privacy policy

Filament Health Corp
(the "Corporation")

The Corporation is committed to controlling the collection, use and disclosure of personal information. The Corporation has demonstrated its commitment by developing this privacy policy (the “Privacy Policy”) in accordance with the standards set out in the Personal Information Protection and Electronic Documents Act (Canada) (the “Act”). As part of its privacy policy initiative, the Corporation has also developed a privacy statement, which may be published on its website. A copy of the privacy statement is attached to this Privacy Policy as Schedule “A”.

It is the Corporation’s intention to use this Privacy Policy as a set of recommended best practices to mould the development and ongoing implementation of its privacy procedures, as an evolving resource for its employees and as a guide for the public of its initiatives to protect the privacy of personal information. The principles set out in this Privacy Policy seek to balance the right of privacy of an individual with respect to their personal information and the Corporation’s need to collect, use or disclose personal information for legitimate business purposes, on a standard of what a reasonable person would consider appropriate in the Corporation’s particular circumstances.

As a general proposition, any personal information that the Corporation collects will not be disclosed to third parties. The intent is that the information will be used solely for the exclusive use of the Corporation. However, in order to improve the integrity of the information collected, to assist in maintaining security over the information collected or as may be required by law, personal information may need to be disclosed.

In countries different from Canada, where the Corporation may from time to time be engaged in business operations, the Privacy Policy will be complemented with additional documents or Guidelines in order to comply with local regulations, as appropriate.  

The Corporation recognizes that controlling and safeguarding the collection, use and disclosure of personal information is an ongoing process. The Corporation is committed to reviewing this Privacy Policy on an ongoing basis and to updating the principles listed herein to better protect the privacy of individuals. As part of this commitment the Corporation invites all interested parties to review the following ten privacy principles listed below and submit any comments they may have to the Corporation’s Privacy Officer (as defined below).

Principle 1 - Accountability

The Corporation is responsible for all personal information in its possession or control. In fulfilling this mandate the Corporation has appointed a privacy officer (the “Privacy Officer”) who can be reached by email at privacy@filament.health, by telephone at 604-631-3237 and by regular mail at Privacy Officer, Filament Health, c/o Fasken Martineau DuMoulin LLP, 2900 – 550 Burrard Street, Vancouver, BC, Canada V6C 0A3. Accountability for compliance by the Corporation with the principles and policies listed in this Privacy Policy rest with the Privacy Officer even though other individuals within the Corporation may be responsible for the day-to-day collection and processing of personal information. The Privacy Officer may, from time to time, designate one or more individuals within the Corporation to act on his or her behalf to ensure compliance by the Corporation with the principles and policies listed herein. The designation of a Privacy Officer does not relieve the Corporation from responsibility for compliance with these principles. The Corporation monitors compliance with the policies and principles on an ongoing basis.

The Corporation has implemented policies and practices that give effect to the principles and procedures of this Privacy Policy including: (a) implementing procedures to protect personal information; (b) establishing procedures to receive, react and respond to complaints and inquiries; and (c) training employees of the Corporation and communicating to employees of the Corporation the intent and spirit of the principles and policies and the particular practices required to meet compliance expectations.

Principle 2 - Identifying Purposes

The Corporation collects personal information for the following purposes: establishing and maintaining communication with individuals; offering and providing information to meet individual investor’s needs; compiling statistics; and complying with the law. Without limiting the generality of the foregoing the information collected may also be used in particular to: create usage and website activity summary statistics; direct development and customization of general and online investor services and communications; and assist and develop marketing material and information circulars.

The purposes for which personal information is collected shall be identified before or at the time that the information is collected. The purpose of the information collected, used or disclosed by the Corporation must be apparent and the Corporation is held accountable to a standard of what a reasonable person would consider appropriate in the circumstances. The Corporation will make reasonable efforts to identify the purposes for which personal information is collected to an individual from whom the personal information is collected at or before the time of collection. Depending upon the way in which the information is collected, the Corporation will identify these purposes on its website, as well as verbally or in writing.

