At MedBox Rx Pharmacy (“MedBox Rx”, as follows “we” or “us”) last updated this Privacy Policy (“Policy”) on September 1, 2023. We post the current version of the Policy at www.medboxpharmacy.ca/privacy-policy. We reserve the right to amend the Policy at any time to account for changes in the Applicable Law, our practices, and the MedBox Rx Platform. Please check to see if we have amended the Policy since you last used the MedBox Rx Platform to ensure you are aware, and agree to our current privacy practices.

We are proud to demonstrate our commitment to your privacy, by complying with the Applicable Law and regulations thereunder. This includes the Personal Information Protection and Electronic Document Act (“PIPEDA”), in addition to provincial health legislation. We believe that an important part of protecting privacy is to provide clear, and easily accessible details about how we handle User’s Information.

Definitions

“MedBox Rx Platform” - Collectively, the hardware, software, websites, content, products and services owned and/or operated by us to enable the provision of remote healthcare services to Users, among other purposes.

“Personal Information” - Collectively “Personal Information” (information about an identifiable User as defined by the Applicable Law) and “Personal Health Information” or “PHI” (information about a User’s health or healthcare as defined in the Applicable Law)

“User” - (as follows “you”, “your”) an individual registered to use the MedBox Rx Platform

“Authorized Healthcare Professional” - Collectively “Authorized Healthcare Professionals” (Physicians and Nurse Practitioners licensed to practise medicine in a province or territory of Canada)

“Authorized Non-Practitioner Professional” - Regulated health professionals other than Physicians and Nurse Practitioners licensed to practise in a province or territory of Canada

“Applicable Law” - Laws and regulations MedBox Rx, Authorized Healthcare Professionals, or Users are subject to 

“Content” - General information about health related topics posted on the MedBox Rx Platform, access to which is not the delivery of healthcare services. This does not replace, and cannot be relied upon as healthcare services

What is Personal Information?

Personal Information is any information identifiable to you. This information may include, but is not limited to your name, contact information, and information related to physical or mental health. This may include information that consists of your family health history, identification of a User to provide healthcare services, and MedBox Rx usernames and passwords. Personal information does not include your business name, business title, business address, or business telephone number in the capacity of an employee of an organization.

How do we collect Personal Information?

Personal information is collected in compliance with PIPEDA, in addition to other provisions under Applicable Law. This Information is collected to register Users, create a User account (“Account”), authenticate login credentials, and personalize your experience while using the MedBox Rx Platform. We may collect Personal Information from Users directly, and/or from third parties, where we (and/or the third party) have obtained your consent, or as otherwise permitted by law.

Where do we store User Personal Information?

Collected Personal Information is stored at the MedBox Rx offices, and/or our service provider’s data centres in Canada. 

The MedBox Rx Platform is not targeted to and is not intended for use by European Union (EU) residents located in the EU. EU residents may use the Platform if they are temporary or permanent residents in the province of Alberta, British Columbia, Manitoba, Newfoundland and Labrador, Nova Scotia, Ontario, Prince Edward Island, or Saskatchewan. By using the MedBox Rx Platform, you agree that Personal Information can be stored and processed in Canada. 

How do we use User Personal Information?

We identify the purposes for which we use User Personal Information at the time such Information is collected, in addition to obtaining User consent prior to such use. User Personal Information is generally used for the following purposes (the “Purposes”):

• To facilitate, administer, and determine eligibility for User access to the MedBox Rx Platform
• To track purchases through the MedBox Rx Platform to arrange refills and prescription renewals
• To facilitate communications with third-party service providers with whom we have a contractual relationship including, but not limited to Physicians, Nurse, Practitioners, and Pharmacists
• For billing, including private insurance details and provincial health numbers for insured services
• To advise Users about programs and services that may be of interest
• To collect comments and feedback regarding MedBox Rx’s operations
• To help us create, develop, evaluate, and improve the MedBox Rx Platform and Content

To investigate legal claims

For loss prevention, anti-fraud purposes, and to comply with regulatory and legal requirements

Such other purposes as may be permitted by law, for which MedBox Rx may obtain consent

When and to whom is User Personal Information shared?

