Sobeys Privacy Commitment
Sobeys Incorporated and its direct and indirect subsidiaries, parents and affiliates (collectively, “Sobeys”) respect the privacy of each customer and prospective customer (“Customer”). The term “Customer” also includes persons who have enrolled, or are applying for enrolment, in any rewards or similar program of which Sobeys is a sponsor or participant, including without limitation Club Sobeys and the AIR MILES® Reward Program (each of which is referred to as a “Program”). Sobeys is committed to protecting all personal information collected from Customers.
This Sobeys Privacy Commitment (the “Privacy Commitment”) complies with all applicable federal and provincial privacy legislation, including the Personal Information Protection and Electronic Documents Act (Canada).
This Privacy Commitment is intended to assist Customers in understanding the purpose for collection by Sobeys of personal information and how personal information is used, protected, stored and disclosed by Sobeys and its employees, agents, partners participating in Program(s) from time to time (“Partners”), and any other authorized third party who may receive Customers’ personal information.
Sobeys is responsible for all personal information in its custody or under its control. Personal information is any information about an identifiable individual, including but not limited to a Customer’s name, home address, email address, telephone number, date of birth and purchasing information (in this Privacy Commitment referred to as “Personal Information”).
Sobeys is accountable to Customers for the Personal Information it entrusts to its consultants, employees, agents, Partners, and authorized third parties, including but not limited to advertising agencies, marketing agents, data processing and storage companies or organizations which provide administrative and support services to Sobeys. Such persons to whom Personal Information is entrusted by Sobeys are sometimes referred to in this Privacy Commitment as “Authorized Disclosees”.
Sobeys has established policies and procedures to ensure that the obligations set out in this Privacy Commitment are complied with by Authorized Disclosees.
Sobeys has established appropriate technological, physical and contractual security measures to help protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information.
A Privacy Officer has been appointed by Sobeys to receive, investigate and respond to complaints, and to facilitate the implementation of this Privacy Commitment. Any concerns or inquiries may be directed to the Privacy Officer at the contact address which appears at the end of this Privacy Commitment.
Sobeys collects, uses and discloses Personal Information for the following purposes (the “Purposes”):
1. To operate its businesses and to administer the Programs, including without limitation:
(a) to communicate with Customers regarding orders, purchases or any concerns or queries the Customer may have;
(b) to communicate with Customers regarding any changes to this Privacy Commitment or to Programs and their operation;
(c) to ensure Customers are appropriately awarded points or their equivalent in accordance with the rules of the applicable Program and receive reward redemptions in accordance with applicable Program Rules and that rewards records are appropriately maintained;
(d) to process information regarding Customer orders, purchases and the collection and redemption of points and rewards;
(e) to provide services, rewards, products and benefits to Customers and to enable them to participate in contests;
(f) to understand and analyze the interests, needs and preferences of Customers;
(g) to develop, enhance, market and/or provide products and services for Customers, customers and potential customers;
(h) to verify Customers’ identity, when required or desirable for transactional purposes, so as to reduce fraud or errors in transaction processing;
(i) to comply with applicable legislation and regulatory requirements; and
(j) for investigation and law enforcement purposes.
2. To communicate with Customers regarding promotions, contests, offers, incentives, rewards, surveys, questionnaires and other pertinent matters such as but not limited to products and services under the Programs or available through Partners that may be of interest to the Customers.
Sobeys also collects Personal Information from (A) individuals when they apply for employment through a Sobeys website, in person at a store, or otherwise, and uses this Personal Information for the purpose of processing and responding to such application, and (B) prospective and current franchisees and affiliated merchants and their principals, and uses this Personal Information for the purpose of processing and responding to franchise and affiliated merchant applications and in ongoing dealings with such parties. In this Privacy Commitment, references to “Customers” also apply to the individuals referred to in this paragraph with any changes necessary in the circumstances.
Partners may collect Personal Information on behalf of Sobeys for the purposes identified in this Privacy Commitment.
