Privacy Policy

Home
/
Privacy Policy

1. Introduction

ShopDrugs (“we,” “us,” “our”) respects your privacy and is committed to safeguarding your personal information. We provide a platform that includes our public website, patient portal application, pharmacy management application, and related online and mobile services (collectively, the “Services”). Through these Services, you can:

  • Upload prescriptions and request medication refills
  • Communicate with pharmacists and healthcare professionals
  • Manage your medication history and delivery preferences
  • Access an e-commerce store to purchase health and wellness products
  • Receive health-related updates, promotional offers, and other communications

This Privacy Policy (“Policy”) outlines how we collect, use, disclose, store, and protect your personal information, including personal health information, in compliance with Canadian federal and provincial privacy laws, as applicable.

By using our Services, or by clicking “Sign Up,” “Log In,” “Submit,” or similar buttons, you acknowledge that you have read and understood this Policy and consent to our handling of your personal information as described herein. If you do not agree with this Policy, please discontinue use of our online and offline Services.

2. Scope of This Policy

  1. Online and Offline Interactions
    This Policy primarily applies to personal information collected through our website, mobile applications, and other online components of our Services. However, we may also collect personal information through offline methods (e.g., in-person, over the phone, or via paper forms). Where practical and unless otherwise indicated, the same privacy standards set out in this Policy also apply to offline data collection. In cases where different policies or procedures apply to offline data, we will make reasonable efforts to inform you at the point of collection.
  2. Users Covered
    This Policy applies to all users of the Services, including patients, authorized healthcare professionals, pharmacy staff, patient representatives, and visitors. It governs all personal information collected, used, or disclosed through our website, mobile applications, and any associated platforms.
  3. External Sites
    Our Services may contain links to third-party websites or resources that we do not control or operate (“Linked Sites”). This Policy does not apply to Linked Sites. We recommend reviewing the privacy policies of any Linked Sites before providing them with personal information.

3. Definitions

  • Personal Information: Any information about an identifiable individual, including name, address, date of birth, contact details, prescription history, and health information.
  • Personal Health Information (PHI): Includes prescription details, health card numbers, medical history, and other information related to healthcare services.
  • Authorized Health Professionals: Pharmacists, pharmacy technicians, and other licensed healthcare providers who access the Platform to provide services.
  • Users: Individuals who use the Services, including patients, healthcare providers, and visitors.
  • Patient Representative: A person authorized to act on a patient’s behalf to manage that patient’s prescriptions, communicate with us regarding the patient’s health information, or otherwise utilize our Services on behalf of the patient (including parents/guardians of minors).

4. Consent and Account Creation

By creating an account or submitting prescription requests through our Services (online or offline), you consent to the collection, use, and disclosure of your personal information as described in this Policy.

  • Essential Communications: Certain transactional communications—such as account verification codes, prescription updates, or order confirmations—are essential to the Services and will be sent by default. You cannot unsubscribe from these without impacting your ability to use the Services.
  • Patient Representatives: If you are acting as a Patient Representative, you confirm that you have the legal authority to act on behalf of the patient and to disclose the patient’s personal information. By using the Services as a Patient Representative, you acknowledge and agree to the collection and use of that patient’s personal information under this Policy.

5. Information We Collect

We only collect the personal information necessary to provide and improve our Services and to meet our legal and regulatory obligations. The information we may collect includes:

  1. Registration Information
    • Name, address, email address, phone number, date of birth, gender (if needed), and other contact details.
  2. Health and Prescription Information
    • Provincial health card number, prescription details, prescribing practitioner information, medication history, allergies, insurance details, and any other health data you provide.
    • If you are a Patient Representative, we may also collect and store your name, date of birth, and contact details to verify your authority to act on the patient’s behalf.
  3. Authentication Details
    • Login credentials (phone number, email address), verification codes, and in the future, login via third-party accounts (e.g., Google, Apple) to streamline your authentication process. We may receive your name and email address from these third-party login providers, subject to your privacy settings with them.
  4. Transaction and Payment Information
    • Payment card details (secured through tokenization) or otherwise handled by a third-party payment processor. We do not store full card data on our own servers.
    • Billing and shipping addresses, order history, and related information for purchases made through our e-commerce store.
  5. Technical and Usage Data
    • IP addresses, device identifiers, browser type, access times, pages visited, cookies or similar technologies for analytics, error tracking, and service improvement.
  6. Communications
    • Information you provide when contacting customer support, responding to surveys, communicating with pharmacists or customer service representatives, or using in-Service chat or messaging features.
  7. Offline Information
    • Information collected in person at a pharmacy location, via telephone, or through paper forms. Where applicable, such information is protected under this Policy unless otherwise stated at the point of collection.

