Date of effectiveness 07 May 2021

This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By using our app and visiting our website you are accepting and consenting to the practices described in this policy. 

WHO ARE WE? (OUR IDENTITY & CONTACT DETAILS) 

The app and website are provided to you, by Pharmex Direct Inc. (hereinafter: “Company”, “we” or “our”)

Pharmex Direct Inc.
8-2333 Wyecroft Rd
Oakville, ON
Canada L6L 6L4

E-mail: service@pharmexdirecet.com

WHAT DATA WE PROCESS & WHY

Personal data (in Canada, referred to as personal information) means any information relating to an identified or identifiable natural person , which means any information that relates to you and identifies you personally, either alone or in combination with other information, and includes personal health data (in Canada, referred to as personal health information). Company may collect various types of personal data, as described in this policy.

In general, we only process your data where this is required for our legitimate business purposes, where we are required to do so due to relevant laws or where you provide us with your data voluntarily (i.e. by providing your consent).

We only process sensitive personal data, such as health data, where this is provided by relevant laws or where you give us your express and informed consent.

We will not knowingly collect online data about children through our app and website, and in other situations we collect such data only where relevant and permitted by law.

We always need a reason (“purpose”) and a legal basis, both as permitted by law, to process your personal data. Any data used by the app and website will either be stored on your device, outside of our control, or used by Google Analytics, as described below.

i. DATA PROCESSED BY US WHEN YOU USE OUR APP

TYPE OF DATA: contact (including first name, last name, email address), date of birth and gender.

PURPOSE: to enable you to install the app, create a profile, share information and receive information, services or other offers tailored to your needs. To resolve issues or to provide answers to your enquiries (as relevant).

LEGAL BASIS: consent and performance of our contract with you. Necessary for our legitimate interest (to provide the app and to help improve the app).

RETENTION PERIOD: data will only be retained for as long as you wish (see “what are your rights” section below) or as long as we believe is relevant to the business situation or service, whichever is the earlier. If you would like further information on our data retention periods, please contact: service@pharmexdirect.com

SOURCE OF DATA: data will be collected from the information you provide to us when creating your profile through our app.

REQUIREMENT TO PROVIDE THE DATA AND CONSEQUENCES OF NOT PROVIDING: you are required to provide the data for the purpose of creating a profile and without that data, you will not get most out of the app and personalized insights.

TYPE OF DATA: behavioral analytical data, whether notifications (may include alerts, sounds and icon badges) are on or off, whether permission has been given to receive newsletter and any health data (in the form of pre-determined responses to a set of questions related to your allergy symptoms) you have provided.

PURPOSE: to personalize the user experience, customize your content and provide personalized offers to you. To track the performance of the app and user behavior so that we can improve the user experience.

LEGAL BASIS: consent and necessary for our legitimate interest (to improve, develop and provide a better personalized product and service).

RETENTION PERIOD: Data will only be retained for as long as you wish (see “what are your rights” section below) or as long as we believe is relevant to the business situation or service, whichever is the earlier. If you would like further information on our data retention periods, please contact: service@pharmexdirect.com

SOURCE OF DATA: data will be collected from the information you provide to us and through the way you use our app.

REQUIREMENT TO PROVIDE THE DATA AND CONSEQUENCES OF NOT PROVIDING: you can switch off data collection at any time in the app settings, but without that data, we will not be able to ensure that pollen information is accurate and personalized.

TYPE OF DATA: geographical location, users’ pollen log including date and time

PURPOSE: to give you more accurate air quality and pollen data and to personalize your experience. With your consent, we may send you notifications when pollen levels change in your location

LEGAL BASIS: consent and necessary for our legitimate interest (to ensure that pollen information is personalized and to collect anonymized data used for statistical purposes in order to improve the app).

RETENTION PERIOD: data will only be retained for as long as you wish (see “what are your rights” section below) or as long as we believe is relevant to the business situation or service, whichever is the earlier. If you would like further information on our data retention periods, please contact: service@pharmexdirect.com

SOURCE OF DATA: data will be collected from the information you provide to us when entering your current location and using the allergy log.

REQUIREMENT TO PROVIDE THE DATA AND CONSEQUENCES OF NOT PROVIDING: you are not required to provide the data if you do not want to, in which case your location will not be used, and you will not receive accurate pollen information. You can change your preference at any time in your settings. You can also download and delete the data the app has collected about you at any time in your settings. This will not include deletion of any anonymized data used for statistical purposes.

ii. DATA PROCESSED BY US WHEN YOU USE OUR WEBSITETYPE OF DATA: contact information (including first name, last name, mobile phone number and email address) and content of your communication.

