Privacy Policy

Welcome to SKIIN! This Privacy Policy (the "Policy" or "Privacy Policy") describes how Myant Medical Corp. ("Myant", "SKIIN", "us", "our", or "we") collects, uses, and discloses information that we obtain about you and your use of the myanthealth.com website (the "Site") and the SKIIN Mobile software (the "App"), collectively "the Service", including information that we collect from the Myant SKIIN Cardiac Monitoring devices (the "SKIIN Device") that you connect to a mobile device running the App.

By using or downloading the Service, you agree that your personal information, including any information about your health that you provide directly to us or that we collect through your use of the Service, may be transferred to, stored, and handled as described in this Policy.

Myant Medical Corp. is committed to complying with the Applicable Privacy Laws as described in the next paragraph and maintaining the confidentiality of an individual's protected health information ("PHI") and personal information ("PI", or "PII") through appropriate, authorized access, uses, and disclosures. In this Policy, PI or PII means any personally identifying information about an individual, which directly or indirectly allows that individual to be identified, and any mention of "PI" or "Personal Information" shall include PHI.

As per:

• the Canadian Personal Information Protection and Electronic Documents Act ("PIPEDA");
• Quebec's Act Respecting the Protection of Personal Information in the Private Sector as amended by Law 25 (the "ARPPIPS"); and
• Ontario's Personal Health Information Protection Act ("PHIPA")

collectively the "Applicable Privacy Laws", Myant Medical Corp. must reasonably safeguard PHI and PI from any intentional or unintentional use or disclosure, and only collect, use and disclose that PI and PHI that is necessary for the purposes under the circumstances. Myant Medical Corp. must create, store, maintain, use, transmit, collect, and disseminate PI and PHI in an environment that promotes confidentiality and integrity without compromising PI and PHI.

We collect the following information from you and about you, but only with your informed consent, as described further below in this Policy.

We use your information, including your personal information, for the following purposes:

• To provide our Service to you, to communicate with you about your use of our Service, to respond to your inquiries, and for other customer service purposes.
• To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Service.
• For marketing and promotional purposes, to the extent permitted by law and, where required, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third-party websites. You can opt-out of receiving marketing at any time as described below.
• To better understand how users' access and use our service, both on an aggregated and individualized basis, to improve our Service and respond to user desires and preferences, and for other analytical purposes.
• To tailor the content and information that we may send or display to you, to understand if a recorded ECG is your personal data or a guests' data, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the service.
• To administer surveys and questionnaires.
• To comply with legal obligations, as part of our general business operations, and for other business administration purposes.
• Where we believe necessary to investigate, prevent or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms Of Service or this Privacy Policy.

We may share your information, including personal information, as follows:

• With Your Consent: With your prior consent, we may share information from the Service with other third-party partners, including your personal information and data collected from your devices.
• Your Healthcare Providers or Family: With your consent, we may share your information, including information collected from your connected devices, with your healthcare providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.
• Clinical Trial Studies: If, and only if, you have been enrolled into a formal and registered clinical trial, and have provided consent to a clinical research team to use Myant products as part of the clinical trial to collect your health data, and as such you are using Myant products and technologies to collect your data, you also consent to Myant sharing information collected by the service with physicians and staff of the clinical trial program(s) you are enrolled in, who may use the service as a means of collecting data for the trial study. If the Service is used as part of a clinical trial study, we will use and share information about the clinical trial collected through the service in accordance with our agreement with the clinical trial program and any privacy notices provided to you as part of the clinical trial program.
• Other Health-Focused Mobile Apps: With your consent we may share your profile information and data collected from your connected devices with other health-focused mobile applications installed on your mobile device to help you track your health and wellness information. If you share your information with these apps, your personal information, including your health information, will be used in accordance with those apps' separate privacy policies, not this one.
• Anonymized Information: We may share anonymized information—so that it can never be used to identify an individual—with third parties for marketing, advertising, research, or similar purposes.
• Health Researchers: With your consent Myant Medical Corp. may share data collected through the service with healthcare researchers and other research organizations, strictly limited to anonymized profile information and anonymized data collected from your connected devices. For example, we may share information such as anonymized gender, height, weight, information about medications you have provided, and data from your connected devices, but we will not share your name or other information that could identify you.
• Affiliates: With your consent we may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this Policy.
• Service Providers: With your consent we may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. For our Quebec users, to the extent these service providers are outside of Quebec, please refer to the section further down in this Privacy Policy entitled "Additional Information for Quebec Residents" for information on how we safeguard your Personal Information when this occurs.
• Business Transfers: If we are acquired by or merged with another company, if substantially all our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will give affected users notice before transferring any personal information to a new entity.
• In Response to Legal Process: We may disclose the information we collect from you to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
  • Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
• To Protect Us and Others: We may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms and Conditions or this Policy, or as evidence in litigation in which SKIIN is involved.
• Third Party Analytics: We use automated devices and applications, such as Google Analytics and Mixpanel, to evaluate usage of our Service. We may use other analytic means to evaluate our Service. We use these tools to help us improve our Service, performance, and user experiences.