Sobeys does not collect Personal Information from Customers other than for the purposes identified in this Privacy Commitment, except where required or permitted by law.
Sobeys collects Personal Information from Customers in several ways, including but not limited to, at the time of enrolment in a Program, when a purchase, return or Program redemption is made by a Customer, through Partners, through online use of a Sobeys or Program website, through Customer interaction with customer services offered by Sobeys and/or Program(s), through surveys or questionnaires conducted by or on behalf of Sobeys or a Partner and through contests entered by a Customer.
Personal Information collected regarding the preferences, needs and interests of Customers may be used to determine which Customers may be most interested in products or services offered by Sobeys or its Partners.
Personal information may be utilized to communicate with Customers regarding promotions, contests, offers, incentives, rewards, surveys, questionnaires and other pertinent matters such as products and services, as referenced in section 2 of the Purposes, above. Customers may not wish to receive such communications. This preference may be communicated to Sobeys at the time of enrolment, or any time afterward by contacting Sobeys through the “contact us” or equivalent link available on the relevant website, or as indicated at the place of enrolment. Such revocation will not affect the Customer’s privileges or ability to participate in a Program, nor will it prevent the provision of periodic statements as to the Customers’ point or similar balances in a Program.
Sobeys will not collect, use or disclose Personal Information about a Customer without the consent of the Customer, except where required or permitted by law, and only by legal and reasonable means.
Consent may be obtained at the time of enrolment in a Program, through survey and questionnaire forms, through a website or verbally during a conversation with a Customer.
Consent may be either express or implied. Consent will be implied, for example, when a Customer participates in a Program by collecting and redeeming points. In certain circumstances express consent may be required. In these circumstances Sobeys will seek express consent which may be given verbally, in writing or through electronic correspondence.
Sobeys will communicate with Customers regarding any changes to this Privacy Commitment. Such communication may be in the form of written or electronic correspondence, published on a Sobeys website, or by any other reasonable means of communication.
From time to time Sobeys may identify new purposes for the use or disclosure of Personal Information. Any new purpose will be communicated to Customers by way of a Sobeys or Program website or other appropriate manner, and consent (which where appropriate may be implied by continued Program participation by a Customer) will be obtained from Customers prior to any such use or disclosure, unless such use or disclosure is required or permitted by law.
Sobeys will only retain Personal Information to the extent necessary for the purposes identified in this Privacy Commitment.
A Customer may indicate to Sobeys at any time that the Customer wishes to cancel membership in a Program. Following cancellation of a membership, Sobeys may retain Personal Information pertaining to that Customer in respect of that Program for a reasonable period for legal, administrative or compliance purposes.
Personal Information of a Customer will not be disclosed to Partners for purposes other than the administration of the applicable Program unless a Customer provides consent to such disclosures. Where applicable, this consent may be communicated to Sobeys at or following the time of enrolment, and may be changed at any time afterward, by contacting Sobeys through the “contact us” or equivalent link available on the relevant website or at the place or enrolment. Revocation of such consent will not affect the Customer’s privileges or ability to participate in the relevant Program, nor will it prevent the provision of periodic statements as to the Customers’ point or similar balances.
Personal Information may also be disclosed to Authorized Disclosees. Any party to which Sobeys discloses Personal Information must sign a confidentiality agreement or other legal contract which requires any such party to only use the information disclosed to them for the purposes as explicitly set out in the agreement.
From time to time Sobeys may disclose aggregated data to third parties. Aggregated data disclosed by Sobeys do not contain Personal Information or other information regarding identifiable individuals. Sobeys does not share, give, rent or sell Personal Information to any third parties other than Personal Information shared between Sobeys and Authorized Disclosees or as otherwise provided in this Privacy Commitment. In certain circumstances, Sobeys may be required by law to disclose Personal Information.
