Website Privacy

LAST UPDATE: October 20th, 2022

At Rexall Pharmacy Group ULC (“Rexall”, “we” or “us”) we value the trust that our customers place in us to appropriately use and protect personal information. This Website Privacy Notice informs visitors and regular users of the Rexall.ca website (the “Website”) about the purposes for which Rexall may collect, use, and share personal information, and how it is protected. We want you to be clear how we use personal information and the ways in which we protect this information. By using the Website, you accept the Website Privacy practices presented in this Website Privacy Notice. We encourage you to read this Website Privacy Notice in full to understand our Website Privacy practices before using the Website or submitting any personal information.

This Website Privacy Notice applies only to the Rexall.ca website. Rexall and its affiliates and subsidiaries may have separate websites, sub-domains, and services through other web, mobile, or cloud platforms that are not subject to this Website Privacy Notice. Additionally, Rexall business partners, ad networks, and other third parties have their own websites and services with separate Website Privacy practices. We encourage you to read the Website Privacy notices of all websites, portals, and applications that you visit to understand their Website Privacy practices.

Throughout this Website Privacy Notice, we use the term “personal information”, which is any information accessed, collected, or used by Rexall that identifies an individual, or can reasonably be used to identify an individual, directly or indirectly. “Personal information” is equivalent to similar terms used in different regulations, such as “personally identifiable information (PII)” and “personal data.”

When you use the Website, we may collect personal information about you. The personal information we may collect with your prior consent, where required by law, includes but is not limited to:

• Your name and initials
• Your email address
• Your date of birth
• Your contact information
• Some health-related information, such as your medical records and other information about your health and your prescriptions, that has been collected or generated by your pharmacist for the purpose of managing your prescriptions and prescription refills
• Some user behavioral information such as the products that you choose to purchase and your preferences
• If you choose to apply for a position at Rexall, we will collect the information contained in your resume and cover letter as well as any information you decide to share with us as part of the application process
• Information about you that you share or make visible on the Internet. We may combine such information with information we already have about you.

We may collect non-personal information and it may be aggregated with other information. If we combine your non-personal information with personal information, the combined information will be treated as personal information.

You do not have to provide us with this information if you do not want to; however, that may limit your ability to use certain functions or to request certain services or information.

Rexall does not currently offer users of this website the ability to make online purchases on Rexall.ca. However, if you wish to pay for prescriptions and other merchandise over the phone at your local Rexall store, your Credit Card company requires us to obtain your consent before we store your credit card credentials for future purchases.

By clicking on Payments.Rexall.ca(opens in a new window), you can submit this credit card information and provide your consent for this purpose by agreeing to the terms of this Website Privacy Notice.

The information that we store to allow for these future purchases using your credit card is as follows:

1. Your name, as the credit card holder;
2. The last four digits of your credit card number and the expiry date;
3. Your contact information, so we can notify you if there are any changes to the terms of use; and
4. The name of the patient or customer for which the credit card can be used, their date of birth and the location of their local Rexall® pharmacy.

The stored credit card credentials are only used by Rexall at your request, as agreed to by you and your local Rexall® pharmacy. We do this using a technology called "payment tokenization". That's just a fancy way of saying we don't actually store your credit card number. Instead, when you complete a purchase, we use your credit card number to obtain a secret token - a special random string of letters and numbers - from the credit card payment provider. Then, when you want to make your next purchase, instead of sending your credit card number to the credit card payment provider, we send the secret token. Just like all of our other financial transactions, this communication is set up to take place over a secure, encrypted communication line. We may use third party providers to deliver your purchases, and accordingly we share your name, phone number, email address and shipping address with such providers for the purposes of completing your delivery.

If you choose to provide your consent for the storage of your credit card credentials for these purposes, your consent will be valid until you withdraw consent, or your current credit card expires, whichever comes first. If you wish to withdraw consent; simply call us at 1-844-382-4021 and we will remove your information from our payment system.

If you choose not to provide your consent, you will only be able to make purchases in-person at your local Rexall pharmacy.

We use various technologies to collect personal information about visitors to our Website. These technologies include the following:

• Web server logs
  • As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and/or clickstream data.
• Cookies and pixel tracking
  • We and our subsidiaries, business partners, marketing partners, affiliates, or other service providers may utilize cookies. Cookies uniquely identify your device or user account associated with the Website. You can control the use of cookies by adjusting your browser preferences at any time. If you reject cookies, you may still use the Website but your ability to use some features or areas of the Website may be limited. We may also use tracking pixel. A tracking pixel is a piece of code embedded on a web page that collects information about users’ engagement on that web page. The tracking pixel can be provided either by Rexall or its advertising partners. The tracking pixel may include a command to create cookies.
• Geo-location
  • When you enable a location-based service, we may collect information about your location for the purpose of providing you with the weekly flyers, finding a Rexall drugstore or locating a medical clinic closest to you. We use various features to determine location, such as IP address, GPS signals, and sensor data from your device that may provide information on nearby Wi-Fi access points and cell towers. You may opt out of geo-location collection by changing the setting of your browser or device.
• Other Tracking Technologies
  • The Website uses Google Analytics, a Google Inc. (“Google”) provided web analysis service. To learn more about how Google Analytics collects and processes data, please visit Google’s website "How Google uses data when you use our partners' sites or apps" located at www.google.com/policies/privacy/partners/(opens in a new window)
  • We also use HTML5 (or any similar technologies) to collect and store content information and preferences. Our third-party partners, who provide certain features on this Website or who display advertising, use HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 (or any similar technologies).

