Last updated: May 13, 2021

Reformulary Group Inc. (“Reformulary Group”, “we”, “us” or ”our“) is committed to protecting the privacy and confidentiality of any personal information, including personal health information, which you (“you” or “User”) may provide, or that we may obtain from you, through your use of the Reformulary DrugFinder® service, available through a website browser, a mobile device browser, a downloadable application, or other technology used to access any features, functionality, content or information (collectively referred to as the “Site”), and the services provided by or through the Site (“DrugFinder” or the “Services”).

The purpose of this privacy policy (this “Privacy Policy”) is to provide information concerning Reformulary Group’s privacy practices and policies, including:

• what personal information we collect and why we collect it;
• how we use your personal information;
• who we share your personal information with; and
• to provide contact information should you have questions or concerns about our practices.

This Privacy Policy is designed to comply with applicable privacy legislation in Canada, including the Personal Information Protection and Electronic Documents Act (“PIPEDA”). You should read this Privacy Policy carefully. This Privacy Policy is incorporated into and forms part of our Terms of Use

BY USING OUR SERVICES THROUGH THE SITE OR OTHERWISE PROVIDING US WITH PERSONAL INFORMATION, YOU ARE CONFIRMING THAT YOU ARE AUTHORIZED TO AGREE (INCLUDING UNDER APPLICABLE AGE OF MAJORITY LAWS) AND THAT YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY AND CONSENT TO OUR POLICIES AND PRACTICES FOR THE COLLECTION, STORAGE, USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION FOR THE PURPOSES IDENFIDIED IN AND IN ACCORDANCE WITH THIS PRIVACY POLICY, AND FOR THE PURPOSES IDENTIFIED TO YOU PRIOR OR AT THE TIME YOU PROVIDED THE PERSONAL INFORMATION. IF YOU ARE NOT AUTHORIZED TO AGREE OR YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU SHOULD NOT USE OUR SERVICES OR PROVIDE US WITH PERSONAL INFROMATION.

If you are agreeing to this Privacy Policy as an authorized representative on behalf of another individual, you represent and warrant that you have the authority to bind such individual to this Privacy Policy and that by agreeing to this Privacy Policy you are doing so on behalf of such individual. In such circumstances, the terms “you” or “User” shall refer to such individual and to the authorized representative in his or her capacity as authorized representative. For example, when this Privacy Policy speaks of collection, use, storage, disclosure or retention of your personal information, it is referring to the personal information of the individual on whose behalf the authorized representative is agreeing to this Privacy Policy and to any personal information of the authorized representative. An authorized representative may be a parent, spouse, or other person with the authority to use the Services on behalf of another individual. Reformulary Group reserves the right to request proof from such authorized representative that he or she has the authority to bind another individual to this Privacy Policy.
   
The types of information we collect include:
 
Personally identifiable information (or personal information) is any information recorded in any form that identifies or can identify an individual.

When you visit the Site you are not required to provide personal information to browse its content, unless you voluntarily choose to identify yourself and provide us with your personal information.

As a plan member of our client (i.e. health benefit plan provider subscribed to our services), you have the option to create a personal User account by completing the registration process on the Site to access additional features and get specific information about your drug coverage. In order to register for a User account, you will be asked to provide your full name, e-mail address and create a personal password. Once you register for a personal User account, you may access and use certain Site features that have active information collection points.

For instance, through our ‘Medicine Cabinet’ feature you can provide information about the prescription drugs that you take and/or are prescribed, including drugs dispensed, their dosage, frequency and your pharmacy information in order to keep track of your medicine and prescription information. When you decide to use the ‘Save My Search’ feature, we collect information about the drugs that you decided to save for future visits to the Site.

You also have the option to contact us with questions, comments and feedback about our services, products or other inquiries. When you choose to contact us, you will be asked to provide certain personally identifiable information. You may contact us by submitting an online ‘Contact Us’ form or using our e-mail reply mechanisms through the Site. You may also contact us directly by e-mail, phone, mail or otherwise. As Internet communication is not a secure medium, if you have concerns about providing personal information by e-mail or through the Site, you should mail or deliver to us such information at the address set out at the bottom of this Privacy Policy.

