Privacy Policy
MoCA TEST Inc. (“we” or “MoCA”) is committed to protecting your privacy.
In that respect, MoCA has developed this Privacy Policy to share with you its information collection practices and the options you have when visiting www.mocatest.org (the “Website”) or when using MoCA’s application compatible with electronic devices such as iPads and iPhones (the “Application”). This Privacy Policy applies to information collected from you or about you through this Website and Application during your use of our products and services.
As referenced throughout this Privacy Policy, the term:
- • “Personal Information” means any information about an identifiable individual.
- • “Patient Information” means any information about a patient that you may disclose when using MoCA’s tests. As described in this Privacy Policy, all Patient Information must be de-identified before it is disclosed to MoCA.
- • “You” designates any physician, nurse practitioner or other healthcare professional visiting or using our Website or Application.
- • “Your Personal Information” means any Personal Information about you, and may include, without limitation, information such as user name, password, first name, last name, address and e-mail address and information about your practice.
1. What Is Collected and How Do We Use It
Except as necessary to facilitate or fulfil any aspect of any services, products, or features that you purchase, request or register for via the Website or Application, or as otherwise set forth in this Privacy Policy, we will not sell, rent, lease, share, or exchange Your Personal Information with any third party.
Although you may browse the public pages of our Website (or Application) without registering or without proactively disclosing of any of Your Personal Information, please note that:
Certain sections of our Website and Application include forms on which you may choose to supply some of Your Personal Information that will enable you to make purchases online or receive individualized services or features that we cannot offer to anonymous users; and
Certain other pages of our Website and Application can be accessed only by registered users; and such user will be required to create his/her own Application/Website account.
Finally, please note that in certain circumstances if you do choose not to provide us with some of Your Personal Information, then you may not be able (i) to use some of the products and services available on the Application or Website, (ii) to make purchases or (iii) to take advantage of certain other features of our Website and Application.
1.1 Information Disclosed by You
Creation of Your Online Account
In order to access certain pages intended to be accessed and used by healthcare professionals only, you will be required to create a user account by completing the registration form and creating a User ID and password. In order to create your user account, you will be required to disclose the following Personal Information: your name and surname, your email address, the country where you practice, your profession and the institution for which you work (or are affiliated). You will also be required to create a password. This information is required to create your unique account, and to authenticate you each time you sign in.
Creation of Your Patients’ Online Accounts
Minimal patient identification required to use the MoCA app (this is not required for MoCA paper version or for MoCA training and certification)
In order to use the MoCA test with any of your patients (including purchasing any specific test for such patient), you will also be required to create a profile for that patient. In order to do so and, to the extent required by applicable laws, with the prior consent of your patient, you will be required to fill on their behalf a registration form and in doing so, to provide some de-identified Patient Personal Information, namely: your patient’s file number (provided that such number is given randomly such that it is not related to information about the patient and cannot be used to identify the patient, and does not entail risks of re-identification (e.g., the code or other means of re-identification is not disclosed by you)), age range, gender and level of education. This information is required to create the profile (and later on link the tests and results obtained applicable to that profile as described below). We will never request, nor should you ever provide to us, any identifiable information (e.g., name, address, etc.) about your patients.
You may decide to disclose additional information about any patient, which could have an impact on the assessment of its cognitive abilities (including the use of medication and substances, history of high blood pressure, diabetes, Dyslipidemia, smoking, sleep apnea, heart disease, stroke, etc,). Such information will only be associated with as the de-identified information stated above to assess in a more precise and reliable way his/her cognitive performance, and will not be used to identify any patient. Note however that this information is not necessary and should only be provided if you believe that such information could lead to a better understanding of clinical factors that may affect your patients’ cognitive performance.
Online Orders
If you order products or services through our Website or Application, we will collect some of Your Personal Information, such as your name, e-mail address, shipping and other contact information for the recipient of the item (if different than yours), your account number (if applicable) as well as payment information. Please note however that any payment information (such as credit card number, billing address, expiration date and other billing information) will be collected and processed directly by PayPal and not by MoCA and as such will be subject to the privacy policy and terms of use applicable to such service (as described online at https://www.paypal.com/ca/webapps/mpp/send-money-online?locale.x=en _CA or other URL address as may be used from time to time).
