Request a demo

Request a demo

PRIVACY POLICY

Security and privacy at the heart of our operations

From design, to deployment, to operation; security and privacy are part of the equation. Nothing is left to chance in order to protect your data throughout its lifecycle, using practices and processes that follow the best industry standards.

Security and privacy

At Lime Health, protecting personal information is a top priority. We are committed to ensuring the transparency, security, and confidentiality of our users', clients', and partners' data. We integrate the security and confidentiality of data at the heart of our platform and processes.

Our commitment to protecting personal information is reflected in our rigorous practices and our trust-centered approach. At all times, we ensure that you remain in full control of your data, and we are committed to its responsible and secure management.

Privacy Policy

Our privacy policy aims to inform you about our practices regarding the collection, use, disclosure, and retention of your personal information, in compliance with applicable regulations, including the Act on the Protection of Personal Information in the Private Sector of Quebec, the Canadian Personal Information Protection and Electronic Documents Act, and the General Data Protection Regulation (GDPR) of the European Union. 

Our policy applies both to our corporate website, the processing of data related to the use of the Lime platform, and any interaction with an employee, representative, or authorized contractor of Lime Health, including via email, phone, in person, or by video conference. When processing practices differ based on the intended purpose, separate sections specify the rules applicable to each use.

Last updated: September 2, 2025

Who are we?

Lime Health is a health technology company whose mission is to measure and improve the patient experience. To achieve this, we develop digital tools that facilitate communication between users and the health care network. In this context, we collect and use certain personal data that you provide to us.

Our data security policy specifies :

  • What personal data is collected on the website.

  • How personal data is collected, used, shared, stored, and processed in other ways.

  • The security procedures implemented to protect your data.

  • Your choices and your rights regarding the use of your data.

How you can contact us for questions such as correcting inaccuracies in your data or requesting the deletion of your personal data.

Lime Platform

For our Lime platform, through the use of technological tools, it is possible for respondents to voluntarily complete certain experience or satisfaction surveys regarding the services offered by healthcare institutions, to receive and respond to emails or text messages (SMS). The surveys, the invitations to complete them, are organized and generated by our Lime platform.

What data do we collect?

Personal information refers to any information that can identify a person or make their identification possible. This includes "health information," which encompasses all information related to a person's health, including diagnosis, treatments, and care received. This data collection is carried out in compliance with applicable legislation and aimed at improving your experience as a patient while protecting your personal information.

We have access to all data you voluntarily provide via email, phone, forms, chat functions, user registration, newsletter sign-up, contests, surveys, and other data collection methods.

Corporate website

When you visit our corporate website, use our Lime platform, or interact with us for communication, information, or recruitment purposes, Lime Health may collect certain personal information that you voluntarily provide to us.

This includes, but is not limited to:

  • First and last name

  • Email address

  • Phone number

  • IP address

  • Content of messages sent via forms, chat functions, or emails

  • Information provided as part of a newsletter subscription, contest, survey, or recruitment process

Lime Platform

For the purposes of operating the Lime Platform, we only collect the personal information necessary to carry out its activities related to measuring patient experience and improving care pathways. The information collected varies depending on your use of our platform and the specific services you access.

Depending on the services used, personal information may also include information about your interactions with our platform, such as questionnaire results or experience measurements, as well as demographic data that allows for better personalization of support.

The types of personal information we may collect include, but are not limited to, the types of personal information we may collect include, without limitation:

  • First name and last name

  • Email address

  • IP address

  • Unique identifier

  • Language

Moreover, the information collected is managed and stored under the exclusive responsibility of the healthcare establishment that supports you in your care journey. Lime Health does not keep any copies and does not exercise any control over this data, which may include:

  • Information regarding your medical status and care journey, including your medical history, current treatments, examination results, and any other information related to your health.

  • Content of the messages you send us, including through forms, chat functions, or emails.

  • Information provided in connection with a subscription to our newsletter, a contest, a survey, or a recruitment process.

This information may also include data about your medical history, current treatments, examination results, and any other information related to your health.

Why, how, and for how long do we collect your personal data?

Corporate website

To fully access the website, you, as a user, can voluntarily create an account by filling out a registration form. Certain data is collected during this process, including your name and email address. This data is used to contact you, offer you relevant products and services, and improve your user experience. Thus, if you use our corporate Website, the collected data may be used to:

  • Provide you with relevant information about our products and services

  • Respond to your messages or contact requests

  • Manage the recruitment process or subscription to our newsletters

This information is used solely for communication purposes, responding to your requests, improving your experience on our site, or for administrative and compliance purposes, according to applicable laws.

Lime Platform

Depending on the purpose for which we process your personal data, our partner healthcare establishments and we, as data controllers, must process personal data for different reasons.

