Privacy Policy
Effective date: March 15, 2024
Date of last update: March 15, 2024
Purpose of this policy. Privacy is important to Medicart Corporation and its related entities (the “Company“, “We“, “Us“, “Our“). For this reason, we have implemented safeguards and sound management practices for your personal Information in accordance with the laws applicable in Quebec and Canada.
Complementary to the terms and conditions. This privacy policy (the “Policy“), which should be read in conjunction with our terms and conditions, describes our practices with respect to the collection, use, disclosure, retention and destruction of personal Information of individuals receiving our services, visitors to this website and its users (hereinafter “You“, ” Your”, “Your“).
Consent. By using https://medicart.com/ and https://epiderma.ca/ (the “Websites“) or any of our services, you agree that we may collect, use, disclose, retain and/or destroy (hereinafter “Process” or “Processing“). Your personal information in accordance with the terms and conditions described herein. If You do not agree to abide by and be bound by this policy, you are not permitted to visit, access or use our websites or services, or share your personal Information with us.
Policy limitations. This policy does not apply to the personal information of the company’s employees, representatives and consultants, or to any other person affiliated with the company, as well as to any information that does not constitute personal information as defined by the laws applicable in Quebec and Canada.
Contact information for the data protection officer. Comments, questions and complaints regarding the company’s privacy policy and practices may be directed to our privacy officer at:
Telephone : 418-781-2700
Email : rprp@medicart.com
Address : 330-2590 boul. Laurier, 3rd Floor, Quebec City, G1V 4M6
Definitions of certain concepts or expressions. The following concepts and expressions, when they appear with a first letter in capital letters in the policy, have the meaning ascribed to them below, unless there is an implicit or explicit derogation in the text:
“Company“, “We“, “Us“, “Our“: Medicart Corporation.
“Service Provider” means any natural or legal person who processes personal information on behalf of the company. These are third-party companies or individuals employed by the company to facilitate the services, provide the services on behalf of the company, perform services related to the services, or assist the company in analyzing the use of the services.
“Cookie Banner“: A pop-up window requesting your consent to a certain collection of your personal Information on the websites.
“Personal information” means any information that relates to a natural person and allows them to be identified, i.e. that directly or indirectly reveals something about the identity, characteristics (e.g., skills, preferences, psychological tendencies, predispositions, mental capacities, character and behaviour of the person concerned) or activities, regardless of the nature of the medium and regardless of the extent of the information. the form in which the information is accessible (written, graphic, audio, visual, computerized or otherwise).
“Data protection officer“: the person in charge of the application of this policy and whose contact details are identified in the 1b) Data protection officer of this policy.
“Services“: Services refer to the websites, our social media pages and any products and services rendered to you there, such as:
- Our aesthetic services and treatments;
- Our medical services and treatments;
- Our virtual clinic;
- Our online store;
- Access to your online account;
- Our scholarships.
“Websites“: https://medicart.com/ or https://epiderma.ca/.
“Cookies“: Cookies are text files that are placed on your computer or mobile device. These cookies may contain information about your search history, the web pages you visit, and your web browser.
“Process”, “Processing”: A concept encompassing any operation that may affect or concern personal information, including: collection, use, retention, destruction, communication or transmission.
“You“, “Your“, “Your“: Persons benefiting from our services, visitors to the websites and any customer using the company’s services.
Various means. We collect your personal information through our websites or other technological means in a variety of ways, including:
- Automatically. When you connect to our websites, the device you use to log in to us will communicate personal information to us;
- Electronic forms. By completing and providing us with one of our electronic forms;
- Emails released. Through emails that you provide to us using one of the email addresses available on our websites;
- Cookies. Through cookies (“Cookies”) including cookies identified in our Cookie Policy ; and
- By third parties who collect your personal information on our behalf that is identified in the 3.2 – Collection of personal information by a third party of this Policy.
Profiling, identification or location. Our websites have features that allow you to profile your activities on our websites, to identify you and to locate you. These functions are used by third parties identified in the 3.5 – Disclosure and transfer of personal information through cookies. We disable these features by default. You can enable them through the cookie banner.
