Effective Date: August 23, 2021
This Policy describes how we collect, use, disclose, manage and protect the Personal Information (as defined below) of our clients, members, customers and Website users (“you”, “user” or “users”), the types of information we may collect from you or that you may provide when you visit Heritage websites (“Website”) or use the related services, including any regulated services, (collectively referred to as the “Services”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
For greater certainty, “Website” includes: https://heritagecann.com; https://opticann.ca; but does not include third party websites, plug-ins, services, social networks, or applications, whether or not you accessed such websites, plug-ins, services, social networks or applications, by clicking on links made available on the Website.
By providing us with your Personal Information you agree to our collection, use and disclosure of your Personal Information in accordance with this Policy. This Policy forms part of the Website Terms & Conditions should be read in conjunction with the terms and conditions (the “Terms”). You should not use the Services unless you fully understand and agree to the Terms and the Policy. By accessing or using the Services you are agreeing both the Terms and to the terms of this Policy.
In general, you can visit our Website without telling us who you are or revealing any Personal Information about yourself. There are times, however, when we may need information from you. In certain cases your refusal to provide necessary Personal Information may impact your ability to interact with us or register as a client of Heritage.
The term “personal information” as used in this Policy has the same meaning as set out in Canada’s federal Personal Information Protection and Electronic Documents Act (S.C. 2000, c .5) (“PIPEDA”), which means any information about an identifiable individual, including contact information, name, address, phone number or email address, gender, date of birth, and any data about yourself that you choose to provide electronically through our Website or otherwise, i.e. through the Heritage Registration Application Form.
The term “personal health information” as used in this Policy has the same meaning as set out in Ontario’s Personal Health Information Protection Act, 2004 (S.O. 2004, c. 3) (“PHIPA”), and includes information relating to your physical and mental health, as well as your health history, medical records, prescriptions and your health card number.
In this Policy, the term “Personal Information” also encompasses personal health information as appropriate.
Any data that has been collected in which all personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered Personal Information or personal health information. This type of anonymized information may be used by Heritage for research purposes.
We may collect, use or disclose your Personal Information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements. Heritage will collect, use and disclose your Personal Information without your consent only in limited circumstances as permitted or required by law. In certain limited circumstances, we may be called upon to release your Personal Information in response to a court order, subpoena, search warrant, law or regulation. We will cooperate in responding to such requests, taking appropriate measures to ensure that the requester understands the sensitive nature of the Personal Information that they may receive.
This Policy may be amended or otherwise changed from time to time and at any time, without notice.
Such changes shall be effective as when posted on the Website. If you do not agree with any change or any new terms, in whole or in part, you must stop using or accessing the Services. Your continued access or use of the Services after any such change is posted on the Website will constitute your acceptance of the change.
We will make reasonable efforts to provide notice to you in advance of any material changes to this Policy and obtain your consent to any new ways that we collect, use, and disclose your Personal Information. What constitutes a material change will be determined at our sole discretion.
Our Commitment to You
Canada (the “OPC”) on December 2018, titled, “Protecting Personal Information: Cannabis transactions”.
In order to provide you with products and services, as well as to remain compliant with applicable laws and regulations, we will need to know some of your Personal Information.
You have the right to know how we collect, use and disclose your Personal Information and to access or correct that information if it is inaccurate.
“Personal Information” means information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. Personal Information does not include Business Contact Information.
“Business Contact Information” means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number. Business Contact Information is not covered by this Policy or PIPEDA.
“Privacy Officer” means the individual designated responsibility for ensuring that Heritage complies with this Policy and PIPEDA.
SCOPE OF THIS POLICY
This Policy applies to Heritage as well as any service providers collecting, using or disclosing Personal Information on behalf of Heritage.
This Policy applies to information we collect, use, or disclose about our clients and users:
- on the Website;
- through the access or use of the Services; and
- when you interact with our advertising and applications on third-party websites and services if those applications or advertising include links to this Policy.
How We Collect and Use Your Information
From time to time, we may collect and use your Personal Information in a lawful manner and only when it is reasonably necessary to do so for the provision of requested services, products, or information or as may be required or permitted by applicable laws and regulations.
Personal Information is generally provided voluntarily by an individual in association with the Services, the purchasing of products, or sharing information on the Website. However, information relevant to the requested services may also be obtained from authorized representatives and/or appropriate regulatory bodies.