When you use our Lime platform, your information will be used exclusively for processing your responses during your participation in the satisfaction survey. Your personal information will be treated with strict confidentiality and will not be disclosed to third parties.

Thus, the data collected may be used for:

  • Providing and personalizing services based on patient experience

  • Creating and managing user accounts

  • Conducting surveys or internal research projects

  • Complying with our legal and regulatory obligations

  • Improving care quality and supporting clinical decisions

Your information will be used exclusively for processing your responses during your participation in the satisfaction survey.

We will not retain your personal data longer than necessary to achieve the objectives for which we collected them, including any legal requirements.

Depending on each case, the processing will therefore be as follows:

Table showing the different purposes, types of personal data, data controllers, legal basis, and retention period.
Table showing the different purposes, types of personal data, data controllers, legal basis, and retention period.
Table showing the different purposes, types of personal data, data controllers, legal basis, and retention period.

In all use cases, personal data may be used without the user's knowledge or consent in situations where the law requires or permits it, or when the personal data has been anonymized or pseudonymized, so that it is no longer associated with the user. This means that we have removed personally identifiable information, so that the data we have left cannot be linked to you as an individual.

Consent

We process personal data with your consent, and you have the right to withdraw your consent for specific purposes. By submitting personal information to the Lime Health corporate website or using our Lime platform, you consent to their collection, use, and disclosure in accordance with our privacy policy, within the limits allowed by law. You can withdraw your consent at any time by contacting our privacy officer. If you provide personal information of another person, you guarantee that you have the necessary authorization.

How do we share your data?

Your personal data may be shared with regulatory authorities in accordance with legal regulations. Personal data may also be shared with third parties when necessary to provide services to users, and/or for other legitimate interests. 

Third parties include service providers, professional advisors, and other members of the Lime Health network.

All third parties are contractually obligated to uphold the confidentiality and security of the data, and are not permitted to use the data beyond the services required.

Third parties that may access personal data fulfill the following services: web hosting, IT and cloud services, consulting services, bug reporting, logging, and analytics. These parties do not retain, share, or use personal data beyond the purpose defined for the performance of the service. We share only aggregated data with our partners. This data is not linked to an individual user's identity.

We do not sell or trade your personal data to third parties.

Where do we process your data?

If you visit or use the corporate website and/or the Lime platform, please note that you are sending personal information to our servers located in Canada.

For our European and American customers, all customer data is hosted exclusively in Europe or the United States, as necessary, to ensure compliance with local data protection regulations.

In certain circumstances, the personal data we collect may be transferred to other countries for various purposes described below.

Tableau présentant les raisons des tranferts de données vers d'autres pays comme le Canada, l'Union Européenne et les États-Unis
Tableau présentant les raisons des tranferts de données vers d'autres pays comme le Canada, l'Union Européenne et les États-Unis
Tableau présentant les raisons des tranferts de données vers d'autres pays comme le Canada, l'Union Européenne et les États-Unis

We have implemented security measures and controls to ensure that data remains appropriately protected in these jurisdictions.

How long do we keep your data?

We will only retain personal data for as long as necessary to achieve the purposes for which it was collected. Personal data may also be retained for longer periods if it is solely intended for archiving purposes in the public interest, for scientific or historical research, or for statistical purposes. To determine the appropriate retention period, we comply with relevant legal requirements.

How do we protect your data?

The protection of your data is a priority for us. We, along with partner healthcare institutions, protect your personal data with great care. We implement solid measures to ensure that your information remains secure. We have established appropriate safeguards to prevent personal data from being lost, misused, accessed, altered, or disclosed by unauthorized parties.

Your data is stored in protected systems, and only a few authorized individuals can access it. These individuals have special rights to view this information and must maintain confidentiality.

Furthermore, employees and third parties receive personal data only on a need-to-know basis and only the minimum amount necessary to perform their specific job. All employees are also bound by confidentiality agreements and undergo annual training on the proper handling of sensitive data.

Finally, procedures have been developed and tested to manage a potential data breach. These procedures are designed to ensure that affected individuals and regulatory agencies are informed of the breach and that the damages can be minimized.

Use of cookies

See our cookie policy here.

For European residents

Lime Health operates from its headquarters at 212 du Grand-Hunier, Saint-Augustin-De-Desmaures, Quebec, Canada G3A 2J2. The personal data of European residents remains on European territory but can be accessed from Canada. Europe, the United Kingdom, Switzerland, and Canada have recognized that Canada adequately protects the personal data of European residents, also known as an adequacy decision. Thus, the personal data of a European resident can be securely accessed from Canada without complicated procedures, as the protection is considered equivalent.

Lime Health also acts as a processor under the instructions of each healthcare facility (client), for all personal data collected through online forms and processed in the context of evaluating patient experience. The data collected is mainly used to provide feedback on the experience to the client healthcare facility and indicators of patients' health with respect to the care and services offered to patients.