Categories of information collected. In the course of our business, we may collect and process different types of personal Information including the information listed below:
- identification information and contact information, including your first and last name, postal address, email address, telephone number;
- demographic information, such as your age, gender and region of residence;
- technical or digital information, including login information and other information about your activities on the websites, such as your IP address, the pages you have visited, the time and date of your visits, your number of connections, your domain name, the address of the referring site (if accessing the website from another site), the type of browser you use, your device’s operating system, and other hardware and software information;
- consents to the disclosure of personal information and the use of certain cookies on our websites as well as to the disclosure or use of your personal information;
- information necessary for the provision of our services, such as information about services we have rendered to you or which we render to you;
- information that you choose to provide or transmit to us, for example, when you fill out an online form, respond to solicitations or surveys, or communicate with one of our employees or representatives;
- financial information, such as summary payment information, if you wish to pay for our services online.
Restriction to processing, necessary and legitimate purposes. In each case, such personal information is processed in accordance with the necessary and legitimate purposes listed in the 3.4 – Use of personal information below.
Third parties collecting personal Information on our behalf.
Automattic (WooCommerce and WordPress) collects the following personal information on our behalf:
- identification information and contact information, including your first and last name, postal address, email address, telephone number;
- demographic information, such as your age and region of residence;
- information necessary for the provision of our services, such as information about services we have rendered to you or which we render to you;
- information that you choose to provide or transmit to us, for example, when you fill out an online form, respond to solicitations or surveys, or communicate with one of our employees or representatives.
Stripe collects financial information for payment for our services, as follows:
- identification information and contact information, including your first and last name, postal address, email address, telephone number;
- financial information, such as summary payment information, if you wish to pay for our services online.
Refuse to consent. Unless otherwise provided by law or your contractual obligations, you may refuse or withdraw your consent to certain specific uses or disclosures of your personal Information:
- by not entering your personal Information in our online forms where the provision of such information is indicated as optional;
- by selecting “opt-out” in the cookie banner; or
- by communicating a request to our privacy officer using the contact information identified in section 1b) of this policy.
Measures available to opt-out of ways to collect personal information. You may also provide your personal information to us other than through technological means such as our websites. You can provide us with the following:
- By e-mail;
- By phone; or
- In person.
Purposes of personal information. We may use your personal information for the purposes described below:
- operate, maintain, supervise, develop, improve and provide the functionality of our websites;
- Present and provide our services to you, including:
- Our aesthetic services and treatments;
- Our medical services and treatments;
- Our virtual clinic;
- Our online store;
- Access to your online account;
- Our scholarships;
- manage your online account;
- manage your orders;
- process an online appointment booking;
- process a scholarship application;
- evaluate a job application;
- carry out our contractual obligations to you;
- manage invoicing and process payments;
- process and resolve queries, complaints and dissatisfactions;
- developing, improving, and offering new services;
- send you messages, updates, security alerts;
- for marketing and business development purposes, if you have previously consented to the processing of your personal information for such purposes;
- respond to your questions and provide you with assistance as needed;
- conduct research, analysis and statistics in connection with our business and services;
- detect and prevent fraud, error, spam, abuse, security incidents, and other harmful activities; or
- for any other purpose imposed or permitted by applicable law.
Access and communication. We may transfer, disclose or allow access to your personal information to our employees as well as our service providers, who need the information to help us operate our websites, perform our services, carry out our business or serve you.
Limiting access to personal information. Your personal information is accessible only to our directors, employees or representatives who are required to have access to your personal Information in order for them to perform their duties. As such, your Information may be accessible to:
- Our Privacy Officer;
- Our IT services (“Information Technology”);
- Our customer service;
- Our sales service;
- Our finance department;
- Our marketing department;
- Our human resources (in the case of applying for a job);
- Our operations; and
- Our clinics.
Protective measures when communicating to third parties. We only share your personal information with our service providers if they have previously agreed in writing to ensure the confidentiality of your personal information in accordance with applicable laws and our information governance program through the implementation of various information protection and governance measures. These measures are proportionate to the sensitivity of the personal information being processed or disclosed. without limitation, our service providers may only use your personal information confidentially as directed by us and only for the purposes for which it was provided. In addition, we only provide our service providers with the personal information necessary for the performance of their mandate or contract and we require such service providers to destroy the personal information appropriately upon termination of the contract or as soon as its use is no longer required.