PURPOSE: to enable you sign up for our marketing communication and to receive information about services tailored to your needs. To resolve issues or to provide answers to your enquiries (as relevant) when you contact us through the contact form on our website.

LEGAL BASIS: consent for marketing communications and legitimate interests to resolve issues or to provide answers to your queries

RETENTION PERIOD: as long as needed for the purpose (data will be subject to periodic reviews).

SOURCE OF DATA: data will be collected from you when you contact us or sign up to receive our marketing communication.

REQUIREMENT TO PROVIDE THE DATA AND CONSEQUENCES OF NOT PROVIDING: you are not required to provide the data, and you may at any time unsubscribe from the newsletter(s).

TYPE OF DATA: technical data (including IP address).

PURPOSE: to analyze users’ browsing patterns to enable us to operate, develop and improve our website.

LEGAL BASIS: processing necessary for our legitimate interests as described in the purpose

RETENTION PERIOD: we will determine an appropriate retention period for technical data, and in determining what is appropriate,  we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements. If you would like further information on our data retention periods, please contact: service@pharmexdirect.com

SOURCE OF DATA: as you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies or similar technologies. Please see the section on “Cookies” below.

REQUIREMENT TO PROVIDE THE DATA AND CONSEQUENCES OF NOT PROVIDING: you can set your browser to refuse all or some cookies. However, if you disable or refuse cookies, some parts of our website may become inaccessible or not function properly. Please see the section on “Cookies” below.

iii. AUTOMATED DECISION-MAKING AND PROFILING

In order to provide you with high-quality products and services tailored to your needs and expectations, we may be using automatic tools and the types of tools we use are described in the section on “Cookies” below. However, you will not be subject to any decisions based solely on automated processing (including profiling), which would produce legal effects concerning you or would significantly affect you in a similar way.

WHO WILL WE DISCLOSE YOUR PERSONAL DATA TO (RECIPIENTS OF PERSONAL DATA)

We may retain third party vendors to assist us to perform services on our behalf. Such third-party vendors may be provided with access to your personal data to perform their obligations pursuant to contractual obligations with us, but for no other purpose. We have set out below the categories of third parties to whom we will disclose your personal data. Where possible, we will provide you with more details about specific third parties, including third-party data processors and service providers, to whom we may disclose your personal data to fulfill our legitimate interest and/or purposes.

i. COMPANY’S EMPLOYEES & EXTERNAL PROCESSORS

The recipients of your personal data will be employees of entities belonging to Company’s Group and external processors providing specific services and processing personal data on our behalf and only in accordance with our instructions. They will receive your personal data only on a need-to-know basis, being subject to the obligation of confidentiality and after signing appropriate legal documents.  Where we transfer personal data outside of the European Economic Area (or outside the UK, if that is where you are based), we ensure a similar degree of protection is afforded to it by putting in place appropriate safeguards. Please be advised that when your personal data is stored or transferred outside the Canadian jurisdiction, it may be accessible to law enforcement and other authorities pursuant to a lawful request.

ii. INDEPENDENT THIRD PARTIES

We may disclose your personal data to third parties (such as attorneys) when this would be necessary for the establishment, exercise or defense of legal claims or to public authorities, when required by the law, or, when needed, to independent third party auditors.  We may disclose your personal data in the event of or during a merger, divestiture, restructuring, dissolution, or other sale or transfer of some or all of our assets or equity, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us is among the assets transferred.

GOOGLE ANALYTICS

Our app and website use Google Analytics. Google Analytics allows us to analyze and enhance user experience by better understanding how you interact with our app and website. For more information on how Google Analytics collects and processes data, as well as how you can control the data sent to Google, please review Google’s site “How Google uses data when you use our partners’ sites or apps” for further information (located at www.google.com/policies/privacy/partners/).

Google Analytics also uses cookies to collect standard internet log data and visitor behavior data in an anonymous form. The anonymous data generated by Google Analytics cookies about your use of our app and website (including your IP address) is transmitted to Google and compiled into aggregated statistical reports that are used by Company to optimize app and website content. You may control your advertising preferences or opt-out of certain Google advertising products (i.e. the Google Analytics cookies) by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences.

