Privacy Policy

Effective December 1, 2021


Introduction

Innomar Strategies Inc. (“Innomar”, “we”, “our”, “us”) is a leading supplier of premier health service delivery in Canada. Our core services include:
 
  • specialty patient support programs
  • pharmaceutical distribution and wholesale 
  • business services focused on various pharmaceutical and pharmacy supply specialties such as clinic & nursing services, specialty pharmacy, specialty distribution & 3PL, strategic consulting, market access and reimbursement.
To ensure that Innomar manages the personal information it collects respectfully and in compliance with applicable federal and provincial privacy laws, we have implemented procedures and policies, including this Privacy Policy (“Policy”). This Policy applies to Innomar and its Canadian affiliates and subsidiaries, including HealthForward Inc. and Cameron Stewart LifeScience (Canada) Inc. 

 

Purpose & Scope

Innomar, both for our own business purposes and the services we provide, collects, uses, discloses, and maintains personal information about individuals, which may include patients and members of the public, physicians, and staff of suppliers and service providers (hereinafter collectively referred to as “you”).

Part A
of this Policy applies to personal information that Innomar collects, uses, discloses and maintains for its own business purposes and in the course of providing services, with the exception of:
  • the information and information handling specified in Part B and C; and
  • personal information related to human resources.

Part B of this Policy applies to personal information that Innomar is required to collect, use and disclose for the purpose of services it is providing to a Client (as defined below).

Part C of this Policy applies to all personal health information collected, used, and disclosed by Innomar Healthcare Providers (as defined below) when providing healthcare services and business operations independent of the services Innomar provides to a Client.

In this Policy,
Client Personal Information” means information in any format about an identifiable individual that Innomar collects, uses and/or discloses as required for, or as part of, providing its services to a Client.
 
Client” means an organisation that has retained Innomar to provide services that require the collection, use and/or disclosure of information in any format about an identifiable individual.
 
Healthcare Provider” means pharmacists, nurses, nurse practitioners and other healthcare providers.
 
Personal Health Information” means information about an individual that is gathered through the use of any of the healthcare services provided by healthcare providers and includes any information that identifies or can identify an individual and relates to the state of the individual’s health or the treatment they are receiving. More specifically, personal health information means both diagnostic, treatment and care information, and/or registration information. 
 
Personal Information” means information in any format about an identifiable individual that Innomar collects for its own business purposes.
Personal Information and Client Personal Information may include Personal Health Information. Business contact information is not Personal Information or Client Personal Information. Business contact information includes any information that individuals make available for the purpose of communicating with them in relation to their employment, business or profession, such as the individual’s name, title or office, work address, work telephone number, work fax number or work email address.
 
Amendments
 
This Policy may be amended and/or supplemented from time to time by notices, other policies, guidelines and rules in response to changes in Innomar’s operations, the law, and/or decisions of governmental agencies and regulators. The date that this Policy was last amended will appear in the top right-hand corner of the website’s Privacy Policy Section. If you provide Innomar with your personal information, or the personal information of others (as permitted by law), you will be understood to agree to Innomar’s collection, use, disclosure and/or maintenance of the information in accordance with this Policy as amended from time to time. Questions about the meaning or implications of any of the provisions of this Policy may be directed to Innomar’s Privacy Officer, as indicated in Part A.9 below.

 

Part A: General


1. Purposes for Collection, Use and Disclosure

Innomar may collect, use, and disclose Personal Information in the course of engaging with contractors, receiving and responding to inquiries and requests, doing business with its suppliers and service providers, making insurance claims, conducting credit checks and during other types of business transactions, including for example, acquisitions and mergers, and complying with its legal obligations.

Where we do not collect Personal Information directly from you, we will keep a note of the source of the information. We process and store our records of personal information in Canada by one of Innomar’s affiliates or service providers. Upon request in writing to our Privacy Officer, you may request up to date information regarding the location where we are storing your Personal Information. Instructions on how to request access to, or correct, your Personal Information are provided in Part A.9 below.

Innomar is accountable for the information it collects, uses and discloses for its own business purposes. Innomar retains your Personal Information only for as long as is necessary for the purpose for which it was collected. When your Personal Information is no longer required, it will be destroyed or de-identified.


2. Service Providers
Innomar may use external service providers (“Service Providers”) for services that require the use of your Personal Information and/or Client Personal Information. We use Service Providers to support our business (e.g., internet service providers, hosting companies, data processing and storage, fulfillment services, technical support, delivery services, and financial institutions).

Innomar imposes privacy requirements on its Service Providers through agreements. The requirements limit the Service Provider’s access, use and disclosure of your Personal Information and/or Client Personal Information to that required for the provision of its services. Innomar requires the Service Provider to protect the information to the same degree that Innomar would were it providing the services directly.
 