Our service providers. Although we try to avoid sharing your personal information with third parties, we may use service providers to perform various services on our behalf, such as IT management and security, marketing, and data analysis, hosting and storage. We have defined below some cases in which such sharing may take place:
- We use the Google Analytics Cookie to analyze the audience of the websites and to compile statistics. For more information, see Google’s privacy policy and Cookie Table for Advertising and Measurement;
Please note that this cookie may collect personal information that can identify you and that it can perform profiling of your activities on the web (targeted advertising);
This cookie communicates to Google for the purposes identified in our Cookie Policy ;
- We use YouTube to present our products and services. For more information, you can consult Google’s privacy policy ;
- We use Google Ads to analyze the audience of our services, compile statistics and converse with customers and prospects. For more information, see Google’s privacy policy and their table of advertising and measurement cookies;
Please note that this cookie can identify you and profile your activities on the web in order to provide you with advertising that would meet your interests (targeted advertising);
This cookie communicates to Google for the purposes identified in our Cookie Policy ;
- We use the services of Microsoft (Bing) Ads to collect and store data in order to create usage profiles using pseudonyms. For more information, see Microsoft’s privacy policy ;
This cookie communicates to Microsoft for the purposes identified in Our Cookie Policy ;
- We use the services of Meta (Facebook Pixel) to help understand and serve ads, compile statistics and communicate with customers and prospects. For more information, see Meta’s privacy policy;
Please note that this cookie can identify you and profile your web activities for the purpose of providing you with advertising that would be relevant to your interests (targeted advertising);
This Cookie communicates to Meta for the purposes identified in our Cookie Policy ;
- We use Automattic‘s services (WooCommerce and WordPress) for certain online services, including booking appointments, shopping on our store, and processing payments. For more information, see Automattic‘s privacy policy.
All categories of personal information identified in the 3.1 – Collection of Personal Information may be communicated or stored through this service.
- We use Stripe‘s services as an online payment processor. For more information, see Stripe’s privacy policy.
- We use the services of Usercentrics (Cookiebot) for the management of cookies. For more information, you can consult the privacy policy of Usercentrics ;
- We use the Meta Group’s Facebook and Instagram social media services to communicate about our Services. For more information, see Meta’s privacy policy;
- We use the services of the social network LinkedIn to communicate about our services. For more information, you can consult LinkedIn privacy policy;
- We use the services of Mynjob for the management of our human resources. For more information, you can consult Mynjob’s privacy policy.
All categories of personal Information identified in the 3.1 – Collection of Personal Information may be communicated or stored through this service.
- We use Twitter (X) to present our products and services. For more information, you can consult the privacy policy of Twitter (X);
- We use Tik Tok to present Our products and services. For more information, you can consult Tik Tok’s privacy policy;
- We use Microsoft services (Outlook and Microsoft Office suite) to store our documents and emails. For more information, see Microsoft’s privacy policy ;
All categories of personal information identified in the 3.1 – Collection of Personal Information may be communicated or stored through this service.
- We use Cossette services for marketing and advertising. For more information, you can consult Cossette’s privacy policy;
- We use Adviso services for marketing and advertising. For more information, you can consult Adviso’s privacy policy;
- We use the services of Pantheon to host our websites. For more information, see Pantheon’s privacy policy;
All categories of personal information identified in the 3.1 – Collection of Personal Information may be communicated or stored through this service.
- We use Veeam services to store our data. For more information, see Veeam’s privacy policy.
All categories of personal information identified in the 3.1 – Collection of Personal Information may be communicated or stored through this service.
- We use Metatracer on our digital systems to facilitate the detection and management of your personal information and that of our employees, all to ensure our compliance with privacy laws.
Metatracer collects, as personal information, only identifying information.
Disclosure of personal Information outside Quebec. We may disclose your personal information outside of Quebec and mandate an entity located outside of Quebec to collect, use or retain your personal Information on our behalf.
Protections when communicating outside Quebec. Before disclosing your personal information to third parties outside of Quebec, we conduct a privacy Impact assessment to assess the risks that may affect the security of your personal information. This assessment also identifies appropriate security measures that will reduce or eliminate these risks. The disclosure will then be the subject of a written agreement obliging these third parties to comply with such measures.
