The Direct Meds Canada Inc ((“DirectMedsCA”, “we”, “us”) Privacy Policy (“Policy”) was last updated on October 29, 2024. The most up to date version of the policy is posted at https://ca.direct-meds.com/privacy.php. We reserve the right to revise the policy at any time to comply with applicable laws, our current practices and the DirectMedsCA platform.

At DirectMedsCA we want you to feel confident and protected by providing you with clear information about how we handle your Personal Information and Personal Health Information (“Information”).

DirectMedsCA is committed to your privacy by complying with applicable federal laws and regulations including the Personal Information Protection and Electronic Document Act (“PIPEDA”) and provincial health legislations.

Definitions

The words and phrases used in this policy have the same meaning as in DirectMedsCA’s Terms of Use.

“Authorized Healthcare Prescriber” means a physician or nurse practitioner registered to practice in a Province or Territory of Canada and is permitted to provide Healthcare Services and/or Informational Services through the DirectMedsCA Platform.

“Authorized Healthcare Professional” means a regulated health professional registered to practice in a Province or Territory of Canada and is permitted to provide Healthcare Services and/or Informational Services through the DirectMedsCA Platform.

“Applicable Law” means laws and regulations DirectMedsCA, Authorized Healthcare Prescribers, Authorized Healthcare Professionals and Users must abide by.

“Device” means a mobile or desktop device owned or controlled by a User and is used to access DirectMedsCA Services.

“Healthcare Services” means providing health care including the discussion of PHI by an Authorized Healthcare Prescriber or Authorized Healthcare Provider through the DirectMedsCA Platform.

“Informational Services” means offering general information about a disease or condition, and not patient specific health information. It is for educational purposes only and for clarity. It does not include a diagnosis, treatment or advice based on observation, examination or assessment of a particular patient.

“DirectMedsCA Platform” means the hardware, software, applications, websites, content, products and services owned and/or operated by Direct Meds Canada Inc., that enables Authorized Healthcare Prescribers and Authorized Healthcare Providers to deliver Healthcare Services and Informational Services to Users.

“Personal Health Information” (“PHI”) means information specific to an individual’s health or healthcare that is subject to Applicable Law and that is collected, created, compiled, used, disclosed or otherwise transmitted and/or stored on or by means of the DirectMedsCA Platform.

“User” (“you”, “your”) means an individual who has created and registered a DirectMedsCA User Account in accordance with our Terms of Use and is eligible to receive Healthcare Services and/or Informational Services through the DirectMedsCA Platform.

DirectMedsCA Corporation uses a number of safeguards to protect the privacy of Users and the confidentiality of their Information. When discussing Informational Services, PHI is not required, and we advise you not to submit this information in the course of accessing Informational Services.

After reviewing this policy, if you still have questions, contact our Chief Compliance Officer as indicated below.

What is Personal Information?

Personal Information is any information which identifies you. This could include, but is not limited to your name, contact information, and information related to your PHI. This could include information related to your family health history, identification of a User to provide healthcare services, and your DirectMedsCA username and password.

How is Personal Information collected by DirectMedsCA?

Personal Information is collected in compliance with PIPEDA, and other provisions under Applicable Law. Personal Information is collected to register Users, create User accounts (“Account”), authenticate login credentials, and personalize the User experience while using the DirectMedsCA Platform.

DirectMedsCA may collect Personal Information from Users directly, and/or from third parties, where we (and/or the third party) have obtained your consent, or as otherwise permitted by law.

DirectMedsCA will collect and use Information only as necessary to provide our services. This includes to develop, assess, and improve our services. We will only collect Personal Information if non-identifying information is not sufficient. We minimize our collection and use of Personal Information to what is needed for the purposes stated above. For example, we do not record the audio or video portions of interactions between Users and Authorized Health Care Practitioners and between Users and Authorized Health Care Providers through the DirectMedsCA Platform.

How do we use User Personal Information?