The Corporation recognizes that collection of personal information is an evolving process and for personal information that has been collected for a purpose not previously identified, it will identify and obtain consent to the new purpose prior to use, except as permitted or required by law.

To the extent necessary, employees of the Corporation collecting personal information from an individual will explain to such individual the purpose for which the information is being collected, including any other purpose that may not be immediately obvious to the individual.

Principle 3 - Consent

The knowledge and consent of an individual is required for the collection, use or disclosure of personal information, except where consent is not required under the Act. In order to fully comply with such requirements, the Corporation will make a reasonable effort to ensure that the individual is advised of the purposes for which his or her personal information will be used or disclosed in a manner that is reasonably understood by the individual.

The form of consent sought may vary depending upon the circumstances and the type of information collected. In determining the form of consent to seek, the Corporation will take into account the sensitivity of the information. Although some information (for example medical records and income records of employees) is almost always considered sensitive, any information can be sensitive depending on the circumstances. In seeking consent the Corporation will take into account the reasonable expectations of the individual in the particular circumstances.

Generally, the Corporation will seek consent for the collection, use or disclosure of personal information at the time of the collection. In certain circumstances consent with respect to use or disclosure, as applicable, may be sought after the information is collected but before use (for example, when the Corporation wants to use the information for a purpose not previously identified).

Principle 4 - Limiting Collection

The Corporation collects only the personal information necessary for the purposes identified. Information shall be collected by fair and lawful means. The Corporation will not collect personal information indiscriminately.

Principle 5 - Limiting Use, Disclosure, and Retention of Personal Information

Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes.

If using personal information for a new purpose, the Corporation will document this purpose.

Personal information that is no longer required to fulfill the identified purposes will be destroyed, erased, or made anonymous. The Corporation will develop guidelines and implement procedures to govern the destruction of personal information.

Principle 6 - Ensuring Accuracy of Personal Information

Personal information will be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. The extent to which personal information will be accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Personal information shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.

The Corporation will not routinely update personal information unless such a process is necessary to fulfill the purposes for which the information was collected.

Personal information that is used on an ongoing basis, including information that may possibly be disclosed to third parties, will generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

Principle 7 - Ensuring Safeguards for Personal Information

The Corporation will ensure that security safeguards appropriate to the sensitivity of the information will be implemented to protect personal information. The security safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The Corporation will protect personal information regardless of the format in which it is held.

The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. A higher level of protection will safeguard more sensitive information, such as medical and health records of employees, as appropriate.

The methods of protection will include: (i) physical measures, for example, locked filing cabinets and restricted access to offices; (ii) organizational measures, for example, limiting access on a “need-to- know” basis; and (iii) technological measures, for example, the use of passwords, encryption, and audits.

The Corporation will make its employees aware of the importance of maintaining the confidentiality of personal information and care will be used in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.

  1. Principle 8 - Openness About Personal Information Policies and Practices

The Corporation will make readily available to individuals specific information about its policies and practices relating to the management of personal information. The Corporation will be open about its policies and practices with respect to the management of personal information and an individual will be able to acquire information about the Corporation’s policies and practices without unreasonable effort. This information will be made available in a form that is generally understandable.

The information made available will include:

  1. the name or title, and the address, of the Privacy Officer, who is accountable for the Corporation’s Privacy Policy and practices, and to whom complaints or inquiries can be forwarded;
  2. the means of gaining access to personal information held by the Corporation;
  3. a description of the type of personal information held by the Corporation, including a general account of its use;
  4. a copy of any brochures or other information that explains the Corporation’s policies, standards or codes; and
  5. what personal information is made available to related organizations.

In addition, the Corporation may make information on its policies and practices available in a variety of ways. For example, the Corporation may choose to make brochures available in its place of business, mail information to its clients, post signs in its offices, or provide online access.

Principle 9 – Individual Access to Their Own Personal Information

Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

In certain situations, the Corporation may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement will be limited and specific. The reasons for denying access will be provided to the individual upon request.

