This privacy policy consists of two sections: (1) General Policy Related to Website Usage and (2) Policy Related to Personal Health Information.
Last updated: 8 November 2022
This section explains how Celestra Health Systems uses any personal information we collect about you when you use our website.
What Information Do We Collect About You?
We collect information about you when you submit a contact form requesting information about our products or services. We also collect information when you voluntarily complete customer surveys, provide feedback, testimonials and participate in competitions be that on this website or our social media pages such as Facebook or Twitter. Website usage information is collected using cookies.
Celestra Health Systems ("us", "we", or "our") uses cookies on www.celestrahealth.com (the "Service"). By using the Service, you consent to the use of cookies.
Our Cookies Policy explains what cookies are, how we use cookies, how third parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.
Cookies can be "persistent" or "session" cookies.
When you use and access the Service, we may place a number of cookies files in your web browser.
We use cookies for the following purposes: to enable certain functions of the Service, to provide analytics, to store your preferences, to enable advertisements delivery, including behavioural advertising.
We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:
- Essential cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.
- Third-party cookies. In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and so on.
If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
You can learn more about cookies and the following third-party websites:
We collect information about you to process your query, manage your account and, if you agree, to email you about other products and services we think may be of interest to you.
We use your information collected from the website to personalise your repeat visits to our website.
Celestra Health will not share your information for marketing purposes with companies outside of our company.
We welcome and encourage other websites to link to the information and ideas that are hosted on these pages, and you don’t have to ask permission to link to celestrahealth.com.
However, we don’t give you permission to suggest that your website is associated with, or endorsed by Celestra Health Systems.
Images and content remain copyright to the owner which is Celestra Health Systems. Any reproduction in whole or in part require express written permission from the company.
Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them.
We would like to send you information about products and services of ours which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes.
If you no longer wish to be contacted for marketing purposes, please email us here.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email here or write to us at the following address. You may incur a small charge for this service.
Celestra Health Systems / Marketing Department
390 March Road, Suite 110,
Ottawa, Ontario, Canada K2K 0G7
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.
We keep our privacy policy under regular review and we will place any updates on this web page, along with the date of the most recent policy update.
You can reach us by email, else by writing to us at the following address:
Celestra Health Systems / Privacy Officer
390 March Road, Suite 110,
Ottawa, Ontario, Canada K2K 0G7
This section explains how Celestra Health Systems protects personal health information related to our remote patient monitoring service.
The appropriate collection, use and disclosure of patients’ personal health information is fundamental to everything that we do. All employees of Celestra Health Systems shall abide by our commitment to privacy in the handling of personal information.
Our Privacy Policy attests to our commitment to privacy and demonstrates the ways we ensure that patient privacy is protected. Our Privacy Policy applies to the personal health information of all our patients that is in our possession and control. This information includes, but is not limited to, data collected via the Celestra Health smart phone app, including remote monitoring of the patient’s gait & balance, results from digital self-assessment tests, exercise-related data collected from the patient’s smart phone (such as the Apple Health app installed on most iPhones), patient responses to digital health surveys, patient journaling, patient identity (such as health card number and date of birth) and contact information.
Personal health information means identifying information about an individual relating to their health, including health card number and contact information. Refer to the previous section for a description of the type of data collected.
The 10 Principles of Privacy
Our Privacy Policy reflects our compliance with fair information practices, applicable laws and standards of practice.
We take our commitment to securing patient privacy very seriously. Each Celestra Health Systems employee is responsible for the personal information under his/her control. Our employees are informed about the importance of privacy and receive information periodically to update them about our Privacy Policy and related issues.
We ask you for information to establish a relationship and serve your medical needs. We obtain most of our information about you from you, based on information that you manually input into the Celestra Health app on your smart phone, else from remote patient monitoring data that we collect with your approval on an ongoing basis.
The Celestra Health solution relies on smart insoles to monitor gait patterns of patients with Multiple Sclerosis (MS). The data collected from the smart insoles includes pressure sensor, gyroscope and accelerometer data. This raw data is securely transmitted to the cloud, where advanced AI algorithms are used to calculate key gait metrics. Once sufficient data is collected (i.e. multiple instances of data collected over several weeks), metrics will be calculated to monitor the patient over time. These results, among others, will be presented to the patient and their clinician to monitor the patient’s disease condition and inform clinical decisions.
We will limit the information we collect to what we need for remote patient monitoring purposes, and we will use it only for those purposes. We will obtain your consent if we wish to use your information for any other purpose.
You have the right to determine how your personal health information is used and disclosed. For most health care purposes, your consent is implied as a result of your consent to use the Celestra Health remote monitoring service. Within the Celestra Health smart phone app, you will be presented with various options to control what information you are willing to share with Celestra Health.
Patients can withdraw consent at any point by contacting their clinician and requesting that their Celestra Health account be terminated and that their data be deleted.