Unless the purposes for collecting Personal Information are obvious or you voluntarily provide your Personal Information for those purposes, we will communicate the purposes for which Personal Information is being collected, either orally or in writing, before or at the time of collection. The collected Personal Information will be used only for the stated purpose, a requisite ancillary purpose, or for such other purposes to which you may later consent.
PARTIES WE COLLECT INFORMATION FROM
We currently collect information from the users of our Website and the Services.
REGARDING CHILDREN AND MINORS
The Services are not intended for children and any use or access of the Services by a minor (as determined by local law) will constitute a violation of the Terms. If we become aware that we have inadvertently received or collected Personal Information pertaining to a minor, in the country or jurisdiction where the child is located, we will delete such information from our records.
Personal Information Posted by Individual Users
From time to time, we may offer interactive services which allow you to share information with other users through the Services. These features may permit you to publish Personal Information about yourself or about another individual. By submitting such information, you represent:
- that you consent to the collection, retention, and public disclosure of this information by Heritage; and
- that you have obtained the same consent from any other individual whose Personal Information is being posted, as applicable.
We do not monitor or moderate information submitted or posted by users and accept no responsibility or liability for any content, including, and without limitation, Personal Information, posted in this way.
If you believe that your Personal Information has been posted by a third party without consent, you should contact our Privacy Officer at firstname.lastname@example.org so that the complaint may be investigated and the content removed if it is appropriate to do so.
INFORMATION WE COLLECT ABOUT YOU
We may collect and use several types of information from and/or about you for the purpose of registering you as a client of Heritage, providing information and services to you as a Heritage client, and for purposes relating to billing and administration, such as:
- Personal Information, that we can reasonably use to directly or indirectly identify you, such as your name and contact information, including address, email address, telephone number, username or other similar identifier, that you provide through the forms you fill out during account creation;
- information that is not Personal Information, such as information collected automatically when you visit our Website, including information about the device with which you logged into our Website, your web browser, your IP address, time zone, cookies installed on your device, and information on the search terms that referred you to the Services;
- your date of birth and gender;
- insurance coverage and payment information, if applicable;
- payment information, including your credit card information;
- information concerning the products or services you inquire about or purchase from us or may receive from you; and
- Other information as required to maintain our business relationship with you, such as information related to your preferences, feedback and information requested by or provided to you.
Heritage may also collect market-related information, which may include Personal Information, for the purpose of evaluating market trends and other activities relating to our business. To provide you with timely, valuable information, we may also ask you to provide us with information regarding your professional interests and experiences with our products or services. Providing us with this information is optional. We may also collect information related to our media, investor and public relations activities, and information related to our interactions with financial and other advisors.
From time to time, we may utilize the services of third parties and may receive Personal Information collected by those third parties in the course of the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your Personal Information to us.
HOW WE MAY USE YOUR INFORMATION
Without limiting the generality of any of the foregoing, we may collect and use your Personal Information as follows:
- If at any time you register for an account for the access or use of any of the Services, including the Website, we will collect and retain your Personal Information, such as your name and contact information. We will use this information to confirm your registration status and to maintain your account.
- In order to provide certain services to you we may be required by applicable laws and regulations to collect certain Personal Information about you, including your health care information.
- When you purchase a product or service, Personal Information, including credit card or other financial information, is collected about you. We will use this information as reasonably necessary to process the transaction.
- From time to time, we may obtain your consent to use your contact information to provide newsletters, alerts, bulletins, or other similar communications.
- We will also retain and may use Personal Information voluntarily provided by you for another purpose to develop and improve our product, services and offerings.
- From time to time, we may offer interactive services which allow you to share information with other users of the Services, such as message boards, user reviews, or other similar functions. We will collect and use any Personal Information obtained through such means in accordance with the terms hereof.
- We may collect demographic and profile data in connection with the Services and may use such data to tailor your experience with the Services and to display the Website content according to your preferences.
- We will use and/or disclose Personal Information in order to comply with the requirements of applicable laws and regulations.
- We may use and/or disclose Personal Information in order to carry out various functions with and for you in order that you may take advantage of the Services.
- We may use and/or disclose Personal Information in order to establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.
