This Privacy Commitment contains important information on our commitment to the protection of your Personal Information, including:
• What we mean by “Personal Information”
• The purposes for which we collect and use your Personal Information, and when we collect it
• The Internet technologies we may use to collect and process your Personal Information
• The way we may engage in Interest-Based Advertising
• With whom we may share your Personal Information, and the location in which your Personal Information may be stored
• When and how your Personal Information can be processed by an automated decision-making process
• The manner and location in which we may retain your Personal Information
• The ways that we protect your Personal Information
• How to access, correct or update your Personal Information
• How to contact us about privacy issues
This Privacy Commitment also includes a separate section respecting the collection, use and disclosure of personal information in our pharmacy operations
By doing business with us, visiting our websites, using our mobile apps, subscribing to our e-mail communications, entering one of our contests, enrolling or applying for enrollment in a participating Program or otherwise corresponding or communicating with us, you agree to Sobeys collecting, using and disclosing your personal information in accordance with this Privacy Commitment. If you do not agree to be bound by this Privacy Commitment, please do not access or use the features of our websites or mobile apps.
This Privacy Commitment complies with all applicable federal and provincial privacy legislation.
Personal information is any information about an identifiable individual, including any information that, alone or in combination with other information, could be used to identify an individual. Personal Information includes, but is not limited to a Customer’s name, home address, email address, telephone number, date of birth and purchasing information, (in this Privacy Commitment referred to as “Personal Information”).
Personal information does not include aggregated information, or any personal information that has been de-identified through the removal of potentially identifying details, such that the data may not be identified with a particular individual.
Sobeys generally collects, uses and discloses Personal Information to operate our businesses and to administer our Programs, including for the following purposes (the “Purposes”):
a) to communicate with Customers regarding orders, purchases or any concerns or queries the Customer may have;
b) to communicate with Customers regarding any changes to this Privacy Commitment or to Programs and their operation;
c) to identify Customers who are enrolled in our Programs;
d) with consent, or as permitted by law, to communicate with Customers regarding promotions, contests, offers, incentives, rewards, surveys, questionnaires and other pertinent matters such as but not limited to products and services under the Programs or available through Partners that may be of interest to the Customers;
e) to ensure Customers are appropriately awarded points or their equivalent in accordance with the rules of the applicable Program and receive reward redemptions in accordance with applicable Program Rules and that rewards records are appropriately maintained;
f) to process information regarding Customer orders, purchases and the collection and redemption of points and rewards;
g) to provide services, rewards, products and benefits to Customers and to enable them to participate in contests;
h) to understand and analyze the interests, needs and preferences of Customers;
i) to develop, enhance, market, recommend and/or provide products and services to meet the needs and interests of Customers and potential customers;
j) for marketing and analytics purposes, including to display targeted advertising as set out in the Interest-Based Advertising section below;
k) to verify Customers’ identity, when required or desirable for transactional purposes, so as to reduce fraud or errors in transaction processing;
l) to comply with applicable legislation and regulatory requirements; and
m) for investigation and law enforcement purposes.
n) our grocery delivery vans are equipped with camera monitoring systems, and the images and/or video collected by such systems may be used by Sobeys to ensure the safety of our customers and drivers;
o) to track and analyze your purchase history, other transactions, shopping patterns, account activity and payment history for marketing analysis purposes, and for tailoring promotional offers to you or providing you with relevant advertisements to ensure we provide a better customer experience through customized offers and advertisements
p) To render a decision based exclusively on an automated processing of the collected Personal Information, as set out in the Automated Processing section below;
and to comply with applicable legislative requirements.Sobeys does not collect Personal Information from Customers other than for the purposes identified in this Privacy Commitment, unless further consent is obtained, or where otherwise required or permitted by law.
Sobeys collects Personal Information from Customers in several ways, including but not limited to, at the time of enrolment in a Program, when subscribing for e-mail, SMS and/or phone communications, when visiting one of our stores, when a purchase, return, inquiry or Program redemption is made by a Customer both in-store and online, through Partners, through online use of any of our websites or Program website, through use of one of our mobile apps, through Customer interaction with customer services offered by Sobeys and/or Program(s), through surveys or questionnaires or other research conducted by or on behalf of Sobeys or a Partner and through contests entered by a Customer.
We also collect Personal Information from:
(a) individuals when they apply for employment through a Sobeys website, in person at a store, or otherwise. We use this Personal Information solely for the purpose of processing and responding to such applications; and
(b) prospective and current franchisees and affiliated merchants, and their principals. We use this Personal Information for the purpose of processing and responding to franchise and affiliated merchant applications and in ongoing dealings with such parties, and as may be otherwise set out in communications and agreements with such persons.
In this Privacy Commitment, references to “Customers” also apply to the individuals referred to in paragraphs (a) and (b) above with any changes necessary in the circumstances.