DirectMedsCA will obtain consent and use Personal Information only as necessary to provide our services, such as:

• To facilitate, administer, and confirm User eligibility to access DirectMedsCA services
• To provide services requested on your behalf (e.g. contact your pharmacy)
• To facilitate communications with applicable service providers in your jurisdiction with whom we have a contractual relationship including, but not limited to Physicians, Nurse Practitioners, and Pharmacists
• To track User purchases, arrange for refills and manage prescription renewals
• For billing purposes, including private insurance and provincially insured services
• To personalize Users experience while using the DirectMedsCA Platform, including updates and service announcements
• To obtain feedback regarding our operations and improve the services of DirectMedsCA
• To investigate legal claims
• For loss prevention, anti-fraud purposes, and to comply with regulatory and legal requirements
• Other purposes as permitted by law, and for which DirectMedsCA may obtain consent

When and to whom is User Personal Information shared?

DirectMedsCA Corporation uses several safeguards to protect the privacy of Users of the DirectMedsCA Platform and the confidentiality of their Information. Instances in which Information can be shared include:

• Transferring Personal Information to a provider of our services such as Physicians, Nurse Practitioners, Pharmacists, telephone support or data storage and processing providers
• In the event of an emergency at the reasonable judgment of DirectMedsCA or a third party service provider, disclose with whom we have a contractual relationship to emergency contacts, a public authority, an agent of public authority, or another party
• Disclosure of Information to an insurer with consent
• Disclosure of Personal Information to a potential acquirer in connection with a transaction involving the sale of some or all of the business of DirectMedsCA

When and how do we obtain consent?

Consent is obtained at that time Personal Information is collected, prior to the use or disclosure of this Information for any purpose. Consent can be provided electronically, in writing, or orally. The form of consent required, including whether it is expressed or implied, depends on the sensitivity of the Information, and reasonable User expectations in the circumstances. We may rely on a third party to obtain your consent to the sharing of Personal Information with us.

You may withdraw consent at any time by providing DirectMedsCA with notice in writing, expressly instructing that your personal health information not be used, or disclosed for healthcare purposes without consent.

Where do we store Personal Information?

We store your information in electronic format within Canada, using computer systems with restricted access and housed in facilities using physical security measures. More generally, we have in place appropriate physical, technological, and organizational safeguards to protect Information against loss, theft, and unauthorized access, use and disclosure.

How long will we use, disclose, or retain User Personal Information?

Unless we otherwise give you notice, we will retain your Information on the DirectMedsCA Platform on your behalf until such times as you or we terminate your User Account. On termination of your User Account, we will delete the Information associated with your User Account.

DirectMedsCA will use and disclose your Information as long as necessary to fulfil the purposes for which they were collected and as permitted by law.

How can Users review Personal Information that we have collected, used, or disclosed or correct inaccurate Personal Information?

You can access your Information to check that it is accurate, complete, and up to date by making a request to [email protected].

Users can update and correct any Information except Information an Authorized Healthcare Prescriber or Authorized Healthcare Provider has viewed or created. To correct Information that has been viewed or created during a Healthcare Services consultation making a request to [email protected].

Contact the Authorized Healthcare Prescriber or Authorized Healthcare Provider who provided the Healthcare Services to access or request the correction of Information in their notes on the DirectMedsCA Platform or that they hold in their medical records.

How fast will we respond to User written requests?

We will attempt to respond to each User written request within 30 days of receipt. We will advise Users in writing if we cannot meet your request within this time limit. You have the right to make a complaint to the Privacy Commissioner of Canada, and/or the appropriate provincial privacy governing body.

Is there a cost for User to request details about their Personal Information or our privacy practices?

DirectMedsCA will not charge any costs for Users to access their Personal Information in our records, or to access our privacy practices without first providing Users with an estimate of appropriate costs, if any. Users may be requested to provide sufficient information to permit access to the existence, use, or disclosure of their Personal Information. Any such identifying information shall be used only for this purpose.

Do you verify Users requesting their Personal Information?

Users could be requested to provide sufficient information to permit access to the existence, use, or disclosure of their Personal Information. Any such identifying information will be used only for this purpose.

Who is accountable for my Personal Information?

In most of the provinces in which DirectMedsCA operates, DirectMedsCA has overall responsibility for protecting the privacy of your Personal Information, including PHI collected in connection with the provision of health services through the DirectMedsCA Platform by a healthcare provider, such as a physician or nurse practitioner.

What safeguards are in place to protect User Personal Information?

