TELUS Health Corporate Privacy Commitment

TELUS Health offers a variety of health, wellness and workplace management products and services that are designed to build and maintain healthy communities and workplaces. TELUS Health is committed to delivering remarkable experiences for the benefit of all customers and individuals we serve while also protecting Personal Information and respecting privacy.

TELUS Health commitment to protect your privacy

This Privacy Commitment explains the collection, use and disclosure of Personal Information and sets out the basis on which any Personal Information we collect from you, or that you provide to us, will be processed by us. Please read this Privacy Commitment carefully to understand the ways in which we collect, use, disclose and protect your Personal Information.

As described in further detail below, TELUS Health collects, uses and discloses Personal Information to identify you, establish eligibility, and provide technology-enabled total health, wellbeing and human resources services (such as pensions and benefits, employee assistance programs, and health management programs), including through our websites and apps. We also use your information to analyze and improve our services and to communicate with you.

Our Privacy Commitment and practices are consistent with the 10 Fair Information Principles, and we strive to apply the principles of Privacy by Design in the development and review of our products and services.

Additional information about how TELUS Health collects, uses and discloses Personal Information in connection with certain products and services can be found here: https://www.telus.com/en/health/about-telus-health/privacy.

1. Definitions

The following definitions apply to this Privacy Commitment.

Healthcare Practitioners - Practitioners that provide or assist in the provision of healthcare in connection with the TELUS Health services, such as psychologists, social workers, and registered nurses.

Personal Health Information - Any Personal Information regulated under applicable health privacy legislation in the jurisdictions in which we operate, which may include information that relates to an individual’s physical or mental health and healthcare, including health history, the provision of healthcare to the individual, payments or eligibility for healthcare, healthcare provider, substitute decision-maker, health card number or other healthcare-related personal identification numbers, or any other information that is collected in the course of providing health services to the individual, including information contained in a medical record.

Personal Information - Any information about an identifiable individual, other than business contact information used to contact an individual in their business or professional capacity. Personal Information does not include anonymized or aggregated information that cannot reasonably be associated with a specific individual.

TELUS Health - In this Privacy Commitment, the words "we", "us", "our", or "TELUS Health" refer to TELUS Health Limited.

TELUS Family - In this Privacy Commitment, "TELUS Family" means TELUS Communications Inc. and its subsidiary companies and corporate affiliates, as they may exist from time to time.

You - An individual who uses the TELUS Health services or otherwise interacts with us.

2. About this Privacy Commitment

We created this Privacy Commitment to tell you:

  • What Personal Information we might collect about you;

  • What we might do with that Personal Information; and

  • Your choices about the Personal Information you provide.

This Privacy Commitment covers our websites, mobile apps, services provided through these platforms or otherwise accessed by a user (such as our counselling and well-being services) and any other interactions you may have with us (such as by telephone, email, or in person).

3. Accountability

With the exception of limited information related to your eligibility for TELUS Health services (in respect of which your employer, plan sponsor, or other provider is responsible), TELUS Health typically has overall responsibility for protecting the privacy of the Personal Information we collect about you through the TELUS Health services, and we are directly accountable to you with respect to the handling of that information. In circumstances in which TELUS Health is not the responsible organization (e.g., when processing Personal Information related to your eligibility for the services, as described above), we may redirect a query or request concerning TELUS Health’s handling of your Personal Information to the responsible organization (e.g., your employer, plan sponsor or other provider).

Canadian residents: Certain TELUS Health services may be delivered by Healthcare Practitioners. With the exception of Alberta, Northwest Territories, and Yukon, TELUS Health has overall responsibility for protecting your Personal Health Information and we are directly accountable to you. In Alberta, Northwest Territories, and Yukon, your Healthcare Practitioners who are designated as ‘health information custodians’ or ‘custodians’ under applicable legislation (Alberta’s Health Information Act, Northwest Territories’ Health Information Act, and Yukon’s Health Information Privacy and Management Act), have overall responsibility for the privacy of your Personal Health Information and TELUS Health collects, uses, and discloses Personal Health Information on their behalf and otherwise assists them with their responsibilities under the applicable legislation.

U.S. residents: When using certain TELUS Health services, your employer or other provider may be considered a “covered entity” under the Health Insurance Portability and Accountability Act and will be responsible for the Personal Health Information we collect, use and disclose when delivering the TELUS Health services.