If you contact us, we may keep a record of the correspondence but we do not make any use of your e-mail address or other contact information, other than to respond to the communication. In the event we wish to use your personal information for any purpose, other than as set out in this Privacy Policy, we will obtain your consent before using the information.

The Site and the Services we provide are not directed at children and we do not knowingly collect information from individuals under the age of majority in their province or territory of residence, unless such information is submitted by an authorized representative with authority to accept and who has accepted this Privacy Policy on behalf of such under-age person.
 

Non-personally identifiable information is information that cannot be used on its own to identify or trace an individual.

We use various technologies to passively collect information from you while you are visiting the Site. Such technologies allow the Site to collect a range of non-personally identifiable information, including your Internet Protocol (IP) address (a unique identifier automatically assigned to your computer when logging onto the Internet), the type of web browser and operating system you use, the date and time you visit the Site, the specific pages you visit on the Site, and the address of the website from which you linked directly to the Site.

One example of a technology used by websites are “cookies”. Cookies are small text files that store information about your interactions with a particular website, either temporarily (known as a "temporary" or "session" cookie and deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a "permanent" or "persistent” cookie). Cookies can make it easier to use a website by allowing servers to access certain information quickly. "Session" cookies can be used to help a user's browser navigate a website more smoothly and may show up if the user comes from a website with which the subsequent website has some relationship (e.g. a website of an affiliated company) and can give helpful information. "Persistent" cookies can be used to customize a website for a user, such as by storing passwords, preferences, registration and account information so that users do not have to re-enter them each time they visit a website.

The Site uses both session/temporary cookies and persistent/permanent cookies to store information that allows us to offer you better service and navigate the Site with ease. To make the Site easier to use, we may combine information collected via cookies with personally identifiable information. You may choose to decline cookies if your web browser permits but doing so may affect your use of the Site and your ability to access certain features of the Site.

This website uses Google Tag Manager. Google Tag Manager (“GTM”) is a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager."

Reformulary Group may also collect, use, transfer and disclose non-personally identifiable information, such as summary or aggregated de-identified personal information for research, marketing and analytics purposes. For instance, we may analyze de-identified personal information related to prescription drug usage aggregated among many Users, such as top searched drugs and top drugs saved in the Medicine Cabinet, in order to better understand drug utilization of our clients by their plan members. We may also conduct research on the User demographics and behaviour based on personal information and other data we collected. We may share our analysis and reports on an aggregated basis with our clients, affiliates, partners, and other third parties, such as pharmaceutical companies and insurance companies. This non-identifiable information is anonymized such that it cannot be used alone, or in combination with other information, to identify a specific individual and therefore is considered and treated as non-personal information for the purposes of this Privacy Policy.
 
Reformulary Group collects and uses information, including personal information, that you provide or that we collect in the course of your use of our Services through the Site, when you contact us with inquiries or communicate with us, for the following purposes:
 

1. To provide the Services to you and other Users;
2. To communicate with you in connection with providing the Services to you, including sending notifications to you about prescription drugs and other relevant medical information;
3. To respond to any inquiries or correspondence you may send to us;
4. To register you for a User account on the Site and to authenticate Users for security purposes;
5. To administer and monitor the Site and User accounts, including managing e-mails and other communications that we send or receive;
6. To understand your needs and our clients’ specific business needs in connection with the provision of our services;
7. To provide customer service and support to you;
8. To understand, research and improve the Services we offer, including compiling aggregated non-personally identifiable information for research, marketing and analytics purposes;
9. To track your activity on the Site;
10. To evaluate and improve the Site’s performance and functionality;
11. To detect, prevent or mitigate security or technical issues relating to the Site and our Services;
12. To enforce our Terms of Use and other service agreements relating to our Services;
13. To protect you, our clients, our service providers and us against fraud;
14. To notify you in connection with changes to our Services or this Privacy Policy;
15. To respond to your requests to access and amend your personal information;
16. To cross reference with the personal information you previously provided to us to ensure its accuracy;
17. If you opted in to allow us to do so, to communicate with you about Reformulary Group, our services and products;
18. As permitted by, and to comply with, applicable laws and regulations; and
19. Other purposes permitted by law.