6. Login Methods and Future Integrations

Currently, you can log in using:

  • Phone Number: A verification code is sent to your mobile device.
  • Email Address: A verification code is sent to your email.

In the future, we may offer login via third-party services (e.g., Google, Apple). By using these login methods, you consent to our receiving certain personal information (such as your name and email address) from the third party, subject to your settings and the third party’s privacy policies. We do not share your login credentials with any third parties beyond what is necessary to enable the login functionality.

7. Communications and Notification Preferences

By default, when you sign up, request prescriptions, or otherwise interact with our Services, you are automatically subscribed to receive communications via text (SMS) and email in three categories:

  1. Transactional/Important Messages
    • Verification codes for login, order confirmations, prescription readiness notifications, account-related alerts. These are necessary for providing the Services and cannot generally be unsubscribed from without affecting your use of the Services.
  2. Medical/Health Campaigns
    • Updates on vaccination drives, health-related awareness campaigns, check-up drives, and similar healthcare initiatives.
  3. Promotional Offers and Discounts
    • Information about special offers, discounts, loyalty programs, and other promotional deals.

You may choose to unsubscribe or adjust preferences for Medical/Health Campaign messages and Promotional Offers at any time by following the instructions provided in these communications or by contacting our customer support.

Push Notifications: If you have our mobile application, we may send push notifications for prescription updates, important alerts, or promotional messages. You can typically disable these through your device settings if you do not wish to receive them.

8. Use of Personal Information

We use your personal information to:

  1. Provide and Deliver Services
    • Including prescription fulfillment, e-commerce transactions, appointment scheduling, and user support.
  2. Facilitate Secure Authentication and Account Management
    • To verify your identity, secure your account, and prevent unauthorized access.
  3. Communicate Updates
    • Regarding prescriptions, orders, account activities, healthcare notifications, or essential operational announcements.
  4. Personalize Your Experience
    • Tailor content, features, and Services to improve usability.
  5. Comply with Legal and Regulatory Requirements
    • Including pharmacy practice regulations, professional standards, and mandatory reporting obligations.
  6. Monitor and Improve Our Services
    • Through analytics and aggregated data insights.
  7. Detect, Investigate, and Prevent Security Threats
    • Address fraudulent activities or unauthorized access attempts.
  8. Marketing and Health Campaigns
    • If you have not opted out, we may use contact details and non-sensitive preferences to send promotional or health awareness information.
  9. Sharing with Provincial Systems
    • Where required by law (e.g., PharmaNet in BC or equivalent systems in other provinces), we may share prescription or health information to fulfill legal obligations.

9. Disclosure of Personal Information

We do not sell, rent, or trade your personal information. We may disclose it only under limited circumstances:

  1. Healthcare Providers and Staff
    • Pharmacists and authorized staff who need access to fulfill prescriptions and provide healthcare services.
  2. Service Providers
    • Third-party vendors who assist with operations such as payment processing, delivery services, data hosting, communications support, and analytics. These providers must protect your personal information and use it only for authorized purposes.
  3. Legal and Regulatory Requirements
    • To comply with laws, regulatory bodies, subpoenas, or court orders; to protect our rights, interests, or property; or to ensure public safety.
  4. Business Transactions
    • In the event of a merger, acquisition, restructuring, or sale of assets, personal information may be transferred to the acquiring entity under confidentiality obligations and in accordance with applicable law.
  5. Provincial Health Systems
    • Where required by applicable law, we may share prescription and health information with provincial health networks (e.g., PharmaNet in British Columbia or equivalent systems in other jurisdictions).

10. No Third-Party Advertising

We do not host or display third-party advertisements (e.g., Google AdWords) that collect your personal information for advertising purposes. Any marketing communications we send are based solely on our own products, services, promotions, and health campaigns.

  • Limited Analytics or Retargeting: While we currently do not engage in third-party retargeting, we may use aggregated or anonymized usage data with analytics providers to help improve our Services. If we begin any retargeting or tailored advertising practices in the future, we will update this Policy and provide appropriate opt-out mechanisms.

11. E-Commerce Store

We offer an e-commerce store where you can purchase health-related and wellness products. We collect and use your personal information to:

  • Process orders and manage payments.
  • Arrange for shipping and delivery.
  • Handle returns, refunds, and customer support inquiries.
  • Improve product offerings and user experience.

