Effective Date: January 17, 2018
- Personal Information
Personal information may include, for example, your name and home address, your date of birth and gender, health information, payment information, your occupation, medical conditions or other health information, your personal financial records or credit information, or any personal identification numbers.
- Consent for the collection, use and disclosure of PI
Privacy legislation requires us to obtain the consent of an individual to the collection, use or disclosure of PI in many circumstances.
When we receive PI or PHI from you for the purposes of providing you with our Platforms, products or services, and Pharmacy Services and Support Services, or for other uses identified herein, you are providing us with consent as follows:
- to allow us to deal with that PI and PHI in a reasonable manner;
- to allow us to provide your PI and PHI to third parties we engage to provide or support the Platforms;
- to allow us to use and store your PI and PHI for the purpose of providing you with the products and services you purchase from us and to utilize the Platform, Pharmacy Services and Support Services; and
- to allow us to transfer your PI outside of Canada (whereby your PI will be treated in accordance with applicable foreign laws) for the purpose of storage and use of your PI by us.
If you need to provide us with PI or PHI about other individuals, you represent and warrant to us that, where required by law and prior to your disclosure to us, you will obtain the consent of each individual to the collection, use and disclosure by us for the specific purpose(s) that the disclosure is made by you.
Providing us with your PI and PHI is always your choice. When you request products and/or services from us, or utilize us to access Pharmacy Services or Support Services, we ask that you provide information that enables us to respond to your request and/or provide you with our services. In doing so, you consent to our collection, use and disclosure to appropriate third parties of such PI and PHI for these purposes.
- Consent Exceptions
There are legal exceptions where we will not need to obtain consent or explain the purposes for the collection, use or disclosure of PI. Some examples of situations where consent is not required include an emergency that threatens the life, health or security of an individual, or if we must comply with a court order or governmental order.
We may use PI without your knowledge or consent in limited circumstances whereby we are required to provide PI to third parties for legal or regulatory purposes. For example, under certain exceptional circumstance we may have a legal duty or right to disclose PI without your knowledge or consent. Various government agencies such as the Canada Revenue Agency, Human Rights Commission, Canadian Radio-television and Telecommunications Commission, and law enforcement, may have the authority to review our files and interview our staff when deemed necessary. These agencies have their own strict privacy obligations.
- What PI and PHI do we collect and use?
Generally, you may browse our Websites or the Apps without providing any PI. You are under no obligation to provide us with PI, with the caveat that your refusal to do so may prevent you from using certain portions of the Websites or the Apps.
As set out above, HCPs and PCAs are responsible for the collection, use and disclosure of PI and PHI as it relates to the provision of Pharmacy Services and Support Services and for ensuring that adequate safeguards are in place to protect that information. The following overview provides general information about how PHI or PI is collected and used through the Platforms.
In order to use the Platforms and to receive Pharmacy Services and Support Services you may be required to create a user account (the “User Account”) through the Platforms and be issued a username and password login credentials (“User ID”). We collect information such as your name, email address, phone number, gender, date of birth and province or territory to create your User Account. If you are issued a User ID, you will be required to keep your User ID secure.
The Pharmacy Services and Support Services are also available for use by children at the discretion of the HCP or PHA. For all patients under the age of 18, the holder of the User Account and User ID, must be the patient’s parent or legal guardian. You may be asked to provide PI or PHI about your child in order to register them to use your User Account (“Registered Child”).
Provision of Pharmacy Services and Support Services
We collect PI or PHI on behalf of the HCP or PHA when you request Pharmacy Services or Support Services to facilitate the provision of those services and to assist you in connecting with the HCP of your choice.
We collect your provincial health card number in order to bill provincial health plans for those services that are eligible for coverage by provincial health plans on behalf of the HCP and/or your financial information to facilitate payments in respect of your use of the Platforms or the receipt of any services through the Platforms.