In the event we wish to use your personal information for any other purpose, other than as set out in this Privacy Policy, we will obtain your consent before using the information for such other purpose.
 
Reformulary Group currently stores and processes personal information provided to it or that it collects on servers located in Canada. We may, in the future, use service providers outside Canada to store and process your personal information on our behalf. These service providers are only permitted, and all other service providers are only and will only be permitted, to store and process your personal information, and are not otherwise authorized to collect, use or disclose your personal information, except in accordance with the purposes set out in this Privacy Policy or as required by applicable laws of those foreign jurisdictions. In such circumstances, there is a risk that your personal information may be accessible to law enforcement and national security authorities in jurisdictions outside Canada in which our service providers are located.
 
Reformulary Group does not sell, rent, lease or otherwise disclose to third parties any personal information it collects from you, except as provided for in this Privacy Policy or as identified to you prior to or at the time information is collected. We keep personal information that you provide to us private. Prior to us making your personal information available to any third party (other than as referred to in this Privacy Policy), we will obtain your consent and let you know the identity of such third party, the type of information that would be shared with them and why.

Reformulary Group may disclose or share personal information with its authorized employees, agents, affiliates, partners, contractors, service providers and legal representatives (collectively, “Authorized Parties”) for the purposes described in this Privacy Policy. For instance, your personal information may be transferred to Authorized Parties we engage to assist us in providing and developing our services and products, such as customer service and User support. Our Authorized Parties may be located outside Canada, including in the United States, and your personal information may be subject to the laws in jurisdictions outside Canada, for example lawful requirements to disclose personal information to government authorities in those jurisdictions.

We take reasonable precautions to keep your personal information secure and require our Authorized Parties that handle or process your personal information for us to do the same. Access to your personal information is restricted to prevent unauthorized access, modification or misuse and is only permitted among our Authorized Parties on a need-to-know basis.

If Reformulary Group is involved in the sale or transfer of some or all of its business, then Reformulary Group may disclose your personal information in connection with the sale or transfer but will require the acquiring organization to agree to protect the confidentiality of your personal information in a manner that is consistent with this Privacy Policy.

Reformulary Group may disclose your personal information to a government institution or agency that has asserted its lawful authority to obtain the information or where Reformulary Group has reasonable grounds to believe the information could be useful in the investigation of an unlawful activity, or to comply with a subpoena or warrant or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with court rules regarding the production of records and information, or to protect the Reformulary Group’s rights and property. Where it is justified or permitted to disclose your personal information to third parties, the use and disclosure of such information will be limited so that only that information which is required is used or disclosed.
 
We will keep and retain your personal information in compliance with our legal obligations, and only as long as necessary for the purposes for which it was collected. Personal information that is no longer required will be destroyed, erased or made anonymous according to our guidelines and procedures.

Where you have provided your consent to use your personal information to communicate with you about our services, products or other marketing communications, we will keep this information until you notify us or otherwise withdraw your consent.
 
We keep the personal information we collect about you confidential in accordance with this Privacy Policy. Access to your personal information is restricted to our Authorized Parties as described and for the purposes set out in this Privacy Policy.

We have adopted reasonable physical, technical and organizational procedures appropriate to the sensitivity of the data to protect the personal information you provide to us from loss, theft, unauthorized disclosure, copying, unauthorized use or modification, and while the personal information is handled by our Authorized Parties. This includes, among other things, limiting access of our employees to, and the use of, your personal information on a need-to-know basis through the use of passwords and graduated levels of clearance. We take physical precautions to ensure that the computer servers on which your personal information is stored and archived are secure and in a controlled environment with limited access. We also educate our employees with respect to their obligations to protect your personal information.