Personal Information is shared with great care, following appropriate privacy standards. The circumstances in which this may occur include:

Transferring Personal Information to third party service providers assisting us with the Purposes, including but not limited to, Physicians, Nurse Practitioners, Pharmacists, in addition to telephone support or data storage and processing providers

Disclosure of Personal Information to a potential acquirer in connection with a transaction involving the sale of some or all of the business of MedBox Rx

On consent to disclose Information to an insurer 

Disclosure in the event of an emergency at the reasonable judgement of MedBox Rx or a third party service provider with whom we have a contractual relationship to emergency contacts, a public authority, an agent of public authority, or another party

When and how do we obtain consent?

Consent is obtained at that time Personal Information is collected, prior to the use or disclosure of this Information for any purpose. Consent can be provided orally, electronically, or in writing. The form of consent required, including whether it is expressed or implied, largely depends on the sensitivity of the Information, and reasonable User expectations in the circumstances. We may rely on a third party to obtain your consent to the sharing of Personal Information with us. You may withdraw consent by providing us with notice, expressly instructing that their personal health information not be used, or disclosed for healthcare purposes without consent.

How do we ensure the privacy of Personal Information when dealing with our affiliates and other third parties?

All MedBox Rx affiliates and other third parties engaged to perform services on our behalf and are provided with Personal Information are contractually required to observe the intent of this Policy and our privacy practices.

For additional details about MedBox Rx’s third party service providers, please see our list of sub-processors.

How long will we use, disclose, or retain User Personal Information?

Unless otherwise notified, your Personal Information will be retained on the MedBox Rx Platform at least until you (or MedBox Rx) close your account. We will use and disclose of Personal Information as long as necessary to fulfil the purposes for which this was collected, and as permitted or required by law.

How can Users review Personal Information that we have collected, used, or disclosed?

Users can make a written request to review any of their Personal Information that we have collected, used, or disclosed. We will provide you with any such Personal Information to the extent required by law, made available in a form that is generally understandable. Requests can be made by contacting privacy@MedBoxPharmacy.ca.

How can Users ensure the Personal Information we have is accurate?

We will ensure your Personal Information is kept as accurate and up-to-date as possible. We will not routinely update User Personal Information, unless such a process is necessary. We expect Users to supply us with updates to their Personal Information when required.

What if a User’s Personal Information is inaccurate?

User’s may update or otherwise correct Information, except Information an Authorized Healthcare Professional has viewed or created. To update or correct Information an Authorized Healthcare Professional has viewed, or request a correction to Information an Authorized Healthcare Professional has created, please contact us using the information below so your request can be appropriately directed.  Requests can be made by contacting patient@MedBoxPharmacy.ca.

How fast will we respond to User written requests?

We will attempt to respond to each User written request within 30 days of receipt. We will advise Users in writing if we cannot meet your request within this time limit. You have the right to make a complaint to the Privacy Commissioner of Canada, and/or the appropriate provincial privacy governing body. 

Are there any costs to a User requesting details about their Personal Information or our privacy practices?

We will not charge any costs for Users to access their Personal Information in our records, or to access our privacy practices without first providing Users with an estimate of appropriate costs, if any. Users may be requested to provide sufficient information to permit access to the existence, use, or disclosure of their Personal Information. Any such identifying information shall be used only for this purpose.

How do we verify a User requesting their Personal Information?

Users may be requested to provide sufficient information to permit access to the existence, use, or disclosure of their Personal Information. Any such identifying information shall be used only for this purpose.

Who is accountable for my Personal Information?

In most of the provinces in which MedBox Rx operates, MedBox Rx has overall responsibility for protecting the privacy of your Personal Information, including information collected in connection with the provision of health services through the MedBox Rx Platform (“Health Information”) by a healthcare provider, such as a physician or nurse practitioner.

In Alberta, your healthcare provider has overall responsibility for the privacy of your Health Information, and MedBox Rx assists the healthcare provider in meeting that responsibility. For greater clarity, in Alberta, MedBox Rx handles Health Information on behalf of healthcare providers, who are ‘custodians’ under Alberta’s Health Information Act (the “HIA”). Health Information is collected pursuant to section 20 (in conjunction with section 27(1)) of the HIA.