Payment Processor: We rely on a third-party payment processor to handle your payment card details securely (through tokenization or other methods). We do not store your full credit card information. By making a purchase, you agree to the payment processor’s terms and privacy practices. If requested, we can provide you with the payment processor’s privacy policy link.

12. Security and Storage of Personal Information

We use reasonable safeguards—technical, administrative, and physical measures—to protect your personal information against loss, theft, unauthorized access, disclosure, copying, or modification. Our servers may be located in Canada or other jurisdictions that ensure a comparable level of data protection.

  1. No Method is 100% Secure
    Despite our efforts, no method of electronic transmission or storage is completely secure. In the event of a breach that poses a risk of significant harm, we will notify affected individuals and relevant authorities as required by law.
  2. Account Security
    You are responsible for maintaining the confidentiality of your account credentials (passwords, verification codes, etc.). If you believe your account is compromised, please contact us immediately. We cannot be held liable for unauthorized activities in your account if you fail to keep your login credentials secure.

13. Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Policy, to comply with legal and regulatory requirements, and as needed for recordkeeping, audits, or dispute resolution. Once no longer required, personal information is securely destroyed or anonymized.

14. Accessing, Correcting, and Deleting Your Information

You may request access to, correction of, or deletion of your personal information by contacting us at the details provided below. We will verify your identity before fulfilling such requests and will inform you of any consequences, such as loss of service functionality. Certain records, especially those related to pharmacy records and healthcare services, may be required by law to be retained for a specific period.

15. Withdrawal of Consent

You may withdraw your consent to our collection, use, or disclosure of your personal information at any time by contacting us. Please note that withdrawing consent may limit our ability to provide certain Services.

16. Children’s Privacy

Our Services are intended for use by adults. If a parent or guardian assists a minor in accessing our Services, they consent to the collection and use of that minor’s personal information. We do not knowingly collect information from individuals under the age of majority without appropriate parental or guardian consent.

  • Patient Representative for a Minor: If you are the parent or legal guardian of a minor who uses our Services, you may be required to provide personal information about the minor. By doing so, you represent and warrant that you have the right to provide such information.

17. Cookies and Analytics

We may use cookies, web beacons, and similar technologies to:

  • Improve user experience
  • Track usage patterns
  • Conduct analytics
  • Store certain preferences

You can configure your browser to refuse cookies, but doing so may affect certain functionalities of the Services. We use analytics tools to help us understand how users interact with our Services and to improve performance.

Do Not Track (DNT): Some browsers allow users to send “Do Not Track” signals. Currently, there is no universally accepted standard for how to respond to these signals, and we do not alter our data collection or use practices when we detect such a signal.

18. Future Updates

We may add new features or services, such as login via Google or Apple accounts, without materially changing how we handle personal information. We will update this Policy if our privacy practices materially change and will notify you of any significant changes before they take effect.

19. Acceptance of Terms and Changes to This Privacy Policy

By using our Services (including accessing our website, mobile applications, or offline interactions), you indicate that you have read and agree to this Policy. We reserve the right to modify this Policy at any time. Material changes will be communicated through a prominent notice on our website, via email, or both. The “Effective Date” at the top of this Policy will always indicate when it was last updated. Your continued use of the Services after such changes constitutes acceptance of the revised Policy. If you do not agree to the revised terms, please discontinue use of our Services.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

InsertContactEmailInsert Contact EmailInsertContactEmail
InsertPhysicalAddressInsert Physical AddressInsertPhysicalAddress
InsertPhoneNumberInsert Phone NumberInsertPhoneNumber

21. Public Forums and User-Generated Content (UGC)

If our Services include any forum, blog, comment section, or publicly-accessible discussion platform, please be aware that any information you submit in these areas becomes public information. We cannot control the actions of other users or third parties who may view or collect this information. You should exercise caution when deciding to disclose personal information in these public areas.

22. Governing Law

This Policy and any related disputes are governed by the laws of the province in which we operate and the federal laws of Canada applicable therein, without regard to conflict-of-law provisions. By using the Services, you agree to submit to the exclusive jurisdiction of the courts in that province for any disputes arising from or related to this Policy or your use of the Services.

23. International Data Transfers

Although our servers are primarily located in Canada, some of our third-party service providers may store or process data in other jurisdictions. When that happens, your personal information may be subject to foreign laws and accessible to foreign governments, courts, or law enforcement in those jurisdictions. We strive to work with providers that ensure a comparable level of data protection as required under Canadian law. By using our Services, you consent to these transfers where permitted by applicable law.

24. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us.

Effective date: 23 Dec 2024

Scroll to Top