3. De-Identification

Innomar may de-identify and aggregate your Personal Information and/or Client Personal Information so that the information no longer is identifiable as information relating to you.
 

4. Cookies

When you visit our website, we assign you a unique number, which is stored in one or more cookies on your computer or mobile device’s hard drive. When you visit our website we may collect, using electronic means, technical information. This information may include the IP address of your computer and mobile device, which browser you used to access the website, your operating system, resolution of screen, location, language settings in browsers, the website you came from, and searched for keywords (if arriving from a search engine).

This technical data is aggregated and used to measure and improve the effectiveness of our website and our services. We may share this non-identifying information in aggregate. We do not attempt to combine technical information with Personal Information we collect. You can block the use of cookies by activating the settings in your browser but if you choose to withhold consent, or subsequently block cookies, you may not be able to access all or part of the content of our website.
 

5. Notice and Consent

Innomar gives notice and obtains consent, where it is required by law, in several forms depending on whose Personal Information it is collecting. If consent is required, you may vary or withdraw your consent to the use and disclosure of your Personal Information by contacting the Privacy Officer, subject to legal or contractual restrictions and reasonable notice. Doing so may prohibit certain communications or transactions with Innomar.

Innomar will not use or disclose your Personal Information for purposes other than those for which it was collected, except with your consent or as required or permitted by law.


6. Safeguarding Information
Security

Innomar uses commercially reasonable physical, technological and administrative safeguards to protect your Personal Information and Client Personal Information against theft, loss and unauthorized access, use (including copying and modification), disclosure and disposal while at rest and in transit.

The nature of the safeguards we use varies depending on the sensitivity, format, and the scope of the required distribution of the information, however they include:

a) by way of physical measures, safe storage of records, locked filing cabinets, and restricted access to offices;
b) by way of administrative/organizational measures, limiting access of Personnel; and
c) by way of technological measures, the use of passwords for access to our network systems, encryption and audits.

Personnel
Innomar will be responsible for the acts and omissions of its employees and contractors in connection with your Personal Information and Client Personal Information.

Innomar will only assign access to your Personal Information and/or Client Personal Information to Personnel who have received training in the permitted collection, use and disclosure of Personal Information and Client Personal Information, as applicable, and have agreed to manage the information in a manner consistent with Innomar’s privacy obligations and to those of its Clients.

Innomar will take reasonable steps to ensure compliance of Personnel with applicable privacy requirements, including through the use of written agreements, investigation of reports of suspected or actual non-compliance, suspension or termination, and reports to the applicable health regulatory body where appropriate. Innomar will take reasonable steps to terminate Personnel access to Personal Information as required, where access is no longer needed for business purposes, or on termination of Personnel’s employment or affiliation with Innomar.

Access to an Innomar electronic information system will be by way of a unique set of credentials to facilitate audit of access by Personnel.

Individuals and Clients may report any concerns regarding Personnel in connection with Personal Information and/or Client Personal Information to our Privacy Officer.

7. Notice of Unauthorized Collection, Use, and Disclosure

In the event that your Personal Information is stolen, lost, or accessed by unauthorized persons, Innomar will notify you as required by law and, even where not legally compelled to give notice, where we have reasonable grounds to believe that there exists a real risk of significant harm to you and there are steps that can be taken by you to mitigate that harm.

8. Access, Inquiries, and Correction

Except in the limited circumstances established by law, you may obtain access to your Personal Information.  You may also request that we correct your Personal Information where you believe it to be out of date or otherwise inaccurate.  Requests for access or correction must be made in writing and should be addressed to our Privacy Officer. 

We will assist you if you inform us that you need assistance in preparing a request concerning your Personal Information. Administrative charges may apply.

You may obtain more information about how we manage your Personal Information by contacting our Privacy Officer.

9. Contact Information for Privacy Officer

The Privacy Officer, who is the Chief Canadian Counsel, may be contacted at:

3470 Superior Court, Oakville, Ontario, Canada  L6L 0C4
Tel: 905-847-4364
Toll free: 1-888-420-5457
Email: privacy.officer@innomar-strategies.com


Part B: Client Personal Information

1. Ownership of Client Personal Information

As between Innomar and the Client, the Client owns and retains custody and control of Client Personal Information. Where Innomar is retained to provide services that require the collection, use and/or disclosure of Client Personal Information, Innomar acquires no rights in or to, custody or control over the Client Personal Information, except the right to collect, use and disclose the information to the extent required to provide the services or as otherwise permitted by the Client under its agreement with Innomar.
 