Myant Medical Corp. will obtain consent before any collection, use or disclosure of any PII and PHI for purposes that we have identified. Individuals who sign up for a SKIIN account will provide explicit consent during account creation.

By using the Service or providing us with any PII and PHI, you consent to the transfer to, and processing, sharing and storage of your information as set forth in this Privacy Policy. Please note that other countries may have privacy and data protection regulations that are not on par with the regulations in Canada and may not provide the same level of protection.

We will always ask for your consent if we ever share or use your PII and/or PHI for a purpose other than what is in this Privacy Policy. At any point, you can withdraw your consent by contacting us at privacy@skiin.com.

Your privacy is important to Myant Medical Corp., and we enforce privacy measures to ensure that your PII and PHI is protected against unauthorized access, use and modification.

All data is protected through an AES256-bit encrypted database and data during any transfer between the database, server and mobile application is encrypted using HTTPS.

Our data exists in a private virtual cloud, hosted by Amazon Web Services (AWS). AWS provides features that help in maintaining secure data through security groups, network access control lists and flow logs. AWS has ISO 27001, ISO 27017, and ISO 27018 certifications, ensuring it meets international standards for information security management systems, security controls for cloud services and security techniques for protection of personally identifiable information.

During SKIIN account creation, a complex password (between 8 to 30 characters and a minimum of one special character or number) is required for all users. The authentication process requires email confirmation before a user can log into the application. Resetting forgotten passwords will also require email confirmation.

Only authorized individuals can access users’ PII and PHI data on secure databases, which can only be accessed through secure passwords. Employees are required to sign documentation that obliges them to protect users’ PII and PHI and will only be able to access PII and PHI to fulfill their job requirements.

We also encourage you to take your own security measures, such as the following:

1. Not sharing your password with anyone else
2. Remembering to log out of the Service if accessing it on someone else's personal device
3. Updating your password regularly
4. Having a password on your personal device
5. Locking your personal device when not in use

As per the Applicable Privacy Laws, when impermissible or unauthorized access, acquisition, use, and/or disclosure of an PII or PHI handled by Myant Medical Corp. occurs, we are required to keep records and notify any involved individuals of all breaches and to report to the Privacy Commissioner of Canada and the Commission d’accès à l’information of any security breaches that pose a real risk of significant harm to any individual or the public.

You have certain rights regarding your PII and PHI, which are explained below. You may exercise these rights by submitting a request in writing to privacy@skiin.com.