These methodologies are used for the following purposes:

• Quick and easy online prescription refills
• Online prescription transfers to Rexall
• View weekly flyer
• Find a Rexall Drugstore
• Store locator

We may receive reports based on the use of tracking technologies on an individual and aggregated basis.

Some web browsers have a “Do Not Track” feature. This feature allows you to tell websites you visit that you do not want to have your online activity tracked over time and across websites. These features are not yet uniform across browsers. The Website is not currently set up to respond to those signals.

We may use the personal information we collect for purposes such as:

• provide healthcare and pharmacy related services including the management of your prescriptions and refills
• communicate with individuals involved in your care
• provide health-related education communications
• communicate products and services
• provide loyalty programs, promotions and other non-pharmacy related activities
• managing the Rexall business

We may provide the following information to SalesForce.com Inc. located in the United States for the purpose of deploying emails, personalize your user experience and provide you with marketing targeted to your preferences. To learn more about how SalesForce.com collects and processes data, please visit https://www.salesforce.com/ca/company/privacy/(opens in a new window) :

• Email: Customer Email ID
• Opt ins: Customer Opt In Date, Time and Programs subscribed to. E.g Newsletters
• Postal Code
• Province
• City
• First Name
• Last Name
• Source: which website you have opted-in from

We may also use the information collected for the following purposes:

• Surveys or Contests
  • If you participate in surveys or register to contests, we will request certain personal information from you. Participation in these surveys or contests is completely voluntary and you have a choice whether to disclose this information. We may use a third-party service provider to conduct these surveys or contests. We will not share the personal information you provide through a contest or survey with other third parties unless we give you prior notice and choice.
• Advertising
  • We may partner with a third party to manage our advertising. Our third-party partner may use cookies and other technologies to gather information about your activities to provide you advertising based upon your browsing activities and interests.

• We may share personal information with other Rexall Business Units when permitted by law. Additionally, we may share your personal information with third parties only in the ways described in this Website Privacy Notice.
• We do not give, rent, or sell personal information to any organization or individual. We may provide your personal information to Rexall affiliates or subsidiaries, suppliers, and companies contracted to process and manage transactions, research, analysis and communications. However, personal information may be disclosed to such organizations or individuals whose services are retained by Rexall or its affiliates or subsidiaries, including advertising agencies, direct marketing agents, data processing and storage firms as well as mailing houses, and providers of administrative support service. These agents, representatives or organizations must sign a confidentiality agreement and may only use the information disclosed to them for the purposes mentioned in the agreement, after which they must return this information to us or destroy the information, without keeping a copy. They are prohibited from disclosing the information to third parties without obtaining appropriate consent in advance.
• Some of our pages may utilize framing techniques, which allows us to display content to/from our partners while preserving the look and feel of our website. If you choose to interact or share personal information via these frames, please be aware you are providing personal information to these third parties and not directly to Rexall, and your personal information is subject to the Website Privacy practices of these third parties.
• Our site may offer a public area for users to share posts, comments, blogs, or testimonials. You should be aware any personal information you provide in these areas may be read, collected, and used by others who access them. To request removal of personal information from our blog or community forum, contact us at Toll-free: 1-877-378-4100 or send an email to privacyofficer@rexall.ca.

Rexall may also need to share information with companies, organizations, or individuals outside of Rexall if we have a good faith belief that access, use, preservation, or disclosure of that information is reasonably necessary to:

• Meet applicable laws, regulations, legal processes, or enforceable governmental requests
• Enforce applicable Terms of Service, including investigation of potential violations
• Detect, prevent, or otherwise address fraud, security, or technical issues
• Protect against harm to the rights, property or safety of our users, Rexall, or the public as required or permitted by law
• Engage in a merger, acquisition, reorganization, or sale of all or a portion of Rexall assets.

Where appropriate or legally required, we will describe how your information we collect through this Website will be used, and will provide choices about whether to allow us to engage in that use. To exercise your choice, you may contact us to correct, update, amend, or request deletion of your personal information through the address listed in the Contact Information section below.

Where permitted in our legitimate interest, or with your prior consent where required by law, we will use your name and email address to send our newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or contacting us using the contact information listed below in this Website Privacy Notice.

