top of page

Privacy Policy

Privacy Policy

The MySkinClinic.ca Privacy Policy was updated on November 3rd, 2023.

  1. Introduction and defined terms

This Privacy Policy (“Policy”) describes how MySkinClinic.ca doing business  (“MySkinClinic.ca”, “we”, “us”, “our”) collects, uses, discloses, retains, disposes of, destroys, and protects Personal Information as well as information that does not identify an individual in the course of providing our services.

There are a number of defined terms used in this Policy:

“Authorized Clinician” means a clinician who is registered to practice medicine in a Province or Territory of Canada, meets MySkinClinic.ca’s other criteria, and is permitted to provide Healthcare Services and/or Informational Services through the MySkinClinic.ca Platform.

“Health Care” means any observation, examination, assessment, care, service, or procedure that is provided by a clinician to an individual to diagnose, treat, or maintain the individual’s physical or mental condition, to prevent disease or injury to the individual, or to promote the individual’s health.

“Healthcare Services” means the provision of Health Care by an Authorized Clinician through the MySkinClinic.ca Platform.

“Informational Services” means the provision of general information about a disease or condition, rather than patient-specific medical information, for educational purposes only and for clarity, not including a diagnosis, treatment, or advice based on observation, examination, or assessment of a particular patient.

“MySkinClinic.ca Platform” means the hardware, software, applications, websites, content, products, and services owned and/or operated by us, which include the software that enables Authorized Clinicians to provide Healthcare Services and Informational Services to Authorized Users.

“Personal Information” means information that we can reasonably use to directly or indirectly identify you, such as your name, date of birth, country of origin, mailing address, e-mail address, telephone number, Internet protocol (IP) address used to connect your computer to the Internet, user name, or other similar identifier, and includes PHI (defined below).

“Personnel” in relation to MySkinClinic.ca, means its employees and agents including independent contractors and sub-contractors, for whom MySkinClinic.ca is responsible at law.

“PHI” means Personal Information about an individual’s physical or mental health, or about their diagnosis, treatment, and care.

“Subprocessors” means the third-party service providers engaged by MySkinClinic.ca listed in the table under the heading (V).

“User(s)” means an individual or group who has requested MySkinClinic.ca services and registered on the MySkinClinic.ca Platform in accordance with our Terms of Service and is eligible to receive Healthcare Services and/or Informational Services through the MySkinClinic.ca Platform.

“Website” means the MySkinClinic.ca Platform.

  1. Purpose of policy

MySkinClinic.ca uses a number of safeguards to protect the privacy of Users (“you”, “your(s)”) of the MySkinClinic.ca Platform and the confidentiality of their Personal Information, including PHI.

This Policy is designed to provide transparency regarding MySkinClinic.ca’s privacy policies with respect to your Personal Information we collect from you when you use the MySkinClinic.ca Platform, in accordance with the rules and protections governing such information under applicable law.

We are committed to complying with this Policy and with all applicable Provincial and Federal privacy legislation and health information privacy legislation.

When discussing Healthcare Services, Personal Information refers to PHI, and when discussing Informational Services, Personal Information typically refers to Personal Information that is not specifically about you or your health, such as Personal Information in questions you would be comfortable asking of an expert during the call-in portion of a radio broadcast on health-related matters. PHI is not required for Informational Services, and we advise you not to submit PHI in the course of accessing Informational Services.

(For an explanation of the services that MySkinClinic.ca provides to Authorized Clinicians and to Users respectively, please refer to the agreement between MySkinClinic.ca and clinicians providing services through the MySkinClinic.ca Platform and the Terms of Service for the MySkinClinic.ca Platform.)

This Policy does not apply to the collection, use, retention, disposal, destruction, and protection of Personal Information by Authorized Clinicians or any other third party. Authorized Clinicians are subject to privacy legislation and professional requirements that govern their management of Personal Information, including Personal Information they collect, use, and retain in the course of providing services through the MySkinClinic.ca Platform. Please feel free to ask any Authorized Clinician to whom you are referred if you have questions about how he or she will treat your Personal Information.

Please read this Policy carefully to understand our policies and practices for collecting, processing, and storing your Personal Information. If you do not agree with our policies and practices, your choice is not to use the MySkinClinic.ca Platform. By accessing or using the MySkinClinic.ca Platform, you indicate that you understand, accept, and consent to the practices described in this Policy. This Policy may change from time to time (see Changes to Our Privacy Policy).

Your continued use of the MySkinClinic.ca Platform after we make changes indicates that you accept and consent to those changes, so please check the Policy periodically for updates. We will notify you in advance of any material changes to this Policy and obtain your consent to any new ways that we collect, use, and disclose your Personal Information.