Notwithstanding these measures, no collection, storage or transmission of information over the Internet on websites or otherwise can be guaranteed to be 100% secure, and therefore we cannot ensure, warrant or guarantee that there will be no unauthorized access, hacking, data loss or breaches of our security safeguards. Accordingly, you should not transmit personal information to us over the Internet if you consider that information to be sensitive.

If you suspect that the personal information you provided to us has been improperly accessed or used, please contact our Privacy Officer by e-mail at PrivacyOfficer@reformulary.com.
 
The Site providing access to our Services, e-mails or other messages or information we may send or make available to you may contain hypertext links to the sites of third parties. We are not responsible for the privacy practices or the content of such third-party sites. Linked sites are maintained by third parties. Such links are provided for your convenience and reference only. Reformulary Group does not operate or control, in any respect, any information, software, products or services available on such third-party sites. The inclusion of a link to a third-party site does not imply any endorsement of the services or the site, its contents, or its sponsoring organization.

Please review the privacy policies and terms of use of any sites you access.
 
You may withdraw your consent to the collection, use, storage and disclosure of your personal information at any time, subject to legal and contractual restrictions and reasonable notice. To do this, please contact our Privacy Officer by e-mail at PrivacyOfficer@reformulary.com. Please note that withdrawal of your consent to the collection, use, storage and disclosure of personal information may result in you being unable to continue using our Services, access the Site or certain features of it.

You also have the option to withdraw your consent to be contacted about our services, products or marketing communications in messages that we send to you. Please follow the unsubscribe link available in every message we send to you to be removed from our contact list.
 
Subject to certain exceptions prescribed by law, you will be given reasonable access to your personal information held by us and you may request that your personal information be corrected or updated. Under certain circumstances, it is possible that we may not be able to provide you with all of the information you have requested. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. Fees may be applied to any copy of the requested personal information. We will provide the reasons for denying access upon request.

To access or amend your personal information, please e-mail or otherwise contact our Privacy Officer as set out below and we will assist you. You may be required to put your request in writing to confirm your request and identity. If you believe we have not dealt with your request to your satisfaction, you can submit a complaint to us to resolve your privacy-related issue.

We will make every reasonable effort to keep your personal information accurate and up-to-date. It is your responsibility to notify us of any changes to your personal information, including contact information, so we can contact you and inform you about updates to this Privacy Policy and any other relevant information with respect to your use of the Services.
 
We maintain procedures for addressing and responding to all inquiries or complaints from individuals about Reformulary Group’s handling of personal information or compliance with this Privacy Policy. You may submit a privacy-related inquiry or complaint by contacting our Privacy Officer. We will explain Reformulary Group’s complaint resolution procedure to you and investigate your complaint. If your complaint is justified, we will take all appropriate steps to resolve the issue, including changing our policies and practices if necessary. We will also let you know what other complaint procedures may be available to you.
 
From time to time, we may need to update this Privacy Policy or our privacy practices. We will let you know by posting changes on the Site that provides access to our Services. Changes will be effective at the time of posting. We may also notify you directly of any updates to this Privacy Policy or our privacy practices. If we make an important change to this Privacy Policy, we will make this known to you.

It is your responsibility to review to check this Privacy Policy periodically for any updates or changes. Your continued access to or use of the Services constitutes your consent to the contents of any updated policy.
 
If you would like more information about this Privacy Policy, the personal information collection, storage, use and disclosure policies and practices of Reformulary Group or Reformulary Group’s policies and practices with respect to service providers, please contact our Privacy Officer by e-mail or at the address set out below.

You may also mail or deliver to us any documentation containing your personal information at 55 York Street, Suite 1400, Toronto, ON M5J 1R7.

Please let us know your questions or concerns and we will do our best to help you.
 
You may contact our Privacy Officer by email at PrivacyOfficer@reformulary.com or by mail at 55 York Street, Suite 1400, Toronto, ON M5J 1R7.