This information is required to complete your purchase, deliver the product or service and provide you (or the designated person) with the product/service purchased.
Assessment of Patients’ Cognitive Performance
In order to assess the cognitive performance of your patients using MoCAs’ online cognitive screening tools, you will have to fill online forms and in doing so to disclose, with your patients’ prior consent, some de-identified Patient Personal Information as described above, and the patient’s answers to the test questions. This information is required: (i) to allow you to link the tests and results obtained to the patient’s profile; (ii) to allow you to analyze the tests and test results properly and compare them wherever required (and applicable) to previous tests and (iii) to allow you to add the tests and test results to the patients’ medical records held by you, or (iv) to retrieve and consult previous patients’ tests.
Once you are done completing a test with your patient, this test will need to be submitted to our online platform for analysis. All answers submitted will be analyzed robotically using algorithms, and such analysis will only occur after you clicked on the “submit” bottom appearing at the end of each online test. Further to that algorithm analysis, you will be provided with your patient’s score, which will be sent to you via an automatic email generated by the platform.
Upon receipt of such automated email, you will be able to review and analyse your patient’s score in the light of his/her other medical information uploaded or available and in accordance with applicable training and certification and with all legal and ethical obligations as may be applicable to your practice and profession.
Training and Certification
To ensure consistency and accuracy in administering and scoring MoCA, official Training & Certification has been mandatory since September 1, 2019.
Using MoCA without official Training & Certification increases risk for administration, scoring and interpretation errors which can lead to misdiagnosis and liability.
Training & Certification is available at no cost for qualified students, faculty members, and academic researchers. Proof of academic status is required.
If a user’s submitted proof of academic status is deemed to be potentially fraudulent or misrepresentative, MoCA Test Inc. reserves the right to contact the declared academic institution and relevant authorities.
Request for Information, Comments and other Inquiries
You may provide Personal Information to us when you voluntarily communicate with us, such as by requesting information via e-mail, utilizing the “Contact Us” or similar feedback features on the Website or Application, or otherwise contacting us electronically. Should you wish to obtain information about our services or products or make any other request, then we will require that you provide us with your contact information (such as your name, phone number or email address/address and additional information if needed) in order for us to be able to communicate with you and to respond to your enquiries, comments or requests for information.
Alerts about Upgrades and Updates
Our Website and Application may notify you, via emails or otherwise, of any update or upgrade that need to be made to the services or your account for the MoCA test to function properly. This notification or email will be provided or sent to you as long as you maintain an online account on MoCA’s platform. You can withdraw your consent to receiving these communications at any time by following the instructions in the e-mail or other form of communication, which will provide for an unsubscribe mechanism that can be readily performed, in which case MoCA will use other means to bring that information to your attention in accordance with applicable law. . You may also receive promotional e-mails about new products that maybe pertinent to enhance the cognitive testing experience. You can also unsubscribe form theses communications.
Surveys and Other Voluntary Demographic Information
Certain forms available on various pages throughout our Website and Application may ask users to voluntarily provide a limited amount of demographic information. MoCA may contact you by e-mail, using the e-mail address or other contact information collected when you filled out one of the forms on our Website or Application, with the option to participate in research studies. In addition, MoCA may conduct online surveys that ask you for demographic data, such as your zip code, age, or product use.
Providing such demographic information and participating in such surveys or other studies are always voluntary. MoCA uses the responses on aggregated de-identified basis to improve the products and services it offers. We do not link your individual responses to Your Personal Information at any time. MoCA uses this information for internal marketing research to help us better serve our users.
Marketing, Promotional, or Other Transactional Communications
We may use your e-mail address or other contact information you gave us from time to time to provide you with information about new features, products, or services that may be available on our Website or via our Application, or to send news and information regarding MoCA or its products or services. Such communications will be sent to you in accordance with applicable laws. You can withdraw your consent to receiving these promotional communications at any time by following the instructions in the e-mail or other form of communication, which will provide for an unsubscribe mechanism that can be readily performed.
