Updated March 7, 2014
Our Commitment To You
In order to provide you with products and services, as well as to remain compliant with applicable regulations and laws, CannTrust needs to know some of your personal information.
You have a right to know how we collect, use and disclose your personal information and to correct that information if it is wrong. You can rest assured that we will, to the best of our ability, ensure that your personal information held by us remains accurate, confidential and secure.
How We Collect And Use Your Personal Information
CannTrust only collects, uses and discloses personal information for purposes that would be considered reasonable in the circumstances and only such personal information as is required for the purposes of providing our services. Personal information is collected directly from the person concerned, their authorized representatives or from other medical training, licensing, regulatory or credential verification organizations. We use only fair and lawful methods to collect personal information.
CannTrust only uses your personal information for the following purposes:
i.To process your registration application with us and determine your eligibility for our products and services;
ii.To verify your medical declaration, your identity and other documentation you provide to us;
iii.To offer products and services to you and to better understand your need for our products and services;
iv.To process payment for our products and services;
v.To meet our legal and regulatory requirements; and
vi.Other purposes consistent with these purposes.
Because we value your trust, we will only ask for personal information that we need and, when we ask you for additional personal information, we will let you know why we need it.
When And To Whom We May Disclose Your Personal Information
Where CannTrust discloses personal information to organizations that perform services on its behalf, we will require those service providers to use such personal information solely for the purposes of providing services to CannTrust or the person concerned and to have appropriate safeguards for the protection of that personal information.
CannTrust may disclose your personal information to:
i.Individuals or organizations who are our service providers;
ii.Individuals or organizations who are involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our computer systems;
Please note that there are circumstances where CannTrust is permitted or obliged, under applicable privacy legislation, to disclose personal information without consent. Such circumstances include:
i.Where required by law or by order or requirement of a court, administrative agency or governmental tribunal;
ii.Where CannTrust reasonably believes that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
iii.Where it is necessary to establish or collect monies owing to CannTrust; or
iv.Where it is necessary to permit CannTrust to pursue legal remedies or limit any damages that we may sustain.
A record is kept each time personal information is disclosed, noting the nature of the disclosure, the date and the identity of the party to whom the disclosure was made, provided that individual records of disclosure are not maintained for regular or routine actions such as transfers of personal information to businesses acting as agents of CannTrust.
The Accuracy Of Your Personal Information
While CannTrust tries to ensure that the personal information we hold about you is accurate, complete and up-to-date, CannTrust does not routinely update your personal information, unless required. Therefore, it is your responsibility to inform CannTrust promptly of any changes in your personal information. CannTrust will, from time to time, verify the personal information that you provide as part of its routine process of client verification or customer service. This may include verifying other elements of your personal information with associated stakeholders.
If you believe that personal information in your records may be inaccurate, we make it easy for you to access, verify and update it. If incorrect personal information has been provided to third parties, we will convey the corrected information to them, if necessary.
If we do not agree to change your personal information, you may challenge our decision. We will make a record of this challenge, and if necessary, disclose the challenge to third parties who also possess the personal information.
Retention Of Your Personal Information
We keep your personal information only as long as it is required for the reasons it was collected. The length of time CannTrust retains your personal information varies, depending on the purpose for which it was collected and the nature of the information. This period may extend beyond the end of your relationship with CannTrust but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date. When your personal information is no longer required for our purposes, procedures are in place to destroy, delete, erase or convert it into an anonymous form.
Currently, the principal place in which CannTrust holds your personal information is Ontario, Canada. We use accredited, secure, off-site digital storage facilities in Canada that do not transmit or store data outside of Canada.
Access To Your Personal Information
CannTrust allows you to access and review your personal information held by us. We will respond to a request for access within a reasonable time and generally no later than 30 days following the request.
You can view your information through your online account. To review other personal information that CannTrust has about you, simply make a written request to the Privacy Officer. The personal information will be obtained from your records at CannTrust and will normally be provided within 30 days of your request. There may be a charge for retrieving a complete list of personal information, in which case you will be notified in advance and you may, at that time, withdraw your request.
If you have a sensory disability, on request, we will give you access to your personal information in an alternative format if available. If it is necessary and if we can reasonably do so, we will convert the personal information into an alternative format.
Sometimes, CannTrust will not be able to provide you with your personal information that is within its control. For example, CannTrust will not provide you with personal information in its control if:
i.It may harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by law to perform such functions;
ii.It would disclose personal information, including opinions, about another individual or about a deceased individual;
iii.It would disclose trade secrets or other business confidential or proprietary information of CannTrust;
iv.It would interfere with contractual or other negotiations of CannTrust or a third party;
v.It is not readily retrievable and the burden or cost of providing would be disproportionate to the nature or value of the information;
vi.It does not exist, is not held, or cannot be found by CannTrust; or
vii.It is subject to solicitor-client, litigation or other legal privilege.
If CannTrust denies your request for access to personal information, you will be told why, unless we are prohibited by law from doing so. You may challenge that decision.
Once you have the personal information, all you have to do is check it for accuracy and let us know if there are any corrections required. If appropriate supporting documentation is provided, we will correct our records or make note of any differences. If personal information has been provided to third parties, we will convey the corrected information or note any differences to them, if necessary.
The Security Of Your Personal Information
CannTrust, its staff and our partners are committed to protecting the security of the personal information you choose to share with us.
Ultimately, while CannTrust’s senior management is responsible for protecting the personal information in its control, they delegate day-to-day responsibility to others within the company. Every CannTrust employee, as a condition of employment, takes responsibility for protecting the privacy, confidentiality and security of personal information. This obligation remains in effect even after an employee leaves CannTrust. Suppliers of services to CannTrust, such as e-commerce and credential verification firms, are required to sign contracts obligating them to protect the privacy and confidentiality of personal information provided to them to enable them to perform their functions.
CannTrust also has extensive controls to maintain the security of their operations and information systems:
i.Physical access to those areas where personal information is gathered, processed or stored is restricted to authorized employees.
ii.Appropriate controls are in place over computer systems and data processing procedures and these controls are reviewed on an ongoing basis to ensure compliance with our security and privacy policies.
iii.CannTrust destroys or erases any personal information when it is no longer needed.
iv.When personal information is destroyed or erased, CannTrust takes care that there is no unauthorized access.
Non-personal information is information that cannot identify you personally, such as, browser information and program data that records the website page choices you have made.
© 2014 CannTrust Ltd. · Privacy