SAMPLE - Privacy Policy and Legal Practices

YourCanadaDrugStore.com Customer Care (YCDSCC) will respect the confidential nature of personal health information and not disclose such information unless it is in the best interests of the customer and in accordance with the Freedom of Information and Protection of Privacy Act (FIPPA), The Personal Information Protection and Electronic Documents Act (Manitoba) (PIPEDA), The Personal Health Information Act (Manitoba) (PHIA) and the Health Insurance Portability and Accountability Act (United States) (HIPAA).

YCDSCC understands the importance of safeguarding your confidentiality and protecting the privacy of your sensitive personal information. Your privacy is a primary concern.

 

YCDSCC is committed to meeting or exceeding Canada’s national standards established by the Personal Information Protection & Electronic Documents Act (PIPEDA). Under PIPEDA, The 10 fair information principles that we must follow are as follows

 

Principle 1 – Accountability

YCDSCC is responsible for protecting the confidentiality of all personal information under it’s control. YCDSCC has designated a Privacy Officer accountable for our compliance with PIPEDA.

 

Principle 2 – Identifying Purposes

YCDSCC shall identify the purposes for which Personal Information is collected at or prior to the time of collection.

 

Principle 3 – Consent

YCDSCC recognizes that the knowledge and consent of each individual is required for the collection, use or disclosure of PERSONALLY IDENTIFIABLE INFORMATION , except where required or permitted by law.

 

Principle 4 – Limiting Collection

The PERSONALLY IDENTIFIABLE INFORMATION  we collect is limited to those details necessary for the purposes identified by YCDSCC.

YCDSCC collects and uses information necessary to satisfy your requests for access to the products and services of our contracted and licensed pharmacies. We routinely collect and use the following types of personal information, including (but not limited):

 

  • Customer Contact and Billing Information

– Your name, telephone number(s), mailing and e-mail addresses, referral source(s)

– Your credit card type, credit card number, expiry date and name of the credit card holder and

 – Personal Health and Medical Information

 

  • Medical Information

– Your age, height, weight, sex, date of birth, medication allergies, family and personal medical histories and/or conditions, medications requested, other prescription and non-prescription medications you may be using, the name and contact information of your primary care physician(s), and other information as needed to safely dispense your medication.

 

  • Customer Contact History Information

– YCDSCC may also maintain information used for tracking customer contacts and inquiries.

 

Principle 5 – Limiting Use, Disclosure and Retention

PERSONALLY IDENTIFIABLE INFORMATION  will only be used or disclosed for the purposes it was collected unless you have otherwise provided consent or where legally permitted or required. PERSONALLY IDENTIFIABLE INFORMATION  will only be retained for such time as is required for us and our contracted and licensed pharmacies to fulfill all professional and legal obligations.

 

Principle 6 – Accuracy

YCDSCC will take reasonable steps to ensure that your PERSONALLY IDENTIFIABLE INFORMATION  is accurate, complete and as up-to-date (as necessary) to fulfill the purposes for which it will be used.

 

Principle 7 – Safeguards and Security Measures

YCDSCC employs effective security technologies and safeguards to protect PERSONALLY IDENTIFIABLE INFORMATION  against unauthorized access, disclosure, alteration or misuse, appropriate to the sensitivity level of the information. We protect such information from unauthorized access and educate our employees and the contracted and licensed pharmacies of our privacy obligations.

Electronic information and paper files are stored in secure environments to which access is restricted to authorized employees with a legitimate business purpose to access such areas and information.

Due to the inherent nature of the Internet and electronic communication, privacy risks cannot be entirely eliminated. YCDSCC cannot guarantee PERSONALLY IDENTIFIABLE INFORMATION  will not be disclosed in ways not described in this Policy. However, it will take all reasonable steps to protect PERSONALLY IDENTIFIABLE INFORMATION from unlawful disclosure.

 

Principle 8 – Openness and Transparency

YCDSCC will make information concerning our Privacy Policies & Practices available to customers.

 

Principle 9 – Individual Access

Upon request (and with reasonable notice and justification), customers shall be informed of the existence, use and disclosure of their PERSONALLY IDENTIFIABLE INFORMATION , and will be given access to it. Customers may verify its accuracy and completeness, and may request that it be updated, if appropriate.

 

Principle 10 – Challenging Compliance

Customers may direct inquires concerning our Privacy Policy & Practices to our Privacy Officer by contacting YCDSCC.

