Privacy Policy

Version 1.0 – Revised: 2018-05-10

1. Overview

1.1 Who We Are. The websites, software, applications and/or plug-ins and associated services including the domains www.rxleaf.com, www.rc.rxleaf.com, and any other webpages, subdomains, variants that link or refer to this Privacy Policy (collectively, the “Website”) are owned and operated by RxLeaf Incorporated (“RxLeaf”).

The Website is a platform for educating physicians, patients and others about the therapeutic value of medical cannabis. Visitors to the Website can obtain and share information, and purchase items related to medical cannabis (collectively, the “Services”).

This Privacy Policy (the “Privacy Policy”) is to inform you of RxLeaf’s policies and procedures regarding the collection, use and disclosure of certain personally identifiable information in connection with providing individuals (“Users”) access to the Services

RxLeaf is committed to protecting the privacy of all personally identifiable information provided by Users in connection with their accessing or using the Services. By visiting the Website, or otherwise taking advantage of the Services in any form, you acknowledge that you have read, understood and agreed to be bound to all the terms of this Privacy Policy and the Terms of Use which can be found at https://www.rxleaf.com/pages/terms-of-use and which are hereby incorporated in their entirety. If you do not agree to the terms of this Privacy Policy, do not access or use the Services.

2. Exclusions

2.1 Personal Information Provided to Others. This Privacy Policy does not apply to any Personal Information that you provide to another User or visitor through the Services or through any other means, including information posted by you to any public areas of the Website.
3. Types of Information Collected And How We Use It.

3.1 User Accounts. On the Website, you may be able to register and create a User Account. A User Account is stored information that we keep on individual Users that details their viewing preferences, activities, and interactions. When you decide to register a User Account, we ask for some basic contact information, such as a username, and your postal code and email address. We may also collect, and store a profile picture and other biographical information that you provide. You may review and edit your User Account information, or delete your User Account, at any time at which

You can browse the Services without creating a User Account. However, you may not be able to use certain functionality of the Services. For instance, in order to open a User Account, or purchase items through the Website, your name and email address will be required.

3.2 User Information. We do not collect any personally identifiable information without your consent. When you access the Website, create a User Account, or otherwise use the Services, we ask you for certain personally identifiable information that can be used to contact or identify you (herein called “User Information”). This User Information includes your name, email address, postal address, telephone number. We do not collect any financial or payment information as User Information.

All payment is processed and handled through third party payment processors; to complete a payment transaction, you will be required to leave the Website. You can elect to provide all or only some of the User Information requested and at any time, you may decide to remove some of the User Information that you previously provided. However, if you decline to provide any of the above information, you may not be able to register for, access, or otherwise use certain benefits of the Services, which are conditioned upon certain eligibility requirements, such as age.

In addition to using your User Information to provide the Services, we may also use this information to troubleshoot, resolve disputes, accomplish administrative tasks, contact you, enforce our agreements with you, including this Privacy Policy, comply with applicable law, cooperate with law enforcement activities, and to prevent duplicate User Accounts from being created with the same information.

3.3 Third Party Information. In the course of providing the Services, RxLeaf may also collect, process and store information you provide us about third parties (“Third Party Information”). Third Party Information includes the name, age, gender, face photos, email address, and postal address of third parties including patients and the relatives of patients, doctors and other Users of the Website. Collectively, User Information and Third Party Information will be referred to as “Personal Information”.

3.4 Obligation regarding Third Party Information. By accessing the Website or otherwise using the Services to submit User Content or Third Party Information, you assume all responsibility for maintaining and following appropriate privacy practices and policies in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and any other applicable provincial or territorial personal and/or health information privacy laws. These responsibilities include but are not limited to:
• obtaining any necessary consent for collection, use and disclosure of Third Party Information including disclosure of Third Party Information to RxLeaf as part of your use of the Services, and including consent to display photographs identifying an individual;
• verifying, amending or deleting Third Party Information at the Third Party’s request;
• notifying Third Parties of changes to any applicable privacy practices and policies including changes which result from changes to this Privacy Policy; and
• obtaining any necessary consent for sending of commercial electronic messages to Third Parties.