We collect information by fair and lawful means and collect only that information which may be necessary for purposes related to the provision of the Celestra Health remote monitoring service.
The information we request from you is used for the purposes defined. We will seek your consent before using the information for purposes beyond the scope of the posted Privacy Policy.
Under no circumstances do we sell patient lists or other personal information to third parties.
We will retain your information only for the time it is required for the purposes we describe and once your personal information is no longer required, it will be destroyed. Raw sensor data will be automatically deleted after a 6-month retention period.
We endeavour to ensure that all health information that we collect is accurate; however, we rely on you to disclose all material information and to inform us of any relevant changes.
We protect your information with appropriate safeguards and security measures. Celestra Health maintains personal information in the form of electronic files stored in the cloud.
Access to personal information will be authorized only for the physicians and employees associated with Celestra Health’s remote monitoring service, and other agents who require access in the performance of their duties, and to those otherwise authorized by law.
Celestra Health will ensure encryption and protection of all patient data. All in-transit data sent from the smart insoles to the Celestra app uses 128-bit Advanced Encryption Standard - Counter with CBC-MAC (AES-CCM) to create a 128-bit “shared secret” key. In-transit data sent between the Celestra app and the cloud is protected by using SSL 1.2 (2048 bit). Data at rest is encrypted when stored in our cloud-based database.
All data stored in our database is automatically backed up on a regular basis. All backups are automatically encrypted, cataloged, easily discoverable, and retained until explicitly deleted.
We provide information to your clinician acting on your behalf, on the understanding that your clinician is also bound by law and ethics to safeguard your privacy. Other organizations and agents must agree to abide by our Privacy Policy and may be asked to sign contracts to that effect. We will give them only the information necessary to perform the services for which they are engaged, and will require that they not store, use or disclose the information for purposes other than to carry out those services.
The cloud-based public infrastructure used by Celestra Health is password-secured and configured in such a way that only authorized individuals can access secure systems and databases. We use serverless technology from a leading public cloud computing provider - this cloud-native development model allows Celestra Health to build and run applications without having to manage servers. And while Celestra Health’s backend system is partitioned to ensure that patient data is only accessible to the applicable patient and their clinician, Celestra Health does not control the exact location in which the patient’s data is physically stored, but does have control over selecting the country or region in which the data is physically stored.
Furthermore, audit trails are always in effect, and can be used to determine exactly which information was accessed and/or updated and by whom. Each audit event includes information, such as who performed an action and when, which resources were impacted, and many other details.
Through the use of a leading public cloud computing provider, Celestra Health complies with ISO 27018, a code of practice that focuses on protection of personal data in the cloud. It extends ISO information security standard 27001 to cover the regulatory requirements for the protection of Personally Identifiable Information (PII) or personal data for the public cloud computing environment and specifies implementation guidance based on ISO 27002 controls that is applicable to PII processed by public cloud service providers.
Furthermore, Celestra Health’s public cloud provider’s infrastructure is regularly validated by third-party agencies against security and compliance standards for finance, retail, healthcare, government, and beyond. Supported security standards and compliance certifications include PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171.
If you send us an e-mail message that includes personal information, such as your name included in the "address", we will use that information to respond to your inquiry. Please remember that e-mail is not necessarily secure against interception. If your communication is very sensitive, you should not send it electronically unless the e-mail is encrypted or your browser indicates that the access is secure.
Celestra Health has prepared this plain-language Privacy Policy to keep you informed. You may view a copy by visiting our website at www.celestrahealth.com.
In the unlikely event of a data breach, our cloud provider publishes public notifications in the form of Security Bulletins, which are monitored by Celestra Health. Celestra Health will, in turn, notify in a timely manner, all patients that have been directly impacted by the breach.
If you have any additional questions or concerns about privacy, we invite you to contact us by e-mail at privacy@celestrahealth.com and we will address your concerns to the best of our ability.
With limited exceptions, we will give you access to the information we retain about you within a reasonable time, upon presentation of a written request and satisfactory identification.
If you find errors of fact in your personal health information, please notify us as soon as possible and we will make the appropriate corrections.
If we deny your request for access to your personal information, we will advise you in writing of the reason for the refusal and you may then challenge our decision.
We encourage you to contact us with any questions or concerns you might have about your privacy or our Privacy Policy. We will investigate and respond to your concerns about any aspect of our handling of your information.
In most cases, an issue is resolved simply by telling us about it and discussing it. You can reach us by email, else by writing to us at the following address:
Celestra Health Systems / Privacy Officer
390 March Road, Suite 110,
Ottawa, Ontario, Canada K2K 0G7
If, after contacting us, you feel that your concerns have not been addressed to your satisfaction, you have the right to complain to the Ontario Information and Privacy Commissioner (IPC). The Commissioner can be reached at:
2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada. M4W 1A8
1-800-387-0073
