PRIVACY POLICY

Neighbourly Pharmacy Inc. (“us”, “our” and “we”) thanks you (“you” or “your”) for your interest in our website (the “Site”) and the products and services that we may offer from time to time (collectively, the “Services”).

We take your privacy seriously and make it a priority to protect personal information that we obtain from and about you.

This privacy policy (this “Privacy Policy”) describes: 
  1. what personal information we collect from you;
  2. how and why we use your personal information;
  3. to whom your personal information may be disclosed;
  4. how we protect your personal information;
  5. updating, accessing, deleting and retaining your personal information, and
  6. providing or withdrawing your consent to our collection, use or disclosure of your personal information.

By visiting and/or using our Services you expressly consent to the information handling practices described in this Privacy Policy. If you do not want your personal information to be used in the manner set forth in this Privacy Policy, you may not use the Services.

Our collection, use, disclosure, and retention of information that identifies you, or by which your identity could, alone or in combination with other information, be deduced (such as your name, telephone number, postal address, and e-mail address) (“Personal Information”) is subject to the terms of this Privacy Policy. Personal information does not include information that would enable an individual to be contacted at a place of business, for example an employee’s name, position or title, business telephone number, or business address. 

Our methods for collecting, using, disclosing and retaining Personal Information will be compliant with all applicable federal and provincial laws including, as applicable, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the provincial Personal Information Protection Acts in place in Alberta and British Columbia as well as, where applicable, laws concerning the collection, use and disclosure of personal health information. We also comply, where applicable, with Canada's anti-spam legislation (CASL) which addresses electronic messages organizations sent in connection to commercial activity.

  1. What Personal Information We Collect
    1. Personal Information that you provide.

      From time to time, we may ask you to provide Personal Information. If you choose to provide such information you are giving us the permission to use and store such information as provided in this Privacy Policy. We may also collect personal health information from your authorized representative or healthcare provider. 

    2. Personal Information collected via cookies.

      When you use the Services we may use cookies to track information about your browser’s activities and to provide you with better services and features on the Services. The types of cookies that we may use are “session cookies” and “persistent cookies”. 

      1. Session cookies:

        Session cookies store information only for the length of time that you are connected to a website – they are not written onto your hard drive. Once you leave the website, they expire and are no longer active. We use session cookies to record certain information from your browser including your Internet Protocol (IP) address, browser type, internet service provider (ISP), referring or exit pages, operating system and the dates and times that you use our website. Additionally, we may record certain information regarding your use of features on the Site. Session cookies allow us to gather statistical data which provides insight into how we may improve our Services and to identify your current session to our web server.

      2. Persistent cookies:

        Persistent cookies store information on your hard drive and can be re-read when you return to the site that placed them on your hard drive. We use persistent cookies to remember your preferences and to help block unauthorized attempts to access your Personal Information. 

      3. Rejecting cookies:

        You may adjust your browser settings to notify you when a cookie is about to be sent or you may configure your browser to refuse cookies automatically. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Note that if you do not accept cookies you will not have access to certain services and features on our Site that rely on cookies for their functionality. 

      4. Location information.

        We may collect and store information about your location if you enable your computer or mobile device to send us location information. You may be able to change the settings on your computer or mobile device to prevent it from providing us with such information when you use the Site through a mobile device, we may track or collect your geo-location information on a real time basis only. If you do not consent to the tracking of your geo-location, you may still be able to use some, but not all, of the features of the Site. 

    3. Your relationship with us.

      We will collect information arising from your relationship with and through us and your use of the Site. For example, we maintain a record of your product interests and transaction history and when you send us an e-mail or communicate with us through any other means, we may monitor, record and retain those communications for our mutual protection and in order to process your inquiries, respond to your requests and improve our Services.

    4. Personal Information from Other Sources.

      We may also obtain Personal Information from third parties and sources other than the Site. If we combine or associate information from other sources with Personal Information that we collect through our Site, we will treat the combined information as Personal Information in accordance with this Privacy Policy.

  2. How and Why Your Personal Information is Used.
    1. To Serve you.

      We use the Personal Information that you provide or that we collect for legal and regulatory purposes, to manage business risks, to provide our Services to you and to establish and enhance our relationship with you. We generally use the Personal Information you provide or that we collect to operate, maintain, enhance, and provide our Services. For example, we may use your Personal Information to: respond to specific requests from you; to help us better understand your use of the Services; and to administer the Services and protect the security of the Site when necessary. The Site may allow you to submit feedback. Should you choose to submit feedback, you consent to us contacting you by way of follow-up e-mail or phone call to discuss your feedback. 

    2. Aggregate Information.

      We may generate non-identifying and aggregate profiles from the information you provide during registration on the Site and through your use of the Site. Non-identifying and aggregate profiles are used to improve the quality of the Site and to develop new services. Aggregated non-personally identifying information may be shared with third parties.