What safeguards have we implemented to protect User Personal Information?

We have implemented physical, organizational, contractual and technological security measures to protect User Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. Notwithstanding the safeguards we employ and our commitment to protecting Information, we cannot guarantee the security or error-free transmission or storage of Information. There are risks inherent in the use of electronic means to transmit and hold Information in electronic format. These risks can be minimized but not eliminated by the use of appropriate security measures, such as the measures MedBox Rx employs. These risks include interception, loss, corruption, unauthorised access to, use and disclosure of Information, and delay in the availability of Information.

The only employees or third party service providers who are granted access to your Personal Information (“Personnel”), are those with a business ‘need-to-know’ or whose duties reasonably require such information. We require Personnel to complete privacy and security training, and to commit to protecting information by complying with our policies, procedures, and Applicable Law.

We store your information in electronic format within North America, using computer systems with restricted access and housed in facilities using physical security measures.

Users are asked to take the following precautions to protect their privacy and Information:

Create, and periodically update a strong and unique password for your Account

Do not share your Account password with anyone. We will never ask Users for their password, so please do not provide it, and contact us if such a request is received

Log out of the your Account as soon as you are finished using it, especially on shared devices

Password-protect devices used to access your Account 

Cookies and De-identified Data

MedBox Rx may collect and use data created by de-identifying Information so that it no longer identifies a User (“Data”). MedBox Rx may use Data for monitoring the compliance of Users and Authorized Healthcare Professionals with MedBox Rx Platform Terms of Use, for making the MedBox Rx Platform more accessible and enhancing the experience for Users and Authorized Healthcare Professionals. We may also use or disclose Data for the purposes of product and marketing research. We will not use Data to re-identify Users or for any other purpose prohibited by Applicable Law. We will only de-identify Information in a manner that complies with Applicable Law.

The MedBox Rx Platform, email messages, and marketing materials use “cookies” and other technologies such as pixel tags and web beacons. We use these technologies to better understand the use of the MedBox Rx Platform, analyze trends, and administer, personalize and improve the experience of using the MedBox Rx Platform for Users and Authorized Healthcare Professionals. For more information about our use of cookies and your ability to accept or decline our use of cookies, please refer to our Cookie Policy.

Contact

Questions, concerns, complaints, or suggestions regarding our Privacy Policy can be directed to the MedBox Rx Pharmacy Privacy Officer, Tejal Chauhan, at privacy@MedBoxPharmacy.ca. 

For medical records access requests, please direct all inquiries to the records management team at compliance@MedBoxPharmacy.ca.

MedBox Rx Pharmacy

ATTN: Tejal Chauhan, MedBox Rx Pharmacy Privacy Officer
privacy@MedBoxPharmacy.ca
2880 Queen Street East Unit 5
Brampton, ON L6S 6E8

Privacy Legislation by Province

Alberta

Legislation:

Health Information Act 

Personal Information Protection Act

Complaints and/or concerns can be directed to:

Office of the Information and Privacy Commissioner of Alberta

British Columbia

Legislation:

Personal Information Protection Act

Complaints and/or concerns can be directed to:

Office of the Information and Privacy Commissioner for British Columbia

Manitoba

Legislation:

The Personal Health Information Act

Complaints and/or concerns can be directed to:

Manitoba Ombudsman Access and Privacy Division

Newfoundland and Labrador

Legislation:

Personal Health Information Act

Complaints and/or concerns can be directed to:

Office of the Information and Privacy Commissioner of Newfoundland and Labrador 

Nova Scotia

Legislation:

Personal Health Information Act

Complaints and/or concerns can be directed to:

Privacy and Access Office of Nova Scotia Department of Health and Wellness

Ontario

Legislation:

Personal Health Information Protection Act

Complaints and/or concerns can be directed to:

Information and Privacy Commissioner of Ontario

PEI

Legislation:

Health Information Act

Complaints and/or concerns can be directed to:

Information and Privacy Commissioner

Saskatchewan

Legislation:

Health Information Protection Act

Complaints and/or concerns can be directed to:

Office of the Saskatchewan Information and Privacy Commissioner