top of page

Customer Privacy Policy

The following policy is for customers/shoppers.  If you are a practitioner, please see our practitioner privacy policy. if you are a merchant, please see our customer privacy policy.

Prescrypt Ltd. (“Prescrypt”, as follows “we” or “us”) reserves the right to amend the Policy at any time to account for changes in the Applicable Law, our practices, and the Prescrypt Platform. We post the current version of the Policy at www.prescrypt.ca/customers-privacy-policy. Please check to see if we have amended the Policy since you last used the Prescrypt Platform to ensure you are aware, and agree to our current privacy practices.

We are proud to demonstrate our commitment to your privacy, by complying with the Applicable Law and regulations thereunder. This includes the Personal Information Protection and Electronic Document Act (“PIPEDA”), in addition to provincial health legislation. We believe that an important part of protecting privacy is to provide clear, and easily accessible details about how we handle User’s Information.

Definitions

“Prescrypt Platform” - Collectively, the hardware, software, websites, content, products and services owned and/or operated by us to enable the provision of remote healthcare services to Users, among other purposes.

“Personal Information” - Collectively “Personal Information” (information about an identifiable User as defined by the Applicable Law) and “Personal Health Information” or “PHI” (information about a User’s health or healthcare as defined in the Applicable Law)

“User” - (as follows “you”, “your”) an individual registered to use the Prescrypt Platform

“Authorized Healthcare Professional” - Collectively “Authorized Healthcare Professionals” (Physicians and Nurse Practitioners licensed to practise medicine in a province or territory of Canada)

“Authorized Non-Practitioner Professional” - Regulated health professionals other than Physicians and Nurse Practitioners licensed to practise in a province or territory of Canada

“Applicable Law” - Laws and regulations Prescrypt, Authorized Healthcare Professionals, or Users are subject to 

“Content” - General information about health related topics posted on the Prescrypt Platform, access to which is not the delivery of healthcare services. This does not replace, and cannot be relied upon as healthcare services

What is Personal Information?

Personal Information is any information identifiable to you. This information may include, but is not limited to your name, contact information, and information related to physical or mental health. This may include information that consists of your family health history, identification of a User to provide healthcare services, and Prescrypt usernames and passwords. Personal information does not include your business name, business title, business address, or business telephone number in the capacity of an employee of an organization.

How do we collect Personal Information?

Personal information is collected in compliance with PIPEDA, in addition to other provisions under Applicable Law. This Information is collected to register Users, create a User account (“Account”), authenticate login credentials, and personalize your experience while using the Prescrypt Platform. We may collect Personal Information from Users directly, and/or from third parties, where we (and/or the third party) have obtained your consent, or as otherwise permitted by law.

Where do we store User Personal Information?

Collected Personal Information is stored at the Prescrypt offices, and/or our service provider’s data centres in North America. 

The Prescrypt Platform is not targeted to and is not intended for use by European Union (EU) residents located in the EU. EU residents may use the Platform if they are temporary or permanent residents in the province of Alberta, British Columbia, Manitoba, Newfoundland and Labrador, Nova Scotia, Ontario, Prince Edward Island, or Saskatchewan. By using the Prescrypt Platform, you agree that Personal Information can be stored and processed in North America. 

How do we use User Personal Information?

We identify the purposes for which we use User Personal Information at the time such Information is collected, in addition to obtaining User consent prior to such use. User Personal Information is generally used for the following purposes (the “Purposes”):

  • To facilitate, administer, and determine eligibility for User access to the Prescrypt Platform

  • To track purchases through the Prescrypt Platform to arrange refills and prescription renewals

  • To facilitate communications with third-party service providers with whom we have a contractual relationship including, but not limited to Physicians, Nurse, Practitioners, and Pharmacists

  • For billing, including private insurance details and provincial health numbers for insured services

  • To advise Users about programs and services that may be of interest

  • To collect comments and feedback regarding Prescrypt’s operations

  • To help us create, develop, evaluate, and improve the Prescrypt Platform and Content

  • To investigate legal claims

  • For loss prevention, anti-fraud purposes, and to comply with regulatory and legal requirements

  • Such other purposes as may be permitted by law, for which Prescrypt may obtain consent

When and to whom is User Personal Information shared?

Personal Information is shared with great care, following appropriate privacy standards. The circumstances in which this may occur include:

  • Transferring Personal Information to third party service providers assisting us with the Purposes, including but not limited to, Physicians, Nurse Practitioners, Pharmacists, in addition to telephone support or data storage and processing providers

  • Disclosure of Personal Information to a potential acquirer in connection with a transaction involving the sale of some or all of the business of Prescrypt

  • On consent to disclose Information to an insurer 

  • Disclosure in the event of an emergency at the reasonable judgement of Prescrypt or a third party service provider with whom we have a contractual relationship to emergency contacts, a public authority, an agent of public authority, or another party

For Users who would like to receive their purchases through the mail, we may provide the assigned third party shipping carrier with the following information:

  1. First and last name

  2. Shipping address

  3. Telephone number

  4. Email address

Disclosure is limited to the information that is needed to perform courier duties and provide you with your ordered products and services. Our delivery partners are listed on our subprocesses section below. Prescrypt Health is not responsible for any additional information you provide directly to these parties. Users must contact the third party directly to manage communication preferences regarding tracking and status updates.

When and how do we obtain consent?

Consent is obtained at that time Personal Information is collected, prior to the use or disclosure of this Information for any purpose. Consent can be provided orally, electronically, or in writing. The form of consent required, including whether it is expressed or implied, largely depends on the sensitivity of the Information, and reasonable User expectations in the circumstances. We may rely on a third party to obtain your consent to the sharing of Personal Information with us. You may withdraw consent by providing us with notice, expressly instructing that their personal health information not be used, or disclosed for healthcare purposes without consent.