By mail at:

 

Privacy Officer
Your Canada Drugs Store Customer Care
PO Box 48066 Lakewood PO
Winnipeg, MB
R2J 4A3

 

By Telephone at:
1-204-416-1859
Toll-free within Canada and the United States 1-844-416-4282

 

By Facsimile at:
1-204-416-1856
Toll-free within Canada and the United States 1-844-416-4287

 

Or by e-Mail at:
admin@yourcanadadrugstore.com

 

Updates & Other Matters

YCDSCC’s Privacy Policy & Legal Practices statement may be changed from time to time as deemed necessary and at YCDSCC’s sole discretion without prior notice or liability to you or any other party. Revised versions of this Privacy Policy & Legal Practices statement will be posted on our Website and you should check for regular updates. The modification date (found at the beginning of our Privacy Policy & Legal Practices statement) will reflect the date of the last modification(s) to our Privacy Policy & Legal Practices statement.

YCDSCC makes use of cookies and other similar web technologies for the sole purpose of tracking and securing our customers’ purchases online and to allow our staff to better understand your visit to our website. We do not sell or distribute any information gathered through analysis of our web traffic to any party outside of YCDSCC. We protect the privacy right of our customers to the best of our ability under all circumstances.

By using YCDSCC’s Website or services, you specifically confirm that you are familiar with our Privacy Policy & Legal Practices statement and consent to the collection and use of your PERSONALLY IDENTIFIABLE INFORMATION for the purposes outlined above.

Our Website may contain links to other websites which collect information about you voluntarily or through various electronic technologies. YCDSCC has no responsibility or liability for or control over these Websites.

https://www.onlinepharmaciescanada.com/ourprivacypolicy.aspx

Online Pharmacies Canada's Privacy Policy

It is our top priority to protect your privacy. We do collect personal information about you in order to fill your prescription orders and we pledge to maintain the confidentiality of that information. We do not sell, rent or give away the information you have entrusted to us. This notice describes our current privacy policy and practices.

Privacy and security

We have strict policies and procedures in place to safeguard the privacy and security of your personal information. Your personal information, including the data contained in our computers, is protected from unauthorized access. Its use is restricted to employees and others having a business need for the information.

Online Pharmacies Canada will periodically record user sessions randomly to help improve the usability experience for our visitors. Personal information will not be recorded in these sessions.

Types and use of personal information collected

The personal information we collect from you and about you is used to provide you with discount prescription medicines. This information varies depending upon whether you are a client or a prospective client. Examples of personal information we may collect from you or about you include: your name, address, telephone number, medical information and credit card information.

The information may be obtained from a telephone conversation, application, prescription form or from other sources, such as medical forms or reports. We maintain personal information regarding your transactions with Online Pharmacies Canada and we may request additional information in order to provide you with our products.

Safeguarding your medical information

Online Pharmacies Canada does not rent, sell, or give away your personally identifiable medical information to anyone for marketing purposes. We will only use and share personally identifiable medical information for specifically requested transactions and for those purposes required or permitted by law.

When we may disclose information

Online Pharmacies Canada respects the confidentiality of your personal information. There are circumstances in which we may disclose to third parties information we have about you in order to conduct our business, including processing a prescription transaction that you request or authorize. We will make these disclosures only when they are permitted or required by law. These disclosures may include providing information in response to a request by regulatory or governmental authorities, other administrators, auditors, or consultants. We may also provide the pharmacy or your American physician with access to your personal information that is needed to administer your business and provide service to you. They may also use this information to advise you of additional products and services offered through their company.

We do not rent, sell, or disclose any of your personal information, regardless of whether you are a current or former customer. Should your relationship with Online Pharmacies Canada end, we will continue to limit disclosures of your personal information in accordance with our stated privacy policy and practices just as we do for those who maintain a continuing relationship with us.

We welcome your inquiries. Please email us at info@onlinepharmaciescanada.com or write to: Privacy Notice - Online Pharmacies Canada, Suite #381 7360 - 137 Street, Surrey. B.C. V3W 1A3

Sincerely,
Online Pharmacies Canada

https://www.cultbeauty.co.uk/privacy-policy

Privacy Policy

For the purpose of the Data Protection Act 1998 (the Act) and from the 25 May 2018, the EU General Data Protection Regulation 2016/679 (the GDPR), the data controller is Cult Beauty Limited (company no. 6195011), having its registered office at 37 Chamberlain Street, Wells, Somerset BA5 2PQ United Kingdom (“Company/we/us”).