1.2 Information Collected Via the Use of Cookies
We may collect, through the use of cookies some of Your Personal Information, such as your Internet Protocol address, how you use and access our Website and Application and any other information described below.
Cookies are small text files that are placed on the hard disk of your device. Temporary cookies include an encrypted unique identifier that remains on your browser until you close your browser software or turn off your device, while the identifier of persistent cookies will remains on your browser after you close your browser software or turn off your device.
Process Cookies allow our products and services to work properly and to keep track of your sequence of navigation, orders or requests when browsing from one page to another;
Functionality Cookies are used to remember choices you make (such as language preference, country location, or other online settings) and provide the personalised or enhanced features that you select. Our functionality cookies can be used to provide online services to you, or to prevent online services from being offered to you if you previously indicated you did not want to receive such services. Our functionality cookies collect anonymous information; however, if you have a registration account with us, the information collected by us using our functionality cookies may be associated with your registration account. for example, if you are a registered user, our functionality cookies may allow us to track your browsing to detect your experiences when accessing our Website from different devices.
Session State Cookies maintain your session active and in order to do so, collect information about your interactions with the services and products, such as the pages that are consulted and the option selected (e.g. “log in” or “log off”);
Security Cookies are used to identify you when you are logged into your account using an encrypted, unique identifiers that are tied to your account and placed in your browser;
Statistical and analytical cookies are used to analyze trends, administer our Website and Application, track your navigation on the Website or use of the Application, and gather broad demographic information for aggregate use, which enables us to improve the Website or Application by making it more accessible and easier to navigate and use. For example, we may automatically receive and record information in our server logs from your browser, including your IP address, your computer’s name, the type and version of your Web browser, referrer addresses, and other generally accepted log information. We may also record page views (hit counts) and other general statistical and tracking information, which will be aggregated with that of other users in order to understand how our Website and Application are being used.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, MoCA does not respond to web browser-based DNT signals at this time.. Note however that you can manually block and delete Cookies, and doing so you will not render our products and services unusable unless they are required to allow such products and services to run in a non-corrupt manner. As such, while statistical and analytical cookies can be blocked, the situation is otherwise for process, session state and security cookies as they are essential for ensuring that the accounts and sessions function properly. However, even if they cannot be blocked without affecting the users’ ability to use the services, these cookies are of a temporary nature; accordingly they will disappear when the browser software is closed or the devices are turned off.
Furthermore, any users or visitors experiencing problems with the functionalities of their account or any other service should contact MoCA as provided for below.
1.3 Information Obtained from Third Parties
We may sometimes collect information from third parties. We only do so when authorized by law, from third parties who are also authorized by law to disclose such information, or in the following circumstances:
E-stores: when you download the Application via an online store some of Your Personal Information required for the successful download of the Application will be received and treated by the e-store.
Google Analytics: Google analytics will collect data about your interactions with our services, Website and Application. In order to do so, Google Analytics will place codes, allowing Google Analytics to see which information was consulted, the browser used, the device and operating device used. The information collected will then be processed, and will be updated when you interact again with our services, Website and Application.
1.4 Children
We do not knowingly collect personal data from children under the age of 13 on our Website or Application. If you have reason to believe that a child under the age of 13 has provided personal data to us through our Websites or Application, please contact us, and we will endeavor to delete that information from our databases.
2. Using Information About You
2.1 Personal Information
MoCA respects and strives to protect your privacy. Your Personal Information will only be used as provided for in this Privacy Policy, such as: (i) for confirming and tracking your order; (ii) for subscription or registration; (iii) for analyzing preferences, trends, and statistics; and (iv) for informing you of our new products, services and offers or as authorized by applicable law, and will never be rented or sold.
None of the required information and/or optional information collected on any form on the Website or Application is used for other purposes than those stated on such form or in this Privacy Policy.