• Right to inspect and copy: If you would like to inspect or receive a copy of your PHI that is contained in a designated record set (e.g., health and billing records), we are required to provide you access to such information within 30 days after receipt of your request (with up to a 30-day extension if required with notice). We may charge you a reasonable fee to cover duplication, mailing and other costs incurred by us in complying with your request. We may deny your request for access to your personal information as permitted by PIPEDA/PHIPA. For example, we may deny your request if we believe the disclosure will endanger your life or that of another person. Depending on the circumstances of the denial, you may have a right to have this decision reviewed.
• Right to Request Restrictions on Use and Disclosure: You have the right to request a restriction or limitation on certain uses and disclosures of your PI or health information. To request restrictions, you must make your request in writing to privacy@skiin.com. In your request, you must tell us:
  • What information you wish to limit;
  • Whether you wish to limit our use, disclosure, or both
  • To whom you want the limits to apply - for example, if you want to prohibit disclosures for insurance payment, health care operations, for disaster relief purposes, to persons involved in your care, or to your spouse
• Right to Request Amendment: If you believe that any PI or health information, we have about you is incorrect or incomplete, you have the right to ask us to change the information for as long as Myant Medical Corp. maintains the information. To request an amendment to your health information, your request must be in writing, signed, and submitted to Myant Medical Corp. If we deny your request, we will provide you with a written explanation. You may respond with a statement of disagreement that will be maintained with your records. We will respond to your request within 60 days (with up to a 30-day extension if needed with notice).
• Right to Receive Confidential Communications: You have the right to request that we communicate with you about your health information in a confidential manner or at a specific location. For example, you may ask that we only contact you via mail to a post office box. You must submit your request in writing to Myant Medical Corp. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests.
• Right to Receive an Accounting of Certain Disclosures: With some exceptions, you have the right to receive an accounting of certain disclosures we have made, if any, of your health information. Your accounting request must be in writing and signed by you or your personal representative and submitted to Myant Medical Corp. Your request must specify the time in which the disclosures were made. You may receive one free accounting in any 12-month period. We will charge you for additional requests. This right only applies to disclosures for purposes other than treatment, payment or health care operations as described in this Notice. It also excludes disclosures we may have made to you, your family members or friends involved in your care. The right to receive this information is subject to certain exceptions, restrictions and limitations as allowed by PIPEDA/PHIPA.
• Right to Obtain a Copy of this Notice: You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive the Notice electronically. You may ask us to give you a copy of this Notice at any time.
• Right to Cancel Authorization to Use or Disclose: Other uses and disclosures of your health information not covered by this Notice or the laws that govern us will be made only with your written authorization. You have the right to revoke your authorization in writing at any time, and we will discontinue future uses and disclosures of your health information for the reasons covered by your authorization. We are unable to take back any disclosures that were already made with your authorization, and we are required to retain the records of the care that we provided to you.

We may send periodic promotional emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 15 business days for us to process opt-out requests. We may still send you emails about your account or any services you have requested or received from us.

Our Service is not designed for users under 18. If we discover that a user under 18 has provided us with personal information, we will delete such information from our systems.

SKIIN uses tracking technology ("cookies" and related technology such as tags, pixels and web beacons) in the Service and by interacting with the Service you agree to the use of essential cookies. Cookies are small text files placed on your computer or device when you visit a website or use an online service, in order to track use of the site or service and to improve the user experience by storing certain data on your computer or device. You can use our cookie management tool in the cookie banner presented to you to decline categories of non-essential cookies, specifically analytics cookies.

Specifically, we use cookies and related technologies for the following functions:

• To enable your logging-in to the Service;
• To facilitate the purchase of SKIIN products;
• To provide general internal and user analytics on the Service and to conduct research to improve the content of the Service using the analytics programs as described above in this Policy; and
• To assist in identifying possible fraudulent activities.

Your browser or device can be set to refuse cookies or delete them after they have been stored. You can refer to your browser’s or device’s help section for instructions.

If you believe that we have violated your privacy rights, you may file a complaint with us by notifying us at privacy@skiin.com. You may also file a complaint with (depending on your location) the Office of the Information and Privacy Commissioner of Ontario, the Office of the Privacy Commissioner of Canada, or the Commission d’accès à l’information if you feel that your rights have been violated. There will be no retaliation from Myant Medical Corp. for making a complaint.