October 15th, 2019
INTRODUCTION
Heritage Cannabis Holdings Corp. and our affiliates and subsidiaries (“Heritage”, “us”, “our” or “we”) respect your privacy and are committed to protecting it through our compliance with this policy (“Policy” or “Privacy Policy”).
While we have always respected the privacy of our users, clients, customers, and members and safeguarded their Personal Information (as defined below), we have strengthened our commitment to protecting Personal Information as a result of Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”).
This Policy describes how we collect, use, disclose, manage and protect the Personal Information of our clients, members, customers and Website users (“you”, “user” or “users”), the types of information we may collect from you or that you may provide when you visit Heritage websites (“Website”) or use the related services, including any regulated services, (the services, regulated services, and the Website are collectively referred to as the “Services”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. For greater certainty, “Website” includes: https://heritagecann.com; http://www.cannacurecorp.ca; https://www.purefarma.ca; https://www.voyagecann.com; but does not include third party websites, plug-ins, services, social networks, or applications, whether or not you accessed such websites, plug-ins, services, social networks or applications, by clicking on links made available on the Website.
We will only use your Personal Information in accordance with this Policy unless otherwise required by applicable laws and regulations. We take steps to ensure that the Personal Information that we collect about you is adequate, relevant, not excessive, and used for limited purposes. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’, customers’, and members’ Personal Information and allowing our clients, customers, and members to request access to, and correction of, their Personal Information.
Please read this Policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with our policies and practices, you may not access or use the Services. By accessing or using the Services, you indicate that you understand, accept, and consent to the practices described in this Policy.
This Policy may be amended or otherwise changed from time to time and at any time, without notice.
Such changes shall be effective as when posted on the Website. If you do not agree with any change or any new terms, in whole or in part, you must stop using or accessing the Services. Your continued access or use of the Services after any such change is posted on the Website will constitute your acceptance of the change.
We will make reasonable efforts to provide notice to you in advance of any material changes to this Policy and obtain your consent to any new ways that we collect, use, and disclose your Personal Information. What constitutes a material change will be determined at our sole discretion.
This Policy should be read in conjunction with the terms and conditions (the “Terms”) https://heritagecann.com/terms-and-conditions/ . You should not use the Services unless you fully understand and agree to the Terms and the Policy. By accessing or using the Services you are agreeing both the Terms and to the terms of this Policy.
Our Commitment to You
We are proud of our commitment to the protection of your Personal Information and to transparency. If you have any questions about our Privacy Policy or have any privacy related concerns, please do not hesitate to contact our Privacy Officer at [email protected].
Our Privacy Policy is based on PIPEDA, as well as the relevant provincial acts concerning the collection, use and disclosure of personal health information, such as the Personal Health Information Access and Protection of Privacy Act (Ontario). We have also structured our policy in consultation with the guidelines published by the Office of the Privacy Commissioner of Canada (the “OPC”) on December 2018, titled, “Protecting personal information: Cannabis transactions”.
In order to provide you with products and services, as well as to remain compliant with applicable laws and regulations, we will need to know some of your Personal Information.
You have the right to know how we collect, use and disclose your Personal Information and to access or correct that information if it is inaccurate.
DEFINITIONS
“Personal Information” means information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. Personal Information does not include Business Contact Information.
“Business Contact Information” means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number. Business Contact Information is not covered by this Policy or PIPEDA.
“Privacy Officer” means the individual designated responsibility for ensuring that Heritage complies with this Policy and PIPEDA.
SCOPE OF THIS POLICY
This Policy applies to Heritage as well as any service providers collecting, using or disclosing Personal Information on behalf of Heritage.
This Policy applies to information we collect, use, or disclose about our customers and users:
- on the Website;
- through the access or use of the Services; and
- when you interact with our advertising and applications on third party websites and services if those applications or advertising include links to this Policy.
Third party websites
The Website may include links to third party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third party website or engage a third party plug-in, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies. We do not control these third party websites, and we encourage you to read the privacy policy of every website you visit.
HOW WE COLLECT AND USE YOUR INFORMATION
From time to time, we may collect and use your Personal Information in a lawful manner and only when it is reasonably necessary to do so for the provision of requested services, products, or information or as may be required or permitted by applicable laws and regulations.
Personal Information is generally provided voluntarily by an individual in association with the Services, the purchasing of products, or sharing information on the Website. However, information relevant to the requested services may also be obtained from authorized representatives and/or appropriate regulatory bodies.