Specific disclosures of your personal information. We may disclose your personal information when we believe that such disclosure is authorized, necessary or appropriate, including:
- to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
- to protect our business;
- to comply with legal process;
- to protect our rights, the privacy of our employees, officers and directors, our safety and our property;
- to protect your privacy and rights, or the privacy and rights of third parties;
- to allow us to pursue available remedies or limit the damages we may sustain; and
- where it is consistent or required to do so under applicable laws, including laws outside your country of residence.
3.5.5 Business Transaction
Possibility of commercial transactions. We may share, transfer or communicate, in strict accordance with this policy and the provisions of the Act respecting the protection of personal information in the private sector, CQLR c P-39.1 (the “Private Sector Act“) and the An Act to modernize legislative provisions as regards the protection of personal information, S.S. 2021, c 25 (the “Bill 25“) (assented to September 22, 2021), your personal information in the event of a sale, transfer or assignment, in whole or in part, of the company or our assets (for example, as a result of a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or other business transaction, including in connection with the negotiation of such transactions). In this case, we will notify you before your personal information is transferred and is governed by a different privacy policy.
Consents to the collection, use or disclosure of personal information. Unless otherwise required by law, the company obtains your consent for the collection, use and disclosure of your personal information by us. However, if you provide us with personal information about other individuals, you must ensure that you have given them due notice that you are providing their information to us and that you have obtained their consent to such disclosure.
Criteria for consent required. We will seek your manifest, free, informed and specific purpose consent before using or disclosing your personal information for purposes other than those set forth herein. We will also seek your explicit consent whenever sensitive personal information is involved in any of the company’s processing activities. We will ask for your consent for each of the specific purposes in plain and clear terms, distinct from any other information that is disclosed to You.
BY USING OUR WEBSITES, SUBMITTING YOUR PERSONAL INFORMATION BY EMAIL OR USING AN ONLINE FORM, YOU CONSENT TO THIS PRIVACY POLICY AND TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY.
Refusal to use the websites. If You do not consent, please stop using the websites. Except where otherwise required by law, you may withdraw your consent at any time upon reasonable notice. Please note that if you choose to withdraw your consent to the collection, use or disclosure of your personal information, certain features of our websites may no longer be available to you or we may no longer be able to offer you some of our services.
Retention of personal information. Subject to applicable laws, we retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, unless you consent to your personal information being used or processed for another purpose.
Additional information. For more information on the periods for which your personal information is retained, please contact our privacy officer using the contact information provided in the section 1b) – Privacy officer of this policy.
List of rights. As a data subject, you may exercise the rights set out below by contacting our privacy officer in writing using the contact details provided in article 1b) – Data protection officer of the policy. Please note that we may ask you to verify your identity before responding to any of these requests.
- You have the right to be informed of the personal information we hold about you, its use, disclosure, retention and destruction, subject to the exceptions provided by applicable law;
- You have the right to access your personal information, to request a copy of the documents containing your personal information, subject to the exceptions provided by applicable law, and to obtain, where applicable, additional details about how we use, disclose, retain and destroy it by sending a written request to our privacy officer at the contact information identified in the section 1b) – Data protection officer of this policy;
- You have the right to have the personal information we hold about you corrected, amended and updated if it is incomplete, ambiguous, not current or inaccurate by sending a written request to our privacy officer at the contact information identified in the section 1b) – Data Protection Officer of this policy;
- You have the right to withdraw or modify your consent to the collection, use and disclosure of some of your personal Information collected (as identified in the 1 – Collection of personal information of this Policy) at all times, subject to applicable legal and contractual restrictions;
- You have the right to request that we cease disseminating your personal information and to de-index any link to your name that provides access to such information if such disclosure would contravene the law or a court order;
- You have the right to request that your personal information be disclosed to you or transferred to another organization in a structured and commonly used technological format;
- The right to be notified of a privacy incident involving your personal information that could cause you serious harm. To this end, we keep a record of all privacy incidents and assess the harm they may cause; and
- You have the right to file a complaint with the Commission d’accès à l’information, subject to the conditions set out in applicable law.
Complaints process. You may address any complaints about our privacy practices and policies by contacting our privacy officer using the contact information identified in the 1b) – Data Protection Officer.
Questions. You may also contact our privacy officer with any questions relating to this privacy policy using the contact details identified in the 1b) – Data protection officer.
Need to identify you. In order to comply with your request, you may be asked to provide an appropriate identification document or to otherwise identify You.
Use of cookies. Cookies are small text files that are stored on your device or browser. They collect certain information when you visit the websites, including your language preference, browser type and version, the type of device You are using, and your unique device identifier. If some cookies are deleted after the end of your browser session, other cookies are stored on your device or on your browser in order to allow your browser to be recognized the next time you visit the websites. We use cookies and other similar collection technologies such as pixels (collectively, “Cookies”) to help us operate, protect and optimize the websites and services we offer.
Some uses of cookies. If some of the cookies we use are deleted after the end of your browser session, other cookies are stored on your device or browser in order to allow us to recognize your browser the next time you visit the websites. In particular, they make it possible to ensure the functioning of the websites, to improve the browsing experience of users and to provide certain data that allows us to better understand the traffic and interactions that take place on our websites as well as to detect certain types of fraud. Cookies do not cause any damage to your device and cannot be used to extract your personal Information.
Possible configuration of the browser. You can set your browser so that you are informed about the placement of cookies when you visit the websites, so that you can decide, in each case, whether to accept or refuse the use of some or all of the cookies. Please note that disabling cookies on your browser may adversely affect your browsing experience on the websites and prevent you from using some of its features.
Cookie policies. To find out more about how we use cookies, you can see our “Cookie Policy “.
Purposes of our security measures. We have implemented physical, technological and organizational security measures designed to adequately protect the confidentiality and security of your personal Information against loss, theft or unauthorized access, breach, disclosure, copying, communication, use or modification. These measures include, but are not limited to:
- Administrative measures. On the administrative side, the adoption of a series of measures, policies and procedures as part of the implementation of our information governance program that include:
- regulate the access, disclosure, retention, de-identification, including destruction or anonymization of personal information;
- determine the roles and responsibilities of our employees throughout the life cycle of personal Information and documents;
- establish procedures for managing and responding to confidentiality incidents;
- govern the process of requests and complaints relating to the protection and handling of personal Information.
- Technical measures. On the technical level, the use of several means such as:
- the use of a secure server and Secure Socket Layer (SSL) technology;
- encrypting our databases and our service providers’ databases;
- limitation of access privileges to personal information in accordance with the 5.1 – Access to personal information within the company;
- the use of backup systems;
- the use of network monitoring software;
- the use of a firewall system;
- the use of encryption and segregation of duties, access controls and internal audits.
Incomplete list of measures. We have not exhaustively listed the set of measures we put in place given the public nature of this policy.
It is impossible to guarantee a complete absence of risk. Despite the measures described above, we cannot guarantee the absolute security of your personal information. If you have reason to believe that your personal information is no longer protected, please contact our privacy officer immediately using the contact information provided in the section 1(b) – b) Data protection officer above.
Right to change this policy. We reserve the right to change this policy at any time in accordance with applicable law. If we make any changes, We will post the revised privacy policy and update the date in the footer of the privacy policy. We will reasonably inform you prior to the effective date of the new version of our policy. If you do not agree to the new terms of the privacy policy, we invite you to stop using our websites and services. If you continue to use our websites or services after the new version of our policy comes into effect, then your use of our websites and services will be governed by that new version of the policy.
Liability of third party websites. From time to time, we may include references or links on our websites to websites, products or services provided by third parties (“Third Party Services“). These Third-Party services, which are not operated or controlled by the company, are governed by privacy policies that are entirely separate and independent from ours. We therefore assume no responsibility for the content and activities of these sites. This policy applies only to the website and the services offered by Us.
Consent of minors under the age of 14. We do not knowingly collect or use personal information from anyone under the age of 14. If you are under the age of 14, you must not provide your personal Information to us without the consent of your parent or guardian. If you are a parent or guardian and become aware that your child has provided personal information to us without consent, please contact us using the contact information provided in section 1(b) above to request that we delete that child’s personal information from our systems.
Laws of Quebec and Canada. The laws of Canada and Quebec, excluding its conflict of law rules, will govern this agreement and your use of the websites. Your use of the websites may also be subject to other local, provincial, national or international laws.