If we refer you to a third party outside of TELUS Health to receive healthcare or other services, that party will be accountable for handling any Personal Information you provide to them in accordance with that party’s privacy policy.

4. Consent

When we rely on consent to collect, use and disclose your Personal Information (which may depend on the jurisdiction in which you are based), you can withdraw your consent to such collection, use and disclosure, subject to our legal, regulatory and contractual restrictions. However, if you refuse to provide certain information or withdraw your consent, this may limit our ability to provide you with the TELUS Health services. The withdrawal of your consent does not affect the lawfulness of our collection, use and disclosure of your Personal Information based on that consent prior to its withdrawal.

In some situations, we may rely on the consent you provide directly to your employer or benefits provider.

You can close your account associated with the TELUS Health services at any time. To close your account or request to delete your Personal Information, you may be able to make a request through your account or you can contact us as set out below. If your request relates to healthcare or other services received from a third party outside of TELUS Health to whom we have referred you, we will direct you to the appropriate third party who can assist you.

To collect, use or disclose Personal Information outside of the purposes contemplated in this Privacy Commitment, we will seek additional consent from you where required.

When you provide Personal Information on behalf of a third party, such as a beneficiary, you represent that you have obtained all requisite consents and authority for us to collect, use, disclose and otherwise process such Personal Information for the purposes communicated to you at the time of collection or as otherwise set out in this Privacy Commitment, and you agree to provide such third party with a copy of this Privacy Commitment.

5. Where we get your information

We collect Personal Information in the following ways:

  • Directly from you;

  • From your use of TELUS Health services, programs, websites and apps;

  • From your employer, association, insurer or benefits plan sponsor;

  • When you attend a TELUS Health site or event;

  • When you apply for a position at TELUS Health;

  • If you contact us with a complaint or query;

  • When you engage with us over social media; and/or

  • From legally authorized third parties.

6. Children’s information

We will not knowingly collect, use or disclose your Personal Information if you are under the age of majority in your area (or such other age as specified by applicable law in the jurisdiction in which you are based) without the permission of your parent or guardian. If you are underage and want to access our counselling and wellness services, your parent or guardian needs to contact TELUS Health on your behalf.

7. What information we collect and why

We collect the Personal Information required for us to establish and maintain a responsible service relationship with you, to provide the TELUS Health services, to develop, enhance or market our products and services (including to send you relevant information about products and services that may be of interest to you), and to maintain and improve the security and functionality of the TELUS Health services.

We may collect Personal Information to set up an account for you where required to access and use the TELUS Health services.

We also collect other information from you as you use the TELUS Health services, such as:

  • app usage information

  • website and device information

  • cookies

We may use Personal Information to send you relevant marketing messages. You can opt out of receiving marketing messages at any time by following the unsubscribe instructions included in each of our marketing messages or by contacting us as set out below.

8. Cookies

We use cookies and similar technologies to enable essential site functionality, improve our websites and provide relevant advertising and personalized content, including on third-party websites. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. Please see our Cookies Notice here https://www.telus.com/en/about/privacy/cookies for information on our use of cookies and interest-based advertising practices.

9. Aggregated and Anonymized information

We may anonymize or aggregate your Personal Information such that it cannot reasonably be associated with you, for the following purposes:

  • To protect your privacy and the security of your Personal Information;

  • To conduct analytics and/or research in a privacy protective manner to:

      • Better understand and improve the TELUS Health services;

      • To operate and expand our business opportunities; and

      • To improve health outcomes.

We may share aggregated or anonymized information or insights with the TELUS Family and our clients, partners and third-party service providers to assist in research, planning, risk management, workforce analytics, or product and service development. When we provide this information, we take appropriate measures to ensure that the data does not identify you and cannot be associated back to you.

10 .When does TELUS Health share or disclose your personal information?

We will not disclose your Personal Information for any purpose other than what has been outlined in this Privacy Commitment or as permitted under applicable law, unless we obtain your consent. We disclose only the limited amount of Personal Information necessary to meet these purposes.

We do not sell your Personal Information to any third parties.