We may further collect your health insurance information in order to bill such health insurance plan for those services or pharmaceutical products that are eligible for coverage by such plans on behalf of the HCP.
HCPs and PHAs collect and use PI and PHI about you or a Registered Child in order to provide you or your child with Pharmacy Services and/or Support Services. HCPs and PHAs may collect PHI about you verbally or by text, including the reason for your consultation request; relevant health history and present condition or symptoms. The HCP may access PHI that you have entered or uploaded to your profile and medical records or information created during earlier interactions through the Platforms with other HCPs or PHAs.
HCPs and PHAs must comply with professional regulatory requirements, including as it relates to confidentiality and privacy and record keeping, as well as privacy laws. HCPs may create information such as prescriptions, sick notes and other notes about your interaction with them via the Platforms.
There are a number of optional services that may be provided through the Platforms, where authorized. We may collect and use your PHI or PHI to provide you with services that you request us to perform on your behalf, e.g., securely faxing your prescription to your chosen pharmacy, a summary report about your Healthcare Services to a physician of your choice; open an account for you with a prescription delivery service; and, where available, securely transmit your information to the prescription delivery service (collectively, “Platform Services“).
- How do we use your PI and PHI?
We use your PI and PHI for the purposes for which it was collected, as well as other purposes for which you have given consent. In addition to those purposes set out above, this includes, but is not limited to, the following purposes:
- Administration of your User Account
- Marketing: In accordance with anti-spam laws, we obtain your consent in order to send you commercial electronic messages. We do not share email addresses or other contact information with third parties without your permission.
- Notifications: We will ask you if you wish to receive notifications about services that you request. If you agree, we will send you email or text messages to we notify you about the status of your consultations and other requests, such as prescription orders.
- Payments: You may be given the option to pay for Pharmacy Services, Support Services and any products you purchase through such services via an electronic payment service. Such electronic payment service is facilitated by a third party service provider on your behalf. Any payment information you provide will therefore be provided to such third party service provider, and you here by provide consent for our disclosure of your payment information for that purpose.
- Uses set out in the Consent section herein.
We also may use your PI or PHI to comply with our legal obligations, resolve disputes, and enforce our agreements and as required and/or permitted by applicable privacy laws.
- Disclosing PI or PHI to third parties
We will not disclose, share, sell or rent your PI or PHI with or to any third party, except with your written consent or as required or permitted by privacy laws. We may disclose your PI or PHI as we deem necessary, in our sole discretion, to comply with any applicable law, regulation, legal process or governmental request.
In some instances we may retain other companies and individuals to perform functions on our behalf, including, but not limited to website developers, service and technology providers, and payment service providers. Third parties may be provided with access to your PI or PHI to perform the functions for which they have been retained. Our agreements with third parties will not permit them to use your PI or PHI for any other purposes and commit them to comply with applicable data privacy standards.
Except as otherwise set out herein, only HCPs and PSAs have access to your PI and PHI. HCPs and PHAs may disclose PHI about you, including to your emergency contact, if they believe that you are dealing with a medical emergency during a consultation and disclosure is necessary in order to eliminate or reduce the risk of serious harm.
- Security Safeguards
All PI and PHI collected on the Platforms is securely and digitally stored on servers physically located in Canada. The Platforms are secured through encryption technologies and only you and your HCPs and PHAs have access to your PI and PHI. PHI created in connection with the provision of Pharmacy Services is managed by the HCP in accordance with applicable privacy legislation. The Platforms are licensed by us to your HCP and are used by your HCP to communicate with you.
We use physical, organizational and technical industry-standard security safeguards commensurate to the sensitivity of data collected, used or disclosed such as encryption in transit and at rest. We use a variety of technologies and procedures to help protect the security of your PI and PHI from unauthorized access, use, or disclosure.
We have implemented and maintain reasonable and appropriate security measures, procedures and practices to protect against the loss and unauthorized access, use, modification, destruction or disclosure of your PI and PHI while it is our custody or under our control.