Unless the purposes for collecting Personal Information are obvious or you voluntarily provide your Personal Information for those purposes, we will communicate the purposes for which Personal Information is being collected, either orally or in writing, before or at the time of collection. The collected Personal Information will be used only for the stated purpose, a requisite ancillary purpose, or for such other purposes to which you may later consent.
PARTIES WE COLLECT INFORMATION FROM
We currently collect information from the users of our Website and the Services.
REGARDING CHILDREN AND MINORS
The Services are not intended for children and any use or access of the Services by a minor (as determined by local law) will constitute a violation of the Terms. If we become aware that we have inadvertently received or collected Personal Information pertaining to a minor, in the country or jurisdiction where the child is located, we will delete such information from our records.
PERSONAL INFORMATION POSTED BY INDIVIDUAL USERS
From time to time, we may offer interactive services which allow you to share information with other users through the Services. These features may permit you to publish Personal Information about yourself or about another individual. By submitting such information, you represent:
- that you consent to the collection, retention, and public disclosure of this information by Heritage; and
- that you have obtained the same consent from any other individual whose Personal Information is being posted, as applicable.
We do not monitor or moderate information submitted or posted by users and accept no responsibility or liability for any content, including, and without limitation, Personal Information, posted in this way.
If you believe that your Personal Information has been posted by a third party without consent, you should contact our Privacy Officer at [email protected] so that the complaint may be investigated and the content removed if it is appropriate to do so.
INFORMATION WE COLLECT ABOUT YOU
We collect and use several types of information from and about you, including the following information:
- Personal Information, that we can reasonably use to directly or indirectly identify you, such as your name, mailing address, e-mail address, telephone number, Internet protocol (“IP”) address used to connect your computer to the Internet, username or other similar identifier, that you provide through the forms you fill out during account creation;
- information that is not Personal Information, such as information collected automatically when you visit our Website, including information about the device with which you logged into our Website, your web browser, your IP address, time zone, cookies installed on your device, and information on the search terms that referred you to the Services;
- payment information, including your credit card information; and
- additional service-related information concerning the products or services that we provide to you or may receive from you.
Our Website may use cookies to collect non-Personal Information about you, to help us better deliver our products and services to you. A “cookie” is defined as a small text file sent to your browser’s files for our reference. They allow our server computer to recognize you when you return to our Website and retain any preferences you have provided. If you do not wish to receive cookies, consult your browser’s help menu in order to disable the use of cookies.
We may also collect market-related information, which may include Personal Information, concerning market trends and activities impacting our business. We may also collect information related to our media, investor and public relations activities, and information related to our interactions with financial and other advisors.
From time to time, we may utilize the services of third parties and may receive Personal Information collected by those third parties in the course of the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your Personal Information to us.
How We May Use Your Information
Without limiting the generality of any of the foregoing, we may collect and use your Personal Information as follows:
- If at any time you register for an account for the access or use of any of the Services, including the Website, we will collect and retain your Personal Information, such as your name and contact information. We will use this information to confirm your registration status and to maintain your account.
- In order to provide certain services to you we may be required by applicable laws and regulations to collect certain Personal Information about you, including your health care information.
- When you purchase a product or service, Personal Information, including credit card or other financial information, is collected about you. We will use this information as reasonably necessary to process the transaction.
- From time to time, we may obtain your consent to use your contact information to provide newsletters, alerts, bulletins, or other similar communications.
- We will also retain and may use Personal Information voluntarily provided by you for another purpose to develop and improve our product, services and offerings.
- From time to time, we may offer interactive services which allow you to share information with other users of the Services, such as message boards, user reviews, or other similar functions. We will collect and use any Personal Information obtained through such means in accordance with the terms hereof.
- We may collect demographic and profile data in connection with the Services and may use such data to tailor your experience with the Services and to display the Website content according to your preferences.
- We will use and/or disclose Personal Information in order to comply with the requirements of applicable laws and regulations.
- We may use and/or disclose Personal Information in order to carry out various functions with and for you in order that you may take advantage of the Services.
- We may use and/or disclose Personal Information in order to establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.
How We Obtain Your Consent
Consent for the collection, use, and disclosure of Personal Information may be express or implied, physical or electronic, given in writing, orally, or by toggling a check-off box, or by inference from your conduct, such as, without limitation, by your access or use of the Services.