Upon request, the Corporation will inform an individual whether or not it holds personal information about the individual. The Corporation will seek to indicate the source of this information and will allow the individual reasonable access to this information. In addition, upon request, the Corporation will provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed, as appropriate.

An individual will be required to provide sufficient information to permit the Corporation to provide an account of the existence, use, and disclosure of personal information. The information provided will only be used for this purpose.

The Corporation will respond to an individual’s request within a reasonable time and at minimal or no cost to the individual. The requested information will be provided or made available in a form that is generally understandable.

If an individual demonstrates the inaccuracy or incompleteness of certain personal information, the Corporation will amend the information as required. Depending upon the nature of the information challenged, amendment may involve the correction, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the personal information in question.

When a challenge is not resolved to the satisfaction of the individual, the Corporation will record the substance of the unresolved challenge.

Principle 10 - Challenging Compliance with the Corporation’s Privacy Policies and Practices

An individual will be able to address a challenge concerning compliance with this Privacy Policy with the Privacy Officer.

The Corporation will put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures will be easily accessible and simple to use. The Corporation will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. A range of these procedures may exist and are evolving. The Corporation will investigate all complaints. If a complaint is found to be justified, the Corporation will take appropriate measures, including, if necessary, amending its policies and practices.

Currency of this Policy

This Policy was initially adopted and approved by the Board of Directors effective June 24, 2021.

Privacy Statement

Your privacy is very important to us. This brief statement summarizes certain aspects of our privacy policy (the “Privacy Policy”). To view the Corporation’s complete Privacy Policy, please click here.

Purposes and Consent

The information that we collect may be used for the following purposes, among others:

  • to create usage and website activity summary statistics;
  • to direct development and customization of general and online investor services; and
  • to assist and develop marketing material and information circulars;

The Corporation collects and uses your personal information in order to provide you with the services that you request and to facilitate the flow of investor information. We may also use your personal information to provide you with further information about our company, unless you advise us that you do not want such information.

By providing the Corporation with your personal information, including your e-mail address, you are deemed to have consented to the Corporation using it for the purposes described above.

Types of Personal Information Collected

The Corporation collects the following information regarding visitors to our website: domain name, name, information regarding which pages are accessed, information volunteered by you, such as survey information, e-mail addresses or website registrations and your preferred means of communication. The Corporation collects and logs this information for statistical purposes.

Disclosure of Personal Information

As a general proposition, the Corporation will not disclose your personal information to third parties. The intent is that the personal information collected will be used solely for the exclusive use of the Corporation. However, in order to improve the integrity of the data, to assist in maintaining security over the data, or as required by law, some personal information may be required to be disclosed.

Security

The Corporation takes reasonable security measures to protect personal information from loss, unauthorized access, destruction, misuse, modification and disclosure. The Corporation treats the information with a high degree of regard and awareness of the private confidential nature of the data. Our primary objective is to maintain the integrity and security of the data.

Changes to Our Policies

Controlling and safeguarding the collection, use and disclosure of personal information is an ongoing process and we anticipate that at some time in the future it may be necessary to make changes to our Privacy Policy, a copy of which is contained on the Corporation’s website or by request to the Privacy Officer at the address set out below. If in our opinion, acting reasonably, such changes will allow the Corporation to make materially greater use or disclosure of your personal information, we will notify all active users of the changes. Such users will then have an opportunity to withdraw their consent to the collection, use or disclosure of their personal information. The content of the Privacy Policy may be updated from time to time and we suggest that you return to the website on a regular basis and carefully read the information provided.

Access, Questions and Concerns

If you wish to access any of your personal information held by the Corporation, have further questions about your personal information and/or the Corporation’s Privacy Policy or procedures, wish to withdraw all or part of your personal information, or have any other concerns, please contact:

Privacy Officer

Filament Health Corp.

550 Burrard Street.Suite 2900,

Vancouver, BCV6C 0A3

Telephone: 604-631-3237

E-mail:privacy@filament.health