How We Obtain Your Consent
Consent for the collection, use, and disclosure of Personal Information may be express or implied, physical or electronic, given in writing, orally, or by toggling a check-off box, or by inference from your conduct, such as, without limitation, by your access or use of the Services.
Refusing to Give Your Consent
You may refuse to consent to the collection, use or disclosure of your Personal Information, or withdraw your consent to the collection, use or disclosure of Personal Information at any time by giving us reasonable notice. Your refusal or withdrawal of consent may result in the limitation or termination of our ability to provide you access to the Services, or any associated products, at Heritage’s sole discretion.
Disclosure of Your Personal Information
It may be necessary for us to disclose Personal Information to certain third party agents or service providers in carrying out requested services or as necessary for completing the otherwise permitted uses of Personal Information. Personal Information may also be provided to our professional advisors in connection with their business operations. In any such case, we shall ensure that any such parties accessing your Personal Information have appropriate safeguards in place to reasonably ensure the protection of your Personal Information.
It may also be necessary for us to disclose your Personal Information to law enforcement officials, regulatory bodies, or government agencies for the purposes of investigating or preventing drug, fraud, or other offences as may be required or permitted by applicable laws and regulations.
We may also disclose your Personal Information to establish or exercise our legal rights or defend against legal claims or in connection with an emergency that warrants use or disclosure of the information.
We shall not otherwise disclose Personal Information to third parties for commercial or other reasons, except as otherwise stated in this Policy or as may be specifically required in order to comply with applicable laws and regulations.
Except as may be specifically provided in this Policy, we will obtain your consent prior to disclosing any Personal Information or otherwise using Personal Information for purposes other than those for which it was explicitly or implicitly given.
Disclosure in Compliance with Law
Without limiting the generality of the foregoing, please expressly note that under applicable laws and regulations, we may be required to disclose some or all of your Personal Information to government officials, law enforcement personnel, the International Narcotics Control Board, or competent authorities of foreign governments. This information includes, but is not limited to:
- your given name, surname, date of birth and gender;
- contact information including your mailing address, phone number, and email address, as applicable;
- if applicable, the given name, surname, date of birth and gender of one or more persons who are responsible for you, as well as contact information for such persons;
- a valid prescription or other medical document issued by an authorized medical practitioner;
- the given name, surname, professional status and address of the health care practitioner who issued a prescription or other medical document on your behalf;
- if applicable, the consent of the health care practitioner to receive shipments on your behalf; and
- order details about the product sold or provided, including the quantity ordered and the address to which the product is to be shipped.
Use or Disclosure for Research Purposes
In order to improve our processes, products, and service offerings, we may from time to time make use of aggregated and non-identifying information (“Aggregated Data”) for research purposes. Such purposes include, without limitation, better understanding the needs and wants of our clients and users. We may disclose such Aggregated Data, which will not personally identify any individual, to our affiliates, agents, service providers and business partners for these purposes.
From time to time, we may request your consent to use or disclose Personal Information for research purposes, such as (without limitation) information relating to your use of our products or services. This may include, without limitation, invitations to complete surveys or participate in studies to be conducted by us or a third party. We will not use or disclose Personal Information for such research purposes without your express consent, which may be withheld or denied without consequence to you.
We may at times work with third parties such as advertising networks and other advertising companies that use their own tracking technologies (including cookies and pixel tags) on the Website in order to provide you with tailored advertisements across the Internet. These companies may collect information about your activity on the Website and third party websites (such as web pages you visit and your interaction with our advertising and other communications) and use this information to make predictions about your preferences, develop personalized content and deliver advertisements that are more relevant to you on third party websites. This information may also be used to evaluate the effectiveness of our online advertising campaigns. You may choose to opt-out of interest-based advertising at your own discretion.
To successfully opt-out, you must have cookies enabled in your web browser (see your browser’s instructions for information on cookies and how to enable them). Your opt-out only applies to the web browser you use so you must opt-out of each web browser on each computer you use. Once you opt-out, if you delete your browser’s saved cookies, you will need to opt-out again.
Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics and you will still see advertisements from us, but the advertisements will not be targeted based on behavioural information about you and may therefore be less relevant to you and your interests.