Refusing to Give Your Consent
You may refuse to consent to the collection, use or disclosure of your Personal Information, or withdraw your consent to the collection, use or disclosure of Personal Information at any time by giving us reasonable notice. Your refusal or withdrawal of consent may result in the limitation or termination of our ability to provide you access to the Services, or any associated products, at Heritage’s sole discretion.
DISCLOSURE OF YOUR PERSONAL INFORMATION
It may be necessary for us to disclose Personal Information to certain third party agents or service providers in carrying out requested services or as necessary for completing the otherwise permitted uses of Personal Information. Personal Information may also be provided to our professional advisors in connection with their business operations. In any such case, we shall ensure that any such parties accessing your Personal Information have appropriate safeguards in place to reasonably ensure the protection of your Personal Information.
It may also be necessary for us to disclose your Personal Information to law enforcement officials, regulatory bodies, or government agencies for the purposes of investigating or preventing drug, fraud, or other offences as may be required or permitted by applicable laws and regulations.
We may also disclose your Personal Information to establish or exercise our legal rights or defend against legal claims or in connection with an emergency that warrants use or disclosure of the information.
We shall not otherwise disclose Personal Information to third parties for commercial or other reasons, except as otherwise stated in this Policy or as may be specifically required in order to comply with applicable laws and regulations.
Except as may be specifically provided in this Policy, we will obtain your consent prior to disclosing any Personal Information or otherwise using Personal Information for purposes other than those for which it was explicitly or implicitly given.
Disclosure in Compliance with Law
Without limiting the generality of the foregoing, please expressly note that under applicable laws and regulations, we may be required to disclose some or all of your Personal Information to government officials, law enforcement personnel, the International Narcotics Control Board, or competent authorities of foreign governments. This information includes, but is not limited to:
- your given name, surname, date of birth and gender;
- contact information including your mailing address, phone number, and email address, as applicable;
- if applicable, the given name, surname, date of birth and gender of one or more persons who are responsible for you, as well as contact information for such persons;
- a valid prescription or other medical document issued by an authorized medical practitioner;
- the given name, surname, professional status and address of the health care practitioner who issued a prescription or other medical document on your behalf;
- if applicable, the consent of the health care practitioner to receive shipments on your behalf; and
- order details about the product sold or provided, including the quantity ordered and the address to which the product is to be shipped.
Use or Disclosure for Research Purposes
In order to improve our processes, products, and service offerings, we may from time to time make use of aggregated and non-identifying information (“Aggregated Data”) for research purposes. Such purposes include, without limitation, better understanding the needs and wants of our customers and users. We may disclose such Aggregated Data, which will not personally identify any individual, to our affiliates, agents, service providers and business partners for these purposes.
From time to time, we may request your consent to use or disclose Personal Information for research purposes, such as (without limitation) information relating to your use of our products or services. This may include, without limitation, invitations to complete surveys or participate in studies to be conducted by us or a third party. We will not use or disclose Personal Information for such research purposes without your express consent, which may be withheld or denied without consequence to you.
ADVERTISING
Interest-Based Advertising
We may at times work with third parties such as advertising networks and other advertising companies that use their own tracking technologies (including cookies and pixel tags) on the Website in order to provide you with tailored advertisements across the Internet. These companies may collect information about your activity on the Website and third party websites (such as web pages you visit and your interaction with our advertising and other communications) and use this information to make predictions about your preferences, develop personalized content and deliver advertisements that are more relevant to you on third party websites. This information may also be used to evaluate the effectiveness of our online advertising campaigns. You may choose to opt-out of interest-based advertising at your own discretion.
To successfully opt-out, you must have cookies enabled in your web browser (see your browser’s instructions for information on cookies and how to enable them). Your opt-out only applies to the web browser you use so you must opt-out of each web browser on each computer you use. Once you opt-out, if you delete your browser’s saved cookies, you will need to opt-out again.
Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics and you will still see advertisements from us, but the advertisements will not be targeted based on behavioural information about you and may therefore be less relevant to you and your interests.
Commercial Electronic Messages
Canada’s Anti-Spam Legislation (“CASL”) is a legislation regulating commercial electronic messages, including without limitation, newsletters, updates, and offers (a “CEM”). In compliance with CASL, we will not send CEMs without your express or implied consent. Any individual who wishes to revoke their consent may opt out of receiving future CEMs by following the conspicuous unsubscribe mechanism contained in each CEM in accordance with CASL, or by contacting our Privacy Officer. Any such opt-out will not apply to any communications that are required by applicable laws and regulations.