You can contact us directly any time at the address listed in the Contact Information section below to update your personal information or make another type of request regarding the information you know or believe Rexall holds about you. Here are some rights that you may have according to where you are located:

• Access
  • Subject to applicable law, you have the right to receive information about, and review in person, or obtain copies of, the personal information we maintain about you. We may charge you a reasonable fee as allowed by law to obtain this information.
• Amendment or Deletion
  • Subject to applicable law, you have the right to request that we amend or delete your personal information.
• Disclosure Accounting
  • Subject to applicable law, you have the right to request and receive a list of certain disclosures made of your personal information. If you request this list more than once in a 12-month period, we may charge you a reasonable fee as allowed by law to respond to any additional request.
• Use/Disclosure Restriction or Objection
  • Subject to applicable law, you have the right to request we restrict our use or disclosure of your personal information for certain purposes. You also have the right to object to the processing of your personal information. We may not be required to agree to a requested restriction or objection. We will agree to restrict use, or disclosure of, your personal information provided the law allows it and we determine the restriction does not impact our ability to operate our business, provide diagnostic services, and comply with the law. Subject to applicable law, even when we agree to a restriction request, we may still disclose your personal information in a medical emergency and use or disclose your personal information for public health, safety and other similar public benefit purposes permitted or required by law.
• Withdraw Consent
  • Subject to applicable law, you may withdraw your consent to our processing of your personal information. Note: withdrawal does not invalidate the consent-based processing that occurred prior to withdrawal.
• Automated Decision Making
  • Subject to applicable law, if at any time the Website uses automated decision making to process personal information, you have the right to object to the use of your personal information.
• Data Portability
  • Subject to applicable law, you have the right to receive your personal information in a structured, commonly used, and machine-readable format.

These rights may be limited in some circumstances by local law requirements.

Rexall shall provide you with a response to any such request(s) without undue delay and in any event within 30 days of receipt of the request. That period may be extended by 30 days where necessary, taking into account the complexity and number of request(s). Rexall shall inform you of any such extension within 30 days of receipt of the request, together with the reason(s) for the delay. If you make the request by electronic-form means, the information shall be provided by electronic means where possible, unless otherwise requested by you in written documentation.

You can also exercise the rights listed above at any time by going to the contact information at the bottom of this notice.

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection or Website Privacy regulator.

We will retain your personal information to meet our contractual obligations to you and for as long any account you activate on, through or in association with this website is active, is reasonably useful for commercial purposes, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

You may choose to enable an interface, share with others, or log in to the Website via various social media or social networking services such as LinkedIn, Instagram, Facebook, or Twitter (“Social Networking Services”). By integrating these Social Networking Services into the Website, we can offer you a richer and more personalized experience with our products and services. When you connect your current account to a social media account, we may collect certain personal information you have provided to the Social Networking Service. For example, when you log in with your Facebook credentials, we may collect personal information from your Facebook profile, such as your email address, profile picture, and friend list.

This Website is not intended for any user under the age of 14 and we do not knowingly collect personal information from children under the age of 14. We request children under the age of 14 not submit any personal information through this Website.

As a key provider of services and technology to the healthcare industry, Rexall has implemented programs to address the Website Privacy and security requirements of protecting health information.

Rexall has also established appropriate physical, technical, and administrative safeguards to protect the personal information we collect from or about our users. We restrict access to personal information to Rexall employees, contractors, and agents who need to know the information to process it for us, and who are subject to confidentiality obligations.

Any sensitive personal information (e.g., healthcare number) will be transmitted in an encrypted form using TLS protocol or other equivalent encryption technology (TLS is cryptographic protocol that provides end-to-end communications security over networks). Notwithstanding our security safeguards, it is impossible to guarantee 100% security in all circumstances. If you have any questions about security or have reason to believe your interaction with us is no longer secure (for example, you feel the security of any account you might have with us has been compromised), you must immediately notify us of the problem by contacting Rexall at Toll-free: 1-877-378-4100 or by sending an email to privacyofficer@rexall.ca.

When you use this Website, your personal information may be transferred to another country where we or our service providers operate, including the United States. These countries may have different data protection standards and Website Privacy laws from your country of residence, but we will transfer and protect your personal information lawfully and in accordance to this Website Privacy Notice. We will have proper contracts or legal mechanisms in place (such as data protection agreements or other standard contractual clauses) prior to transferring personal information to another country.

We may periodically update this Website Privacy Notice to describe new features, products, or services we offer and how it may affect our use of personal information about you and your controls. Since we may change this Website Privacy Notice, we recommend you check the current version available from time to time. If we make changes to this notice, we will update the “Effective Date” at the beginning of this notice.

If you have questions or concerns about this Website Privacy Notice, our information handling practices, or any other aspect of Website Privacy and security of your personal information, please contact us at: privacyofficer@rexall.ca

You may also call us Toll-free at 1-877-378-4100

Or write to us at:

Rexall Pharmacy Group ULC
ATTN: Mona Sabharwal, Privacy Office
2300 Meadowvale Blvd
Mississauga, ON L5N 5P9

For more information on your privacy rights, you may also contact the Federal Privacy Commissioner at:

Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario
K1A 1H3

Or your provincial office of the Information and Website Privacy Commissioner for more information.

If you are a Quebec resident and you have questions or comments about our efforts to protect your personal privacy, or if you require additional information about our privacy practices, please contact us at compliance@mckesson.ca

You may also write to our Privacy Officer at:

McKesson Canada Corporation
Attn: Privacy Officer
2300 Meadowvale Blvd
Mississauga, ON
L5N 5P9