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions or you would like to make a request to exercise any of your legal rights, please contact the DPO using the details set out in the “Contacting Us” section below. At Cult Beauty we are committed to protecting your privacy. This Privacy Policy sets out the privacy practices of the Company. Please take the time to review this Privacy Policy carefully as it tells you how your personal information will be treated by us. By using the Cult Beauty website (the “Site”) and our services, you unconditionally agree to be bound by this Privacy Policy.

Cult Beauty wants to offer you the best possible internet experience; consequently, additional functions, features, products or services are incorporated into the Site from time to time. This, and our commitment to protecting the privacy of your personal information, may result in periodic changes to this Privacy Policy. As a result, please remember to refer back to this Privacy Policy regularly to review any amendments.

Any questions regarding our Privacy Policy should be directed to Cult Beauty’s Privacy Policy Manager at privacy@cultbeauty.co.uk or alternatively see the Contact Us page on this Site. Date of last update: Sept 2018

WHAT DO WE COLLECT AND HOW DO WE USE YOUR PERSONAL INFORMATION?

NON-PERSONAL INFORMATION

We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our Site. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Site. We may from time to time supply the owners or operators of third party sites from which it is possible to link to our Site with information relating to the number of users linking to our Site from their sites. You cannot be identified from this information.

COOKIES

We may store some information (commonly known as a “cookie”) on your computer when you look at our Site. This information facilitates your use of our Site and helps us to understand how our Site is used. You can erase or block some cookies from your computer if you want to (your help screen or manual should tell you how to do this), but certain Cult Beauty services may not work correctly or at all if you set your browser not to accept cookies. Please refer to our Cookie Policy for detailed information.

MARKETING AND COMMUNICATION

It is very important to us that we provide you with the highest level of service. In order to help us do this, from time to time we may contact you using one of the contact methods you have provided, with details of our newsletters, surveys, products and services which we think may be of interest to you, as well as relevant advertising messages. If at any time you do not wish to receive emails from Cult Beauty, please click the 'unsubscribe' link included in the footer of every marketing email we send. Alternatively, send an e-mail message titled "unsubscribe" to info@cultbeauty.co.uk. Please note that active customers will continue to receive order and account communications from us.

LEGAL BASIS FOR USING YOUR INFORMATION?

Cult Beauty only uses or shares your personal information only where we have a proper reason to do so. These reasons are:

  • Contract - your personal information is processed in order to fulfil a contractual arrangement e.g. in order to send you your Order
  • Consent – where you agree to us using your information in this way e.g. for storing your payment card details
  • Legitimate Interests - this means the interests of Cult Beauty in managing our business to allow us to provide you with the best products and service in the most appropriate way e.g. to manage our stock levels, for business development and risk management
  • Legal Obligation – where there is statutory or other legal requirement to use or share the information e.g. when we have to use your information for law enforcement purposes or statutory compliance

Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are:

WHO WE SHARE YOUR INFORMATION WITH AND WHY

Other than the disclosures referred to in this policy, we will not disclose any personal information without your permission unless we are legally entitled or obliged to do so (for example, if required to do so by Court Order or for the purposes of prevention of fraud or other crime). We will only disclose and/or transfer your personal information to a third party having ensured that steps have first been taken to ensure that your privacy rights continue to be protected. Cult Beauty may disclosure or transfer personal information as part of a reorganisation or a sale of the assets of a Cult Beauty.

Cult Beauty works with a number of national and international trusted suppliers, individuals, agencies and businesses in order to provide you the high quality goods and services you expect from us such as delivery companies, fraud prevention agencies, beauty and cosmetic brands and market research companies amongst others. Some examples of the categories of third parties with whom we share your data are:

SUPPLIER PARTNERS

Cult Beauty works with a number of trusted partners who supply products and services on our behalf. We will only hold the minimum amount of personal information needed in order to fulfil the orders you place or for them to provide a service on our behalf.

DELIVERY AND LOGISTICS PARTNERS

In order for you to receive your goods, Cult Beauty works with a number of delivery and logistics partners. We only pass limited information to them in order to ensure successful delivery of your order.

IT COMPANIES

Cult Beauty works with businesses and individuals who support our Site and business systems.

MARKETING COMPANIES

Cult Beauty works with marketing companies who help us manage our electronic communications with you or carry out surveys, analytics, and product reviews on our behalf.

PAYMENT PROCESSING COMPANIES

Cult Beauty works with trusted third party payment processing providers in order to securely take and manage payments.