2.2 De-identified Information Used on an Aggregated Basis
De-identified information may be created by the third party retained by MoCA to design MoCA’s platform and algorithms using Your Personal Information. When doing so, MoCA’s IP Programmer will ensure to maintain the complete privacy of Your Personal Information, and in this regard will ensure that de-identified information (i) is created by said IP Programmer in a manner and format that ensure to the fullest extent possible the confidentiality of Your Personal Information; (ii) is created by the IP Programmer only, without the help or assistance of any other person including any subcontractor; (iii) is communicated to MoCA in the same format and manner; and (iv) will not be used to re-identify or attempt to re-identify you or any patients.
Information will be considered as “de-identified” once all specific identifiers will have been removed so that such information can no longer be linked to an identifiable individual. Such information, and/or de-identified Patient Information may be used on an aggregated basis by MoCA or by any third party in order to improve the Website and Application for our users, for research purposes (including to improve overall knowledge about cognitive impairments on a general and country-by-country basis), for statistical purposes, or any other commercial and non-commercial purposes, as such information would no longer constitute personal information. In any event, please note that this information could not and will not be used to re-identify you or your patients.
The country you disclosed when opening your account will be associated to the aggregated and de-identified information generated based on Your Personal Information and Patient Information to have access, on an aggregated basis, to per country de-identified information.
3. Sharing of Personal Information
MoCA may retain the services of third parties or other companies to perform functions on our behalf, such as processing and fulfilling online orders or requests, processing credit card payments, providing customer service, sending print and electronic mail, removing repetitive information from customer and e-mail lists, maintaining and analyzing information collected and/or stored via the Website or Application, hosting services, measuring the effectiveness of promotions and e-mails, performing analyses of users’ activities, serving images via our Website or Application, and fulfilling other functions necessary to our business as further described in Section 3.1.
Except as otherwise provided in this Privacy Policy or as required or allowed under applicable laws, MoCA will not communicate or otherwise transfer Your Personal Information to any third party. However, de-identified information can be disclosed on an aggregated basis to third parties as stated above.
3.1 Communication to Third Parties
MoCA may retain the services of third parties to assist in providing certain services, products, and communications to you, such as delivering alerts, and other communications as stated above. Likewise, we may work with an outside company to (a) manage our database of customer information; (b) assist us with direct marketing and data collection; (c) provide storage and analysis; (d) provide fraud prevention; and (e) perform other services designed to assist us in maximizing our business potential. Finally, we may disclose information to outside companies that help us bring you the products and services we offer, in which case only broad geographical location (such as state and countries) about you will be shared.
In the event that we retain the services of such third parties to provide any of the services described above or similar services, we may need to share Your Personal Information with them to enable those companies to perform their obligations. However, we will provide these companies only with the information necessary to perform their functions on our behalf, and we will not authorize them to use your Personal Information for any other purpose. In such event, these companies are required to agree, in writing, that they will abide by the Privacy Policy and privacy standards implemented herein, including the relevant confidentiality and security provisions.
3.2 Disclosures Required or Authorized by Law
MoCA may disclose Personal Information if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the law or comply with legal process served on us (for example, under a subpoena, court order, or other regulatory requirement or to maintain or protect the security of the Website or Application); (b) protect and/or defend the rights or property or other legal interests of MoCA or of any user; or (c) act in urgent circumstances to protect the safety of the public or other users of the Website or Application. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. If we receive legal process calling for the disclosure of Your Personal Information, we will attempt to notify you via the e-mail address you supplied during registration within a reasonable amount of time before we respond to the request, unless such notification is not permitted. In addition, any disclosure of Patient Information will be made in compliance with applicable law.
3.3 Change in Ownership or Business Transfers
As we continue to develop our business, we might sell or buy assets. In such a case, MoCA may disclose Personal Information to its potential successor for the purpose of allowing that potential successor to assess and evaluate the operations of MoCA, the whole after (i) entering into an agreement, pursuant to which such success shall undertake to keep all Personal Information confidential and secure and not to retain any of the information longer than is necessary for the purpose of the assessment or evaluation; and (ii) complying with any other requirement set forth in applicable law. Should the parties proceed with the transaction, then databanks containing such Personal Information will be transferred to said successors, the whole in full compliance with applicable law.
