Privacy Policy

Vivo is committed to the ten principles outlined in Privacy Legislation governing the collection, use, and disclosure of Personal Information, forming the foundation of Vivo’s Privacy Policy:

a) Accountability

Vivo is responsible for safeguarding all Personal Information it controls and reasonably ensures a similar level of protection when data is processed by third parties.

b) Identifying Purposes for Collection

Vivo documents and communicates via the liability and consent waiver signed by all new members or program participants, the specific purposes for collecting Personal Information prior to collection. For any new purposes, Vivo will request consent.

c) Obtaining Consent for Collection, Use, or Disclosure

Vivo obtains consent, where required, for collecting, using, and disclosing Personal Information.

Consent is obtained for reasonable purposes such as:

• Verifying identity
• Administering functions like training and employee benefits
• Processing donations, payments, or invoices
• Providing services or products
• Sending promotional materials related to Vivo

Withdrawal of consent may affect Vivo’s ability to provide certain services. Personal Information may also be disclosed without consent if legally required or to protect rights and safety.

d) Limiting Collection of Personal Information

Vivo collects, uses, and discloses Personal Information as necessary to fulfill identified purposes, primarily from employees, volunteers, and members.

e) Retention and Destruction

Vivo retains Personal Information only as long as it is necessary or legally required, then securely destroys or anonymizes it as per records and retention best practices. Records that require storage for more than 24 months are sent to an off-site location managed by a professional archival service.

f) Accuracy of Personal Information

Vivo keeps Personal Information accurate, complete, and current, relying on individuals to report changes. Vivo recommends that individuals correct inaccuracies by contacting the Privacy Officer.

g) Security Safeguards

Vivo employs commercial efforts to protect Personal Information from unauthorized activities, with security measures appropriate to the sensitivity of the data. This may include encryption, multi-factor authentication, passwords, and access control.

Vivo and third-party service providers may use servers located outside of Canada in Europe or the United States of America. In these instances, Personal Information is subject to the laws of the respective countries. If given a choice, Vivo will elect to use data servers located in Canada.

h) Openness Concerning Policies and Practices

Vivo provides information on its privacy practices, including contact details for inquiries via this policy and through our website https://www.vivo.ca/privacy-policy/.

i) Individual Access to Personal Information

Individuals have the right to access their Personal Information, subject to legal exceptions, and if access is denied, the reason why access is denied.

j) Challenging Compliance

Vivo has procedures to address and respond to inquiries or complaints about its privacy practices via the Complaints Policy and through the policy shared on Vivo’s website at https://www.vivo.ca/privacy-policy/.

Vivo reserves the right to amend policies and procedures or take corrective actions as necessary.

k) Cross-Border Transfers of Personal Information

Vivo may transfer Personal Information internationally for centralized processing by third-party services such as banking, payroll, benefits, etc., following privacy principles and legal requirements.

l) Digital Data

Vivo collects digital data, including IP addresses and access times, to identify users, gather demographic data, troubleshoot, for digital marketing, and manage the website.

j) Privacy Officer

The Privacy Officer is responsible for ensuring compliance with this Privacy Policy by:

• Implementing protective procedures
• Addressing inquiries and complaints
• Training staff and explaining privacy practices