How do we ensure the privacy of Personal Information when dealing with our affiliates and other third parties?

All Prescrypt affiliates and other third parties engaged to perform services on our behalf and are provided with Personal Information are contractually required to observe the intent of this Policy and our privacy practices.

For additional details about Prescrypt’s third party service providers, please see our list  below.

How long will we use, disclose, or retain User Personal Information?

Unless otherwise notified, your Personal Information will be retained on the Prescrypt Platform at least until you (or Prescrypt) close your account. We will use and disclose of Personal Information as long as necessary to fulfil the purposes for which this was collected, and as permitted or required by law.

How can Users review Personal Information that we have collected, used, or disclosed?

Users can make a written request to review any of their Personal Information that we have collected, used, or disclosed. We will provide you with any such Personal Information to the extent required by law, made available in a form that is generally understandable. Requests can be made by contacting privacy[ a t ] prescrypt [dot] ca.

How can Users ensure the Personal Information we have is accurate?

We will ensure your Personal Information is kept as accurate and up-to-date as possible. We will not routinely update User Personal Information, unless such a process is necessary. We expect Users to supply us with updates to their Personal Information when required.

What if a User’s Personal Information is inaccurate?

User’s may update or otherwise correct Information, except Information an Authorized Healthcare Professional has viewed or created. To update or correct Information an Authorized Healthcare Professional has viewed, or request a correction to Information an Authorized Healthcare Professional has created, please contact us using the information below so your request can be appropriately directed.  Requests can be made by contacting patient[ a t ] prescrypt [dot] ca.

How fast will we respond to User written requests?

We will attempt to respond to each User written request within 30 days of receipt. We will advise Users in writing if we cannot meet your request within this time limit. You have the right to make a complaint to the Privacy Commissioner of Canada, and/or the appropriate provincial privacy governing body. 

Are there any costs to a User requesting details about their Personal Information or our privacy practices?

We will not charge any costs for Users to access their Personal Information in our records, or to access our privacy practices without first providing Users with an estimate of appropriate costs, if any. Users may be requested to provide sufficient information to permit access to the existence, use, or disclosure of their Personal Information. Any such identifying information shall be used only for this purpose.

How do we verify a User requesting their Personal Information?

Users may be requested to provide sufficient information to permit access to the existence, use, or disclosure of their Personal Information. Any such identifying information shall be used only for this purpose.

Who is accountable for my Personal Information?

In most of the provinces in which Prescrypt operates, Prescrypt has overall responsibility for protecting the privacy of your Personal Information, including information collected in connection with the provision of health services through the Prescrypt Platform (“Health Information”) by a healthcare provider, such as a physician or nurse practitioner.

In Alberta, your healthcare provider has overall responsibility for the privacy of your Health Information, and Prescrypt assists the healthcare provider in meeting that responsibility. For greater clarity, in Alberta, Prescrypt handles Health Information on behalf of healthcare providers, who are ‘custodians’ under Alberta’s Health Information Act (the “HIA”). Health Information is collected pursuant to section 20 (in conjunction with section 27(1)) of the HIA.

What safeguards have we implemented to protect User Personal Information?

We have implemented physical, organizational, contractual and technological security measures to protect User Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. Notwithstanding the safeguards we employ and our commitment to protecting Information, we cannot guarantee the security or error-free transmission or storage of Information. There are risks inherent in the use of electronic means to transmit and hold Information in electronic format. These risks can be minimized but not eliminated by the use of appropriate security measures, such as the measures Prescrypt employs. These risks include interception, loss, corruption, unauthorised access to, use and disclosure of Information, and delay in the availability of Information.

The only employees or third party service providers who are granted access to your Personal Information (“Personnel”), are those with a business ‘need-to-know’ or whose duties reasonably require such information. We require Personnel to complete privacy and security training, and to commit to protecting information by complying with our policies, procedures, and Applicable Law.

We store your information in electronic format within North America, using computer systems with restricted access and housed in facilities using physical security measures.

Users are asked to take the following precautions to protect their privacy and Information:

  • Create, and periodically update a strong and unique password for your Account

  • Do not share your Account password with anyone. We will never ask Users for their password, so please do not provide it, and contact us if such a request is received

  • Log out of the your Account as soon as you are finished using it, especially on shared devices

  • Password-protect devices used to access your Account 

Cookies and De-identified Data

Prescrypt may collect and use data created by de-identifying Information so that it no longer identifies a User (“Data”). Prescrypt may use Data for monitoring the compliance of Users and Authorized Healthcare Professionals with Prescrypt Platform Terms of Use, for making the Prescrypt Platform more accessible and enhancing the experience for Users and Authorized Healthcare Professionals. We may also use or disclose Data for the purposes of product and marketing research. We will not use Data to re-identify Users or for any other purpose prohibited by Applicable Law. We will only de-identify Information in a manner that complies with Applicable Law.

The Prescrypt Platform, email messages, and marketing materials use “cookies” and other technologies such as pixel tags and web beacons. We use these technologies to better understand the use of the Prescrypt Platform, analyze trends, and administer, personalize and improve the experience of using the Prescrypt Platform for Users and Authorized Healthcare Professionals. For more information about our use of cookies and your ability to accept or decline our use of cookies, please refer to our Cookie Policy.

 

Subprocessors

 

Contact

Questions, concerns, complaints, or suggestions regarding our Privacy Policy can be directed to privacy[ a t ] prescrypt [dot] ca. 

For medical records access requests, please direct all inquiries to the records management team at compliance[ a t ] prescrypt [dot] ca.

Prescrypt Ltd.

privacy[ a t ] prescrypt [dot] ca

151 Charles St W, Suite 100

Kitchener, ON N2G 1H6,

Canada

bottom of page