Privacy policy – DM6 Health


Try sezzle, buy now, pay later




Privacy policy


DM6 HEALTH (“DM6”) respects your privacy and is committed to protecting it. This privacy policy describes:

  • the types of information we collect from you or that you provide when you download, register with, access or use the DM6 website (“Website“); 
  • our approach to privacy, including the way we treat and use your personal health information; and 
  • our privacy practices we undertake when we collect, use and disclose your personal information and personal health information (collectively “personal information”) and how we safeguard your personal information.

We will only use your personal information in accordance with this policy and with applicable federal and provincial privacy laws. We take steps to ensure that the personal information we collect about you is relevant, not excessive and used for limited purposes. 

Please read this policy carefully to understand our policy and practices for collecting, retaining, using, sharing, storing and disclosing your personal information. By registering with us, and using our website, you have indicated that you understand this policy and that you accept and consent to the practices described in this policy and in our Terms of Service. 

If you do not agree with our policies and practices, do not download, register with or use the Website or our services.  



DM6 HEALTH (DM6) provides diagnostic laboratory testing. It provides mobile, on-site and same day testing for individuals and workplaces in Canada. Its core focus enables individuals as well as small and enterprise level businesses a swift screening solution by providing the necessary measures for screening and testing.


DM6 is committed to maintaining the privacy and confidentiality of personal information that we collect, use and disclose. DM6 strives to protect the privacy rights of our users by meeting or exceeding the standards established by provincial and federal legislation. 

Every employee, service provider, contractor, volunteer, and authorized agent of DM6 (collectively, “agents”) must adhere to a policy of confidentiality with respect to personal information they may obtain through the course of their involvement with DM6, which includes an agreement to adhere to the terms of this Privacy Policy. 



In all situations where we collect personal information directly from you, we will provide notice of collection of the personal information and identify the purpose for the collection. DM6 will not collect any personal information from you for our own purposes and will not use your personal information for any other purpose than to fulfill our obligations to you.  

The Information We Collect 

We may collect and use the following information about you:

  • Your name, contact information, health provider information, symptoms, health history and test results or other information in oral or recorded form with respect to your health or health care history.
  • Your name, birth year, email address, recent travel history, passport number, as well as other personal health information.
  • Non-personal information that does not directly or indirectly reveal your identity or directly relate to an identifiable individual, such as demographic information, or statistical or aggregated information. We may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the demographics of users accessing a specific feature of the Website.
  • Technical information, including your login information, device type, time zone setting, and usage details.

DM6 receives only that personal information that is necessary to fulfill our responsibilities and services. DM6 will identify the purposes for which personal information is being collected, in advance, and will inform you of these purposes.  We will only collect, use and store information that is necessary for these purposes. We will not collect personal information if other information we have will serve the purpose of the collection.  In addition, we will not collect more personal information than is reasonably necessary to meet the purpose of the collection,

We take reasonable steps to ensure your personal information is as accurate, complete and up-to-date as necessary for the purpose the information is being used.

We will not routinely conduct updates on information in our control unless routine updates are necessary to fulfil the purposes for which the information was collected.  

We will take reasonable steps, however, to ensure that any information that is used on an ongoing basis, including any information that is routinely disclosed to others under this Policy, is accurate, complete and up-to-date. Where we know that information is not accurate, complete or up-to-date, this fact will be indicated at the time of use or disclosure.

We use advanced technology and well-defined practices to ensure personal information is processed promptly, accurately, and completely. We ask that you advise us of any changes to your personal information in a timely manner so that we may ensure our information is accurate.

How We Collect Information  

We collect personal information about you through: 

  • Direct interactions with you when you provide it to us, for example, completing self-attestation forms, responding to questions, or corresponding with us.
  • Digital system or test results, for example, if you choose to register for testing services and results reporting through our digital system or the Website.
  • Automated technologies or interactions, when you use the Website, for example, usage details, IP addresses, and information collected about your location.

