The Personal Information Protection Act (“the Act”) regulates the way private sector organizations within Alberta collect, use and disclose personal information. “Personal Information” means information about an identifiable individual. Art Of Skin (“us,” “we,” or “Company”) is committed to safeguarding the personal information entrusted to us by our patients, customers, visitors and users of the Company’s website www.artofskin.ca/contact-us (the “Site”), including its online store (the “Store”).
2. INFORMATION COLLECTION PRACTICES
2.1. TYPES OF INFORMATION COLLECTED
(a) TRAFFIC DATA COLLECTED.
We automatically track and collect the following categories of information when you visit our Site:
• IP addresses;
• Domain servers;
• Types of computers accessing the Site; and,
• Types of web browsers used to access the Site (collectively “Traffic Data”).
Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the Site. We also use “cookies” to customize content specific to your interests, to ensure that you do not see the same advertisement repeatedly, and to store your password so you do not have to re-enter it each time you visit the Site.
(b) PERSONAL INFORMATION COLLECTED.
We collect the personal information necessary for the purpose of providing such services and products; this information may personally identify you (“Personal Information”).
Personal Information includes the following categories of information:
1. “Contact Data” (such as your name, mailing address, telephone number and personal e-mail address);
2. “Financial Data” (such as your account or credit card number, billing and account information); and;
3. “Demographic Data” (such as your zip code, age, and income).
We normally collect client personal information directly from our clients. We may collect your information from other persons with your consent or as authorized by law.
We inform our clients, before or at the time of collecting personal information, of the purposes for which we are collecting the information. However, we do not provide this notification when a client volunteers information for an obvious purpose (for example, producing a credit card for an in-store or online purchase when the information will be used only to process the payment).
If you communicate with us by e-mail, post messages to any of our chat groups, bulletin boards, or forums, or otherwise complete online forms, surveys, or contest entries, any information provided in such communication may be collected as Personal Information.
We ask for consent to collect, use or disclose client personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law (for example, pursuant to the provisions of the Act).
We may assume your consent in cases where you volunteer information for an obvious purpose. In cases where we collected personal information before January 1, 2004, we assume your consent to our use and, where applicable, disclosure for the purpose for which the information was collected.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent orally (in person, by telephone), in writing (by signing a consent form, by checking a box on a form, or electronically (by clicking a button). In cases that do not involve sensitive personal information, we may rely on “opt-out” consent. For example, we may disclose your contact information to other organizations that we believe may be of interest to you, unless you request that we do not disclose your information. You can do this by checking the appropriate box on our application form or by telephoning our local number/toll-free number. Subject to legal and contractual requirements, you may refuse or withdraw your consent at any time by contacting us and providing reasonable notice.
We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information. We may collect, use or disclose client personal information without consent only as authorized by law. For example, we may not request consent when the collection, use or disclosure is reasonable for an investigation or legal proceeding, to collect a debt owed to our organization, in an emergency that threatens life, health or safety, or when the personal information is from a public telephone directory.
2.2. USES OF INFORMATION COLLECTED
(a) COMPANY USE OF INFORMATION.
We use Contact Data to send you information about our company or our products or services, or promotional material from some of our partners, or to contact you when necessary. We use your Financial Data to verify your qualifications for certain products or services and to bill you for products and services. We use your Demographic Data to customize and tailor your experience on the Site, displaying content that we think you might be interested in and according to your preferences.
(b) SHARING OF PERSONAL INFORMATION.
(c) USER CHOICE REGARDING COLLECTION, USE, AND DISTRIBUTION OF PERSONAL INFORMATION.
You may choose not to provide us with any Personal Information. In such an event, you can still access and use much of the Site; however you will not be able to access and use those portions of the Site that require your Personal Information. If you do not wish to receive information and promotional material from us or from some of our partners, you may select the appropriate “opt-out” option each time we ask you for Personal Information.
3. CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION.
3.1. USER ABILITY TO ACCESS, UPDATE, AND CORRECT PERSONAL INFORMATION.
We maintain a procedure in order to help you confirm that your Personal Information remains correct and up-to-date. At any time, you may contact us at www.artofskin.ca/contact-us to access your personal profile. Through your personal profile you may: (a) review and update your Personal Information that we have already collected; (b) choose whether or not you wish us to send you information about our company, or promotional material from some of our partners; and/or (c) choose whether or not you wish for us to share your Personal Information with third parties.
3.2. LOST OR STOLEN INFORMATION.
You must promptly notify us if your credit card, user name, or password is lost, stolen, or used without permission. In You must promptly notify us if your credit card, user name, or password is lost, stolen, or used without permission. In such an event, we will remove that credit card number, user name, or password from your account and update our records accordingly.
3.3. PUBLIC INFORMATION.
The Site contains links to other websites. We are not responsible for the privacy practices or the content of such websites. We also make chat rooms, forums, message boards, and news groups available to you. Please understand that any information that is disclosed in these areas becomes public information. We have no control over its use and you should exercise caution when deciding to disclose your Personal Information.
5. PRIVACY NOTICE
This privacy notice discloses the privacy practices for www.artofskin.ca This privacy notice applies solely to information collected by this web site. It will notify you of the following:
• What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
• What choices are available to you regarding the use of your data.
• The security procedures in place to protect the misuse of your information.
• How you can correct any inaccuracies in the information.
6. INFORMATION COLLECTION, USE, AND SHARING
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.
7. YOUR ACCESS TO AND CONTROL OVER INFORMATION
Our clients have a right of access to their own personal information in a record that is in our custody or under our control, subject to some exceptions. For example, organizations are required under the Act to refuse to provide access to information:
• where required or authorized by applicable laws, regulations and rules of professional conduct;
• where the requested information relates to existing or anticipated legal proceedings against and individual;
• when granting the request would unreasonably impact another person’s privacy; or,
• to protect the confidential business rights or property of Art of Skin Dermatology.
If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record. You may make a request for access to your personal information by writing to Clinic Manger at AOS designated to ensure compliance with PIPA. You must provide sufficient information in your request to allow us to identify the information you are seeking. You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization. For personal information collected before January 2004, if we do not have a record of disclosures, we will provide information about any disclosure of your information that is likely to have occurred. You may also request a correction of an error or omission in your personal information. We will respond to your request within 45 calendar days, unless an extension is granted. We may charge a reasonable fee to provide information, but not to make a correction. We will advise you of any fees that may apply before beginning to process your request.
You may opt out of any future contacts from us at any time. You can also do the following at any time by contacting Clinic Manager at AOS via the email address or phone number given on our website:
• See what data we have about you, if any;
• Change/correct any data we have about you;
• Have us delete any data we have about you;
• Express any concern you have about our use of your data.
8. SAFEGUARDING YOUR PERSONAL INFORMATION
We make every reasonable effort to ensure that client information is accurate and complete. We rely on our clients to notify us if there is a change to their personal information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible. In some cases, we may ask for a written request for correction.
We protect client personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorized access to personal information For example, when you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
We will notify the Office of the Information and Privacy Commissioner of Alberta, without delay, of a security breach affecting personal information if it creates a real risk of significant harm to individuals. We retain client personal information only as long as is reasonable to fulfil the purposes for which the information was collected or for legal or business purposes. We render client personal information non-identifying, or destroy records containing personal information once the information is no longer needed. We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.
If you are not satisfied with the response you receive, you should contact the Information and Privacy Commissioner of Alberta:
Office of the Information and Privacy Commissioner of Alberta
Suite 2460, 801 – 6 Avenue, SW Calgary, Alberta T2P 3W2
Toll Free: 1-888-878-4044
Effective Date: September 1, 2021