Thus, Lime Health acts as the data controller for the following activities:

  • for all data processing that aids in the research and development of its software;

  • when processing personal data outside the purposes defined with our client;

  • when processing data in the context of its website and associated trackers;

  • for internal audit as well as its legal obligations.

We, Lime Health, along with our partner healthcare facilities in Europe, therefore commit to complying with transfer rules under applicable data protection laws and ensuring to:

  • Transfer your data to countries where the data recipient has been recognized as adequate by the European Commission; or

  • When a country has not received an adequacy decision from the European Commission to implement appropriate protective measures, such as the EU standard contractual clauses ("SCC"). 

This statement provides information for the activities of the two Data Controllers.

We, Lime Health, as well as our European partner healthcare establishments, as data controllers of personal data, are committed to comply with: 

  • The Act 25 on the protection of personal information of Quebec citizens

  • The Act on the protection of personal information and electronic documents (LPRPDE)

  • The General Data Protection Regulation No. EU 2016/679 (hereinafter referred to as the “GDPR”);

  • And all applicable laws and regulations in the EU regarding data protection.

  • The General Data Protection Regulation as it forms part of the law of England and Wales, Scotland, and Northern Ireland under section 3 of the 2018 European Union (Withdrawal) Act (hereinafter referred to as the “UK GDPR”) and the UK Data Protection Act 2018 (as amended in 2020) (hereinafter referred to as the “Data Protection Act”);

  • The revised Federal Data Protection Act 2023 (“LPD”), under which any reference to the LPD always includes a reference to the revised Data Protection Ordinance 2022 (“OOF”);

Collectively referred to as the “Data Protection Laws”.

With this privacy policy, we ensure that you understand what personal information is collected about you, how your personal information is used, by which party, and how it is secured.

Your rights

We strive to maintain accurate and up-to-date data. If your personal data changes, please inform us or update your data on your profile page.

The law protects you and grants you several rights regarding your personal data. Here’s what you can do:

  • Access your data: You can request to know if we have any information about you, and if so, obtain a copy of that information.

  • Correct your data: If certain information is incorrect, you can request that it be corrected.

  • Request deletion: In some cases, you can request that your data be deleted.

  • Limit the use of your data: You can request that we reduce how your data is used in certain situations.

  • Receive or transfer your data: You can request to receive your data in a readable format, or request that it be sent to another organization.

  • Refuse the use of your data: For personal reasons, you can object to the use of your data at any time.

  • Withdraw your consent: If you have given your consent to use your data, you can withdraw this choice whenever you want, without having to justify yourself.

  • Express any concerns regarding the data we have collected about you.

To exercise these rights, please contact us via the email address, mail or phone number provided below in the "How to contact us" section.

Attention: these rights are subject to certain rules and will be considered individually by our data protection officer.

You also have the right to file a complaint if you feel that your personal data is not being processed in accordance with Law 25, the PIPEDA, the GDPR, the UK GDPR and/or the LPD.

You also have the right to lodge a complaint if you believe that your personal data is not being used properly, according to Canadian, European (GDPR), UK or Swiss regulations.

If you live in Quebec: If the organization does not respond or if its response is unsatisfactory, you can file a complaint with the Commission d’accès à l’information du Québec (CAI): https://www.cai.gouv.qc.ca/plaindre

If you live in Canada: If you do not receive a satisfactory response or within a reasonable time, you can file a complaint with the Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca

If you live in the European Economic Area (EEA): You can lodge a complaint with the data protection authority of your country, either where you live, or where you work, or where the error occurred. You can find their contact details here: https://edpb.europa.eu/about-edpb/about-edpb/mvembers_en

How to contact us?

Lime Health has appointed Jonathan Santerre as the Chief of Privacy and Information Access. He also serves as the Data Protection Officer. Jonathan is responsible for answering questions, requests, and complaints regarding this privacy notice as well as the collection and processing of your personal data, and any requests regarding access to information.  

To learn more about Lime Health's privacy practices or to request access, correction, or deletion of your personal information, please contact Jonathan Santerre by email at [email protected] or toll-free by phone at 1 877 503-LIME.

General Data Protection Regulation (GDPR) - European Representative

In accordance with Article 27 of the General Data Protection Regulation, Lime Health has appointed the European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO for any questions related to the GDPR by using the EDPO online request form or by writing to EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

Changes to this privacy policy

This privacy policy is effective as of the date indicated at the top of this page. Lime Health reserves the right to modify or update it at any time. Any changes will be posted on our website, and the revised version will be available upon request from the Person Responsible for the Protection of Personal Information. We encourage you to regularly review this policy to stay informed of any updates. You can access previous versions upon request from the Person Responsible for the Protection of Personal Information.