(Updated August 5, 2021)
My Viva Plan and Your Privacy
My Viva Plan (“MVP”) is a digital lifestyle program designed to help you take control of your health. My Viva Inc. is an industry leader in up-to-date, evidence-based mental health, nutrition, and physical fitness coaching. Through this coaching, we help motivate and empower you in achieving your health goals. Whether you need support losing weight, live with pre-diabetes, diabetes, high blood pressure, high cholesterol, anxiety, depression, allergies or intestinal issues we are here to assist you. We support and guide you through your health journey and will be there every step of the way.
The program provides you with health and fitness tools to help you visualize how your actions and behaviors impact your personal and professional journey. Participating in the program starts by completing your online customer profile at MVP.
In order for you to participate in the program and for MVP to support the program services, we need to collect and use certain information about you – your Personal Information. MVP is committed to protecting your privacy and the confidentiality and security of your Personal Information.
- how and why we collect, use, and sometimes disclose your Personal Information;
- how you can access your Personal Information that we hold; and
- who to contact if you have questions or concerns about your privacy.
It applies only to your Personal Information collected through the MVP online tool or through our mobile application.
Personal Information means information about an identifiable individual, including, but not limited to, your name, birthdate, physical or mental health, health history, diagnostic, treatment and care information. It does not include the name, title or business address or telephone number of an employee of an organization.
Aggregate Information means data that has been compiled from record-level data to a level of aggregation that ensures that the identity of the individuals to which the data relates cannot be determined by reasonably foreseeable methods.
What type of information does MVP collect?
Personal Information You Provide
MVP collects your Personal Information that is necessary to support the delivery of our programs to you. When you register for the program, you must complete your online customer profile by providing us with your contact information: your full name, email address, telephone number, unique username and password, city, province, and country of residence. We only collect Personal Information that we need to develop a specialized program for you as described below. This information includes your age, sex at birth, gender, height, weight, waist circumference, lifestyle habits, as well as your short and long-term goals. Should you choose to supply it, this information will also include your current and historical medical information, such as past diagnosis or current medications, blood pressure, blood sugar levels, and cholesterol.
Information Obtained by Connected Devices
If you choose to connect MVP with third-party health and fitness devices, Personal Information from these devices will be shared with MVP. This information will include heartrate, blood pressure, blood sugar levels, and other vitals as collected depending on the device and your settings. (Not live yet)
Information Obtained Automatically – Cookies
“Cookies” are an example of “digital markers”: a small file placed on your computer by a website that you visit. They are stored there so that the web server can remember certain pieces of information about you and make your visit easier – you do not have to re-enter the same information every time. This information is used by the web server during the same or another visit to the website. A cookie captures the Internet Protocol (“IP”) address of the device you use to access our website. The IP address on its own may not identify you but can do so when combined about other data automatically collected when you visit our web page, such as the name of the page you visited and the date and time of your visit. MVP collects your IP address which will be used should we require it to investigate any unusual access by our users.
You can set your Internet browser to send you an alert before a cookie is placed on your device. You may adjust your browser settings to reject digital markers, including cookies. Disabling cookies when you visit our website will have no discernible impact on your browsing experience for MVP. However, you will need to turn them on should you select “remember me” for automatic sign in. Please consult your browser’s Help Menu for instructions.
In addition, MVP uses two-factor authentication (2FA) which is a security process whereby you provide two different authentication factors- (security questions or a code sent to your email address) to verify yourself. Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts.
How Does MVP Use My Personal Information?
Your Personal Information will only be used by authorized MVP staff and coaches for the purpose for which it was originally collected as set out below, or if you provide us with your consent to use it for another purpose.
The purpose of the Personal Information you provide regarding your health history, current health issues, eating and exercise habits is to develop individual plans to assist you with weight management, pre-diabetes, diabetes, high blood pressure, high cholesterol, fitness nutrition, prenatal and postnatal care, anxiety, depression, dietary restrictions, allergies and intestinal health.
My Viva uses device information, including IP addresses, for security purposes. Device information is logged when your account is accessed. If we suspect your account has been compromised, we will use your contact information to notify you. My Viva may also use your contact information to inform you of other security or maintenance issues. These include anticipated downtime, potential changes to your account level, or future changes to our corporate status.
On occasion, My Viva works with researchers for studies to improve healthcare quality. My Viva always asks for consent prior to your participation or use of your information in such studies
Use of Aggregate Information
If you have joined My Viva on a corporate plan, we will assist your corporate entity to promote the long-term health of its employees by providing it with
Aggregate Information related to the number of employees using the service, stress assessments, categories for blood pressure results, and percentages of employees completing their daily reflections.
My Viva also uses Aggregate Information to improve its website and online products. Using cookies, My Viva compiles reports of Aggregate Information of site visitors. This information is used to improve our services, website layout and product design.
How Does MVP Share My Personal Information?
