Privacy Policy

Security and privacy are central to our operations

From design to deployment to operations, security and privacy are built into everything we do. Nothing is left to chance, we protect your data throughout its entire lifecycle using practices and processes that follow the highest industry standards.

Privacy Policy

At Lime Health, we are committed to ensuring transparency, security, and confidentiality for the data of our users, clients, and partners. Data privacy and security are embedded at the core of our platform and our internal processes. Our commitment to protecting personal information is reflected in our rigorous practices and trust-driven approach. At all times, we ensure that you retain full control over your data, and we are dedicated to managing it responsibly and securely.

Privacy Policy

Our Privacy Policy is designed to inform you about our practices regarding the collection, use, disclosure, and retention of your personal information, in compliance with applicable regulations, including Quebec’s Act Respecting the Protection of Personal Information in the Private Sector, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the European Union’s General Data Protection Regulation (GDPR).

Our Policy applies to our corporate website, the processing of data related to the use of the Lime platform, and any interaction with an employee, representative, or authorized subcontractor of Lime Health, whether by email, telephone, in person, or via videoconference. Where processing practices differ depending on the intended purpose, separate sections specify the rules applicable to each use.

Privacy Policy

Last updated: 2025-08-12

Who We Are

Lime Health is a healthcare tech company whose mission is to measure and improve the patient experience. To achieve this, we develop digital tools that facilitate communication between users and the healthcare system. As part of this work, we collect and use certain personal data that you provide to us.

Our Data Security Policy outlines:

What Data Do We Collect?

“Personal information” refers to any information that identifies an individual or makes them identifiable. This includes “health information,” which encompasses all data related to a person’s health, including diagnoses, treatments, and care received. This data collection is carried out in compliance with applicable legislation and for the purpose of improving your patient experience while protecting your personal information.

We have access to all information that you voluntarily provide via email, telephone, forms, chat functions, user registration, newsletter subscription, contests, surveys, and other methods of data collection.

Corporate Website

When you visit our corporate website, use our Lime platform, or interact with us for communication, informational, or recruitment purposes, Lime Health may collect certain personal information that you voluntarily provide.

This includes, but is not limited to:

Lime Platform

For the operation of the Lime Platform, we collect only the personal information necessary to carry out its activities related to measuring the patient experience and improving care pathways. The information collected varies depending on your use of the platform and the specific services you access.

Depending on the services used, personal information may also include details about your interactions with our platform, such as survey results or experience measurements, as well as demographic data to better tailor the support provided.

The types of personal information we may collect include, but are not limited to:

In addition, the information collected is administered and stored under the exclusive responsibility of the healthcare institution supporting you in your care pathway. Lime Health does not retain a copy and has no control over these data, which may include:

This information may also include data about your medical history, ongoing treatments, test results, and any other information related to your health.

Why, How, and For How Long Do We Collect Your Personal Data?

Corporate Website

To fully access the website, you as a user may voluntarily create an account by completing a registration form. Certain data is collected during this process, including your name and email address. This information is used to contact you, offer relevant products and services, and enhance your user experience. Accordingly, if you use our corporate website, the data collected may be used to:

This information is used solely for communication purposes, to respond to your requests, to improve your experience on our website, or for administrative and compliance purposes in accordance with applicable laws.

Lime Platform

Depending on the purpose for which we process your personal data, our partner healthcare institutions and we, as data controllers, may process personal data for different reasons.

When you use our Lime platform, your information will be used exclusively to process your responses when participating in satisfaction surveys. Your personal information will be treated with strict confidentiality and will not be disclosed to third parties.

Accordingly, the data collected may be used to:

Your information will be used exclusively to process your responses when participating in satisfaction surveys.

We will not retain your personal data longer than necessary to achieve the purposes for which it was collected, including any legal requirements.

Depending on the circumstances, processing will therefore be as follows:

Data privacy table

In all cases of use, personal data may be used without the user’s knowledge or consent in situations where the law requires or permits it, or when the personal data has been anonymized or pseudonymized so that it is no longer associated with the user. This means that we have removed personally identifiable information, so the remaining data cannot be linked to you as an individual.

Consent

We process personal data with your consent, and you have the right to withdraw your consent for specific purposes. By submitting personal information through the Lime Health corporate website or by using our Lime platform, you consent to its collection, use, and disclosure in accordance with our Privacy Policy, within the limits permitted by law. You may withdraw your consent at any time by contacting our Privacy Officer. If you provide personal information about another individual, you represent that you have the necessary authorization to do so.

How We Share Your Data

Your personal data may be shared with regulatory authorities in accordance with legal requirements. Personal data may also be shared with third parties where necessary to provide services to users and/or for other legitimate interests.

Third parties include service providers, professional advisors, and other members of the Lime Health network.