  1. What kinds of information do we collect?

We collect Personal Information, including:

PHI (defined above); Payment information, including credit card or other mode of payment data. Financial transactions relating to the Website, as and when they are offered, will be handled by our third-party payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments and related transactions. Technical information, including your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our Website, Website pages viewed, sections of the Website used or viewed, and usage details. Location data through the use of GPS technology and your IP address where applicable to services you have requested, e.g., ensuring you are connected to an Authorized Clinician or pharmacy that is licensed or authorized to provide such services in the jurisdiction where you are located. Information that you provide by filling in forms on our Website. This includes information provided at the time of subscribing to a newsletter, registering through authentication with the Website, posting material, and/or requesting further services. We may also ask you for information when you report a problem with our Website. Records and copies of your correspondence (including email addresses), if you contact us. Your responses to surveys that we might ask you to complete for research purposes. Your search queries on the Website. A copy of your government-issued photo identification, and the Personal Information about you on such identification, for the following purposes: To verify your identity: a copy is shared with our service provider, Vouched, who then extract the user’s name, date of birth, address, ID type, country, province, issue date and expiry date, as well as the last few numbers of the ID.

SubprocessorTypes of Personal Information processedProcessor ActivitiesLocation

Amazon Web ServicesAll listed above (except analytics, device type, and payment Personal Information)Cloud-hostingUSA & Canada

Authorized Clinicians (doctors and nurse practitioner we have contracts with)All patient demographic, medical history, prescription preferences, communications with usMedical counsellingCanada

Paubox Email, Encrypted email service

Jotforms forms for secure encrypted data collection. USA

Google Workspaces- domain name Email, HIPPA compliant

Google GSuiteAny email correspondence user has with us. Notifications of orders placed.EmailUSA

Google RecaptchaSite usage patterns. The Google Privacy Policy and Terms of Service apply.Site ProtectionUSA

Pharmacy of user choice Prescriptions issued for patient including patient demographics (date of birth, gender, address), basic medical history (allergies, medications patient is currently taking), and photo ID for identity verification purposes as required by pharmacy regulationsDispensing of prescriptionsCanada

SRFaxPrescriptions faxed to pharmacies (see above)Faxing of prescriptions to pharmaciesCanada

StripePayment Personal Information (credit card details). Address. IP Address. Products and services paid for and subscribed to. Date medical history was last updated (but no medical history).Payment processingUSA

For the purpose of engaging the Subprocessors to perform tasks on our behalf, we may need to share Personal Information with them to obtain certain services. Unless we tell you differently, such Subprocessors do not have any right to use the Personal Information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. The Subprocessors we currently engage include third party companies and individuals employed by us to facilitate our services, including the provision of database management, payment processing and customer relationship management tools.

Our business needs may change from time to time and MySkinClinic.ca will periodically update this page to provide notice of additions and removals to our list of sub-processors.

  1. Links to third party sites The MySkinClinic.ca Platform may contain links to other websites that we do not own or operate. These links are not intended as an endorsement of or referral to the linked websites. We strongly encourage you to review the privacy policies applicable to any site you visit. This Policy does not apply to such linked pages or other sites, and we are not responsible for the content or practices of any linked websites or their operators which are provided solely for your convenience.

  2. Your consent By your use of the MySkinClinic.ca Platform, you give your authorization to MySkinClinic.ca to collect, use and disclose the Personal Information as described in this Policy, and confirm that you have been made aware of the reasons why the Personal Information is needed and the risks and benefits to you of consenting or refusing to consent.

Without limiting the foregoing, you specifically consent to us sharing your Personal Information with the Subprocessors, including Vouched or other similar third party identity verification provider, with the pharmacists from whom we obtain remedies for our clients, and with any professional providers that may provide you telemedicine services.

You may revoke your consent at any time by following the procedure outlined below.

  1. How can you revoke your consent? Where you have provided your consent to the collection, use, and transfer of your Personal Information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at admin@myskinclinic.ca. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.

  2. Retention Unless we otherwise give you notice, we will retain your Personal Information on the MySkinClinic.ca Platform on your behalf until such times as you or we terminate your User Account (unless a longer period is required by applicable laws or regulations). On termination, you will have an opportunity to print or make copies of your Personal Information subject to the following. To ensure that Authorized Clinicians may exercise any authority they have to withhold Personal Information they compile in connection with Healthcare Services from patients under the law, you will be required to request any access from Authorized Clinician about your consultation from the Authorized Clinician.