3.5 Updating and Correcting Information. You may change any of your User Information or update Third Party Information directly through the Website, by sending us an email at askme@rxleaf.com or writing to us at RxLeaf Incorporated, 246 Elmgrove Drive, Tecumseh ON N8N 3S3, Canada. Please indicate your name, address and email address, and what information you would like to update when you contact us.

3.6 Log Data. When you use the Services, our servers may automatically record information of the sort that web browsers and servers typically make available, such as browser type, language preference, referring site, and the date and time of each visitor/customer request through Cookies, Pixel Tags, Local Shared Objects, Web Storage and other similar technologies (herein called “Log Data”). This Log Data may include information such as browser, mobile device type, Internet Protocol (“IP Address”), information you search for on our Services, access times and dates, metadata concerning the files you upload, unique device identifier, approximate geographic location, time zone, and other statistics and information. In the case of potentially personally-identifying information like IP Addresses, RxLeaf does not use such information to identify its Users and does not disclose such information, other than under the same circumstances that it uses and discloses Personal Information, as described in this Privacy Policy

3.7 Cookies. A cookie is a string of information that a website stores on a visitor/customer’s computer, and that the visitor/customer’s browser provides to the website each time the visitor/customer returns. Cookies help us identify and track visitors, their usage of the Website, their Website access preferences, and to better understand how visitors use the Website. Users who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before accessing the Website, with the drawback that certain features of the Website may not function properly without the cookies. By continuing to use the Website, you are giving consent to our use of cookies.

3.8 Aggregate Information and Non-Identifying Information. Non-Identifying Information is information that does not identify a specific user. This type of information may include occupation, language, and other statistics. We may disclose aggregated information that does not include Personal Information and we may disclose Non-Identifying Information and Log Data to third parties for industry analysis, demographic profiling, analytics, or research. Any information or Log Data shared in these contexts will not contain Personal Information. The limitations and requirements in this Privacy Policy concerning Personal Information do not apply to Non-Identifying Information.

4. Release of Personal Information.

4.1 Service Providers. To provide the Services, RxLeaf may employ certain trusted contractors and individuals (“Service Providers”) to facilitate our Services, to provide the Services on our behalf, to perform Services-related services (e.g., maintenance services, database management, analytics and improvement of the Services’ features, marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others) or to assist us in analyzing how our Services are used. However, we do not grant these entities any rights to use, and contractually restrict them from using, any Personal Information for any purpose other than facilitating the Services.

4.2 Release of Personal Information. We may share certain Personal Information with service providers such as our business partners and authorized agents in order to provide the Services. We provide these service providers with the minimum information required to complete the service or transaction and the service providers are not permitted to use this information for any purpose other than completing the requested service. Note that we do not collect or store payment information, nor do we process credit card or financial transactions. Account information, payment information and credit card holder data may be transferred, processed and stored outside Canada by the service providers you use to complete subscription or other payments and are subject to the privacy policies of these service providers.

4.3 Third Party Links. This Privacy Policy applies only to the Services including those provided through the Website. The Website may contain links to other websites not operated or controlled by us. The policies and procedures we describe here do not apply to these websites. The links from the Services do not imply that we endorse or have reviewed these websites. We suggest contacting those sites directly for information on their privacy policies.

4.4 No Release for Marketing Purposes. RxLeaf will not share, sell, rent, trade, or disclose Personal Information to any third parties for marketing or commercial purposes, unless you have granted us permission in writing to do so.

4.5 Release Required by Law. RxLeaf may collect and share Personal Information and any other information available to us in order to investigate, prevent or take action regarding illegal activities, or as otherwise required by law.

4.6 Business Transfer. RxLeaf may sell, divest, transfer, assign, share or otherwise engage in a transaction that involves, some or all of our assets, including any or all of the information described in this Privacy Policy, in the course of a corporate divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding. In such event, Personal Information obtained and maintained by RxLeaf, may be transferred to a successor entity or affiliate.