DirectMedsCA takes the security of your information seriously. We have measures in place to protect User Personal Information. This includes including physical, organizational, contractual and technological safeguards to protect Information from loss or theft, unauthorized access, disclosure, copying, use or modification.

DirectMedsCA Personnel are obligated to protect Information by adhering to our policies, practices and Applicable Law.

Users play an important role in protecting your privacy and the confidentiality of your Information. You can do so by taking the following precautions:

• Create a strong and unique password for your User Account, using DirectMedsCA’s password strength estimator, and update it periodically.
• Do not share your User Account or password with anyone. We will never ask you for your password, including in any unsolicited communication such as letters, phone calls or email messages, so please contact us if you receive such a request.
• Log out of your User Account once you are finished using it, especially if you share your Device with anyone else.
• Have a strong and unique password on your Device, too.
• Choose a quiet, private location from which to receive services from Authorized Healthcare Prescriber or Authorized Healthcare Provider

Notwithstanding the safeguards we have and our commitment to protecting Information, we cannot guarantee the security or error-free transmission or storage of Information. There are risks inherent in the use of electronic means to transmit and hold Information in electronic format. These risks can be minimized but not eliminated using appropriate security measures, such as the measures DirectMedsCA employs. These risks include interception, loss, corruption, unauthorized access to, use and disclosure of Information, and delay in the availability of Information.

Cookies and De-identified Data

DirectMedsCA may collect and use data (information collected or compiled through the DirectMedsCA Platform) that no longer identifies a User. This data may be used for monitoring the compliance of Users and Authorized Personnel with the DirectMedsCA Platform Terms of Use, for making the DirectMedsCA Platform more accessible and enhancing the Users and Authorized Personnels experience. We may also use or disclose data for the purposes of product and marketing research. We will not use data to re-identify Users or for any other purpose prohibited by Applicable Law. We will only de-identify Information in a manner that complies with Applicable Law.

The DirectMedsCA Platform, email messages, and marketing materials use “cookies” and other technologies such as pixel tags and web beacons. We use these technologies to better understand the usage of the DirectMedsCA Platform, analyze trends, and administer, personalize and improve the experience of using the DirectMedsCA Platform for Users and Authorized Personnel.

You can refuse cookies by turning them off or blocking them in your Internet browser. If you decide to turn off or block cookies, the DirectMedsCA Platform might not function correctly. At times, we may use third parties such as ad exchanges and data companies to serve our advertisements on the DirectMedsCA Platform. These companies may also use cookies and other technologies to report certain information about your visits to the DirectMedsCA Platform and other websites (such as web pages you visit from and your response to ads on the DirectMedsCA Platform) in order to measure the effectiveness of our marketing campaigns and to deliver ads that are more relevant and tailored to you, both on and off our DirectMedsCA Platform. By using the DirectMedsCA Platform and not turning off cookies, you are consenting to their use for the purposes described in this Policy. To learn more about advertising on electronic sites and opting out of receiving ads, you can visit the Digital Advertising Alliance website at www.aboutads.info/choices/ or the Digital Advertising Alliance of Canada website at www.youradchoices.ca/choices.

It’s your choice:

The DirectMedsCA Platform offers you functionality and choices for protecting your privacy including:

• whether you want to use audio, chat, or video for interactions with Authorized Healthcare Prescribers or Authorized Healthcare Providers
• Withholding Information with the understanding that an Authorized Healthcare Prescriber or Authorized Healthcare Provider may be unable to provide you with Healthcare Services as a result. They will advise you of the implications of your choice
• any previous Information collected when seeking Informational services will not be accessible by Authorized Healthcare Prescriber or Authorized Healthcare Provider providing the services unless you specifically elect to provide access
• whether you would like to receive communications by email or SMS
• opting out of receiving non-essential communications by logging in to your User Account and updating your preferences. For clarity, service announcements including updates to our policies and Terms of Use and software are not considered non-essential communications

Contact

Please contact us directly at [email protected] for assistance with using the privacy functionality or with any questions about using the DirectMedsCA Platform.

You may contact us at any time to: stop receiving e-mails or other correspondence from us, seek assistance with viewing and correcting Information, and close your User Account.

If you have any questions, concerns or suggestions about our privacy practices, please contact our Chief Compliance Officer. Please include your name and contact information if you’d like us to respond to you - [email protected]