4. Storage of Personal Information
Subject to applicable law, we may retain such Personal Information for use and disclosure consistent with this Privacy Policy, as long as necessary required for the purposes detailed herein. Furthermore, MoCA may retain Personal Information after a specific purpose has been fulfilled if reasonably necessary: (i) to comply with the law and prevent any contravention; (ii) to resolve disputes; (iii) to enforce this Privacy Policy. Once no longer required, the information will either be erased or stored on an aggregated and de-identified basis for research and other internal purposes.
5. Security
MoCA undertakes to take steps that are reasonable in the circumstances to ensure that all Personal Information in its custody or control is protected against theft, loss and unauthorized use or disclosure and to ensure that the records containing such information are protected against unauthorized copying, modification or disposal as follows:
MoCA uses secure connections during the transmission of log in, registration, and membership information, as well as when transmitting to your attention patients’ results. This means that the aforementioned information is encrypted before it is sent over the Internet between your computer and MoCA computers. The technology used is called Secure Socket Layer (SSL). Through the use of this technology, the information collected through those pages is encrypted on your computer, sent through the Internet as jumbled code, and decoded on either MoCA’s secure server or the systems of the third party contracted to provide the service in question. You can verify that the connection is secure because you will see a key or a padlock on the address bar at the top of your browser screen. Another identifier of a secure connection is the URL (or Web site address); the address will change from http to https or a similar page when a secure connection is in place.
MoCA processes, stores and retains Personal Information on secure servers. MoCA’s Application is currently being hosted in microsoft azure datacenter, which is located in Canada central (https://docs.microsoft.com/en-us/azure/networking/networking-virtual-datacenter). As to the Personal Information obtained when you subscribe to newsletters (or other forms of communication) or when you open an online account on our Website, such information will be stored in Mail Chimp datacentres, which are located in Virginia and in New York (http://blog.mailchimp.com/mailchimp-website-updates/). Even if these servers are located in the United States and subject to the laws in force in these States, MoCA has ensured, before contracting with these service providers, that any Personal Information collected, used, stored and destroyed would receive protection equivalent to that afforded under the laws in force in Canada, it being understood however that access to this Personal Information may be granted pursuant to US laws, to governmental bodies, local authorities and other authorized persons in situations others than those set forth herein.
Although we employ data encryption technology and other measures required to protect the privacy of Personal Information, you should bear in mind that no means of communication of Personal Information is fully sheltered against unauthorized uses and access, and should be aware that there is an inherent risk in transmitting any data electronically. This risk is inherent in all electronic dealings as well as to all other forms of communications. Consequently, we cannot guarantee that any Personal Information transmitted will not be intercepted or viewed or used or will be fully sheltered against cyberattacks and other incidents. Likewise, should you receive an email that looks like it is from MoCA asking for Personal Information, you shall avoid responding to such email, as MoCA will never request account password or financial information through emails. If you have received or communicated Personal Information in response to a suspicious email, pop-up or phony website, please contact MoCA immediately by any of the means set forth below. In view of the foregoing and subject to the limitation set forth in applicable law, you agree to hold us harmless from and against any harm, financial or otherwise, that results from such detection, decryption, eavesdropping, or tampering of e-mails.
In addition, you understand that you are responsible for taking steps to maintain the security of Your Personal Information, for choosing a strong password and by keeping your password, identifiers and other Personal Information confidential. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to log out of your account when you finish using a shared computer.
6. Accessing, Correcting and Updating Your Information
You may consult, correct and update and delete at all times Your Personal Information collected, used and stored via the Website or the Application.
6.1 Information About You
You can readily and freely update or delete your account or profile, or otherwise consult and modify, edit or delete any of Your Personal Information that you uploaded, saved and stored on the Website or Application, or make a request to access Your Personal Information.