Information You Provide to Us 

When you register with, or use our Website, we ask you to provide:

  • Information by filling in forms on the Website. You will be asked to register and to complete a consent form when you use this Website.
  • Information about your connected organizations. A connected organization is typically a company, institution, or other entity with which you have a pre-existing relationship which has required a workplace screening program. For example, this could be your employer or your place of work.
  • Information when you report a problem with the Website. We use this information to troubleshoot and help correct performance issues.
  • Information about your health status and testing results. We may also ask you to provide information about your health so that we can provide you, your connected organizations and their administrator(s), and other third parties with updates relating to your health status and testing. We will always ask for your consent before we collect, use, or disclose your personal health information.

Automatic Information Collection and Tracking Technologies

When you download, access, and use the Website, we may automatically collect:

  • Usage details. Certain details of your access to and use of the Website, including location data, logs, and other communication data.
  • Device information. Information about your mobile device and internet connection, including the device’s unique device identifier, operating system, browser type, and mobile network information.

The information we collect automatically is statistical information and may include personal information. We may maintain it or associate it with personal information that you provide to us.

Third Party Information Collection

With limited exceptions, we obtain your personal information directly from you. Occasionally, we may collect information from other sources, including other health care providers, where we have obtained your consent to do so or if the law permits.

However, when you use the Website, certain third parties may collect information about you or about your device. We do not control these third parties’ tracking technologies or how they use them. These third parties may include: 

  • Your mobile device manufacturer.
  • Your mobile and internet service provider.
  • Our push notification service provider.
  • Our cloud storage service provider.
  • Our analytics and performance diagnostics providers.



We use information that you provide to us or that we collect about you, including any personal information:

  • To provide you with the Website and its contents.
  • To provide you with testing services and to communicate results.
  • To improve our Website, products or services, or customer relationships and experiences.
  • For any other purpose with your consent.

We will not use the information we have collected from you to display advertisements to you.

We also use personal health information that you provide to us to: 

  • schedule appointments;
  • provide testing services to you directly or through our third party service provider(s) and physician(s); 
  • provide you and with your consent, your connected organization(s) and their administrator(s) with testing results; and
  • comply with legal and professional regulatory reporting obligations.  



We may disclose aggregated information about our users that does not identify an individual.

We may disclose personal information or personal health information that we collect as described in this privacy policy:

  • To your connected organizations on the Website and their administrator(s).
  • To comply with any court order, law, or legal process, including to satisfy the disclosure requirements of any governmental health agency, respond to any government or regulatory request, in each case according to applicable law.
  • To enforce our rights arising from any contracts between you and us, including the Website’s Terms and Conditions.

We may process, store, and transfer personal information that we collect or that you provide to us to service providers (such as cloud storage and push notification providers), and other third parties we use to support the Website and as needed to provide services (i.e. use of accredited laboratories). We will take commercially reasonable steps to ensure that such service providers and other third parties treat your information confidentially and consistent with the terms of this Privacy Policy.

We may process, store, and transfer your personal information in and to other countries with different privacy laws that may or may not be as comprehensive as Canadian law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information. Whenever we engage a service provider, we will take commercially reasonable steps to ensure that its privacy and security standards comply with this policy and applicable Canadian laws.

We may disclose your information to third parties in relation to a potential merger, acquisition, or sale of some or all of our assets or business. Your information may be provided to the entities and advisors conducting due diligence on any such transaction. You will be notified in the event any such transaction is completed, at which point your information may be transferred and the successor business may continue to use and disclose the information for the purposes described in this Privacy Policy.



Generally, we will not share your personal health information with anyone else without your consent, unless otherwise required or permitted by law in certain instances, including to disclose personal information to the Ontario Health Insurance Plan for payment purposes or the public health in certain circumstances.

Consent to the collection, use or disclosure of personal information may be express or implied.

“Express Consent” means permission that we have specifically obtained from you.  

“Implied Consent” means that we have concluded from surrounding circumstances that you would agree to the collection, use or disclosure of your information, and we need not ask you for your express consent.

