date and duration of the visit, number of visits, average time spent on our website, pages viewed and number of cookies accumulated. A cookie is a small text file containing a unique identification number that identifies your browser, but not necessarily you, to our computers each time our website is visited. Unless you specifically inform us (e.g. by registering for an event or sending us correspondence from the website), we will not know who you are. In addition to the identified purposes described in our Privacy Policy, we may use this website information and share it with other organizations with whom we have a commercial relationship to measure the use of our website, to improve the functionality and content of the website and to facilitate usage by you. You can reset your browser either to notify you when you have received a cookie or refuse to accept cookies. However, if you refuse to accept cookies, you may not be able to use some of the features available on our website.
​
Google Analytics – This cookie allows us to see information on user website activities including, but not limited to page views, source and time spent on the website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. Using Google Analytics we can see what content is popular on our website, and strive to give you more of the things you enjoy reading and watching.
​
Google Adwords – Using Google Adwords code we are able to see which pages helped lead to contact form submissions. This allows us to make better use of our paid search budget.
DoubleClick – We use re-marketing code to log when users view specific pages, allowing us to provide ads that mean something to the users.
​
Facebook ads – Facebook will use the Event Data received to provide ThriveGuide with insights about the effectiveness of our ads and the use of our website/app or to create a custom audience (as applicable, depending on the specific features ThriveGuide chooses to use), and in accordance with Facebook’s Data Policy (https://www.facebook.com/about/privacy/). Event Data will also enable Facebook to better target ads and to optimize their systems. In connection with such targeting and optimization, Facebook will: (i) use Event Data collected from ThriveGuide’s website or mobile app for ads optimization only after such Event Data has been aggregated with other data collected from other advertisers or otherwise collected on Facebook and (ii) not allow other advertisers or third parties to target advertising solely on the basis of Event Data collected from ThriveGuide’s website or mobile app. Event Data will not be disclosed to other advertisers or to third parties, unless Facebook has ThriveGuide’s permission or are required to do so by law. Facebook will maintain the confidentiality and security of Event Data, including by maintaining technical and physical safeguards that are designed to (a) protect the security and integrity of data while it is within Facebook’s systems and (b) guard against the accidental or unauthorized access, use, alteration or disclosure of data within Facebook’s systems.
​
Online Communications – In order to provide you with products, services or information, you may voluntarily submit personal information to us through our website for purposes such as conducting business online, asking a question, obtaining information, reviewing or downloading a publication, participating in an event, and participating in contests and surveys. If you are known to ThriveGuide as a registered user of an online service, we may combine and store personal information about your use of our website and the online information you have provided with certain other online and offline information we may have collected. All collection, use and disclosure of personal information obtained through our website shall be subject to this Privacy Policy and Privacy Laws.
​
E-mail Communications – Members and prospects may use E-mail to communicate with ThriveGuide. Our email service is secure and protects against breach of privacy. You are responsible for all security and privacy while sending emails to us, and after having received emails from us. Occasionally, we may send marketing or promotional e-mail communications to you with information that may be useful, including information about the services of ThriveGuide and other third parties with whom we have a relationship. We will include instructions on how to unsubscribe and inform us of preferences if you decide you do not want to receive any future marketing or promotional e-mails from ThriveGuide.
​
Links – Our website may contain links to other websites which are provided as a convenience only. Visitors are advised that other third party websites may have different privacy policies and practices than ThriveGuide, and ThriveGuide has no responsibility for such third party websites regarding its privacy policies on its content generally.
Opt out of collection and use of information for ad targeting
Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Preferences Manager:
​
Visitors can customize their preferences and opt-out of Facebook Ads using the Ads Preferences Manager: https://www.facebook.com/settings?tab=ads
​
To opt out of all data collection, visitors may also visit: www.aboutads.info/choices
Further Information
This privacy notice became effective 4th of September, 2023.
​
ThriveGuide reserves the right to modify or supplement this Privacy Policy at any time. If we make a change to this Privacy Policy, we will post the revised Privacy Policy on our websites.
​
We will provide to you such revised Privacy Policy upon request to the Privacy Officer. However, ThriveGuide will obtain the necessary consents required under applicable Privacy Laws if it seeks to collect, use or disclose an individual’s personal information for purposes other than those to which your consent has previously been obtained unless otherwise required or permitted by Privacy Laws.