2. Purposes for Collection, Use and Disclosure

The purposes for which Innomar collects, uses and discloses Client Personal Information are a function of the nature of the services and Innomar’s agreement with the Client.
 
Innomar will only collect, use, and disclose Client Personal Information to the extent required for its services or as otherwise permitted by the Client.
 

3. Innomar Personnel

Innomar will assign Personnel to Client services involving access to Client Personal Information (“Personnel”) who have received training in the permitted collection, use and disclosure of Client Personal Information and have agreed to manage the information in a manner consistent with Innomar’s privacy obligations to its Clients.
 
Innomar will take reasonable steps to terminate Personnel access to Client Personal Information at the conclusion of the services, termination of Personnel’s employment or affiliation with Innomar.
 
Clients may report any concerns regarding Personnel in connection with Client Personal Information to our Privacy Officer.
 

4. Segregation, Return and Destruction of Client Personal Information

Innomar will maintain Client Personal Information in such manner that it can be identified as the information of a particular Client and returned to the Client or destroyed at the Client’s direction.
 
At a client’s direction, Innomar will return or destroy the client’s Client Personal Information, except as otherwise agreed to with the client or as required by law.
 

5. Reporting and Assistance

Innomar will report any unauthorized collection, use and/or disclosure of Client Personal Information to the client at the first reasonable opportunity.
 
Innomar will provide reasonable assistance to a client in relation to any investigation, inquiry, or complaint initiated or responded to by the client in connection with Innomar’s management of Client Personal Information.
 

Part C: Innomar Health Services


1. General Information

Part C of this Policy applies to all Personal Health Information collected, used, and disclosed by Innomar Healthcare Providers when you receive health care services (e.g. at an Innomar Pharmacy) for purposes of conducting Innomar business operations independent of services Innomar is providing to a Client.


2. Custody of Personal Health Information
As between you and Innomar depending on the healthcare service provided, Innomar maintains custody and control of your Personal Health Information collected directly from you, your authorized representative, or your physician. Further, this includes your Personal Health Information that is collected independent of Innomar’s relationship with a Client, through the use of any of the Innomar health services provided by Healthcare Providers and includes any information that identifies or can identify you and relates to the state of your health or the treatment that you are receiving.

3. Consent

By providing your Personal Health Information to us independent of our relationship with a Client, you are providing your consent to the collection, use and disclosure of your Personal Information as set out in accordance with Part C and applicable sections of Part A of this Policy. In some cases, consent may be “implied” (i.e., your permission is assumed based on your action or inaction at the point of collection, use or sharing of your Personal Information). We will obtain consent when we want to use your Personal Health Information for a new purpose or for a purpose other than those stated at the time of collection in this Policy. 

If you choose not to provide a Healthcare Provider with certain personal health information, or if you withdraw consent, you may not be able to receive certain healthcare services. You should withdraw consent directly with your Healthcare Provider.
 

4. Purposes for Collection, Use and Disclosure

The Personal Health Information that your Healthcare Providers collect is information that they need in order to provide healthcare services to you. 

Depending on the healthcare service provided, your Personal Health Information collected may include your name, date of birth, home address, phone number, height, weight, health conditions, prescription and medical history, the type of healthcare service received, name and contact information of prescribing or referring physician and name and contact information of any authorized agent acting on your behalf.

Your Personal Health Information collected is used in connection with providing healthcare services to you, which may include: 

a) Dispensing your medications either in the pharmacy and providing initial and, where appropriate, on-going counseling with respect to your drug(s); 
b) Delivering pharmacy professional services and, where appropriate, providing knowledge, information and counseling in connection with such services, such as immunization information, adaptation of prescriptions, initiation of prescriptions, medication reviews, etc.; 
c) Communicating with you to advise you of prescription refills and other health-related information and services that may be of assistance or interest to you; 
d) Delivering other professional services and treatments, including medication administration; 
e) Consulting physicians and other healthcare professionals as needed; 
f) Responding to requests made by, or on behalf of, your insurance provider to review your insurance claim(s); 
g) Recommending programs, products, services or events to manage healthcare needs; 
h) Managing your patient record, including medications dispensed and services or treatments provided; 
i) Obtaining and processing payments for prescriptions and healthcare services; 
j) Monitoring and investigating incidents and managing claims; 
k) Performing our obligations in accordance with, or complying with, applicable healthcare-related professional, legal or regulatory requirements. 

When you are provided with healthcare services, your Personal Health Information may be shared with your physicians and authorized representative(s). Your Personal Health Information may also be shared with others but only with your consent or as detailed in the Part A of this Policy.

Canadian law permits or requires the use or sharing of Personal Health Information without consent in specific circumstances, including situations when necessary to protect healthcare providers, employees, customers, or others.