Unless the law requires disclosure, we will ask for your express consent before:

  • disclosing your personal information to someone who is not a health information custodian (e.g. to an insurance company, employer, school board, etc.); or
  • disclosing your personal information to a health information custodian for purposes other than providing you with health care 

In order for consent to be valid, it must be knowledgeable and obtained voluntarily (i.e. without deception or coercion) from an individual who has the capacity to consent. Knowledgeable consent means that it is reasonable in the circumstances to believe that the individual knows the purposes for which DM6 is collecting, using or disclosing the information and knows that you have the right to give or withhold your consent.

A parent or guardian may consent to the collect, use or disclosure of a capable child’s personal health information, unless the information relates to treatment sought by the child on his or her own.

Withdrawing your consent 

You may withdraw or limit consent at any time, unless doing so prevents us from recording the information we require from you by law or under professional standards. You can give express (written) instructions, however, that specific information is only to be used or disclosed by certain individuals or for certain purposes. To withdraw your consent, if applicable, contact us at Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you make your decision.



Where applicable, we will seek your express consent to contact you, including by way of commercial electronic messages. You can unsubscribe at any time from receiving commercial electronic messages by following the instructions in the message.

Even if you have opted out of receiving marketing communications from us, please be aware that we may still contact you electronically for other purposes. For example, we may contact you to provide communications you have consented to receive, regarding the services we provide to you, or if you contact us with an inquiry.

With your consent, we may communicate limited personal health information via email or text in the interest of promoting timely communication.  The use of technology may increase the risk of your personal health information being unintentionally disclosed or intercepted by unauthorized third parties. Technical failures and technological issues may also result in a loss of personal health information and/or delay or interruption.  We assume no responsibility or liability for any technical failures or technological issues associated with communicating through electronic communications. By reviewing with this policy and continuing with our services, you have assumed the risks of email communication and sharing information in this way. 



The security of your personal information (which for the purpose of this policy includes personal health information) is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We will also ensure that the records containing this information are protected against unauthorized copying, modification or disposal. We store all information you provide to us either directly on your device or with our third-party cloud storage service provider(s). Information stored on your device (iOS or Android) is stored using a minimum AES-256bit encryption and in a secure hardware enclave located on your device. Information that is stored in the cloud is encrypted at rest and in transit and is stored using a minimum AES-256bit encryption on the server. 

We only use cloud storage service providers that maintain high industry standards, including globally recognized security and data use & protection certifications. 

The measures we have taken for the physical security of personal health information include:

  • restricting office access to authorized individuals; and
  • maintaining all records in our office which has a security system installed.

Where personal information records are maintained in electronic form, your electronic records of personal information are protected through technological security measures we have taken, including the use of:

  • password controls and search controls;
  • firewalls and anti-virus software;
  • logging, auditing and monitoring of all access to electronic records of personal health information; 
  • privacy notices and privacy warning flags; and
  • encryption of all mobile electronic devices and of all information transmitted electronically.

We have also implemented administrative controls to safeguard your personal information and the records we maintain, including:

  • providing mandatory initial and ongoing privacy training to all staff, contractors and agents;
  • conducting regular audits of our practices to ensure compliance with our policies; and
  • requiring all staff, contractors and agents to sign confidentiality agreements and end-user agreements on a regular basis.



Personal information will be held electronically, onsite and also off site with DM6’s independent contractors. Personal information will be managed with appropriate administrative, technical and/or physical security safeguards. 

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize or aggregate your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.



Our Website is not intended for children under 18 years of age. No one under age 18 may directly provide any personal information to or on the Website. If you are under 18, do not use this Website. 

If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at



You have a general right to access your personal information in DM6’s custody or control. You may also request a copy of this information.

If you would like to request access to or a copy of your personal information, you must make a written request to our Privacy Officer at DM6 []. 

A right to access your own personal information is not absolute. DM6 may deny an access request where:

  • the information does not exist or cannot be found;
  • denial of access is required or authorized by law; or
  • the request is frivolous, vexatious, or made in bad faith.

All requests for access to personal information will be responded to as soon as possible, but no later than 30 days from the date of the request. If the Privacy Officer refuses you access to your records, there will be a reason provided to you as to why we are not able to do so.  You will also be notified of your right to make a complaint about the refusal to the Information and Privacy Commissioner of Ontario.