Online account: You may update or change your registration information by editing your account profile. In order to do so, you should sign in to the Application or login to www.mocatest.org with your username and password and enter your profile section. You can also update or amend the foregoing at any time by contacting MoCA as set forth hereunder.
You can also delete any information uploaded, received, saved or stored on that account, or shut down your account, in which case all information so uploaded, received, saved or stored (including any patient’s profile) will be deleted. In this regard, please note that MoCA does not keep or have access to copies readily available of such information. As such, the sole manner available to retrieve (in whole or in part) the information you inadvertently deleted is for MoCA to make a request to its third party programmer to access the backup shadow copy generated automatically (i.e. at various points in time and not constantly) by MoCA’s platform.
Electronic communications: Should you wish to be removed from any mailing lists, then you should simply reply to any electronic communication with the word “STOP” or “Unsubscribe” or click on the ready-to-use unsubscribe mechanism provided at the bottom of such communication. You can also specify your desire to be removed from more than one promotional lists by sending us an email (at [email protected]) setting forth from which list(s) you wish to be removed.
Other files: You can also edit your account or any file, correct, inaccurate, incomplete or ambiguous information, have outdated or irrelevant information struck out by contacting us.
Applicable Fees: Any consultation, modification or deletion made pursuant to Subsection 6.1 are free of charge. However, a reasonable fee may be charged by MoCA should you wish to obtain a copy of such Your Personal Information and provided that such information is not otherwise available online. In such a case, MoCA will notify the amount of these fees if applicable, the whole ahead of time.
6.2 Information About Your Patients
Patients’ profiles are not accessible by your patients for the following reasons: (i) patients’ profiles are not activated by your patients, but are rather created by you via your own account and as such do not constitute independent accounts; (ii) these profiles are only created to generate a personalized form for each patient and allow you to complete with said patient the MoCA test online; (iii) the results of MoCA tests are not sent or uploaded on patients’ profiles, but are rather sent to your email account (following which you can add that test to your patient’s medical record in accordance with your legal and ethical obligations).
Should a patient wish to have access to his/her tests, scores and medical information, then such request for access shall be made in accordance with the laws governing access to patients’ medical records.
Users are solely responsible for any applicable compliance with federal or state laws governing the privacy and security of Personal Information, including medical or other sensitive data. You should never share identifiable information about your patients through our Website or Application. Because we do not process “protected health information,” MoCA is not subject to the federal Health Insurance Portability and Accountability Act (“HIPAA”). We specifically disclaim any representation or warranty that the Website and Application comply with HIPAA. We do not sign “Business Associate Agreements,” and you agree that MoCA is not a Business Associate or subcontractor or agent of yours pursuant to HIPAA.
7. Links
This Privacy Policy applies solely to the information collected by our Website and Application. However, our Website may contain links to other sites. Please note that these other websites or applications referred to on MoCA’s Website or Application are provided for convenience and reference only. MoCA is not responsible for the privacy policies of other sites. When visiting them, please refer to the privacy policy applicable to such third parties’ websites or applications.
8. Amendments to this Privacy Policy
MoCA may occasionally update this Privacy Policy. When we do, we will revise the “updated” date at the top of the Privacy Policy. In the event that we make material changes to this Privacy Policy, we will notify you by placing a prominent notice on the home page of our Website, Application, by sending you a notification directly or by any other means deemed appropriate in the circumstances. We encourage you to review this Privacy Policy periodically to stay fully informed about how we are collecting, using, protecting, sharing, storing and disclosing your Personal Information. Be advised that your continued use of this Website or Application and our products and services, constitutes your agreement to this Privacy Policy and any updates. Should you disagree with the provision of the Privacy Policy or any of the practices described herein, then you need to refrain from using or to stop using, as applicable, the Website and Application.
9. Questions About Our Privacy Policy
Should you have any questions about our Privacy Policy, please contact MoCA’s Chief Privacy Officer by email at [email protected], or by mail at 4896 Taschereau Blvd., Suite 230, Greenfield Park, Québec, J4V 2J2, Canada.