MVP may disclose your Personal Information
- for the purpose of the program for which it was collected (see “How does MVP Use my Personal Information” for more details);
- to meet or comply with any applicable laws, regulation, legal process, audit or enforceable request from a government agency or regulatory body;
- in specific circumstances, with your prior consent;
- in connection with a bankruptcy proceeding or the sale, merger or change of control of MVP; and
From time-to-time MVP may retain other companies and contractors to provide services on our behalf (“Service Providers”). These Service Providers may have limited access to Personal Information in order to provide
their services. MVP uses contractual means to require these Service Providers to maintain the confidentiality and security of the information to the same degree as does MVP. Contracts prohibit them from using or disclosing the information about our members for any other purpose other than to provide the services.
We store your Personal Information in Canada. However, some of MVP’s Service Providers (as described above) may operate outside of Canada. These Service Providers are contractually required to meet MVP’s privacy standards. By using MVP, you consent to the access of your Personal Information from outside Canada.
You understand that if your information is accessed from, or stored in a foreign country, it may be subject to foreign laws and accessible to law enforcement and national security authorities with that jurisdiction.
What Safeguards are in Place to Protect my Personal Information?
MVP has implemented reasonable security safeguards to protect your Personal Information against such risks as unauthorized access, collection, use, disclosure or disposal. Security measures have been integrated into the design and day-to-day operating practices as part of MVP’s commitment to the protection of the Personal Information it holds.
MVP uses technical, administrative (organizational) and physical safeguards to protect your Personal Information:
Technical Safeguards include but are not limited to:
- Secure servers
- Use of Encryption when data is in transit and at rest
- Strong password standards
- Limited user access based on need-to-know principles
- Maintaining logs of access to your Personal Information and auditing these logs to confirm only authorized users have accessed information.
Administrative (Organizational) Safeguards
- We have put in place privacy and security policies and procedures, as well as entered into confidentiality agreements with our staff/coaches to ensure a proper level of protection of your Personal Information.
- Our staff/coaches are trained on our policies and procedures so that they understand their privacy and security responsibilities.
- My Viva enters into contracts with all third-party suppliers that need access to your Personal Information to provide their services, which contracts require that they will enact their own safeguards and only use Personal Information for the purpose of providing services.
Physical Safeguards include but are not limited to:
- Use of Microsoft Azure secure cloud. Microsoft Azure is certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the Standard also includes the right to audit Microsoft for compliance.
- Secure Office Buildings
- Secure and limited physical file storage
Accuracy and Correction of my Personal Information
As a My Viva Plan member you are entitled to access all of your Personal Information (as described above) that we have in our custody and control. You may access your Personal Information via your secure online account. If you would like to request our staff to access your information for this purpose, please contact us per our contact information below and provide us with your username. Once we verify your identity and confirm the request, we will generate a copy of your information for you.
Once we receive your request, we may contact you further for more information. We will respond to all requests for information within 7 days or sooner if possible. Prior to information release, My Viva reserves the right to verify the identity of the requestor and refuse access requests on grounds of suspicious activity.
You may correct and update your Personal Information at any time by accessing your account through the website or our mobile applications.
We rely on you to ensure that the Personal Information you provide to us is accurate and up to date. It is very important that you maintain the accuracy and currency of your information so that we can tailor your program to your ongoing and/or changing needs.
How May I Close my Account?
If you have a personal account, you may close your account at any time by accessing your account and payment history and selecting the “cancel” option. Your account will be cancelled immediately, but you will have access to it until the end of the current billing cycle. If your MVP account is provided to you and paid for by a third party such as your employer or your insurance company, please contact that third party directly in order to close your account.
When you cancel your membership and close your account, My Viva Inc. retains your Personal Information only so long as required by law or regulations. In the event My Viva is required to hold any Personal Information, your contact information will be retained in the event you need to be contacted over the mandatory retention.
If My Viva is not required to retain your Personal Information by law, the information will be destroyed by secure means.
Compliance with Applicable Privacy Laws
MVP complies with the Applicable Privacy Laws of the relevant jurisdiction in which MVP operates at any given time (the “Applicable Laws”). MVP regularly reviews the Applicable Privacy Laws to reflect any changes in its policies and practices.
My Viva Inc. also manages and is responsible for the You-AR-Ok (YARO) Avatar application.
YARO collects anonymous information – information that does not reveal your identity or that of any other person – from you to access and use the Avatar application through the iPhone Operating System (iOS) or Google Play Store. No Personal Information is requested or required in order to use this application.
What type of information does YARO collect?
YARO collects your anonymous information that is necessary to engage with the Avatar in support of your mental and physical wellness. The information is collected and stored in an anonymous account and uploaded to the MVP database. Only authorized MVP clinicians and IT Staff have access to the anonymous data.
MVP has appointed a knowledgeable individual within its organization to be responsible for privacy compliance. It is the Privacy Officer’s responsibility to monitor and enforce this Policy.
3728-91 Street NW
Edmonton, Alberta T6E 5M3
If, having shared your concerns with us, you are still not satisfied, you may file a complaint with the privacy regulator:
Office of the Information and Privacy Commissioner
#410, 9925 – 109 Street NW
Edmonton, AB T5K 2J8