Sobeys may be involved in the sale, transfer or reorganization of some or all of its businesses at some time in the future. As part of that sale, transfer or reorganization, Sobeys may disclose Personal Information to the acquiring organization, but will require the acquiring organization to agree to protect the privacy of Personal Information in a manner that is consistent with this Privacy Commitment.
Sobeys will take reasonable measures to ensure Personal Information collected is accurate and complete. Sobeys will update its records regarding Customers based on the information communicated directly or indirectly to Sobeys by Customers or Partners. In order to ensure Sobeys’ records are as complete and accurate as possible, Customers are responsible for informing Sobeys of any relevant changes to Personal Information, such as a change of name, a change of address, or a change in any other pertinent information. Customers may request rectification of inaccurate or incomplete records where it is demonstrated that the records maintained by Sobeys are deficient. When a request has been made to rectify any inaccuracies or discrepancies, Sobeys will promptly correct, add or delete its records in order to correct any deficiency and will provide confirmation of the correction to the Customer. Where a Customer is not satisfied with the response provided to an application for access or rectification, the Customer may file a complaint with the Sobeys Privacy Officer.
Upon request, Customers are entitled to examine their Personal Information collected and held by Sobeys and to be informed of the use and disclosure of Personal Information, except as prohibited by law. Where Sobeys is unable to provide access to all the Personal Information it holds about a Customer, the reasons for denying access will be communicated to the Customer. The primary records containing Customers’ Personal Information are maintained in Stellarton, Nova Scotia, the Greater Toronto Area, Ontario and at data processing and storage locations of Authorized Disclosees in the United States. Sobeys will take precautionary measures in an effort to prevent fraudulent or unauthorized requests for access. Where Sobeys receives a request from a Customer to examine Personal Information collected and retained, Sobeys will respond to the request within 30 business days.
Sobeys will ensure that its Privacy Commitment, policies, rules, practices and procedures concerning the management of Personal Information are readily accessible to Customers. Copies of this Privacy Commitment may be obtained at any time by request directed to the Sobeys Privacy Officer. This Privacy Commitment is also available on the Program website or may be emailed to a Customer upon request.
Provisions relating to Pharmacy Operations
The following provisions of the Sobeys Privacy Commitment apply specifically to the pharmacy operations of Sobeys (“Pharmacy Operations”) which include Lawtons and all in-store pharmacies. In the event of an inconsistency between the provisions below and those above, the provisions below prevail as regards Pharmacy Operations.
Your Personal Health Information:
This Privacy Commitment applies to your personal health information, which we collect in the course of providing pharmacy services to you, including your name, street and email addresses, telephone number, birth date, gender, medical conditions, medication history and physician name.
We obtain most of our information directly from you, as needed in order to provide you with the services you request. For example, we ask about any drug allergies you have in order to fill your prescriptions while avoiding the potential for harmful reactions.
Here is why we need some of the other information we may ask you to provide –
Birth Date and Gender – Your date of birth and gender help us to identify you, serving as a “double check” along with your name and address so that your patient records are accurate and complete. A person’s age can affect the right dose of medication (especially in children and the elderly.)
Medical Conditions – This helps us to make sure that any medications you receive are safe and appropriate for you. It also helps us to provide you with information and advice that is helpful, appropriate, and necessary for your health and safety.
Address and Telephone Number – To contact you if needed to answer your questions, or to provide information about your medication (for example, if a drug that you have been prescribed is recalled or withdrawn).
Why we collect your personal health information:We collect your personal health information in order to provide you with quality care and to meet legal and professional requirements, including maintaining a record of medications dispensed and services provided.
Use and disclosure of your personal health information:
We will not collect, use or disclose your information without your consent unless required or permitted by law (please see below). In some cases, your consent will be requested in writing; at other times, you may indicate your consent to us verbally or by some action on your part. When your consent is required, we will provide you with information about the purposes for which the information is being collected and used, and circumstances in which it will be disclosed. We do not sell or rent your personal health information to third parties.
