How We Use Information
Data privacy laws set out different reasons for which a company may collect and use your Personal Information. Such laws include Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and free movement of such data, known as the General Data Protection Regulation (“GDPR”). Consistent with applicable data privacy laws, we use your Personal Information for the following reasons:
For legitimate business purposes: We use your Personal Information to: (i) deliver services or carrying out transactions that you have requested; (ii) provide information about our products, services, transactions, and advertisements that may be of interest to you; and (iii) make our communications with you more relevant and personalized to you.
To comply with our legal obligations: We may be required to: (i) comply with laws, regulations, court orders, or other legal process; (ii) establish, exercise or defend legal claims; and (iii) detect, prevent and respond to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law, or misuse of our Site, products or services; complying with our obligations to retain certain business records for minimum retention periods.
To process a contract to which you are a party: We may need to process your Personal Information for the purpose of fulfilling a contract or to provide a product or service you requested.
Because you have given your consent: There are times when we may need to obtain your consent to allow us to use your Personal Information for one or more purposes set out above. When we process your Personal Information in such circumstances, it will be consistent with the scope of the consent you provide us.
What Information Do We Collect and How Do We Collect It?
The Personal Information we collect directly from you includes identifiers, financial account information, commercial information, and internet activity information. We collect such information in the following situations:
If you express an interest in obtaining additional information about our services; use our “Contact Us” or similar features; or register to use our website, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
If you make purchases via our website, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information;
If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses, location data or other identifiers, which may qualify as Personal Data using cookies or similar technologies;
If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data;
Cookies and Similar Technologies
What Do We Do With the Personal Information We Collect?
We use the Personal Information you voluntarily provide us to provide you with goods or services you request, process your transactions, to provide you information you request, or to market goods or services. You may opt-out at any time from receiving communications from us by contacting us at firstname.lastname@example.org.
Financial information (credit card numbers, credit card expiration dates, billing address, and so forth) is used solely to bill you for products and services and we make every effort to keep your information secure from theft or fraud.
We also use the information that we automatically collect to analyze and improve the Online Resources, to measure the number of visitors to our site and numbers of visitors to various sections of our site for the purpose of determining trends and visitor needs.
When Do We Provide Information to Third Parties?
Service Providers. We may use third party service providers to perform certain services on our behalf on the Online Resources, such as hosting the Online Resources, measuring activities on the Online Resources and analytics, and performing other administrative services. We may provide these service providers access to information to carry out the services they are providing.
Analytics. We use Google Analytics to help us understand how visitors use our Online Resources, so that we may improve our services. Information about how Google Analytics uses data, and how you may control what information is shared with Google, can be found here.
Affiliates. We may also share your information with TMI MD affiliates, namely an entity that directly or indirectly controls, is controlled by, or is under common control with TMI MD. Such affiliates shall process your Personal Information where we believe it is consistent with the context in which the information was collected or with your consent.
We also may access, use, preserve, transfer and disclose your information to third parties: (i) to satisfy any applicable law, regulation, subpoenas, governmental requests or legal process if in our good faith opinion such is required or permitted by law; (ii) to protect and/or defend the policies applicable to the Online Resources, including investigation of potential violations thereof; (iii) to protect the safety, rights, property or security of the Online Resources or any third party; and/or (iv) to detect, prevent or otherwise address fraud, security or technical issues.
We reserve the right to disclose and transfer all information: (a) to a subsequent owner, co-owner or operator of the Online Resources or applicable assets; or (b) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including, during the course of any due diligence process.
Will My Information Be Secure?
Keeping your Personal Information confidential and secure is important to us. We use industry-standard technical, organizational, and administrative practices to keep your information secure. However, while we use every reasonable means to keep your information secure, no level of security can offer a perfect guarantee, and you remain responsible for the security of your devices and passwords.
Do You Retain and Delete My Personal Information?
We will retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
How Do I Change My Information and Communications Preferences?
You are responsible for maintaining the accuracy of the information you submit to us. You may provide updates and changes by contacting us at the address below. If so, we will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable.