4.7 RxLeaf may share Personal Information to meet its obligations in connection with any sale or transfer of RxLeaf’s business. Personal Information submitted prior to any such transfer would remain subject to the terms of this Privacy Policy. However, Personal Information submitted after a transfer may be subject to a new privacy policy adopted by the successor entity.

4.8 Parent Companies, Subsidiaries and Affiliates. We may also share Personal Information with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies, subsidiaries and affiliates will be bound to maintain that Personal Information in accordance with this Privacy Policy

4.9 Registration with Outside Account. We may permit you to register for a User Account, download, or otherwise use the Services by logging in with an account you have established with certain third party sites (including, Facebook, LinkedIn, Google, and PayPal) (hereafter, the “Outside Account”). By logging in via the Outside Account, you are granting us the right to access, use and store (if applicable) information (including User Information) on the Outside Account you choose (and your privacy settings on that Outside Account). The information you make accessible via your Outside Accounts will be available to through your User Account.

5. Miscellaneous

5.1 Data Retention. We will retain Personal Information for as long as your User Account is active or as long as needed to provide you with the Services. If you wish to cancel your User Account or request that we no longer use your information to provide you any services, you may delete your User Account by contacting us at askme@rxleaf.com. We may retain and use Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will endeavor to delete Personal Information as quickly as practicable upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist for a period after deletion. In addition, we do not delete from our servers files containing Non-Identifying Information that you have in common with other Users. Absent your request to delete your information, we will retain Personal Information for a minimum of one year. We will destroy or anonymize your Personal Information within three years after it is no longer required to provide the Services.

5.2 Information Security. The security of your information is very important to us. We use commercially reasonable security standards to protect the information collected and maintained through the Services and take appropriate measures to protect against any unauthorized access to Personal Information. We have put in place appropriate physical, managerial and technical procedures to safeguard and secure the information we store. Access to Personal Information stored on RxLeaf’s servers or servers operated by service providers on our behalf is restricted to authorized personnel, including RxLeaf employees and contractors employed to provide the Services. Any individuals having access to the information stored on such servers are bound by confidentiality agreements. However, no data transmission over the Internet is completely secure. As such, we cannot guarantee the security of any information you provide to us or guarantee that information may not be accessed, disclosed, altered, or destroyed by unauthorized persons.

5.3 Breach Notification. We will make any legally required disclosures of any breach or unauthorized disclosure that compromises the security, confidentiality, or integrity of Personal Information to you via email, through the Website, or other means without unreasonable delay, insofar as such notification is consistent with or required by (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system or (iii) any applicable breach notification requirements.

5.4 International Transfer. Personal Information may be transferred to and maintained on computers located outside your state, province, country or other governmental jurisdiction where the information may be subject to different laws regarding foreign government’s access to that information. RxLeaf may transfer and process the information within Canada. RxLeaf may subsequently transfer and store Personal Information outside Canada. Any transfer of personal information to or from Canada will be done in accordance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and any other applicable laws. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

5.5 Our policy towards children’s information. We do not collect personally identifiable information from children under 13 without the consent of their parents or guardians. If a parent or guardian becomes aware that personally identifiable information of their children has been provided to us without the parents or guardians’ consent, they should contact us at askme@rxleaf.com. If we become aware that Personal Information of children under 13 has been provided to us without parental or guardian consent, we will delete such information subject to and in compliance with applicable laws.

5.6 Modifications to our Privacy Policy. This Privacy Policy may be modified from time to time at our sole discretion. We will notify you of any changes by posting a new Privacy Policy and corresponding “last modified” date. If we make a change to this Privacy Policy that we believe materially affects our collection, use and disclosure of Personal Information we will provide you with direct notice (for example, by email). We may provide notice of changes in other circumstances as well. By continuing to use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

5.7 How to Contact us. If you have any questions about this Privacy Policy, about our compliance with applicable privacy laws, would like access to or wish to correct your personal information, please contact our privacy compliance officer as provided below:
Privacy Compliance Officer
RxLeaf Incorporated
246 Elmgrove Drive
Tecumseh ON N8N 3S3
Canada
askme@rxleaf.com