We will only share your personal health information with others as needed to provide you with services or products, for example to send a claim on your behalf to your drug plan for payment of a prescription. We may where appropriate in our professional judgment contact you, a person authorized by you, or the prescriber of your medication or other healthcare professional to discuss and/or verify the medication/prescription, instructions and relevant options. We may also contact you or a person authorized by you to provide or offer services associated with your prescriptions or health care, alternatives to prescribed medication (such as generics) and other relevant health services, and to make or verify payment and/or pickup or delivery arrangements.
We will not share, sell or in any other way provide your personal health information to third parties not associated with the provision of our services.
Disclosure when required by law:
In some instances, legislation or regulations require that we disclose your personal health information to government agencies for the purpose of safer health care – for instance, where there is a provincial “Drug Information System” that hosts a complete medication history for each person in the province. Likewise, we are required in some provinces to disclose information to agencies that monitor the use of certain drugs (narcotic and controlled drugs). We must also provide your personal health information in response to a court order, search warrant or other legally valid inquiry or order. We may also disclose information for investigation or law enforcement purposes, for example, to protect against fraud or other criminal activity.
Withdrawal of your consent:
You may withdraw your consent to our collection and use of your personal health information by giving us written notification of your withdrawal at any time. However, withdrawing your consent may affect the products or services we are able to provide or make available to you. For example, if you withdraw your consent for us to collect or use the personal health information we require in order to fill your prescription safely and in accordance with legal and professional standards, we will be unable to provide that service to you.
Access to your information:
You can access the personal heath information we retain about you. Upon receipt of your written request, we will provide you with a copy of your personal health information. We will make every reasonable effort to keep your information accurate and up-to-date. If you find any errors in our information about you, please let us know. Please help us by keeping us informed of any changes such as a change of address or telephone number. Having accurate information about you allows us to give you the best possible care and service.
Protecting your personal health information:
We protect your personal health information with appropriate safeguards and security measures. We institute appropriate security standards to help protect our systems against unauthorized access and use.
When we hire other organizations to provide support services, we require that they adhere to our privacy policies.
The length of time we retain your personal health information varies depending on the product or service, the nature of the information, and legal requirements. This period may extend beyond the end of your relationship with us, but only for as long as is necessary to respond to any issue that may arise or to meet any legal requirements.
When your personal health information is no longer needed for the purposes explained to you, we have procedures to destroy, delete or erase it, or convert it to an anonymous form so that it can no longer be connected to you.
Additional Information regarding Use of Our Pharmacy Websites:
We operate various websites in association with our pharmacy businesses (collectively, “Sites”). In general, you can visit our Sites without revealing any personal information. At times, though, we may need personal information about you in order to process a request for information, or to provide a correct response, such as your name, e-mail address and postal code or demographic information (for example, your date of birth). You may choose whether or not to provide such data to us. Please be aware, however, that if you choose not to provide the personal information, you may not be able to use some of the features on the site. If you choose to provide us with personal information, we will use this information in strict adherence with the terms of this Privacy Commitment. If you ask us not to use this information as a basis for further contact with you, we will respect your request.
Our Sites may contain links to other websites. We are not responsible for the privacy practices or the content of sites (other than our own sites) to which we provide links. You should check the privacy policies of these other websites before choosing to provide any personal information.
Questions or concerns:
If you have questions or concerns about our Privacy Commitment as it relates to pharmacy matters, you can ask your pharmacist or contact our company’s Privacy Officer at the address provided below.
Complaints Regarding Non-Compliance
Sobeys has appointed a Privacy Officer to address any questions, concerns or complaints regarding compliance with this Privacy Commitment by any party.
The Sobeys Privacy Officer may be contacted as follows:
obeys Privacy Officer – 115 King Street, Stellarton, Nova Scotia B0K 1S0
Sobeys will investigate all formal complaints and will respond within 30 business days after receipt of written complaint. If the complaint is reasonable, Sobeys will take suitable measures to address the complaint.