All third parties are contractually required to respect the confidentiality and security of the data, and are not permitted to use the data beyond the services required.

The third parties that may access personal data provide services such as: web hosting, IT and cloud services, consulting services, bug reporting, logging, and analytics. These parties do not retain, share, or use personal data beyond the specific purpose of delivering the service. We only share aggregated data with our partners. This data is not linked to the identity of any individual user.

We do not sell or trade your personal data to third parties.

Where Do We Process Your Data?

If you visit or use the corporate website and/or the Lime platform, please note that you are sending personal information to our servers located in Canada.

For our European and U.S. clients, all customer data is hosted exclusively in Europe or the United States, as applicable, to ensure compliance with local data protection regulations.

In certain circumstances, the personal data we collect may be transferred to other countries for the various purposes described above.

Graphique

How Long Do We Keep Your Data?

We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Personal data may also be retained for longer periods if used solely for archiving in the public interest, for scientific or historical research, or for statistical purposes. To determine the appropriate retention period, we comply with applicable legal requirements.

How Do We Protect Your Data?

Protecting your data is a priority for us. Together with our partner healthcare institutions, we handle your personal data with great care. We implement robust measures to ensure your information remains secure. Appropriate safeguards have been put in place to prevent personal data from being lost, misused, accessed, altered, or disclosed by unauthorized parties.

Your data is stored in secure systems, and only a limited number of authorized individuals can access it. These individuals have special permissions to view the information and are required to keep it confidential.

In addition, employees and third parties only receive personal data on a need-to-know basis, and only the minimum amount required to perform their specific tasks. All employees are also bound by confidentiality agreements and receive annual training on the proper handling of sensitive data.

Finally, procedures have been developed and tested to address potential data breaches. These procedures are designed to ensure that affected individuals and regulatory authorities are notified of the breach and that any potential harm is minimized.

Use of Cookies

See our Cookie Policy.

For European Residents

Lime Health operates from its headquarters in Saint-Augustin-De-Desmaures, Quebec, Canada, G3A 2J2. The personal data of European residents remains within European territory but may be accessed from Canada. Europe, the United Kingdom, Switzerland, and Canada have recognized that Canada provides an adequate level of protection for the personal data of European residents, known as an "adequacy decision." Therefore, the personal data of a European resident may be safely accessed from Canada without additional procedures, as protection is deemed equivalent.

Lime Health also acts as a data processor under the instructions of each healthcare institution (client) for all personal data collected through online forms and processed in the context of patient experience evaluation. The data collected is primarily used to provide feedback on the patient experience to the client healthcare institution and to generate patient health indicators related to the care and services offered to them.

Accordingly, Lime Health acts as a data controller for the following activities:

We, Lime Health, together with our European healthcare partners, therefore commit to complying with transfer rules under applicable data protection laws and ensuring that we:

This statement therefore provides information for the activities of both Data Controllers.

We, Lime Health, together with our European healthcare partners, as data controllers of personal data, are committed to complying with:

Collectively referred to as the “Data Protection Laws.”

Through this Privacy Policy, we ensure that you understand what personal information is collected about you, how your personal information is used, by whom, and how it is secured.

Your Rights

We strive to maintain accurate and up-to-date data. If your personal information changes, please inform us or update your data on your profile page.

The law protects you and grants you several rights regarding your personal data. Here is what you can do:

To exercise these rights, please contact us via the email, mail, or phone number provided below in the “How to Contact Us” section.

Please note: These rights are subject to certain conditions and will be reviewed individually by our Data Protection Officer.

You also have the right to file a complaint if you believe your personal data is not being processed in accordance with Law 25, PIPEDA, the GDPR, the UK GDPR, and/or the FADP.

How to Contact Us

Lime Health has appointed Jonathan Santerre as the Privacy Officer and Access to Information Officer. He also serves as the Data Protection Officer (DPO). Jonathan is responsible for addressing questions, requests, and complaints regarding this Privacy Notice as well as the collection and processing of your personal data, and for handling any requests concerning access to information.

To learn more about Lime Health's privacy practices, or to request access to, correction, or deletion of your personal information, please contact Jonathan Santerre by email at [email protected] or toll-free by phone at 1-877-503-LIME.

General Data Protection Regulation (GDPR) – European Representative

In accordance with Article 27 of the GDPR, Lime Santé has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You may contact EDPO regarding any GDPR-related matters by using EDPO’s online request form or by writing to:
EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

Changes to This Privacy Policy

This Privacy Policy takes effect on the date indicated at the top of this page. Lime Health reserves the right to amend or update this Privacy Policy at any time. Any changes will be published on our website, and the revised version will be made available, upon request, from the Privacy Officer. We encourage you to review this Policy regularly to stay informed of any updates.