Nimble Privacy Policy
NIMBLE respects the privacy of our employees, our suppliers, our clients and users of our SIMBA GI platform. We ensure that the personal information collected remains secure and protected.
​
The NIMBLE Privacy policy is designed to meet or exceed the requirements of Canadian federal and provincial privacy laws. NIMBLE constantly self-evaluates our practices and procedures to maintain the highest standard in this regard with:
-
Secure databases to store data
-
Security applied to data transfers
-
PHI (protected health information)
-
Use of third-party maintained software/libraries
-
Restricted access to code
-
Apps and web portals with authentication functionality
​
As a medical device manufacturer, patients come first. To protect the devices, products, and systems that connect patients to healthcare professionals and institutions, innovation in connectivity comes with an increased focus on cybersecurity as providing critical information sometimes occurs in real-time.
​
NIMBLE remains proactive, vigilant, and efficient in addressing potential cybersecurity risks. NIMBLE continuously improves its processes, measures, and systems implemented to safeguard information using technology to shield against cybercriminals:
-
Firewall, antivirus and encryption software
-
Password managers, best practices and multi-factor authentication
-
Data backups and Update/Patch of devices, applications, and operating systems
-
Employee Education and Training: adhering to cybersafe practices and reporting cybersecurity breaches phishing attacks and email spam, online scams and fraud, ransomware, and malware
​
INFORMATION THAT NIMBLE COLLECTS
​
NIMBLE does not automatically gather any personal information. This information is only obtained if you supply it voluntarily, as prompted by data-entry points on the app or website.
​
When you create an account with us, we ask that you provide personal information such as your email, typically for the purpose of contact. Any personal information provided is managed according to the Alberta Freedom of Information and Protection of Privacy Act. This means that, at the point of collection, you will be informed that your personal information is being collected, the purpose for which it is being collected and that you have a right of access to the information.
If you agree to participate in a study with our product, including the SIMBA GI Platform App, we will only collect PHI as outlined in the signed Informed Consent and with your explicit consent. Depending on your level of interaction with the data collection device or the content of the study protocol, the amount of PHI will vary. By using our app and/or participating in one of our clinical study, you agree to the collection and use of your information as described in this Privacy Policy.
​
DISCLOSURE TO THIRD PARTIES
​
Your entered information may be shared with our partner companies in order to better service your use of our products. Any PHI will be de-identified prior to sharing. These companies will be verified to provide the same level of protection. We will never sell, rent or trade this information to third parties.
​
RIGHTS REGARDING YOUR INFORMATION
​
You have the following rights regarding the protected health information that we maintain about your customers:
Right to Inspect and Copy. You have the right to inspect and copy your information. This information tends to be PHI. To inspect and copy this information, you must submit your request in writing to the Privacy Officer. We will respond to your request promptly. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request. No fees will be charged to clinical study participants or users of the SIMBA GI Platform app. Records of protected health information will not be maintained for longer than is necessary to provide the subscribed services.
​
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to protected health information, you may request that the denial be reviewed. We will choose another licensed health care professional who was not directly involved in the denial to conduct the review. We will comply with the outcome of the review.
​
Right to Amend. If you feel that the information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment of the information about you in a designated record set for as long as the information is kept by us. To request an amendment, your request must be made in writing and submitted to the Privacy Officer. In addition, you must provide a reason that supports your request.
​
Right to Request Restrictions. You have the right to request a restriction or limitation on the information we use or disclose about you. To request restrictions, you must make your request in writing to the Privacy Officer. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply.
​
Right to Receive Notice of a Breach. We are required to notify you by first class mail or e-mail, of any breaches of the privacy of the protected health information as soon as possible, but no later than the time period prescribed by privacy regulations.
​
The notice is required to include the following information:
-
A brief description of the breach, including the date of the breach and the date of its discovery, if known;
-
A description of the type of unsecured protected health information involved in the breach;
-
A brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches; and
-
Contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional information.
Right to Deletion. You have the right to request the withdrawal and deletion of your data. To request restrictions, you must make your request in writing to the Privacy Officer. If participating in a study and wishing to withdraw your study data, you must make this request to the Clinical Coordinator.
SIMBA GI PLATFORM APP - SECURITY MEASURES
Certain Clinical Study Participants may be asked to provide consent to use the SIMBA GI Platform app (beta release) to provide clinical study data.
All data collected via the SIMBA GI Platform app is encrypted at rest and in transit to ensure its security. We use industry-standard encryption protocols to protect your information on both our app and our server infrastructure.
Secure Measures. All data is transferred over secure connections using certified SSL. Access to sensitive data is restricted based on user roles and permissions and data is encrypted while stored and during transition.
Audit Reports and Tracking Logs. Our system records activity on our servers using audit reports and tracking logs. This helps us ensure the integrity and security of your data.
Access Control and Data Disposal Procedures. We have strict access control measures in place. Users can request data and device disposal by contacting the Privacy Officer listed below.
Unique User Identification. Each user is assigned a unique ID, which helps us manage and secure user data efficiently.
Password Management. Our app uses a one time password (OTP) for login, eliminating the need for password management. Each time you log in, an OTP is sent to your registered email, ensuring secure access.
Data Backup and Disaster Recovery. We use managed services for data backup and disaster recovery that automatically handles data backup and recovery. This ensures that your data is safe and can be restored in the event of a disaster.
Use of Firebase Analytics. We utilize Firebase Analytics to collect anonymous data regarding app usage and error logging. This data helps us understand user behavior, improve user experience, and enhance the app's functionality. The data collected by Firebase Analytics is anonymized and does not include any personally identifiable information.
COMPLAINTS AND CONTACT INFORMATION
​
If you have any questions about this Notice or wish to request further information, contact the Privacy Officer listed below.
If you believe your privacy rights have been violated, you may file a complaint with us or with the Privacy Commissioner. To file a complaint with us, contact the Privacy Officer listed below. All complaints must be submitted in writing. You will not be retaliated against for filing a complaint.
​
Privacy Officer
​
Marsha Bures
Nimble Science
361 3655 36 St NW
Calgary, AB T2L 1Y8
Telephone: (866) 493-4633