Privacy Statement
Privacy Statement
At CareRx Corporation, we recognize the importance of protecting your privacy and safeguarding your personal information.
As we are a national organization, this Privacy Statement is designed to meet the standards
prescribed by the Personal Information Protection and Electronic Documents Act as well as
applicable provincial privacy legislation in the provinces in which we operate, including the Personal Health Information Protection Act (Ontario), the Health Information Act (Alberta) and the E-Health (Personal Health Information Access and Protection of Privacy) Act (B.C.).
The purpose of this Privacy Statement is to inform you about the types of personal information
we collect, use and disclose. It explains how we collect, use and disclose that information, the
choices you have regarding such use and disclosure, and how you may access and correct that
information.
From time to time, we may make changes to this Privacy Statement. The Privacy Statement is
current as of the “last revised” date which appears at the top of this page.
The following topics will be covered in this Privacy Statement:
Personal information is any information that is identifiable with you, as an individual (although it
may not include your business contact information where collected, used or disclosed for
business communication purposes).
We may collect, use, and disclose different kinds of personal information, depending on our
relationship with you. For example:
- if you are a customer, we collect the name, contact information, gender, date of birth,
medication history and other health information, insurance information, and credit card
information to complete transactions; - if you communicate with us, we collect whatever personal information they choose to
provide to us; and - if you use our technology applications, we may collect technical and usage data (such as
internet protocol (IP) address, browser type and version, time zone setting and location,
browser plug-in types and versions, operating system and platform and other technology
on the devices you use to access our websites).
We may collect, use and share aggregated and anonymized data, such as statistical or
demographic data. Aggregated and anonymized data is not considered personal information as it
does not reveal your identity.
We will collect your personal information by fair and lawful means. We may collect personal
information from you directly and/or from third parties, with your consent or as otherwise
required or permitted by law.
We identify the purposes for which we use your personal information at the time we collect such
information from you and obtain your consent, in any case, prior to such use. We generally use
your personal information for the following purposes (the “Purposes”):
- if you are a customer, to provide health care and related products, services and programs
you request; - if you use any of our technology applications or online portals, to administer your use of
those applications; - to manage our business and our arrangements with our clients – including to detect and
prevent errors and fraud; - to respond to your inquiries, complaints or requests;
- to collect opinions and comments about CareRx;
- to improve the effectiveness and efficiency of our operations, products, services and
programs; - if you visit our premises, to ensure safety and security (which may include video
surveillance); - if you apply for employment with us, to process your application;
- to investigate legal claims;
- for such purposes, as you may otherwise consent from time to time; and
- as otherwise required or permitted by law.
We generally identify to whom, and for what purposes, we disclose your personal information, at
the time we collect such information from you and obtain your consent to such disclosure.
If you are a customer, we may disclose your personal information to pharmacists, doctors,
nurses, naturopaths, technicians, provincial drug plans, insurance providers or others involved in
your circle of care (such as hospitals or your home operator) to facilitate the provision of your
medications. This helps to coordinate care and ensure that everyone involved in your health care
has the right information to meet your health care needs.
We may transfer your personal information to service providers that are assisting us with the
Purposes, including those providers than deliver medications on our behalf. We ensure that
those service providers are subject to appropriate privacy standards.
We obtain your consent prior to collecting, and in any case, prior to using or disclosing
your personal information for any purpose – unless we are otherwise permitted to handle your
personal information under applicable law. You may provide your consent to us either orally,
electronically or in writing. The form of consent that we seek, including whether it is express or
implied, will largely depend on the sensitivity of the personal information and the reasonable
expectations you might have in the circumstances. In general, your request for care from us implies consent for our collection, use, and disclosure of your personal information for the purposes outlined herein. Any uses of your personal information other than those mentioned herein would require your express consent.
Where feasible or required by applicable law, we will generally accommodate requests to
withdraw consent – subject to legal or contractual restrictions. However, this may mean that you
are no longer eligible for certain goods or services, or to participate in certain programs – or
otherwise limit our ability to fully meet your needs.
We will keep the personal information that we collect in our regional offices in Ontario, Alberta,
British Columbia or Saskatchewan, and at the offices and data centres of our third party service
providers, as applicable.
We will retain your personal information for as long as necessary to fulfill the purposes for
which that personal information was collected and as permitted or required by law.
We ensure that any service providers that handle personal information on our behalf are
contractually required to observe the intent of this Privacy Statement and our privacy practices
and to comply with applicable privacy laws.
We have implemented physical, organizational, contractual and technological security measures
in an effort to protect your personal information from loss or theft, unauthorized access, use, or
disclosure. For example:
- we restrict access to your personal information to those employees or agents who need
access for authorized purposes; - electronic data is protected by technological means, such as firewalls, access controls,
and encryption; - we sensitize our employees and agents to the importance of safeguarding personal
information; and - we confidentially destroy your personal information when we no longer need it for
permitted purposes.
Like most companies, we cannot guarantee that our safeguards will always be effective. A
breach of security safeguards can result in such risks as phishing and identity theft. In such cases,
we act promptly to mitigate the risks and to inform you where there is a real risk of significant
harm, or as otherwise required by law.
We may also require you to assist us to safeguard your personal information. For instance, if
you use our applications or online portals, you should use unique and strong passwords, not
share your passwords with others, and promptly alert us if you believe your password has been
compromised.
If you make a written request to review any personal information about you that we have
collected, utilized or disclosed, we will provide you with any such personal information to the
extent required by law. We will attempt to make such personal information available to you in a
form that is generally understandable.
We will attempt to ensure that your personal information is kept as accurate, complete and up-to-
date as possible. We will not routinely update your personal information unless such a process is
necessary. We expect you, from time to time, to supply us with written updates to your personal
information, when required.
At any time, you can challenge the accuracy or completeness of your personal information in our
records. If you successfully demonstrate that your personal information in our records is
inaccurate or incomplete, we will amend the personal information as required. Where
appropriate, we will transmit the amended information to third parties having access to your
personal information.
We will attempt to respond to each of your written requests not later than 30 days after receipt of
such requests. We will advise you in writing if we cannot meet your requests within this time
limit. You have the right to make a complaint to the Privacy Commissioner of Canada or
applicable provincial privacy commissioner if you object to how we have handled your request.
We will not charge any costs for you to access your personal information in our records without
first providing you with an estimate of the approximate costs, if any.
We may request that you provide sufficient identification to permit access to the existence, use or
disclosure of your personal information. We will only use that identifying information to help us
respond to your request. If you are an agent of the individual that the personal information is
about, we may require you to provide documentation to prove that you have the authority to act
for that individual.
All comments, questions, concerns or complaints regarding your personal information or our
privacy practices should be forwarded to our Privacy Officer as follows:
Address:
By e-mail:
privacy@carerx.ca
For more information about your privacy rights, or if you are unable to resolve an issue directly with us and wish to make a complaint, you may contact:
Ontario:
Alberta:
B.C: