Privacy Policy

Privacy Policy

Effective date: March 15, 2024

Date of last update: September 15, 2025

1. General Information

a) Introduction

Purpose of this policy. Privacy is important to Medicart Corporation and its related entities (the “Company“, “We“, “Us“, “Our“). For this reason, we have implemented safeguards and sound management practices for your personal Information in accordance with the laws applicable in Quebec and Canada.

Complementary to the terms and conditions. This privacy policy (the “Policy“), which should be read in conjunction with our terms and conditions, describes our practices with respect to the collection, use, disclosure, retention and destruction of personal information of individuals receiving our services, visitors to this website and its users (hereinafter “You“, ”  Your”,  “Your“).

Consent. By using https://medicart.com/ and https://epiderma.ca/ (the “Websites“) or any of our services, you agree that we may collect, use, disclose, retain and/or destroy (hereinafter “Process” or “Processing“). Your personal information in accordance with the terms and conditions described herein. If you do not agree to abide by and be bound by this policy, you are not permitted to visit, access or use our websites or services, or share your personal Information with us.

Policy limitations. This policy does not apply to the personal information of the company’s employees, representatives and consultants, or to any other person affiliated with the company, as well as to any information that does not constitute personal information as defined by the laws applicable in Quebec and Canada.

b) Data protection officer

Contact information for the data protection officer. Comments, questions and complaints regarding the company’s privacy policy and practices may be directed to our privacy officer at:

Telephone :       418-781-2700

Email :               rprp@medicart.com

Address :          330-2590 boul. Laurier, 3rd Floor, Quebec City, G1V 4M6

2. Definitions

Definitions of certain concepts or expressions. The following concepts and expressions, when they appear with a first letter in capital letters in the policy, have the meaning ascribed to them below, unless there is an implicit or explicit derogation in the text:

Company“, “We“, “Us“, “Our“: Medicart Corporation.

Service Provider” means any natural or legal person who processes personal information on behalf of the company. These are third-party companies or individuals employed by the company to facilitate the services, provide the services on behalf of the company, perform services related to the services, or assist the company in analyzing the use of the services.

Cookie Banner“: A pop-up window requesting your consent to a certain collection of your personal Information on the websites.

Personal information” means any information that relates to a natural person and allows them to be identified, i.e. that directly or indirectly reveals something about the identity, characteristics (e.g., skills, preferences, psychological tendencies, predispositions, mental capacities, character and behaviour of the person concerned) or activities, regardless of the nature of the medium and regardless of the extent of the information. the form in which the information is accessible (written, graphic, audio, visual, computerized or otherwise).

Data protection officer“: the person in charge of the application of this policy and whose contact details are identified in the 1b) Data protection officer of this policy.

Services“: Services refer to the websites, our social media pages and any products and services rendered to you there, such as:

  • Our aesthetic services and treatments;
  • Our medical services and treatments;
  • Our virtual clinic;
  • Our online store;
  • Access to your online account;
  • Our scholarships.

Cookies“: Cookies are text files that are placed on your computer or mobile device. These cookies may contain information about your search history, the web pages you visit, and your web browser.

Process”, “Processing”: A concept encompassing any operation that may affect or concern personal information, including: collection, use, retention, destruction, communication or transmission.

You“, “Your“, “Your“: Persons benefiting from our services, visitors to the website, and all users who resort to the organization’s services.

3. Processing of personal information collected through use of the website

3.1 Collection

3.1.1 Methods of collection

Various methods. We collect your personal Information through our website or other technological means in various ways, namely:

  • Automatically. When you connect to our websites, the device you use to log in to us will communicate personal information to us;
  • Electronic forms. By completing one of our electronic forms, including the registration form for our portals or virtual clinic, or when you submit an online application;
  • Emails sent. Through emails you send to us using one of the email addresses available on our website;
  • Cookies. Through cookies, including those identified in section 6 – Cookies and other similar technologies;
  • Partners. Through third parties who collect your personal information on our behalf, as identified in section 3.2 – Collection of personal information by a third party of this policy.

Profiling, identification or location. Our website has functions that allow profiling of your activities on our website, identifying you, and locating you. These functions are used by third parties identified in section 3.5 – Access, disclosure, and transfer of personal information through cookies. We disable these functions by default. You may enable them via the cookie banner.

3.1.2 Personal Information Collected

Categories of information collected. In the course of our business, we may collect and process different types of personal Information including the information listed below:

  • Identification information and your contact details, including your first and last name, mailing address, email address, and phone number;
  • Demographic information, such as your age, gender identity, and region of residence;
  • Technical or digital information, including connection information and other information about your activities on the websites, such as your IP address, the pages you visited, the time and date of your visits, your number of connections, your domain name, the address of the referring site (if you access the website from another site), the type of browser you use, your device’s operating system, and other hardware and software information;
  • Your consents to the disclosure of personal information and the use of certain cookies on our websites, as well as to the communication or use of your personal information;
  • Information necessary for the provision of our services, such as information about services we have rendered to you or which we render to you;
  • Information that you choose to provide or transmit to us, for example, when you fill out an online form, respond to solicitations or surveys, or communicate with one of our employees or representatives;
  • Financial information, such as summary payment information, if you wish to pay for our services online.

Limiting Processing to necessary and legitimate purposes. In each case, such personal information is processed in accordance with the necessary and legitimate purposes listed in the 3.4 – Use of personal information below.

3.1.3 Collection by a Third Party

Third parties collecting personal Information on our behalf. When you use the services of our providers, they may collect certain personal Information on our behalf.

Automattic (WooCommerce and WordPress). Its platforms integrated into our website facilitate content management and e-commerce. They collect, on our behalf, identification and contact information, your age, gender, as well as information you choose to transmit to us or that may be necessary to provide our services. In addition, technical information such as your IP address and pages viewed are also collected.

Stripe and Bambora. For secure payment processing, we collaborate with these third-party services. These platforms collect identification and contact information, including your name, mailing address, email address, and phone number, as well as financial information such as your credit card details or other means of payment.

Illuxi. This platform is used to facilitate your virtual consultations. Through this technology, you can create a personal portal, schedule online information and evaluation sessions with a specialist technician, and receive relevant documents deposited in your file. You will also receive appointment confirmations and reminders by email, ensuring effective and personalized follow-up. In the course of these services, the platform may collect on our behalf your identification and contact information, your age, gender, as well as technical information such as your IP address and device details.

For more information about our providers, please see the section Access, disclosures, and transfers of personal information in this policy.

3.1.4 Refusing Collection

Refusing to consent. Unless required by law or by your contractual obligations, you may refuse or withdraw your consent to certain specific uses or disclosures of your personal information:

  • by not entering your personal information in our electronic or paper forms where providing it is indicated as optional;
  • by selecting “refuse” in the cookie banner (cookie manager); or
  • by sending a request to our person responsible for the protection of personal information using the contact details listed in section 1(b) of this Policy.

Measures available to opt-out of ways to collect personal information. You may also provide your personal information to us other than through technological means such as our websites. You can provide us with the following:

  • By e-mail;
  • By phone; or
  • In person.

3.2 Use, Access, and Disclosures of Personal Information

3.2.1 Use of Personal Information

Purposes of personal information. We may use your personal information for the purposes described below:

  • operate, maintain, monitor, develop, improve, and offer the features of our website;
  • present and provide our services as described in section 2 – Definitions;
  • perform our contractual obligations to you;
  • manage billing and process payments;
  • process and resolve complaints and dissatisfaction;
  • offer personalized recommendations based on purchasing profile;
  • develop, improve, and offer new services;
  • for marketing and business development purposes, if you have previously consented to the processing of your personal information for these purposes;
  • respond to your questions and provide assistance as needed;
  • conduct research, analyses, and statistics related to our organization and our services;
  • detect and prevent fraud, errors, spam, abuse, security incidents, and other harmful activities; or
  • for any other purpose required or permitted by applicable laws.

3.2.2 Access to personal information within the company

Limiting access to personal information. We may allow access to your personal information to our employees who need this information to help us operate our website, deliver our services, carry out our activities, or serve you. Your personal information is generally accessible only to our directors, employees, or representatives whose access to your personal information is necessary for them to perform their duties. As such, your information may be accessible to:

  • Our Person Responsible for the Protection of Personal Information;
  • Our IT (“Information Technology”) services;
  • Our customer service;
  • Our sales teams;
  • Our finance department;
  • Our marketing department;
  • Our human resources (in the case of applying for a job);
  • Our operations teams; and
  • Our clinics.

3.2.3 Disclosures of personal information

Protective measures when communicating to third parties. We may transfer, disclose, or allow access to your personal information to our service providers who need this information to help us operate our website, deliver our services, carry out our activities, or serve you. We disclose your personal information to our service providers only if they have previously agreed in writing to ensure the confidentiality of your personal information in accordance with applicable laws and our information governance program by implementing various protection and information-governance measures. These measures are proportional to the sensitivity of the personal information processed or disclosed. Without limitation, our service providers may use your personal information only confidentially, according to our instructions, and solely for the purposes for which it was provided. Moreover, we provide our service providers only with the personal information necessary to perform their mandate or contract, and we require these service providers to appropriately destroy the personal information at the end of the contract or as soon as its use is no longer necessary.

Our service providers. Although we try to avoid disclosing your personal information to third parties, We may use service providers to perform various services on our behalf, such as IT management and security, marketing, and information analysis, hosting, and storage. We have outlined below certain cases where such sharing may occur:

  • We use the Google Analytics and DoubleClick cookie to analyze website traffic and establish statistics. We also use Google Ads to analyze the audience for our services, establish statistics, and communicate with clients and prospects. Finally, we use YouTube to present our products and Services. For more information, consult Google’s privacy policy and their table of cookies intended for advertising and measurement (English only).
  • Please note that these cookies may collect Personal Information that may locate you and profile your activities on the web (targeted advertising). These cookies disclose personal information to Google for the purposes identified in the Cookies and other similar technologies section of this policy.

We use several social media platforms to share content, for recruiting purposes, and to keep you informed of the organization’s latest news. For more information, consult their privacy policies:

Please note that these cookies may collect personal information that may locate you and profile your activities on the web (targeted advertising). These cookies disclose personal information to Google for the purposes identified in the Cookies and other similar technologies section of this policy.

We work with various providers to manage Our online store, including e-commerce platforms and secure credit-card payment processing. For more information, consult their privacy policies:

All categories of personal information identified in section 3.1 – Collection of Personal Information may be disclosed or retained through these services.

We use platforms to manage and send our newsletters, including Dialog Insight, as well as MEDFAR’s services to manage and send appointment reminders and other types of confirmations, including via SMS. For more information, consult their privacy policies:

We use Microsoft services (Outlook and the Microsoft Office suite) to store our documents and emails and Microsoft Azure for hosting our information. For more information, consult Microsoft’s privacy policy.
All categories of personal information identified in section 3.1 – Collection of Personal Information may be disclosed or retained through these services.

We use third-party providers to manage and host our website and domain name. For more information, consult their privacy policies:

All categories of personal information identified in section 3.1 – Collection of Personal Information may be disclosed or retained through these services.

We use the services of providers for advertising and for managing our online presence, including our Websites, our social media, and the creation and dissemination of our advertisements. For more information, consult their privacy policies:

All categories of personal Information identified in section 3.1 – Collection of personal information may be disclosed or retained through these services.

We use Veeam’s services to back up our information. For more information, consult Veeam’s privacy policy.

All categories of personal information identified in section 3.1 – Collection of personal information may be disclosed or retained through this service.

We use Mynjob’s services to manage our human resources. For more information, you can consult Mynjob’s privacy policy.

All categories of personal information identified in section 3.1 – Collection of personal information may be disclosed or retained through this service.

We also use Illuxi’s services to facilitate your virtual consultations. For more information, you can consult Illuxi’s privacy policy.

All categories of personal information identified in section 3.1 – Collection of personal information may be disclosed or retained through this service.

We use Office Depot’s shredding services. For more information, you can consult their privacy policy.

We use Usercentrics (Cookiebot) to manage cookies. For more information, you can consult Usercentrics’ privacy policy.

Disclosure of personal information outside Quebec. We may disclose your personal information outside of Quebec and mandate an entity located outside of Quebec to collect, use or retain your personal Information on our behalf.

Safeguards for disclosures outside Québec. Before disclosing your personal information to third parties outside Québec, we conduct a privacy impact assessment to evaluate risks that may affect the security of your personal information. This assessment also identifies the appropriate security measures to mitigate or eliminate these risks. The disclosure will then be subject to a written agreement binding these third parties to comply with such measures.

Specific disclosures of your personal information. We may disclose your personal information when we believe that such disclosure is authorized, necessary or appropriate, including:

  • to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
  • to protect our business;
  • to comply with legal process;
  • to protect our rights, the privacy of our employees, officers and directors, our safety and our property;
  • to protect your privacy and rights, or the privacy and rights of third parties;
  • to allow us to pursue available remedies or limit the damages we may sustain; and
  • where it is consistent or required to do so under applicable laws, including laws outside your country of residence.

Possibility of business transactions. In accordance with the act respecting the protection of personal information in the private sector (CQLR c P-39.1), We may share or transfer your personal information during business transactions involving our organization or assets, such as a sale, merger, or reorganization. In such cases, you will be informed before your personal information is transferred and becomes subject to another privacy policy.

3.3 Consent

Consents to the collection, use or disclosure of personal information. Unless otherwise required by law, the company obtains your consent for the collection, use and disclosure of your personal information by us. However, if you provide us with personal information about other individuals, you must ensure that you have given them due notice that you are providing their information to us and that you have obtained their consent to such disclosure.

Criteria for the required consent. We will seek your express, free, and informed consent given for specific purposes before using or disclosing your personal information for purposes other than those set out herein. We will also seek your explicit consent whenever sensitive personal information is involved in any of the organization’s processing activities. We will request your consent for each specific purpose in simple and clear terms, distinctly from any other information communicated to you.

BY USING OUR WEBSITES, BY TRANSMITTING YOUR PERSONAL INFORMATION BY EMAIL OR USING AN ONLINE FORM, YOU CONSENT TO THIS PRIVACY POLICY AND TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY.

Refusal to use the website. If you do not consent, please stop using the websites. Except where otherwise provided by law, you may withdraw your consent at any time upon giving reasonable prior notice. Please note that if you choose to withdraw your consent to the collection, use, or disclosure of your personal information, certain features of our website may no longer be available to you, or we may no longer be able to provide certain services.

3.4 Retention of personal information

Retention of personal information. Subject to applicable laws, we retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, unless you consent to your personal information being used or processed for another purpose.

Additional information. To obtain more information about the periods during which your personal Information is retained, please contact our person responsible for the protection of personal information using the contact details provided in section 1b) – Data protection officer of this policy.

4. Processing of personal information collected to provide our aesthetic and medical services

Processing of information in clinics. We collect and use clients’ personal information in order to provide them with aesthetic or medical services. The nature and scope of the information collected vary depending on the type of care requested, and collection may be carried out directly in the clinic or through third-party platforms or systems.

Collection may take place in various ways, including:

  • In person during your visit to the clinic;
  • By email or telephone during your communications with us;
  • Through our websites or appointment-booking platforms;
  • Using digital tools, such as Samsung tablets or iPads, depending on the clinic.

Some personal information may be collected or disclosed to our customer relationship center to respond to client requests. In addition, when a service is not offered at a clinic, information may be exchanged via a third-party system to refer the client to another entity within the company’s network.

We may also collect banking information necessary for payment processing, which is transmitted to our payment terminal provider.

If requested by the client, financing arrangements may be made with external partners (e.g., Fairstone). For this purpose, certain personal information may be used to process such a request and may be disclosed to these third parties.

Aesthetic services. Information collected is used to open the client’s file and to provide the contracted aesthetic services.

As part of certain diagnostic treatments (notably for the face), photographs may be taken using the Visia device. These images are used for skin evaluation and are added to the client’s file.

Information may also be hosted on external servers (e.g., Microsoft Azure) and stored in client file management software (e.g., CTRL, Medfar, or Netsuite). Some information may be disclosed to other providers required to deliver the service, including those identified in section 3.2.3 Disclosure of Personal Information. In some cases, information may be disclosed outside of Québec.

Medical services. Information collected is used to deliver the requested medical services, as well as to manage medical records and prescriptions.

For certain services, a medical prescription is required. In this context, information may be shared with a healthcare professional or collected directly by them. These professionals also record the information needed for follow-up in a shared medical file, which may be managed by a third party located outside Québec (e.g., MYLE).

When required for billing or reimbursement purposes, information may be shared with insurers.

Clients’ rights. Clients who provide their personal information in the context of care provision have, subject to certain legal or contractual restrictions, the following rights: the right to access their personal information, the right to correct any inaccurate or incomplete information, and the right to withdraw their consent to the use or disclosure of their information. For more details, see section 5. Your Rights.

5. Your rights

List of rights. As a data subject, you may exercise the rights set out below by contacting in writing our privacy officer at the contact details provided in section 1b) – Data protection officer of this policy. Please note that we may ask you to verify your identity before responding to any such request.

  • You have the right to be informed about the personal Information we hold about you, its use, disclosure, retention, and destruction, subject to the exceptions provided by applicable law;
  • You have the right to access your personal information, to request a copy of documents containing your personal information, subject to the exceptions provided by applicable law, and to obtain, where applicable, additional details on how we use, disclose, retain, and destroy it by submitting a written request to our privacy officer;
  • You have the right to have corrected, modified, or updated the personal information we hold about you if it is incomplete, ambiguous, outdated, or inaccurate, by submitting a written request to our privacy officer;
  • You have the right to withdraw or change your consent to the collection, use, and disclosure of certain of your collected personal information (as identified in Section 3.1 – Collection of personal information of this policy) at any time, subject to applicable legal and contractual restrictions;
  • You have the right to request that we cease disseminating your personal information and de-index any link associated with your name that provides access to such information if this dissemination contravenes the law or a court order;
  • You have the right to request that your personal information be disclosed to you or transferred to another organization in a structured and commonly used technological format;
  • The right to be informed of a confidentiality incident involving your personal information that could cause you serious harm. For this purpose, we maintain a register of all confidentiality incidents and assess the potential harm they may cause; and
  • You have the right to file a complaint with the Commission d’accès à l’information, subject to the conditions set out by applicable law.

6. Questions and complaints

Complaints process. You may address any complaints about our privacy practices and policies by contacting our privacy officer using the contact information identified in the 1b) – Data Protection Officer.

Questions. You may also contact our privacy officer with any questions relating to this privacy policy using the contact details identified in the 1b) – Data protection officer.

Requirement to Identify Yourself. To process your request, you may be required to provide appropriate identification or otherwise confirm your identity.

7. Cookies and other similar technologies

Use of cookies. Cookies are small text files that are stored on your device or browser. They enable the collection of certain information during your visit to the website, including your preferred language, the type and version of your browser, the type of device you use, and your device’s unique identifier. While some cookies are deleted after the end of your browser session, others remain stored on your device or browser so that your browser may be recognized on your next visit to the website. We use cookies and other similar collection technologies such as pixels (collectively, the “Cookies”) to help operate, protect, and optimize the website and the services we provide. Cookies do not damage your device and cannot be used to extract your personal information.

Possible browser configuration. You can configure your browser to be notified about cookies and to accept or reject them. However, disabling cookies may affect your browsing experience and limit certain features of the site.

Types of cookies.

  • First-party cookie: Placed by the website you are visiting.
  • Third-party cookie: Placed by external domains through the visited site. If a user visits a website and another entity places a cookie through that website, it is considered a third-party cookie.
  • Persistent cookie: Remains on your device for a defined period.
  • Session cookie: Created temporarily. Once you close the browser, they are deleted from your browser.

Categories of cookies. In general, the website uses cookies to distinguish you from other users. This helps us provide you with a good experience when browsing the website and also allows us to improve it. To view the categories of cookies used on our website, you can consult our cookie manager, accessible at the bottom of our web page.

Consent to cookies. All cookies require your consent. We request your consent before placing them on your device. You can give your consent by clicking the appropriate button on the cookie manager banner displayed to you. If you do not wish to give your consent, or if you wish to withdraw your consent to any cookie at any time, you will need to delete, block, or disable the cookies through the cookie banner, available settings options, or through your browser settings. Please note that disabling cookies may adversely affect your browsing experience on the website and prevent you from using some of its features.

List of cookies. To see the full list of our cookies, use our cookie manager. To learn more about how we use cookies, you may consult our “Cookie Policy.”

8. Security measures

Purposes of our security measures. We have implemented physical, technological, and organizational security measures designed to adequately protect the confidentiality and security of your personal information against loss, theft, unauthorized access, intrusion, disclosure, reproduction, communication, use, or modification. These measures include, in particular:

  • Administrative measures. We have adopted policies and procedures governing the access, disclosure, retention, and destruction of personal information. We also define the roles and responsibilities of our employees throughout the information lifecycle. In addition, we have established procedures to manage confidentiality incidents and complaints relating to the protection of personal information.
  • Technical measures. We use secure servers with SSL technology and encrypt our databases as well as those of our providers. We limit access privileges to personal information and have implemented backup systems, network monitoring, and firewalls. We also use encryption systems, access controls, and conduct internal audits to ensure the security of Your information.

Incomplete list of measures. We have not exhaustively listed the set of measures we put in place given the public nature of this policy.

It is impossible to guarantee a complete absence of risk. Despite the measures described above, we cannot guarantee the absolute security of your personal information. If you have reason to believe that your personal information is no longer protected, please contact our privacy officer immediately using the contact information provided in the section 1(b) – b) Data protection officer above.

9. Changes to this privacy policy

Right to modify this policy. We reserve the right to modify this policy at any time in accordance with applicable legislation. In the event of modification, we will publish the revised version of the privacy policy and update the revision date in the footer. We will provide reasonable notice prior to the effective date of the new version of our policy. If you do not agree with the new terms of the privacy policy, we encourage You to stop using our website and services. If you continue to use our website or services after the new version of our policy takes effect, your use of our website and services will then be governed by this new version of the policy.

10. Links to Third-Party websites

Responsibility for Third-Party Websites. From time to time, we may include references or links on our website to third-party websites, products, or services (“Third-Party Services”). These Third-Party services, which are not operated or controlled by the organization, are governed by privacy policies entirely distinct from and independent of ours. We therefore assume no responsibility for the content and activities of these sites. This policy applies only to the website and services we provide.

11. Invisible reCAPTCHA

What reCAPTCHA Does. Invisible reCAPTCHA analyzes activity on a webpage function (e.g., mouse movements and keystroke patterns) to determine whether a user is a bot. The invisible reCAPTCHA service may collect information from your device. The information collected by reCAPTCHA is retained in accordance with its privacy policy.

12. Individuals under 14 years of age

Consent of Minors Under 14. We do not knowingly collect or use personal information from individuals under 14 years of age. If you are under 14, you must not provide us with your personal information without the consent of your parents or guardian. If you are a parent or guardian and learn that your child has provided us with personal information without consent, please contact us using the contact details provided in section 1(b) above to request the deletion of your child’s personal information from our systems.

13. Governing laws

Laws of Québec and Canada. The laws of Canada and Québec, excluding its conflict of law rules, will govern this agreement and your use of the website. However, by accessing the website from other jurisdictions, you may be subject to additional local, provincial, national, or international laws applicable to your situation.

Epiderma takes good care of you
Make an appointment
Step 1 of 4
Make an appointment
Please select a treatment
Please select an appointment type

To schedule a medical consultation, you must be at least 18 years old. Booking fees are payable at the last step.

Please select a clinic
Please select a clinic

Enjoy up to 60% off our laser hair removal packages.

Select a timeframe
Please confirm your appointment type
Please select a timeframe
Loading timeframes
Confirm client informations Welcome back,

Please review your personal informations in order to proceed to the last step.

We could not connect you to your account with the provided information, please double-check and try again!
Please enter your first name
Please enter your last name
Please enter a valid e-mail address
Please enter your phone number
Please enter your postal code
Please enter a valid date of birth
Confirm your appointment

By clicking on the button below, you will confirm your appointment. Make sure the information about the appointment is correct.


Thank you!

Your appointment is confirmed. You can visit your account to view your appointments.

Are you sure?

Making an appointment for evaluation with an expert from Epiderma is free of charge. Whether it is in the comfort of your home via the virtual clinic or in the clinic, our teams will be able to advise you in a personalized approach.

Confirm and exit
Created with Sketch. Created with Sketch.