We may share your Personal Information with our service providers who are contracted to perform services or functions on our behalf where they require the information to assist us in serving you. We use contractual controls to protect this information and limit its use to what is necessary for the service provider to perform the service.

11. Storage of information and international transfers

TELUS Health is a global organization with affiliates and partners located in many countries around the world. The TELUS Health services are managed in Canada, the European Economic Area, the United Kingdom, Australia or such other jurisdiction selected by your employer or benefits provider; however,to provide our services to you, TELUS Health may, in accordance with applicable law, share Personal Information across geographical borders within the TELUS Family or with service providers in other jurisdictions, such as India, who assist with the provision of the services on our behalf. As a result, your Personal Information may be transferred outside the jurisdiction in which you are situated (including, for residents of Quebec, outside of Quebec) and become subject to the laws of the receiving jurisdiction, which may differ from the laws of your jurisdiction.

If your Personal information is transferred outside of your jurisdiction, we will take appropriate measures to ensure an equivalent standard of Personal Information protection under applicable law. We will also obtain consent where this is required under applicable law. Please contact us if you want more information on how we protect Personal Information transferred out of your jurisdiction.

12. Notice to users in China

The below information, which may be collected from you or provided by your sponsoring organization, is exported out of China:

Identity information: 

Provided by you or your sponsoring organization when creating your account, such as your name, date of birth, employee number, gender, language.

Contact information: 

Provided by you or your sponsoring organization when creating your account, such as your email, country, city.

Employment information: 

Provided by you or your sponsoring organization when creating your account, such as company name, job title, work status, employment start date.

Health information: 

The state of your physical and/or mental health provided by you in connection with your use of our services, such as your weight, height, body mass index, waist circumference, cholesterol, lipoprotein, triglycerides, glucose and blood pressure readings, sleep patterns or other similar information provided by you through connected devices or through any assessment you complete.

Lifestyle information: 

Your alcohol consumption, tobacco/nicotine use, eating and nutrition (e.g., number of servings of food groups and nutrition related questions), cardiovascular disease risk, emotional well-being (e.g., depression and stress), and readiness to change. This information is provided by you through assessments you may complete.

13. Retention of your information

We retain Personal Information only for as long as necessary to fulfill the purposes described in this Privacy Commitment or as otherwise required to meet legal, contractual or regulatory requirements. At your request, we will delete your Personal Information unless we are required to retain it to meet our legal, contractual or regulatory obligations. If your request relates to healthcare or other services received from a third party outside of TELUS Health to whom we have referred you, we may direct your request to the third party.

For more information about our retention processes or to request deletion of your Personal Information, please contact us at [email protected].

14. Safeguards

We have implemented a comprehensive information security program.

15. Data Subject Rights Requests

You can request access to or correction of your Personal Information, or withdraw your consent to the collection, use or disclosure of your Personal Information, by contacting us at [email protected] or utilizing service-specific functionalities, where available (e.g., in-app). We will take reasonable steps to verify your identity before processing your request. We rely on you to keep your Personal Information up-to-date and accurate so that we can serve you.

Depending on the jurisdiction in which you are based, you may have additional rights in connection with the processing of your Personal Information.

16. Marketing

We may send you marketing messages concerning our products and services, which may include emails tailored to you based on your activity on our websites or apps.

You can opt out of receiving marketing messages from us at any time by following the unsubscribe instructions included in each of our marketing messages or by contacting us as set out below. If you opt out, we will share your contact information with the TELUS Family to unsubscribe you from all TELUS Health marketing communications. You may continue to receive transactional and service emails from us.

17. Contact information

You can always reach our Privacy Officer at [email protected] if you have privacy questions, concerns or complaints regarding TELUS Health’s handling of your Personal Information.

If you have any questions, concerns or complaints regarding the handling of your Personal Information by a third party outside of TELUS Health to whom we have referred you, we will direct your request to the third party.

18. Changes to our Privacy Commitment

This Privacy Commitment may be updated from time to time to reflect changes to our practices. Any notices regarding modifications to this Privacy Commitment will be in written form and provided to you through our website or apps. If any changes to this Privacy Commitment are significant, we will provide a more prominent notice (including email notification, if appropriate).

We encourage you to periodically review this Privacy Commitment for the latest information on our privacy practices and to contact us if you have any questions or concerns.

Last updated: January 8, 2024