    3. Marketing and Experience.

      We may use your Personal Information to provide you with information about our features, services and other offerings that may be of interest to you. This information may be provided to you by mail or phone and/or, with your prior consent, by email. We may share your Personal Information with certain other websites that we link to, to the extent that you click on such links, in order to enhance your experience in connection with our website.  

  3. To Whom your Personal Information may be disclosed.
    1. Our subsidiaries or affiliates.

      We may share your Personal Information with our affiliates (the “Group”) for: fraud or crime prevention, suppression or detection; for legal and regulatory purposes and to meet regulatory, legal or reporting requirements; to manage business risks; to perform analytics; to ensure that we have correct and up to date information about you; and to the extent necessary if you have requested a service that is jointly offered by more than one member of the Group. We may also share your Personal Information to better manage your total relationship with the Group and enable other members of the Group to bring suitable services to your attention. We may share your Personal Information within the Group for these purposes unless prohibited by law or you tell us not to.

    2. Suppliers.

      We may use other companies, to provide certain services on our behalf. We may share your Personal Information with our suppliers, agents and other organizations that perform services for us or on our behalf to the extent necessary to provide and administer services that you have requested from us. These companies will only be given the information needed to perform those services. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed. Our suppliers may perform activities outside of your jurisdiction. As a result, your Personal Information may be securely used, stored or accessed in other countries and may be subject to the laws of those jurisdictions. These companies may be required to disclose your Personal Information in response to valid demands or requests from governments, regulators, courts and law enforcement authorities in those jurisdictions or countries.

    3. Merger or sale.

      In the event that we are acquired by or merged with a third-party entity, or if we sell a part of our business, we reserve the right to transfer or assign the Personal Information that we have collected from you as part of such merger, sale or other change of control.

    4. Where required by law.

      We may disclose your Personal Information if we have a good faith belief that access, use, preservation or disclosure of such Personal Information is reasonably necessary to satisfy any applicable law, regulation, self-regulation, legal process or enforceable governmental request. When we provide Personal Information in response to a legal inquiry or order that we believe to be valid, we disclose only the Personal Information that is legally required. Note that we may store or process your Personal Information outside of your jurisdiction which physical storage of your Personal Information may span multiple jurisdictions or countries and we may disclose your Personal Information in response to valid demands or requests from governments, regulators, courts or law enforcement authorities in those jurisdictions or countries. 

    5. Protection of our interests.

      We may also disclose your Personal Information if we believe, in good faith, that it is appropriate or necessary to take precautions against liability; to help us collect a debt or enforce an obligation owed to us by you; to protect against fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of our Services; or to protect the rights, property, or personal safety of our customers, employees or others.

    6. Healthcare providers.

      When you are provided with healthcare services, your personal health information may be shared with your healthcare providers and your authorized representative(s). Your personal health information may also be shared with others but only with your consent or as otherwise detailed in Privacy Policy. 

    7. Consent.

      We may disclose your Personal Information where you have authorized us to do so. For example, if you have given us consent, we may share your Personal Information with business partners and other entities that are not affiliated with us who would like to send you information about their products and services. We do not share Personal Information with other third-party organizations for their marketing or promotional use without your consent or except as part of a specific program or feature for which you will have the ability to opt-in. 

  4. How we protect your Personal Information.
    1. Security processes.

      We follow generally accepted industry standards to safeguard your Personal Information from loss or theft, unauthorized access, disclosure, duplication, use or modification through security measures appropriate to the sensitivity of the information. These measures include internal reviews of our data collection, storage and processing practices and security measures which include appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information. However, as no method of transmission over the internet, or method of electronic storage, is 100% secure, we cannot guarantee the absolute security of your information.

    2. Confidentiality obligations.

      We restrict access to your Personal Information to our employees, contractors and suppliers who need to know that information in order to process it on our behalf or to provide our services to you. Our employees, contractors and suppliers are bound by confidentiality obligations and may not use the information for any unauthorized purpose. Our employees may be subject to discipline, including termination and criminal prosecution, if they fail to meet their obligations described in this Privacy Policy. Our suppliers and contractors are required to protect your Personal Information in a manner that is consistent with this Privacy Policy.  

    3. Breach Notification.

      We will notify the Office of the Privacy Commissioner of Canada (the “OPC”) of any breach of security safeguards involving personal information under our control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual. Unless otherwise prohibited by law, we will also notify the affected individuals of any breach of security safeguards involving the individual’s personal information under our control, if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual. We will provide indirect notification to affected individuals if direct notification would be likely to cause further harm to the affected individual, direct notification would be likely to cause undue hardship for us, or we do not have contact information for the affected individual. We will maintain a record of every breach of security safeguards for 24 months after the day on which it determines that the breach has occurred.

  5. Updating, Accessing, Deleting and Retaining your Personal Information. 
    1. Accessing and deleting your Personal Information.