Commercial Electronic Messages
Canada’s Anti-Spam Legislation (“CASL”) is a legislation regulating commercial electronic messages, including without limitation, newsletters, updates, and offers (a “CEM”). In compliance with CASL, we will not send CEMs without your express or implied consent. Any individual who wishes to revoke their consent may opt out of receiving future CEMs by following the conspicuous unsubscribe mechanism contained in each CEM in accordance with CASL, or by contacting our Privacy Officer. Any such opt-out will not apply to any communications that are required by applicable laws and regulations.
We will not retain any Personal Information, except as may be required by any federal or provincial record keeping requirements, longer than is necessary to fulfill the purpose(s) for which the Personal Information was provided. This may involve the retention of your Personal Information for a period exceeding your actual relationship with us. Once your Personal Information is no longer required to fulfill the stated purpose or to comply with applicable laws and regulations, it will be either destroyed or converted into an anonymous format.
Notwithstanding the foregoing, if we use your Personal Information to make a decision that directly affects you, we will retain that Personal Information for such a time as may be required by applicable laws and regulations in order to ensure that you have a reasonable opportunity to request access to that information.
Storage and Processing Outside of Canada
We will store and process your Personal Information in a lawful manner and as may be required by applicable laws and regulations. We currently store and process all of your information, including Personal Information, in servers located within Canada, in accordance with the OPC’s recommendations in the published guidelines, “Protecting Personal Information: Cannabis transactions”.
We may, from time to time, transfer Personal Information to our affiliates, agents, representatives, service providers and business partners (for the purposes of this section, “Service Providers”) that perform services on our behalf, and that in the fulfillment of those services collect, use, disclose, store or process Personal Information for the purposes and in a manner set out in this Policy
Some Service Providers may be located in jurisdictions outside of Canada, or may otherwise use facilities or servers located or linked outside of Canada. In the fulfillment of services by such Service Providers, Personal Information may be collected, used, disclosed, stored or processed elsewhere outside of Canada, including the United States, and will be subject to the applicable local laws and legal requirements of that jurisdiction.
While we take reasonable measures to ensure the protection of your Personal Information under such circumstances, the government, courts, law enforcement, security, or regulatory agencies of jurisdictions outside of Canada in which your Personal Information is collected, used, disclosed, stored or processed, may be able to obtain access or use of your Personal Information as permitted or required by the laws of that jurisdiction.
In addition to the above, your Personal Information may be disclosed to our affiliates, agents or representatives, including our accountants, tax or legal counsel, for the fulfillment of internal or administrative purposes, such as billing or conducting internal audits, as well as for establishing, exercising or defending our rights, including legal rights, where it is necessary for our legitimate interests or the legitimate interests of others.
Threats to Personal Information include loss, misuse, theft, inadvertent disclosure, and improper modification. At all times, we employ appropriate physical and digital measures to safeguard your Personal Information. Access is limited to authorized personnel who are appropriately trained to handle Personal Information. Unfortunately, we cannot guarantee complete security: (i) unauthorized access, use, or disclosure, (ii) hardware or software failure, and (iii) other events may potentially compromise the security of your Personal Information.
Ensuring the Accuracy of Personal Information
It is important that the information contained in our records is both accurate and current. If your Personal Information happens to change during the course of our relationship, please keep us informed of such changes. We will make reasonable efforts to ensure that your Personal Information is accurate and complete where it may be used to make a decision about you or disclosed to another organization
You may request correction to your Personal Information in order to ensure its accuracy and completeness. A request to correct Personal Information must be made in writing and provide sufficient detail to identify the Personal Information and the correction being sought.
If the Personal Information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the Personal Information in the previous year. If the correction is not made, we will note your correction request in the file.
ACCESS TO PERSONAL INFORMATION
You have a right to access your Personal Information, subject to limited exceptions. A request to access Personal Information must be made in writing and provide sufficient detail to identify the information being sought. A request to access Personal Information should be forwarded to the Privacy Officer. Upon request, we will also tell you how we use your Personal Information and to whom it has been disclosed, if applicable.
We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. A minimal fee may be charged for providing access to Personal Information. Where a fee may apply, we will inform you of the cost and request further direction from you on whether or not we should proceed with the request.
If a request is refused in full or in part, we will notify you in writing, providing the reasons for refusal and the recourse available to you.
Heritage Cannabis Holdings Corp.
Address: 77 Bloor Street, Suite 600, Toronto, ON, M5S 1M2, Canada