Neighbourly Pharmacy Inc. (“us“, “our” and “we“) thanks you (“you” or “your“) for your interest in our website (the “Site“) and the products and services that we may offer from time to time (collectively, the “Services“).
We take your privacy seriously and make it a priority to protect personal information that we obtain from and about you.
- what personal information we collect from you;
- how and why we use your personal information;
- to whom your personal information may be disclosed;
- how we protect your personal information;
- updating, accessing, deleting and retaining your personal information, and
- providing or withdrawing your consent to our collection, use or disclosure of your personal information.
Our methods for collecting, using, disclosing and retaining Personal Information will be compliant with all applicable federal and provincial laws including, as applicable, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the provincial Personal Information Protection Acts in place in Alberta and British Columbia as well as, where applicable, laws concerning the collection, use and disclosure of personal health information. We also comply, where applicable, with Canada’s anti-spam legislation (CASL) which addresses electronic messages organizations sent in connection to commercial activity.
- What Personal Information We Collect
- Session cookies: Session cookies store information only for the length of time that you are connected to a website – they are not written onto your hard drive. Once you leave the website, they expire and are no longer active. We use session cookies to record certain information from your browser including your Internet Protocol (IP) address, browser type, internet service provider (ISP), referring or exit pages, operating system and the dates and times that you use our website. Additionally, we may record certain information regarding your use of features on the Site. Session cookies allow us to gather statistical data which provides insight into how we may improve our Services and to identify your current session to our web server.
- Persistent cookies: Persistent cookies store information on your hard drive and can be re-read when you return to the site that placed them on your hard drive. We use persistent cookies to remember your preferences and to help block unauthorized attempts to access your Personal Information.
- Location information. We may collect and store information about your location if you enable your computer or mobile device to send us location information. You may be able to change the settings on your computer or mobile device to prevent it from providing us with such information when you use the Site through a mobile device, we may track or collect your geo-location information on a real time basis only. If you do not consent to the tracking of your geo-location, you may still be able to use some, but not all, of the features of the Site.
- Your relationship with us. We will collect information arising from your relationship with and through us and your use of the Site. For example, we maintain a record of your product interests and transaction history and when you send us an e-mail or communicate with us through any other means, we may monitor, record and retain those communications for our mutual protection and in order to process your inquiries, respond to your requests and improve our Services.
- How and Why Your Personal Information is Used.
- To Serve you. We use the Personal Information that you provide or that we collect for legal and regulatory purposes, to manage business risks, to provide our Services to you and to establish and enhance our relationship with you. We generally use the Personal Information you provide or that we collect to operate, maintain, enhance, and provide our Services. For example, we may use your Personal Information to: respond to specific requests from you; to help us better understand your use of the Services; and to administer the Services and protect the security of the Site when necessary. The Site may allow you to submit feedback. Should you choose to submit feedback, you consent to us contacting you by way of follow-up e-mail or phone call to discuss your feedback.
- Aggregate Information. We may generate non-identifying and aggregate profiles from the information you provide during registration on the Site and through your use of the Site. Non-identifying and aggregate profiles are used to improve the quality of the Site and to develop new services. Aggregated non-personally identifying information may be shared with third parties.
- Marketing and Experience. We may use your Personal Information to provide you with information about our features, services and other offerings that may be of interest to you. This information may be provided to you by mail or phone and/or, with your prior consent, by email. We may share your Personal Information with certain other websites that we link to, to the extent that you click on such links, in order to enhance your experience in connection with our website.
- To Whom your Personal Information may be disclosed.
- Our subsidiaries or affiliates. We may share your Personal Information with our affiliates (the “Group“) for: fraud or crime prevention, suppression or detection; for legal and regulatory purposes and to meet regulatory, legal or reporting requirements; to manage business risks; to perform analytics; to ensure that we have correct and up to date information about you; and to the extent necessary if you have requested a service that is jointly offered by more than one member of the Group. We may also share your Personal Information to better manage your total relationship with the Group and enable other members of the Group to bring suitable services to your attention. We may share your Personal Information within the Group for these purposes unless prohibited by law or you tell us not to.
- Suppliers. We may use other companies, to provide certain services on our behalf. We may share your Personal Information with our suppliers, agents and other organizations that perform services for us or on our behalf to the extent necessary to provide and administer services that you have requested from us. These companies will only be given the information needed to perform those services. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed. Our suppliers may perform activities outside of your jurisdiction. As a result, your Personal Information may be securely used, stored or accessed in other countries and may be subject to the laws of those jurisdictions. These companies may be required to disclose your Personal Information in response to valid demands or requests from governments, regulators, courts and law enforcement authorities in those jurisdictions or countries.