COOKIES & SIMILAR TECHNOLOGIES

This site uses cookies and similar technologies.

You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. In addition, you can set your browser to opt-out of interest-based advertising by participating providers by visiting http://www.networkadvertising.org for details on how to opt-out.

Where consent is needed for use of cookies and similar technologies, we obtain it through a consent banner when you visit the website.

Please note that this site does not respond to “Do Not Track” signals from internet browsers.

In addition to the cookies and similar technologies set out in our cookie policy, we use a technology service called Hotjar on this website to analyze customers’ browsing patterns to enable us to understand our users’ experience and improve our website. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (such as technical data (including IP address in anonymized form), geographic location (country), and language preference). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link. You can opt-out of the creation of a user profile by Hotjar, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

SECURITY

We implement appropriate technical and organizational measures to protect your personal data and to ensure such data is processed in accordance with applicable laws and standards. Any personal data that is provided to Company by you will be encrypted in transit to prevent its possible misuse by third parties. We have a number of relevant internal privacy policies, procedures, and guidelines and we also make sure that we have appropriate non-disclosure, data processing and other appropriate agreements and provisions in place, so that your data is adequately protected. Our security procedures are continuously revised based on new technological developments.

Due to the nature of Internet communications, we cannot guarantee that such communications are 100% secure or error-free and disclaim that the information you provide us will remain free from theft, loss, or unauthorized access or use by third parties, despite our best efforts. You are responsible for maintaining the privacy of any usernames, passwords or other special access numbers you might use to access the app and website.

WHAT ARE YOUR RIGHTS 

If you wish to exercise any of your rights, please contact us using our contact details provided at the beginning of this policy.

i. ACCESS AND RECTIFICATION

You may access your data, as well as have inaccurate data rectified.

You are entitled to obtain a copy of your data, which will be provided to you in such a way as to respect the rights and privacy of other persons.

You are also entitled to ask us to provide you with any relevant details concerning the processing of your personal data.

ii. DATA PORTABILITY

You are entitled to receive data you have provided to us in a portable format (structured, commonly used and machine-readable format) and to have such data transferred to you or, when feasible, directly to another entity or person you expressly choose.

Please note, that the data will be provided to you in such a way as to respect the rights and privacy of other persons.

iii. RIGHT TO OBJECT

You may object to the processing of your personal data which is processed based on our legitimate interests and there is something particular about your situation which makes you want to object to processing on the grounds that you believe it impacts on your fundamental rights and freedoms. You also have the right to object when such data is processed for direct marketing purposes without giving any reasons.

iv. RIGHT TO WITHDRAW CONSENT

If you have given consent to use your personal data to us, you have the right to withdraw your consent at any time. For this purpose, you may email us at  service@pharmexdirect.com or please contact us using our contact details set out above.

Your withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

v. ERASURE (‘RIGHT TO BE FORGOTTEN’)

You may ask for your personal data to be deleted and no longer processed at any time. However, we may not always be able to comply with your request for erasure for specific legal reasons (e.g. if some data still needs to be stored for tax reasons) in which case, we will notify you of these reasons and give you an indication of when that data is likely to be deleted.  Note that the right to erasure does not apply to anonymous statistical data (which will not contain any personal data).

vi. RESTRICTION OF PROCESSINGInstead of erasure, you may ask to have your data restricted. Further processing of restricted data may take place only with your consent or for reasons expressly stipulated by applicable law(s).

If the restriction would not be possible, because of justified legal reasons, you will be expressly informed about such reasons before the restriction is lifted.

vii. COMPLAINTS

If you wish to complain, please contact us using our contact details or send an email at service@pharmexdirect.com

viii. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITYIf you are not satisfied with the way your personal data is handled, with the data you receive, or with any other aspect relating to the protection of your personal data, please reach out our Data Protection Officer. In addition, you have the right to complain to the Office of the Privacy Commissioner of Canada or the relevant Information and Privacy Commissioner in your jurisdiction of residence and  you are entitled to lodge complaints with a  EU supervisory authority,  A list on EU’s data protection authorities can be found herein: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

CHANGES TO THIS NOTICE

This privacy policy may be updated from time to time. If we make material changes, we will notify you by means of a prominent notice on the site prior to the change becoming effective, and where appropriate, send a direct communication to you about the change.