Privacy of Minors
We do not knowingly collect information from individuals under the age of eighteen (18). To access or use the Site, you must be at least eighteen (18) years of age otherwise you may not use the Site. If you have reason to believe that a child under the age of eighteen (18) has provided us with Personal Information without parental consent, please contact us. If we become aware that a child has provided us with Personal Information without parental consent, we will remove such information.
Some of the services we provide are hosted and provided outside of the European Economic Area (EEA), including Canada and the United States, for the purposes described in this Policy. The privacy protections and the rights of authorities to access your information in these countries may not be the same as in your home country. If you are an EEA resident and we transfer your Personal Information outside of the EEA, we will only do so for the purposes described in this Policy.
In accordance with applicable data protection and privacy laws, we take additional measures to help protect your Personal Information when it is transferred from the EEA. This includes having standard clauses approved by the European Commission in our contracts with parties that receive information outside the EEA. Information about data transfer agrees can be found here.
Your Rights Regarding your Personal Information
Right to Be Informed: You have the right to ask us whether we process your Personal Information and if we do, you have the right to request access to your Personal Information that we process, together with the following information: (i) the purposes of the processing; (ii) the categories of Personal Information we process; (iii) the recipients of your Personal Information; (iv) the anticipated retention period of your data where possible, or the criteria used to determine the retention period; (v) your right to request rectification or erasure of your Personal Information, or restriction of the processing of such data; (vi) your right to file a complaint with a supervisory authority; and (vii) whether we use your Personal Information to make automated decisions that have legal or other similar effects on you.
Right to Rectification: You have the right to request correction of your Personal Information if such information is inaccurate. If wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by contacting us using the contact details provided under the “How to Contact Us” section.
Right to Erasure: You have the right to request deletion of your Personal Information if (i) the Personal Information is no longer necessary for the purpose of which it was originally collected or processed; (ii) if we process your information on the basis of consent, and you withdraw your consent; (iii) if we process your Personal Information for our legitimate business interest, you object to the processing of your Personal Information, and there is no overriding legitimate interest to continue this processing; (iv) if we have processed your Personal Information unlawfully; (v) the Personal Information must be erased to comply with a legal obligation.
We are not required to erase your personal data to the extent that we need to process it: (i) to exercise the right of freedom of expression and information; (ii) to comply with a legal obligation; (iii) for the performance of a task carried out in the public interest or in the exercise of official authority; or (iv) for the establishment, exercise of defense of legal claims.
Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Information in the following circumstances: (i) when you contest the accuracy of your Personal Information, for the period of time we need to verify the accuracy of your Personal Information; (ii) when the Personal Information has been unlawfully processed and you oppose the erasure of it, but instead request that we restrict the use of the Personal Information; (iii) when we no longer need the Personal Information, but you need us to keep it in order to establish, exercise or defend a legal claim; or (iv) if you object to the processing of your Personal Information for our legitimate business interests, for the period of time we need to verify whether our legitimate grounds override yours interests.
Right to Data Portability: You have the right to receive Personal Information you provided to us when: (i) the processing of the Personal Information is based on your consent or is necessary for the performance of a contract between you and us; and (ii) the processing of your Personal Information is carried out by automated means.
Right to Object: You have the right to object to the processing of your Personal Information if it is for direct marketing purposes or to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing materials (such as postal marketing or telemarketing), you may by contacting us using the details provided under the “How to Contact Us” section.
Right to File Complaint with Local Data Protection Authority: We will use our best efforts to address and settle any requests or complaints brought to our attention. In addition, you have the right to complain to your local data protection authority if your privacy rights are violated.
If you would like to exercise your rights regarding your Personal Information, you can exercise these rights by contacting us using the details provided under the “How to Contact Us” section.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We will respond to all requests within thirty (30) days. Notwithstanding the foregoing, we reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolution of disputes and enforce our agreements.
“Do not Track” and Third Party Use
We do authorize the collection of Personally Identifiable Information from our users for third party use through advertising technologies.
Will This Policy Change?
How to Contact Us
TMI Medical Distribution Inc.
725 Baransway Drive
London, Ontario, Canada