As mentioned above, MySkinClinic.ca is not the custodian of Personal Information held on the MySkinClinic.ca Platform; rather it holds Personal Information on behalf of Users or Authorized Clinicians. Within a reasonable time period following termination of your User Account, once you have been given the opportunity to print or make copies of your Personal Information, we will delete the Personal Information associated with your User Account, except Personal Information that an Authorized Clinician advises us he or she requires in connection with a consultation or Informational Services the Authorized Clinician provided. In such circumstances, MySkinClinic.ca will destroy the Personal Information when the Authorized Clinician has obtained a copy or terminates his/her account with MySkinClinic.ca.

  1. Security measures MySkinClinic.ca takes the security of your Personal Information seriously. We store your Personal Information in electronic format using computer systems with restricted access and housed in facilities using physical security measures. More generally, we have in place appropriate physical, technological, and organizational safeguards to protect Personal Information against loss, theft, and unauthorized access, use, and disclosure. As mentioned, MySkinClinic.ca Personnel are obligated to protect Personal Information by adhering to our policies, practices, and applicable laws.

We only permit our Personnel to access Personal Information to the extent necessary to perform their designated functions. We require them to protect the Personal Information and maintain its confidentiality by complying with our policies, procedures, and applicable law.

MySkinClinic.ca processes and stores its data, including Personal Information, on servers located in Canada and the United States. MySkinClinic.ca also transfers data to third-party service providers described on our Sub-Processors webpage. Your skin photographs may be analyzed by artificial intelligence to help identify best treatment options. By submitting Personal Information or otherwise using the services, you agree to this transfer, storing, or processing of your Personal Information in Canada and the United States. You acknowledge and agree that your Personal Information may be accessible to law enforcement and governmental agencies in Canada and the United States under lawful access regimes or court order. We are required to communicate with pharmacies and send communication by either encrypted electronic message or fax. We can only send prescriptions to pharmacies located in Canada. Pharmacies may store your data either within or out of Canada.  

We use encryption and other security measures to protect the confidentiality of all our email communications. However, notwithstanding our best efforts, as with any Internet transmission of data, emails can still be subject to hacking or unauthorized access by external actors. Accordingly, we ask Users to exercise caution in how much Personal Information and especially PHI they share with us by email.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards, which any Website visitor can view.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Further, should you choose to print out or otherwise replicate Personal Information you have submitted to the Website, we will not be responsible for any consequent dissemination or loss of such replicated Personal Information. Our data security measures cannot be extended to physical copies or other representations or replicas of Personal Information created or derived by you from the Website.

  1. Access and correction You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that Personal Information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances, and as permitted under law, we may not be able to make all relevant Personal Information available to you, such as where that Personal Information also pertains to another user. In such circumstances, we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up to date, and we will provide you with mechanisms to update, correct, delete, or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your Personal Information. Having accurate Personal Information about you enables us to give you the best possible service.

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes. By law, you have the right to request access to and to correct the Personal Information that we hold about you.

If you want to review, verify, correct, or withdraw consent to the use of your Personal Information, you may also send us an email at admin@myskinclinic.ca to request access to, correct, or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Information that we hold about you or make your requested changes. Applicable Law may allow or require us to refuse to provide you with access to some or all of the Personal Information that we hold about you, or we may have destroyed, erased, or made your Personal Information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

We will provide access to your Personal Information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:

  • Information protected by solicitor-client privilege.

  • Information that is part of a formal dispute resolution process.

  • Information that is about another individual that would reveal their Personal Information or confidential commercial information.

  • Information that is prohibitively expensive to provide.

If you are concerned about our response or would like to correct the information provided, you may contact us at admin@myskinclinic.ca

13. Contact us

If you have any questions, concerns or suggestions about our privacy practices, please contact our Chief Compliance Officer. Please include your name and contact Personal Information if you’d like us to respond to you.

MySkinClinic.ca c/o Kingsway Medical Centre

ATTN: Chief Compliance Officer

Unit C

4242 Dundas St W

Etobicoke, On

admin@myskinclinic.ca

We have procedures in place to receive and respond to complaints or inquiries about our handling of Personal Information, our compliance with this Privacy Policy, and with applicable privacy laws. To discuss our compliance with this Privacy Policy please contact us using the contact information listed above.

14. Changes to this policy

We publish the current version of our Policy on this site. We reserve the right to amend our Policy at any time. Check back often to ensure you are aware of our current practices for collecting, using, disclosing, retaining, destroying and protecting Personal Information

We include the date the Policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes.

Terms and Conditions

myskinclinic.ca

email: admin@myskinclinic.ca

** Do not send confidential or medical information to this email. For medical review, please go the medical review section on this site by logging onto your patient portal.

Privacy Policy

bottom of page