- Merger or sale. In the event that we are acquired by or merged with a third-party entity, or if we sell a part of our business, we reserve the right to transfer or assign the Personal Information that we have collected from you as part of such merger, sale or other change of control.
- Where required by law. We may disclose your Personal Information if we have a good faith belief that access, use, preservation or disclosure of such Personal Information is reasonably necessary to satisfy any applicable law, regulation, self-regulation, legal process or enforceable governmental request. When we provide Personal Information in response to a legal inquiry or order that we believe to be valid, we disclose only the Personal Information that is legally required. Note that we may store or process your Personal Information outside of your jurisdiction which physical storage of your Personal Information may span multiple jurisdictions or countries and we may disclose your Personal Information in response to valid demands or requests from governments, regulators, courts or law enforcement authorities in those jurisdictions or countries.
- Protection of our interests. We may also disclose your Personal Information if we believe, in good faith, that it is appropriate or necessary to take precautions against liability; to help us collect a debt or enforce an obligation owed to us by you; to protect against fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of our Services; or to protect the rights, property, or personal safety of our customers, employees or others.
- Consent. We may disclose your Personal Information where you have authorized us to do so. For example, if you have given us consent, we may share your Personal Information with business partners and other entities that are not affiliated with us who would like to send you information about their products and services. We do not share Personal Information with other third-party organizations for their marketing or promotional use without your consent or except as part of a specific program or feature for which you will have the ability to opt-in.
- How we protect your Personal Information.
- Security processes. We follow generally accepted industry standards to safeguard your Personal Information from loss or theft, unauthorized access, disclosure, duplication, use or modification through security measures appropriate to the sensitivity of the information. These measures include internal reviews of our data collection, storage and processing practices and security measures which include appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information. However, as no method of transmission over the internet, or method of electronic storage, is 100% secure, we cannot guarantee the absolute security of your information.
- Breach Notification. We will notify the Office of the Privacy Commissioner of Canada (the “OPC“) of any breach of security safeguards involving personal information under our control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual. Unless otherwise prohibited by law, we will also notify the affected individuals of any breach of security safeguards involving the individual’s personal information under our control, if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual. We will provide indirect notification to affected individuals if direct notification would be likely to cause further harm to the affected individual, direct notification would be likely to cause undue hardship for us, or we do not have contact information for the affected individual. We will maintain a record of every breach of security safeguards for 24 months after the day on which it determines that the breach has occurred.
- Updating, Accessing, Deleting and Retaining your Personal Information.
- Accessing and deleting your Personal Information. We make good faith efforts to provide you with access to your Personal Information and to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual customers to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. We will advise you of any applicable fee prior to proceeding with your request. Upon your request, we will make reasonable efforts to delete your Personal Information from our database, however, it may be impossible to delete your information without retaining some residual information for a period of time due to backups and records of deletion.
- Retention of your Personal Information. We retain your Personal Information only as long as it is required for the reason(s) that it was collected. This length of time will vary depending on the service and the nature of the information and may extend beyond the end of your relationship with us. When your information is no longer needed for the purpose for which it was collected, we will destroy, delete, erase or convert it to an anonymous form.
- Providing or withdrawing your consent.
- Direct electronic marketing. We may provide an option for you to consent to receive information that may be of interest to you such us our newsletters and updates on our new products and services through various electronic means. You may opt-out of receiving such electronic communications from us at any time by clicking on the “unsubscribe” link in any such electronic messages or by contacting us at firstname.lastname@example.org. We will honor your opt-out instructions within 10 days after we are informed of your request without any further action being required by you.
- Sharing with our subsidiaries, affiliates or Suppliers. We may share your Personal Information with the Group or our suppliers, agents and other organizations that perform Services for us or on our behalf for the reasons outlined in paragraphs 3(a) and 3(b) above. If you withdraw your consent for this sharing, we may not be able to provide you with your requested service.
- Third-Party Sites
- International Storage of Information
Please note that we may use cloud storage services to store and process your Personal Information. In some cases, we may store and process your Personal Information outside of Canada. As a result, the physical storage of your Personal Information may span multiple jurisdictions or countries and the governments, regulators, courts or law enforcement authorities in those jurisdictions or countries may be able to obtain disclosure of your information through applicable laws. Your use of the Services or your submission of any Personal Information to us will constitute your consent to the transfer of your Personal Information outside of Canada, which may provide for different data protection rules than those in Canada.
- Complaints and Questions
- If you are not satisfied with our response to your inquiries, you may contact the Office of the Privacy Commissioner of Canada by mail at 30 Victoria Street Gatineau, Quebec K1A 1H3 or by calling 1 800 282 1376.
Last Revised: April 30, 2021