DM6 may charge a reasonable cost recovery fee for making information available and/or providing copies of PHI records. If we choose to do so, we will provide notice of the fee in advance of processing the request.



It is important that personal health information we hold about you is correct and current. If you believe that your personal information is not accurate or complete, you may make a written request to the Privacy Officer to have the information corrected.

DM6 will correct personal information where it is demonstrated that the information in your record is, in fact, inaccurate or incomplete and necessary information is provided to correct the record. Where a correction is made, the original information will still be maintained in your record.

DM6 may refuse to correct personal information where:

  • we are not satisfied that the record is incomplete or inaccurate for the purposes for which we collected, use or have used the information;
  • the record containing the personal information was not originally created by us and we do not have sufficient knowledge, expertise and authority to correct the record;
  • the request consists of a professional opinion or observation that a health care provider has made in good faith; or 
  • the request is frivolous, vexatious, or made in bad faith.

All requests for correction of personal information will be responded to as soon as possible, but no later than 30 days after receiving the request. Where a correction request is denied, you will be notified of the reasons for the refusal and will be informed that you are entitled to prepare a short statement of disagreement to have appended to your record. In addition, you are entitled to make a complaint about the refusal to the Information and Privacy Commissioner of Ontario.



When personal information is disposed of, DM6 will take reasonable steps to ensure secure and permanent destruction of these records, whether physical or electronic. Where a third party is retained to dispose of personal information, we will enter into a written agreement with the third party that sets out the requirements for secure disposal and require the third party to confirm in writing that secure disposal has occurred. We may keep a record of all personal information that has been destroyed, including the date and manner in which the personal information was disposed of.



In the event that your personal information has been stolen, lost or subject to unauthorized use, access, disclosure, copying or modification, our first priority will be to identify and contain the breach, and then to take steps to correct it and to minimize chance of similar breaches in the future.  We will notify anyone whose personal information may have been stolen, lost or accessed in an unauthorized manner, at the first reasonable opportunity. DM6 will also advise you of your right to contact the Information and Privacy Commissioner. 

In the event of a privacy breach, DM6 will take the following steps: 

Step 1: Stop and contain the breach

Step 2: Investigate the breach

Step 3: Notify those affected by the breach 

Step 4: Review and remediation

Step 5: Consider reporting to Information and Privacy Commissioner of Ontario

These steps may need to be carried out simultaneously and in quick succession.



All agents of DM6 will only collect, use and share your personal information for the purposes outlined above.  All of our agents are required to know and comply with this Privacy Policy.  Annual confirmation of compliance is required.  

All agents must notify the Contact Person at the first reasonable opportunity if a client’s personal information is lost, stolen or accessed without authorization.



At DM6, we review our privacy policies and procedures on an annual or as needed basis and may revise these from time to time without prior notice. If these revisions significantly change how we collect, use or disclose previously collected personal information, we will inform you and obtain consent where required. By continuing to use our Website you are consenting to the Privacy Policy as its most recent revision date. 

This Privacy Policy was last modified on the 9th of November, 2022 


As part of establishing this Privacy Policy, we have appointed a Contact Person for all privacy matters. The Contact Person is available to answer your questions and address your concerns regarding privacy. The Contact Person is also responsible for providing leadership on privacy matters such as day-to-day compliance, breach and incident management, maintenance of privacy and security policies, and awareness training of personnel.

If you have any questions or concerns about the collection, use, disclosure or protection of your PHI at DM6, please speak with our Contact Person:

Attn: Privacy Officer



DM6 takes you privacy seriously and will investigate all written privacy concerns.  If a concern is found to have merit, we will take appropriate measures, including, if necessary, taking disciplinary action against our agents and/or amending our policies and practices relating to the collection, use and disclosure of your personal information. 

If we are not able to address your concerns, or if you require further information regarding privacy, you may contact the Information and Privacy Commissioner of Ontario

Information and Privacy Commissioner of Ontario