      We make good faith efforts to provide you with access to your Personal Information and to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual customers to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. We will advise you of any applicable fee prior to proceeding with your request. Upon your request, we will make reasonable efforts to delete your Personal Information from our database, however, it may be impossible to delete your information without retaining some residual information for a period of time due to backups and records of deletion.

    2. Retention of your Personal Information.

      We retain your Personal Information only as long as it is required for the reason(s) that it was collected. This length of time will vary depending on the service and the nature of the information and may extend beyond the end of your relationship with us. When your information is no longer needed for the purpose for which it was collected, we will destroy, delete, erase or convert it to an anonymous form.

  6. Providing or withdrawing your consent. 
  7. We will obtain your consent before collecting, using or disclosing your Personal Information, in a manner that is not described in this Privacy Policy except where permitted or required by law. Depending on the situation and the sensitivity of the information, we may obtain your consent in different ways. Express consent may be obtained verbally, electronically or in writing from you or your authorized representative (such as a legal guardian or attorney appointed pursuant to a power of attorney) for stated purpose(s). Implied consent may be obtained through your use or continued use of a services when the purpose(s) for collecting, using or disclosing your Personal Information is indicated by the relevant circumstances or follows logically from purposes identified in this Privacy Policy (such as when you approach us to obtain information or inquire about or purchase services from us). We will seek your consent before using your Personal Information for any purpose not previously identified and will limit the collection of your Personal Information to that which is reasonably necessary for the relevant purpose(s). We will not, as a condition of the supply of any services to you, require you to consent to the collection, use or disclosure of Personal Information beyond that which is reasonably required to fulfill the purpose for which it is collected. 

    In most cases you may refuse to provide your consent to our collection, use and/or disclosure of your Personal Information in accordance with this Privacy Policy. Note, however, that if you refuse to provide your consent or withdraw your consent, we may not be able to provide you with a particular service.  

    You may withdraw your consent provided that: you provide reasonable notice; we are not legally required to collect, use or disclose your Personal Information; and withdrawing your consent does not impede our ability to fulfill our obligations to you. You may withdraw your consent by contacting us at privacyofficer@nbly.ca. Our staff will be pleased to explain your options and any consequences of refusing or withdrawing your consent, and record your choices.

    Several of the privacy preferences available to you, subject to legal, business or contractual requirements, are outlined below.

    1. Direct electronic marketing.

      We may provide an option for you to consent to receive information that may be of interest to you such us our newsletters and updates on our new products and services through various electronic means. You may opt-out of receiving such electronic communications from us at any time by clicking on the “unsubscribe” link in any such electronic messages or by contacting us at privacyofficer@nbly.ca. We will honor your opt-out instructions within 10 days after we are informed of your request without any further action being required by you.

    2. Sharing with our subsidiaries, affiliates or Suppliers.

      We may share your Personal Information with the Group or our suppliers, agents and other organizations that perform Services for us or on our behalf for the reasons outlined in paragraphs 3(a) and 3(b) above. If you withdraw your consent for this sharing, we may not be able to provide you with your requested service. 

  8. Changes to this Privacy Policy
  9. We reserve the right to change this Privacy Policy at any time at our sole discretion. We will inform you of any such change by posting a new Privacy Policy on our website and clearly marking the effective date of any such change to the Privacy Policy. Your continued use of our services after the posting of changes constitutes your binding acceptance of such changes.

  10. Third-Party Sites
  11. Our website may be linked to internet websites operated by other companies. You should consult the respective privacy policies of these third-party websites. Our Privacy Policy does not apply to, and we cannot control the activities of, such other third-party web sites. Please be aware that we do not warn you when you choose to follow a link through to another website from our website.

  12. International Storage of Information
  13. Please note that we may use cloud storage services to store and process your Personal Information. In some cases, we may store and process your Personal Information outside of Canada. As a result, the physical storage of your Personal Information may span multiple jurisdictions or countries and the governments, regulators, courts or law enforcement authorities in those jurisdictions or countries may be able to obtain disclosure of your information through applicable laws. Your use of the Services or your submission of any Personal Information to us will constitute your consent to the transfer of your Personal Information outside of Canada, which may provide for different data protection rules than those in Canada.

  14. Complaints and Questions
    1. We regularly review our compliance with this Privacy Policy. When we receive formal written complaints, it is our policy to contact the complaining person regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between us and you. 

    2. If you have any questions about this Privacy Policy, please feel free to contact us at: privacyofficer@nbly.ca, Attention: Privacy Officer. 

    3. If you are not satisfied with our response to your inquiries, you may contact the Office of the Privacy Commissioner of Canada by mail at 30 Victoria Street Gatineau, Quebec K1A 1H3 or by calling 1 800 282 1376.

    4. Last Revised: April 30, 2021