RETENTION TIMEFRAMES
We will not retain any Personal Information, except as may be required by any federal or provincial record keeping requirements, longer than is necessary to fulfill the purpose(s) for which the Personal Information was provided. This may involve the retention of your Personal Information for a period exceeding your actual relationship with us. Once your Personal Information is no longer required to fulfill the stated purpose or to comply with applicable laws and regulations, it will be either destroyed or converted into an anonymous format.
Notwithstanding the foregoing, if we use your Personal Information to make a decision that directly affects you, we will retain that Personal Information for such a time as may be required by applicable laws and regulations in order to ensure that you have a reasonable opportunity to request access to that information.
STORAGE AND PROCESSING OUTSIDE OF CANADA
We will store and process your Personal Information in a lawful manner and as may be required by applicable laws and regulations. We currently store and process all of your information, including Personal Information, in servers located within Canada, in accordance with the OPC’s recommendations in the published guidelines, “Protecting personal information: Cannabis transactions”.
We may, from time to time, transfer Personal Information to our affiliates, agents, representatives, service providers and business partners (for the purposes of this section, “Service Providers”) that perform services on our behalf, and that in the fulfillment of those services collect, use, disclose, store or process Personal Information for the purposes and in a manner set out in this Policy
Some Service Providers may be located in jurisdictions outside of Canada, or may otherwise use facilities or servers located or linked outside of Canada. In the fulfillment of services by such Service Providers, Personal Information may be collected, used, disclosed, stored or processed elsewhere outside of Canada, including the United States, and will be subject to the applicable local laws and legal requirements of that jurisdiction.
While we take reasonable measures to ensure the protection of your Personal Information under such circumstances, the government, courts, law enforcement, security, or regulatory agencies of jurisdictions outside of Canada in which your Personal Information is collected, used, disclosed, stored or processed, may be able to obtain access or use of your Personal Information as permitted or required by the laws of that jurisdiction.
In addition to the above, your Personal Information may be disclosed to our affiliates, agents or representatives, including our accountants, tax or legal counsel, for the fulfillment of internal or administrative purposes, such as billing or conducting internal audits, as well as for establishing, exercising or defending our rights, including legal rights, where it is necessary for our legitimate interests or the legitimate interests of others.
SECURITY
Threats to Personal Information include loss, misuse, theft, inadvertent disclosure, and improper modification. At all times, we employ appropriate physical and digital measures to safeguard your Personal Information. Access is limited to authorized personnel who are appropriately trained to handle Personal Information. Unfortunately, we cannot guarantee complete security: (i) unauthorized access, use, or disclosure, (ii) hardware or software failure, and (iii) other events may potentially compromise the security of your Personal Information.
ENSURING THE ACCURACY OF PERSONAL INFORMATION
It is important that the information contained in our records is both accurate and current. If your Personal Information happens to change during the course of our relationship, please keep us informed of such changes.
We will make reasonable efforts to ensure that your Personal Information is accurate and complete where it may be used to make a decision about you or disclosed to another organization.
You may request correction to your Personal Information in order to ensure its accuracy and completeness. A request to correct Personal Information must be made in writing and provide sufficient detail to identify the Personal Information and the correction being sought.
If the Personal Information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the Personal Information in the previous year. If the correction is not made, we will note your correction request in the file.
ACCESS TO PERSONAL INFORMATION
You have a right to access your Personal Information, subject to limited exceptions. A request to access Personal Information must be made in writing and provide sufficient detail to identify the information being sought. A request to access Personal Information should be forwarded to the Privacy Officer. Upon request, we will also tell you how we use your Personal Information and to whom it has been disclosed, if applicable.
We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. A minimal fee may be charged for providing access to Personal Information. Where a fee may apply, we will inform you of the cost and request further direction from you on whether or not we should proceed with the request.
If a request is refused in full or in part, we will notify you in writing, providing the reasons for refusal and the recourse available to you.
PRIVACY OFFICER
We have appointed our Privacy Officer to oversee compliance with this Privacy Policy, and help us manage and monitor our compliance with privacy legislation. The contact information for our Privacy Officer is as follows:
Heritage Cannabis Holdings Corp.
Address: 77 Bloor Street, Toronto, ON, M5S 1M2
E-mail: [email protected]