Last Revised: October 04, 2021
We want you to understand how and why PORTpass (“PP,” “we,” “us”) collects, uses, and shares information about you when you use PORTpass mobile app (the “App”). Before using the App, please read the following carefully to understand how we will treat your personal data.
2. Personal data We Collect About You
When you use the App, we collect the following personal data:
- From You. The App allows you to access your Health Record (as defined below), and consent to sharing that Health Record with PP for purposes of providing the App. We will collect pass-thru information described in the “From the Third Parties You Approve” section below. If you correspond with us via email, we will collect your email address.
- From Your Device. The App will also collect limited information about how you access and use the App if you experience a crash or another bug within the application. We may also collect statistics on how many times you use the App, your IP address, device type and its unique device identifier, the type of mobile browser, the mobile operating system that you are using, and other log data. Finally, with your permission, we may also access the Camera on your device solely for the purpose of scanning 2D QR codes that contain Health Records.
- From Health Providers You Approve. In order for the App to function, we must interface with the health providers you chose for purposes of collecting your digital health records related to your Covid-19 status. This additional information will include information such as the time of test, vaccination history, lab or facility where the test was taken, the type of test and identifiers linking the record to you (together, your “Health Record”).
3. Use of Your Data
We use your data for the following purposes only:
- To communicate with you. We may also use your personal data to directly communicate with you about your use of the App or to respond to an email or submission from you.
- To comply with the law. We may in some cases need to process your personal data in order to comply with applicable law, including requests from governmental authorities.
- To establish, exercise, or defend legal claims and for related purposes such as the prevention or detection of fraud where necessary.
Unless otherwise indicated, there is typically no contractual or legal requirement to provide your personal data, however, if you do not provide it, then we may not be able to provide the App to you.
4. Sharing Your Data
Except in the instances listed below, we will not disclose your personal data to others unless you consent to it, nor will we ever sell your personal data to advertisers. However, we share your personal data in the following ways:
- We may share information with vendors, consultants, and other service providers who need access to such information to carry out work for us. Their use of personal data will be subject to appropriate confidentiality and security measures (e.g. cloud providers who host our App).
- We may share personal data we collect about you in connection with a merger or reorganization of all or a portion of our organization or assets related to PP.
5. Choices and Rights over your Personal Data
You have a number of rights with respect to the personal data we have about you, which may be restricted by law. One key right is the right to ‘object’ to the processing of your personal data in certain circumstances (e.g., if we have no legal right to keep using it). You also have the right:
- To delete personal data. You can ask us to erase or delete all or some of your personal data. We will comply with this request unless there is a legal right for us to deny this request (for example, if we need to retain your data to comply with a legal obligation to which we are subject). Please email [email protected]
- To change or correct personal data. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- To limit, or restrict use of personal data. You can ask us to limit our use of your personal data (e.g., if your personal data is inaccurate or unlawfully held).
- To access and/or take your personal data away (data portability). You can ask us for a copy of your personal data. For your own privacy and security, we may sometimes ask you to prove your identity before providing the requested information. In some cases, you also have a right to receive your personal data or have it transmitted to others in an interoperable, machine-readable format.
- To withdraw consent which you have given. If you have given consent to process your personal data, you may withdraw it at any time by deleting the App and/or submitting a request to delete your personal data. This does not affect the lawfulness of our processing based on your consent prior to such withdrawal.
- To not be discriminated against. PP will not discriminate against you in any manner for exercising any of the above rights with respect to your personal data. However, PP cannot control the actions of third parties with whom you choose to share information through the App.
6. Retention and Deletion
We will keep your personal data only for as long as is reasonably necessary to provide the App to you and to fulfill the purposes described in this policy. When your personal data is no longer needed, we will destroy or irreversibly de-identify it.
7. Data Transfer
When you use our App, you may be sending personal data into countries that have different data protection rules than those of your country (applicable to individuals signing up for the PORTpass, whom are not Canadian citizens. However, as a PP user in Canada, all data is stored with Amazon Canada in Central Canada with Cloudflare security until the users PP account is verified. Once a user is verified, all PP holder data is flushed from the Amazon Canada server in Central (Canada) and no personal data is on file once a user is verified, just a users profile image, name and status in a colour coded/icon manner with the secured and encrypted visible digital seal (VDS) called MapleCode a QR code. We take appropriate steps to protect your personal data when it is transferred across borders, and certain laws may require us to implement particular safeguards including ensuring there is adequate level of protection for the data transferred.
8. Our Legal Bases
We will collect, use and share your personal data only where we have a legal basis for doing so. This section explains the legal bases we rely on for processing personal data:
- Consent. When you use the App to request your Health Records, we rely on your (explicit) consent in order to process and transfer your personal data. In the context of this App, you have been asked to review this policy and provide specific consent for the App to access your Health Records. If you consent, you may also withdraw your consent at any time – see Section 5 (Rights) above.
- Legitimate Interests. We also process your personal data where it is necessary based on our legitimate interest in providing our App, understanding how our App is being used, improving the performance of our App, and protecting our App against illegal or fraudulent activity (ie. cyberattacks).
- Legal Obligations. In some circumstances, we may need to process personal data where necessary to comply with applicable laws.
- Contract Necessity. In some circumstances, we may need to process personal data for the performance of an agreement we have with you or in order to take steps at your request prior to entering into an agreement with you.
When processing sensitive personal data about you (such as personal data about your health), we may also rely on the fact that it is necessary for the establishment, exercise or defense of legal claims.
9. Other Important Information
9.1 Security of Your Personal Data. Security of personal data is important to us. We implement security safeguards designed to protect your personal data. This includes safeguards to protect against anticipated threats or hazards to the security or integrity of the data, and to protect against unauthorized access, acquisition, leak, destruction, alteration, loss, disclosure or destruction. Despite these efforts, we cannot guarantee that your data may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. Please notify us immediately at [email protected] if you become aware of any security issues relating to our App.
9.3 Children. The App is not designed or intended to be directly used by children (as defined by applicable law). However, a guardian or parent of a child may choose to use a health provider to consent to the use of the App to create a PORTpass™ certificate for their child. If we become aware that we have the personal data of such children collected through the App without parental consent, we will promptly delete it.
9.4 Contact Information. For any questions regarding this policy, please contact us at our Canadian headquarters:
Calgary, Alberta, Canada