Version 1.0 – Revised: 2018-05-10
The Website is a platform for educating physicians, patients and others about the therapeutic value of medical cannabis. Visitors to the Website can obtain and share information, and purchase items related to medical cannabis (collectively, the “Services”).
3. Types of Information Collected And How We Use It.
3.1 User Accounts. On the Website, you may be able to register and create a User Account. A User Account is stored information that we keep on individual Users that details their viewing preferences, activities, and interactions. When you decide to register a User Account, we ask for some basic contact information, such as a username, and your postal code and email address. We may also collect, and store a profile picture and other biographical information that you provide. You may review and edit your User Account information, or delete your User Account, at any time at which
You can browse the Services without creating a User Account. However, you may not be able to use certain functionality of the Services. For instance, in order to open a User Account, or purchase items through the Website, your name and email address will be required.
3.2 User Information. We do not collect any personally identifiable information without your consent. When you access the Website, create a User Account, or otherwise use the Services, we ask you for certain personally identifiable information that can be used to contact or identify you (herein called “User Information”). This User Information includes your name, email address, postal address, telephone number. We do not collect any financial or payment information as User Information.
All payment is processed and handled through third party payment processors; to complete a payment transaction, you will be required to leave the Website. You can elect to provide all or only some of the User Information requested and at any time, you may decide to remove some of the User Information that you previously provided. However, if you decline to provide any of the above information, you may not be able to register for, access, or otherwise use certain benefits of the Services, which are conditioned upon certain eligibility requirements, such as age.
3.3 Third Party Information. In the course of providing the Services, RxLeaf may also collect, process and store information you provide us about third parties (“Third Party Information”). Third Party Information includes the name, age, gender, face photos, email address, and postal address of third parties including patients and the relatives of patients, doctors and other Users of the Website. Collectively, User Information and Third Party Information will be referred to as “Personal Information”.
3.4 Obligation regarding Third Party Information. By accessing the Website or otherwise using the Services to submit User Content or Third Party Information, you assume all responsibility for maintaining and following appropriate privacy practices and policies in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and any other applicable provincial or territorial personal and/or health information privacy laws. These responsibilities include but are not limited to:
• obtaining any necessary consent for collection, use and disclosure of Third Party Information including disclosure of Third Party Information to RxLeaf as part of your use of the Services, and including consent to display photographs identifying an individual;
• verifying, amending or deleting Third Party Information at the Third Party’s request;
• obtaining any necessary consent for sending of commercial electronic messages to Third Parties.
3.5 Updating and Correcting Information. You may change any of your User Information or update Third Party Information directly through the Website, by sending us an email at email@example.com or writing to us at RxLeaf Incorporated, 246 Elmgrove Drive, Tecumseh ON N8N 3S3, Canada. Please indicate your name, address and email address, and what information you would like to update when you contact us.
4. Release of Personal Information.
4.1 Service Providers. To provide the Services, RxLeaf may employ certain trusted contractors and individuals (“Service Providers”) to facilitate our Services, to provide the Services on our behalf, to perform Services-related services (e.g., maintenance services, database management, analytics and improvement of the Services’ features, marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others) or to assist us in analyzing how our Services are used. However, we do not grant these entities any rights to use, and contractually restrict them from using, any Personal Information for any purpose other than facilitating the Services.
4.2 Release of Personal Information. We may share certain Personal Information with service providers such as our business partners and authorized agents in order to provide the Services. We provide these service providers with the minimum information required to complete the service or transaction and the service providers are not permitted to use this information for any purpose other than completing the requested service. Note that we do not collect or store payment information, nor do we process credit card or financial transactions. Account information, payment information and credit card holder data may be transferred, processed and stored outside Canada by the service providers you use to complete subscription or other payments and are subject to the privacy policies of these service providers.
4.4 No Release for Marketing Purposes. RxLeaf will not share, sell, rent, trade, or disclose Personal Information to any third parties for marketing or commercial purposes, unless you have granted us permission in writing to do so.
4.5 Release Required by Law. RxLeaf may collect and share Personal Information and any other information available to us in order to investigate, prevent or take action regarding illegal activities, or as otherwise required by law.
4.9 Registration with Outside Account. We may permit you to register for a User Account, download, or otherwise use the Services by logging in with an account you have established with certain third party sites (including, Facebook, LinkedIn, Google, and PayPal) (hereafter, the “Outside Account”). By logging in via the Outside Account, you are granting us the right to access, use and store (if applicable) information (including User Information) on the Outside Account you choose (and your privacy settings on that Outside Account). The information you make accessible via your Outside Accounts will be available to through your User Account.
5.1 Data Retention. We will retain Personal Information for as long as your User Account is active or as long as needed to provide you with the Services. If you wish to cancel your User Account or request that we no longer use your information to provide you any services, you may delete your User Account by contacting us at firstname.lastname@example.org. We may retain and use Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will endeavor to delete Personal Information as quickly as practicable upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist for a period after deletion. In addition, we do not delete from our servers files containing Non-Identifying Information that you have in common with other Users. Absent your request to delete your information, we will retain Personal Information for a minimum of one year. We will destroy or anonymize your Personal Information within three years after it is no longer required to provide the Services.
5.2 Information Security. The security of your information is very important to us. We use commercially reasonable security standards to protect the information collected and maintained through the Services and take appropriate measures to protect against any unauthorized access to Personal Information. We have put in place appropriate physical, managerial and technical procedures to safeguard and secure the information we store. Access to Personal Information stored on RxLeaf’s servers or servers operated by service providers on our behalf is restricted to authorized personnel, including RxLeaf employees and contractors employed to provide the Services. Any individuals having access to the information stored on such servers are bound by confidentiality agreements. However, no data transmission over the Internet is completely secure. As such, we cannot guarantee the security of any information you provide to us or guarantee that information may not be accessed, disclosed, altered, or destroyed by unauthorized persons.
5.3 Breach Notification. We will make any legally required disclosures of any breach or unauthorized disclosure that compromises the security, confidentiality, or integrity of Personal Information to you via email, through the Website, or other means without unreasonable delay, insofar as such notification is consistent with or required by (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system or (iii) any applicable breach notification requirements.
5.5 Our policy towards children’s information. We do not collect personally identifiable information from children under 13 without the consent of their parents or guardians. If a parent or guardian becomes aware that personally identifiable information of their children has been provided to us without the parents or guardians’ consent, they should contact us at email@example.com. If we become aware that Personal Information of children under 13 has been provided to us without parental or guardian consent, we will delete such information subject to and in compliance with applicable laws.
Privacy Compliance Officer
246 Elmgrove Drive
Tecumseh ON N8N 3S3