Privacy Policy

This privacy policy pertains to the collection, use anddisclosure of Personal Information in the custody and control of Hypercare Inc. (“Hypercare”).

Personal Information shall include (i) personal information as such term is defined in the PersonalInformation Protection Electronic Documents Act; (ii) personal health information as such is defined in the Personal Health Information Protection Act (Ontario), provided that for purposes of this policy, Personal Information shall not include information about Hypercare employees in such employees’ capacity as employees of Hypercare.

It is the policy of Hypercare to keep any information gathered through the use of our systems secure. Assuch, user information is not disclosed or shared to unauthorized third parties except as allowed by Canadian law and described herein.

Hypercare reserves the right to review the covenants contained in this Privacy Policy and to makechanges. Every time that a change to this policy is made, users will be notified and the revised version will be posted on our website. By utilizing our application and/or website, or otherwise providing Personal Information to us, the user agrees to be bound by Hypercare’s Privacy Policy.

Personal Information

Hypercare collects information that personally identifies the user, such as the user’s name, address,mobile telephone number, e-mail addresses and other information that the user provides to Hypercare or information on the Hypercare profile or account. Personal information may be collected in a number of ways, including: in person, over the phone, by mail, by fax, over the Internet, and from third parties who you have authorized to disclose Personal Information to us. We make every reasonable effort to keep your Personal Information as accurate, complete and up-to-date as necessary. If desired, you may verify the accuracy and completeness of your Personal Information in our records.

Some of the user’s Personal Information is disclosed to other users of the application, including theuser’s first and last name, telephone number, and job title, and current job availability.

Collection, Use and Disclosure of Personal Information

Hypercare uses and discloses Personal Information for purposes consistent with such PersonalInformation’s collection. For example, Hypercare shall be allowed to collect, use and disclose Personal Information in a manner that is consistent with providing the services contemplated by the use of Hypercare’s mobile application.

Access to private, sensitive and confidential information, including user’s Personal Information, isrestricted to authorized employees with legitimate business reasons. We require all of our employees to abide by Hypercare’s privacy standards. Our employees understand the importance of keeping your information private. For this reason, our employees are required to agree to a confidentiality agreement that prohibits the disclosure of any user information to unauthorized parties.

Employees are strictly prohibited from accessing or disclosing Personal Information withoutauthorization. All employees are expected to maintain the confidentiality of Personal Information at all times and failure to do so will result in appropriate disciplinary measures including dismissal.

Hypercare will never rent or sell the Personal Information it collects.

Hypercare will never disclose Personal Information to third parties except as contemplated in thisprivacy policy or as otherwise permitted by law. Further, Hypercare will never disclose Personal Information to third parties, except as required by law or upon demonstrated lawful authority, or as set out in this Privacy Policy.

Hypercare uses third-party service providers to deliver notifications on devices. These third-partyproviders may have access to Personal Information as an incidental result of the services provided by such third parties to Hypercare, but the access of such third parties to such information is strictly controlled in accordance with their safeguards outlined on their service.

The type of information we are legally required to disclose may relate to criminal investigations orgovernment tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so.

Your Personal Information may be disclosed in situations where we are legally permitted to do so, suchas in the course of employing reasonable and legal methods to enforce your rights or to investigate suspicion of unlawful activities. We may release certain Personal Information when we believe that such release is reasonably necessary to protect the rights, property and safety of ourselves and others.

Should Hypercare conduct market or product research, it will never use Personal Information; rather, itwould fully anonymize information (means that it would render it unlikely to be traced back to an individual).

Usage and Aggregate Data

Hypercare collects usage information from users to our services. The purpose of this collection is tounderstand how users access and use the services in order to enhance and optimize our services. Usage information and data could include but is not limited to the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of messages sent or received, and times at which the application was accessed and used. In addition, Hypercare will collect aggregate data about a group or category of services or users. This information, as well as the Personal Information collected, enables Hypercare to analyze trends, administer Hypercare’s services and products, troubleshoot, enhance and improve Hypercare’s services.

Hypercare maintains the right to inform our users about any change that may affect informationcollected or stored. We may be required to comply with a court order or governmental regulatory requirement or disclose information in connection to legal proceedings. If required to do so, we will make every effort to notify the relevant parties about the proceedings.

Hypercare reserves the right to use the contact information of users for the purposes ofcommunications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events), while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.

Hypercare is not anticipating any changes in corporate status, however as we grow and develop thatmay change. You understand and agree that we may use your Personal Information and disclose your Personal Information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and/or performing the proposed transaction. These purposes may include, as examples, permitting such parties to determine whether to proceed or continue with the transaction, fulfilling any reporting or audit requirements to such parties, and/or disclosing Personal Information as part of concluding a sale or transfer of assets. Our successors and assigns may collect, use and disclose your Personal Information for substantially the same purposes as those set out in this Policy. In the event the transaction does not go through, we will require, by contract, the other party or parties to the transaction not to use or disclose your Personal Information in any manner whatsoever for any purpose, and to return or destroy such Personal Information. Personal Information that is collected online remains subject to applicable legislation and corporate policy.

Services

Hypercare provides the service for users to coordinate patient care amongst their colleagues by allowingusers to text, send audio and images to their colleagues. Users can use Hypercare to send tasks and receive tasks from their colleagues. Lastly, Hypercare provides a service to allow users to find who is working in a particular role in their organization and is available to assist in patient care.

Data Retention

Hypercare reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms andconditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law.

Control of User Data

Hypercare takes reasonable steps to protect information collected from users to prevent loss, misuseand unauthorized access, disclosure, alteration and destruction.

Hypercare has appointed a Designated Privacy Contact who acts as Chief Privacy and Security Officer(CPSO) responsible for information system monitoring and information security policy and procedure management. The CPSO is responsible for compliance with Hypercare’s privacy programme including:

• Undertaking privacy impact assessment and threat and risk assessments on a regular basis;

• Adopting policies and procedures on the basis of privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.

Hypercare users may access their Personal Information by accessing their account and, should they require assistance, by contacting our CPSO. Our CPSO’s contact information can be found below.

Safeguard measures to ensure authorized access include the use of a username and a password for authentication. Every user must keep their password and username safe and ensure that any person who has access to view such private information is permitted to do so. Users must contact Hypercare immediately if the user believes their password has been compromised or misused.

Hypercare stores all personal and personal health information in Canada, with Microsoft Azure secure cloud. Microsoft Azure is certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO 27018, the Standard also includes the right to audit Microsoft for compliance.

Under Hypercare’s agreement with Microsoft, Microsoft may have some limited rights to access information stored on their servers, potentially including personal information.

Hypercare has implemented a number of key security safeguards including:

• Privacy and security awareness training

• Security Policy

• Audit log on server administration

• Firewall

• Anti-virus software

• Encryption in transit

• Encryption at rest

Governing Law

This privacy policy shall in all respects be governed by and interpreted, construed and enforced in accordance with the laws of the Province of Ontario and the laws of Canada applicable therein. In the event that this privacy policy is in conflict with the EULA for the Mobile Applications, or the Terms of Use for our Website, the EULA for the Mobile Apps will prevail.

Contacting Hypercare

Subscribers may contact our CPSO to make enquiries on our privacy practices or to the accuracy of their personally identifiable information and to request the update, correction or deletion of such information or account should they wish to do so. Any query, comments or concerns can be sent to us by email at support@hypercare.com or by mail at the following address:

Attn: Hypercare Inc.
100 College Street Suite 150,
Toronto, Ontario
M5G 1L5

Cookies

Our website may use “cookies” to enhance the user experience. Web cookies are very small text files that are stored on the user’s computer from a webpage to keep track of information about the user’s browsing on that site. The use of cookies allows us to capture standard web traffic information, such as the time and date the user visited our website, their IP address, and their browser information. In no circumstances do the cookies capture any information that can personally identify the user. The user may choose to set their web browser to refuse cookies, or to alert the user when cookies are being sent. If the user sets their web browser to disable cookies, some parts of the website may not be accessible to the user.