Updated September 2023
Dermapure Group Inc. (with it’s affiliates “Dermapure” / ”we”) is committed to protecting the privacy and security of your personal information. We also believe in transparency. This Policy explains how we treat your personal data. Please read this Policy carefully to learn more about how we process personal information and what rights you may have under applicable law.
When does this Policy apply? This Policy describes our practices for the personal information for which we are a “data controller” under applicable law. This includes information collected when you visit our website, Dermapure.com (as well as the websites of its affiliated business units and accessible by link from this site) (the “Site”).
Privacy law generally requires that we obtain your consent to collect, use or disclose your personally identifiable information. Depending on the circumstances, your consent may be express or implied. Express consent would arise if you specifically consented to a particular dealing in your personally identifiable information. Express consent can be given orally, electronically or in writing. Implied consent can be inferred from the circumstances. For example, if we indicate that we may send certain correspondence to your home address and you then provide us with your home address in response, we would not normally obtain your explicit consent to use your home address to send you that correspondence; your consent would be implied in those circumstances.
We will assume your consent to the collection, use or disclosure of your personally identifiable information for a particular purpose if you voluntarily provide the information for that purpose.
You may change or withdraw your consent at any time on reasonable notice, subject to pre-existing legal and contractual obligations, by contacting our Privacy Officer as set out below. If you withdraw certain consents, it may limit the manner in which you can make use of the websites and to otherwise interact with Dermapure. For clarity, your ability to change or withdraw consent is not absolute. Dermapure. reserves the right to continue handling your personally identifiable information in those circumstances required or permitted by law despite a change or withdrawal of consent.
Information Collection, Use, and Sharing
Dermapure collects personally identifiable information which includes your name, date of birth, postal address, email, telephone number, and relevant medical information that will be used to provide services or process your order and provide notifications when it is necessary for further services.
Set out below are certain circumstances where we may use your personally identifiable information without obtaining your further consent. By providing your personally identifiable information to us, we are assuming that you are consenting to these uses unless you inform us otherwise. These are:
– using identification information and contact information, such as your name and e-mail address to provide information about Dermapure and the websites when you request that information;
– using identification information and contact information, such as your name and e-mail address so that we can identify you and deliver products and services, including in connection with the websites, that you request and to communicate with you regarding those products and services;
– using information relating to your preferences so that we are able to deliver our products and services, including in connection with the websites, to you in accordance with those preferences;
– using relationship information such as your service requests, instructions, comments and feed back to assist us in delivering products and services, including in connection with the websites, in accordance with your wishes;
– using your address to delivery your order to you;
– using personally identifiable information for the purpose for which it was provided and certain other activities that are reasonably ancillary to that purpose. For example, if you send us an e-mail with a question or comment, Dermapure will use your e-mail address to respond to you. Further, Dermapure may store your e-mail and e-mail address and a copy of our response for future reference;
– analyzing your personally identifiable information to assist us in developing and enhancing our products and services and the websites; and
– analyzing your personally identifiable information to assist us in conducting market analysis and strategic planning.
At Dermapure, we take precautions to protect your information. When you submit information via the website (such as your name, and email), Dermapure has put in place appropriate security mechanisms for the protection of your information both online and offline at our specific Dermapure and partner locations.
Wherever we collect certain sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.
Please note that we do not alter the Site’s data collection and use practices when we see a Do Not Track signal from your browser.
In order to use the appointment book feature of the Dermapure website, a user must first complete the registration form. During registration a user is required to give certain information (such as name and email address). This information is used to send you confirmation and reminders of your upcoming appointments and contact you about the products/services on our site in which you have expressed interest.
We collect information to be able to process your online order. To make an online order, you will be asked to provide contact information (such as your name and shipping address) and payment information (such as your credit card number, expiration date). This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we will use this information to contact you.
If you wish to refill your last order, we will use the personally identifiable information and prescription information you have on file in order to fulfill your order request.
Device Information and Use
We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to select your location each time, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. We also collect “Log files” which track actions occurring on the Site, data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps and “Web beacons,” “tags,” and “pixels” which are electronic files used to record information about how you browse the Site.
We use such information to help us screen for potential risk and fraud, and more generally to improve and optimize the Site (for example, by generating analytics about how our customers browse and interact with the Site and to assess the success of our marketing and advertising campaigns) and, when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Other Collection, Use and Disclosure
As well, the law permits or requires the collection, use and disclosure of personally identifiable information without the knowledge or consent of the individual in a number of circumstances. We reserve the right to collect, use and disclose your personally identifiable information in these circumstances without your knowledge or consent as the law may permit or require.
Accuracy and Completeness
When we collect, use or disclose personally identifiable information, we will make a reasonable effort to ensure that it is accurate, up to date and complete. To do so, we may need to request additional information from you or have you verify your information. If your personally identifiable information does change, it is your responsibility to inform us of those changes in order that your personally identifiable information in our possession remains accurate.
Retention and Destruction
For legal and business purposes we may retain your personally identifiable information for as long as it is reasonably needed. Upon expiry of the appropriate retention period, bearing in mind our reasonable legal and business requirements, your personally identifiable information will either be destroyed in a secure manner or made anonymous. You should be aware that there are legally required minimum retention periods, which Dermapure must and does observe.
From time-to-time the Dermapure site requests information via surveys. Participation in these surveys are completely voluntary and you may choose whether or not to participate and therefore disclose any personally identifiable information. Information requested may include contact information (such as your name and shipping address), and demographic information (such as postal code, age level). Survey information may be used for purposes of monitoring or improving the use and satisfaction of this site and Dermapure locations.
Requests for Access to Personal Information
On your written request we will provide you with:
– access to your personally identifiable information (if any) under our custody or control;
– information about the purposes for which your personally identifiable information under our custody or control has been and is being used by us; and
– the names of persons to whom, and the circumstances in which, your personally identifiable information has been and is being disclosed by us.
All requests may be subject to reasonable fees and disbursements. Where appropriate to do so, we may require advance payment of a deposit or the entire costs of responding to a request for access to personally identifiable information.
We require that all requests for access be in writing and be signed by the requestor. We required sufficient information and detail from the requestor in order to verify their identity, properly locate the information and respond to the request.
An individual’s ability to access his or her personally identifiable information under our control is not absolute. Dermapure reserves all rights to not disclose personally identifiable information in certain circumstances. For example, we may not disclose personally identifiable information where:
– the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual;
– the disclosure would reveal personally identifiable information about another individual;
– the disclosure of the information would reveal confidential commercial information; or
– the personally identifiable information was collected by us for an investigation or legal proceeding.
On request by you, we will correct errors or omissions in your personally identifiable information where that information is in our custody or control. We require that all such requests be in writing and signed by you. We may require sufficient information and detail from the individual in question in order to verify their identity, properly locate the information and respond.
If you make such a request, we will either:
– correct the personally identifiable information and, if reasonable to do so, send correction notifications to any third party to whom we disclosed the incorrect information; or
– decide not to correct the personally identifiable information but we will annotate the personally identifiable information that a correction was requested but not made.
Corrections or amendments will rarely, if ever, be made to opinions, including expert or professional opinions, as opposed to factual information, which may be corrected if in error.
Please allow us 30 days to respond to any request for access to your data or change and correction requests of your data.