Although we use advanced encryption technology and other security protocols to protect your PI and PHI and the privacy of the Pharmacy Services and Support Services with HCPs and PHAs, in using the Platforms there are inherent risks to any technology however remote that could cause security protocols to fail or to be breached and which could result in the unauthorized collection, use or disclosure of your PI and/or PHI.
- Retention of PI and PHI
We will retain your PI and PHI on the Platforms until such time as you or we terminate your User Account. On termination, you will have an opportunity to print or make copies of any PI or PHI held in the Platforms, provided that we have the appropriate authorization from the applicable HCP and/or PHA relating to the Pharmacy Services or Support Services.
- How can I access or correct my PI or PHI?
You can add, edit, or delete optional information appearing in your User Account at any time in your account settings. You can edit, but not remove, certain information (like an email address and your medication record).
In connection with the provision of Pharmacy Services, you have additional rights under applicable privacy laws. You may request access or correction to your health records, withdraw your consent or request limits on the collection, use or disclosure of your PHI for health care purposes by contacting your HCP.
We are committed to protecting the privacy of children. The Platforms are not intended or designed for children. We do not collect PI from any person we actually know is a child. Where applicable, a Registered Child may use the Platforms through their parent or legal guardian.
- Privacy and Our Platforms
Each time the Platforms are utilized by a user, our web server or other tools may collect and log certain information in access logs. Such access logs may be kept for a reasonable period of time. Such access logs may include, but not be limited to, information such as the following: your machine’s TCP/IP address, files accessed, the date and time of such access, and other information pertaining to your activities on the Platforms. These logs are used solely for performance, site administration and security reviews. They are not sold or shared in any way to third party organizations. We may use this non-personal information to optimize the Services, and our products.
We may collect anonymous information as you navigate and/or interact with the Platforms. We may use anonymous information to operate and improve the Platforms. We may also use anonymous information to track what visitors to the Platforms are looking at most frequently so we can recognize and deliver more of the desired features, products, and Platforms.
We may collect information pertaining to you from third party sources, including but not limited to, for the purpose of generating your account for our Platforms. It is your responsibility to review such information in your account to ensure its accuracy.
- Cookies & Web Beacons
We may, from time to time, use “cookies” solely for security and authentication purposes.
Cookies are small text files that a website saves on your computer or mobile device when you visit the site. They save and retrieve pieces of information about your visit to the website – for example, how you entered the site, how you navigated through the site and what information and documentation was of interest to you. This means that when you go back to a website, it can often give you tailored options based on the information it has stored about you on your last visit. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
On our Platforms, cookies can be set by us (first party cookies) or by our partners (third party cookies).
We set cookies for the purposes set out below:
- collecting page views;
- viewing history; and
- session cookies – for keeping users logged in while browsing (during of up to one hour).
The following major third-party analytics services (among others) may set cookies and have access to your IP address based upon your use of our website:
- Google Analytics
We cannot provide the names and purposes of the third party cookies as we do not have access to that information, however they are necessary for us to provide our Platforms. These third parties face serious consequences if they are in breach of applicable privacy laws.
To find out more about cookies, including to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
If you do not wish to accept cookies from our Platforms, please leave the Platform immediately and then delete and block all cookies from the Platform.
We may use web beacons alone or in conjunction with cookies to compile information about you and your usage of the Platforms, as well as your interaction with emails from us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon. For example, we may use web beacons to operate and improve the Platforms and email communications. We may use information from web beacons in combination with personal information about you to provide you with information about us and our Platforms, products and services.
- Analytics and Interest-Based Advertising
We may also use third-party service providers to monitor and analyze the use of our Platforms. Google Analytics is a web analytics service offered by Google Inc. (“Google”) that tracks, monitors and reports traffic on our Platform. Google tracks information like (i) your IP address; (ii) the type of web browser and operating system being used; (iii) the pages of the Platform that you visit; and (iv) other websites you may have visited before visiting our Platform.
Where applicable, we will seek your express consent to contact you, including by way of commercial electronic messages. This consent is sought by Mednow Inc. and you can contact us at 1-855-633-6691 or at 4484 Main Street, Vancouver, British Columbia, V5V 3R3. You can unsubscribe at any time from receiving commercial electronic messages by following the instructions in the message.
Even if you have opted out of receiving marketing communications from us, please be aware that we may still contact you for other purposes. For example, we may contact you to provide communications you have consented to receive, regarding the services we provide to you, or if you contact us with an inquiry.
- Third- Party Sites
The Platforms may contain links to other third-party sites. When you click on one of these links you are visiting a website operated by someone other than us and the operator of that website may have different privacy policies. We are not responsible for the individual privacy practices of those sites. We encourage you to investigate the privacy policies of these third-party operators.
- Information Accuracy
While we collect the PI and PHI that you supply, we do so with the understanding that any such information is as accurate. It is important to us that your PI and PHI held by us is accurate and complete. Having accurate information about you enables us to provide you with better products and services, and between Pharmacy Services and Support Services. You can help us keep PI and PHI up-to-date by keeping us informed of any changes, such as a change of address, telephone number or any other circumstances. We will not be able to provide you with any notices if we do not have accurate contact information for you and we will bear no responsibility for any action or omission as a result of our lack of accurate contact information for you.
- Retention and Destruction of Personal Information
The amount of time we will retain PI and PHI varies, depending on the products and services we have provided and the nature of the PI and PHI that we hold. We retain PI and PHI for such period of time as is necessary for us to maintain sufficient information so we may respond to any issues that arise at a later date or as is required by law.
When PI and PHI is no longer required by us or by law, we will either convert it into an aggregated non-identifying form or we will appropriately destroy or erase the PI and PHI in a manner that is in accordance with our current policies and procedures.
- Transfers of Personal Information
- Access and Correction
We recognize that you may have the right to access your PI or PHI. Any access request must be made in writing to:
We may charge a reasonable fee for providing information in response to an access request, and, upon request, we will provide an estimate of any such fee upon receiving a request to access information. We may require a deposit for all or part of the fee.
Where applicable or permitted, we will make the information available within 30 days or provide written notice when we require additional time to respond to a request for access to information.
In some situations, we may not be able to provide access to certain PI or PHI as the right to access PI and PHI is not absolute. If we do not provide you with the requested information, we will notify you in writing and explain our reason(s) for not fulfilling your request.
- Withdrawal of Consent: You may, at any time, withdraw your consent to our collection, use and disclosure of your PI or PHI, subject to reasonable notice and any legal and/or contractual restrictions.
Should you choose to withdraw your consent, we may be unable to provide, or continue to provide, the Platforms, our products or services, or any Pharmacy Services or Support Services that can only be provided if we receive appropriate and required PI and/or PHI.
- Sensitive Data
We request that you do not send us any sensitive data, including but not limited to social security or national identification numbers, information related to racial or ethnic origin, political opinions, religious beliefs, heath information, biometrics or genetic data, criminal background or trade union membership information, unless we explicitly request such information. In accordance with applicable privacy laws, the sensitivity of data may be determined based upon context, or by other measures. If you do send us sensitive data then you are consenting to its processing in accordance with this Policy.
- Governing Law
All matters relating to your access or use of the Platforms shall be governed by the laws of the Province of Ontario and the laws of Canada applicable therein, without regard to principles of conflicts of law. You agree and hereby submit to the exclusive jurisdiction of the courts of the Province of Ontario with respect to all matters relating to your access and use of the Platforms, as well as any dispute that may arise therefrom.
- Contacting us
You may also contact the Office of the Privacy Commissioner of Canada or provincial Information and Privacy Commissioner (as applicable) with any questions or concerns.
- Successors and Assigns
© Mednow Inc., 2020.