KEEPING OUR RECORDS ACCURATE

We aim to keep our information about you as accurate as possible. If you would like to review or change the details you have supplied us with, or you would like to remove your published Submission from the Site you may do so at any time by using the Contact Us page on this Site.

SECURITY

You should be aware that the internet is an insecure environment. We have implemented technology and employee policies to help safeguard your privacy from unauthorised access and improper use. We will continue to update these measures, as appropriate, when new technology becomes available.

THIRD PARTY SITES AND SOCIAL MEDIA

We cannot be responsible for the privacy policies and practices of other third party sites (including but not limited to Facebook, YouTube, Twitter), or for advertisers on our site, even if you access them using links from our Site and we recommend that you check the policy of each site you visit. If you linked to our Site from a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and we recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions. Unless expressly stated, we are not agents for these third party sites or for any third party advertisers on our Site, nor are we authorised to make representations on their behalf.

TRANSFERRING YOUR PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA

We may need, as part of the services offered to you though our Site, to communicate your details outside the European Economic Area (“EEA”).

We are obliged to satisfy ourselves before transferring your information to a country outside the EEA that it provides adequate protection for your data protection rights. Cult Beauty only transfers your personal information to those third parties where we can be sure that we can protect your privacy and your rights, for example the third party is located in a country which the EU has deemed to have adequate data protection laws in place, where that third party is certified on the EU-US Privacy Shield or where we have a contract in place with that third party which includes the European Commission's standard data protection clauses. Our Site is hosted on servers located in Ireland.

HOW LONG WE KEEP YOUR INFORMATION

If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We will not keep your personal information for longer than is necessary for the purpose or purposes for which they are collected, unless there is another legal reason for us to retain the information. We will take all reasonable steps to destroy or erase from our systems all data which is no longer required. We will keep your personal information for the duration of your account being active and for 7 years after our contract with you has terminated.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to this Privacy Policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this Privacy Policy.

WHAT ARE YOUR RIGHTS

We endeavour to process all personal information in line with your rights under GDPR. In particular, You have the rights to:-

  • Withdraw your consent to Our processing your personal Information at any time. You can do this at any time by changing your “Preferences” when you log in to your account or by contacting us at privacy@cultbeauty.co.uk. In certain circumstances, We can process your personal Information without your consent in line with the lawful processing requirements in GDPR. These include (amongst other reasons) where processing is necessary to comply with a legal obligation, or to protect your vital interests
  • Ask us to rectify inaccurate or incomplete personal Information. We would seek to rectify the data as soon as possible and usually within one month unless the request is complex
  • Ask us to erase your personal Information. This is commonly referred to as the right to be forgotten. This right is only applicable where there is no compelling reason for the continued processing of your personal Information. There are some circumstances where this right to erasure does not apply and in such cases We would notify You of the reason(s) why We need to retain your personal Information (unless prevented to do so by law)
  • Restrict processing of your personal Information where, for example, the data is inaccurate, being processed unlawfully or where the data is no longer relevant to the specific purpose for processing. In such cases, We would retain the data but We would not process it further without your consent, or if processing your Information is for establishing, exercising or defending a legal claim, or for the protection of rights of other individuals, or for public interest reasons. In such circumstances, We would let You know that We intend to lift the restriction on processing your personal Information
  • Request access to your personal Information via a subject access request. your request should be made to us in writing and We may ask you for proof of your identity before providing You with the data. There is usually no fee for making such a request however, in limited circumstances, We can charge an administrative fee (which will be based on the administrative cost of providing the information)
  • You have the right to ask us not to process your personal Information for marketing purposes (including profiling). We will usually inform You (before collecting your data) if We intend to use your data for such purposes or if We intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms We use to collect your data. You can also exercise the right at any time by contacting us at privacy@cultbeauty.co.uk
  • Obtain and reuse your personal Information for your own purposes across different services (right to data portability). This right is only applicable to data that You have provided to us, where We are processing the data based on your consent or for the performance of a contract and when the processing is carried out by automated means. Where this right applies, the data will be provided to You in a structured, commonly used and machine-readable format

Please be aware that we will need to verify your identity before providing any personal information to you. We do this to protect your information. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.

CONTACTING US

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by sending an e-mail to us at privacy@cultbeauty.co.uk, or via post at Data Protection Officer, Cult Beauty Limited, 46 Colebrooke Row, London N1 8AF United Kingdom.

If you have any complaints regarding our handling of your personal Information, we would appreciate the chance to deal with your concerns in the first instance. However, if you wish, you may make a complaint directly to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk or 0303 123 1113)