From time to time, we may share your Personal Information with third party service providers that we have engaged to perform services on our behalf, based on our instructions, such as advertising agencies, marketing agents, data processing and storage companies or organizations which provide administrative and support services to Sobeys. We will limit our disclosure of your Personal Information to such third parties to that which is reasonably necessary for the purpose or service for which the third-party service provider is engaged. We will use contractual and other means to provide a comparable level of protection while the information is being processed by such third parties, including limiting such providers to using your Personal Information solely to provide Sobeys with the specific service for which those providers were engaged, and for no other purpose. You can obtain more information about our policies and practices with respect to the use of Personal Information by third party service providers by contacting us at the addresses provided under “Contact Us”
Sobeys may share or transfer your Personal Information where reasonably required in the context of a sale, merger, reorganization or amalgamation of all or part of our business or the insurance of securitization of our assets. In any such case, the recipient parties will be contractually required to keep the information confidential and use it only for the purposes of the transaction, or proposed transaction, in question. In the event a business transaction is completed, assignees or successors of our business or assets may use and disclose your Personal Information, as obtained from Sobeys only for the purposes set out this Privacy Commitment, unless your further consent is obtained.
Sobeys may also share your Personal Information with third parties as required or permitted by law, such as:
• to government bodies, regulatory bodies, and law enforcement agencies, pursuant to warrant, order or statutory requirement;
• in connection with any legal proceedings or prospective legal proceedings involving Sobeys;
• to otherwise establish, exercise or defend our legal rights (including providing information to third parties for the purposes of fraud prevention and reducing credit risk), as permitted by law
Sobeys does not otherwise rent or sell your Personal Information to any third parties, unless your additional consent to do so is obtained.
Sobeys will take reasonable measures to ensure that the Personal Information we collect is accurate and complete. We will update our records regarding Customers based on the information communicated directly or indirectly to us by Customers or Partners. In order to ensure that our records are as complete and accurate as possible, you are responsible for informing Sobeys of any relevant changes to your Personal Information, such as a change of name or a change of address or other contact details.
Our websites may contain links to other websites. We are not responsible for the privacy practices or the content of sites (other than our own sites) to which we provide links. You should check the privacy policies of these other websites before choosing to provide any Personal Information to such third-party sites.
Cookies and Tracking Technologies
When you visit one of our websites or use one of our apps, we may use certain automated tools to provide you with a more personalized browsing experience, better understand your needs, provide you with content that is most relevant to you and monitor trends respecting the usage of our site and apps.
In general, you can visit one of our websites without telling us who you are or submitting any personal information. However, through log files and other technologies, we collect the IP (Internet protocol) addresses of all visitors to our websites and other related information such as page requests, browser type, operating system and average time spent on our websites. We collect similar information respecting the usage of our apps. We use this information to help us understand user activity on our websites, to provide you with content appropriate for your region, and to monitor and improve our websites.
Cookies: Our websites use a technology called "cookies". A cookie is a small text file stored on your device that identifies your browser/device/IP address – but not you as an individual – to our computers each time you visit one of our websites. More information about cookies can be found at Wikipedia.
Tracer Tags & Web Beacons: Our websites may also use a technology called "tracer tags" or “Web Beacons”. A web beacon is a small transparent graphic image that allows us to record simple user actions related to our websites and to email communications received from us, to help us determine the usage and effectiveness of our site and communications. These “images” are automatically loaded to your browser/device when you visit the website or open an html format email message from us, thereby letting us know if a certain page was visited or an email message was opened. This technology allows us to understand which pages you visit on our websites. These tracer tags are used to help us optimize and tailor our websites for you and future visitors.
Analytics: We may use a third party such as Google Analytics to help us gather and analyze information about the areas visited on the websites (such as the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the convenience of the websites. For more information or to opt-out, see “How Google uses data when you use our partners’ sites or apps” and “Google Analytics and Privacy”.
We work with third-parties such as ad networks and other advertising companies that use their own tracking technologies (including cookies and pixel tags) on our websites and apps and other websites and apps in order to provide you with tailored advertisements on our behalf on third party websites across the Internet. These companies may collect information about your activity across your different devices on our websites and apps and third-party websites and apps (such as web pages you visit and your interaction with our advertising and other communications) and use this information to make predictions about your preferences, develop personalized content and deliver ads that are more relevant to you on third party websites and apps. This information may also be used to evaluate our online advertising campaigns.
To opt-out of receiving online behavioural advertising from third party advertising companies who collect data on our websites, please click on the AdChoices icon located in the top righthand corner of any of our websites.
For more information about interest-based advertising on your desktop or mobile browser and to understand your options, including how you can opt-out of receiving behavioural ads from third-party advertising companies participating in the DAAC, please visit the Digital Advertising Alliance of Canada website at http://youradchoices.ca/choices. To learn more about interest-based advertising in mobile apps and to opt out of this type of advertising by third-party advertising companies that participate in the DAAC’s AppChoices tool, please download the version of AppChoices for your device at Ad Choices opt out tool.
Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes, including to produce aggregated website analytics, and you may still see ads from us; however, the ads will not be targeted based on behavioural information about you, and may therefore be less relevant to you and your interests.
To successfully opt-out, you must have cookies enabled in your web browser. Please see your browser’s instructions for information on cookies and how to enable them. Your opt-out only applies to a particular web browser you have used, so you must opt-out of each web browser on each device that you use. Once you opt out, if you delete your browser’s saved cookies, you may need to opt-out again.
Social Media Advertising
From time to time, we may also engage third-party platforms to serve users of those platforms with more individually-targeted advertising, which is based both on the platform’s user data and your interactions with Sobeys outside of the platform. To do this, we provide to the platform provider a “hashed version” of your email address or other potentially connecting information, which could be matched to your profile with that platform. Hashing is a mathematical operation that applies an equation to information so as to produce an encrypted value that cannot be reversed to reveal the original data. Both Sobeys and the platform run the same one-way hash function on the same data element, for an example, an email address. As a result, when Sobeys provides the platform with the hashed email addresses of a selected group of Customers, the platform is able to match the hashed value against the corresponding hashed value for users of the platform, allowing the platform to target Sobeys customers that are users of that platform with relevant advertising, based on demographic and other factors selected by Sobeys. Sobeys provides only the hashed value and no other information about you to the platform. Further information about this process may be provided by the social media platforms that you use (see, for example, the “ads” icon in Facebook’s user Privacy Settings and Tools), and you may exercise the preferences provided by those social media platforms with respect to your viewing of advertising on those platforms. To opt-out of the use by Sobeys of the Personal Information we hold about you for such purposes, please see Your Options.
From time to time, Sobeys may render a decision based exclusively on an automated processing of the Personal Information collected. Sobeys recognizes that you have the right to know if your Personal Information is being processed by a solely automated decision-making process and to be informed before such processing.
Sobeys will, at your request, inform you of the Personal Information that was used to render such a decision, of the reasons and the principal factors and parameters that led to the decision and of your right to have the Personal Information used to render the decision in question corrected.
Sobeys will give you the opportunity to present your observations regarding the decision to a representative of Sobeys who can revise said decision.
Sobeys will only retain Personal Information to the extent necessary for the purposes identified in this Privacy Commitment, or to which you might otherwise consent, after which your Personal Information will be securely destroyed or irreversibly erased or de-identified. Personal Information may be stored “in the cloud” or otherwise outside of Canada, where it may be subject to the legal regime of the jurisdiction in which it is stored. For residents of Quebec, your personal information may be stored “in the cloud” or otherwise outside of the Province of Quebec and Canada.
Note that, in some cases, Sobeys may retain some of your Personal Information for a reasonable period of time for legal, administrative or compliance purposes.
As noted below, under Your Choices, you may cancel your membership in a Program or otherwise request deletion of your Personal Information.
Sobeys has established appropriate technological, physical and contractual security measures designed to help protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information. However, no electronic system is entirely secure.
Sobeys provides you with a number of options through which you may exercise certain preferences with respect to our use of your Personal Information, obtain access to the Personal Information that we hold about you, or request revisions to or deletion of that information.
You may generally withdraw your consent to our use or disclosure of your Personal Information at any time, subject to legal and contractual restrictions; however, without such consent, we may be unable to provide you with certain services or benefits. For example, if you withdraw your consent for the use of your Personal Information for the purposes of earning points or other benefits under a Program, we will no longer be able to participate in that Program.
a. Direct Marketing
From time to time, with your consent or as otherwise permitted by law, we may use Personal Information to communicate with Customers regarding promotions, contests, offers, incentives, rewards, surveys, questionnaires and other pertinent matters such as products and services, as described under Purposes, above.
If you would prefer not to receive such communications from us, you may opt-out at any time by contacting Sobeys at the addresses provided under “Contact Us”. If you receive promotional email messages from us, you may also unsubscribe from such messages by using the unsubscribe mechanism found in all such messages. Opting out from the receipt of direct marketing material will not affect your privileges or ability to participate in a Program, nor will it prevent the provision of periodic statements to you with respect to any point or similar balances in a Program.
b. Interest-Based Advertising
As described above, under Interest-Based Advertising, you may opt-out of receiving online behavioural advertising from third party advertising companies who collect data on our websites by clicking on the AdChoices icon located in the top righthand corner of any of our websites. You may also opt-out of Interest-Based Advertising more generally by clicking on the AdChoices icon on any ads that you see.
Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics and you will still see ads on many of the Internet sites that you visit; however, these ads will not be targeted based on your perceived interests and tastes, and may therefore be less relevant to you.
As also described above, you may opt-out of having Sobeys using the Personal Information it holds about you to target ads to you when you are on social media platforms.
Access and Correction
Upon request, Customers may examine the Personal Information about them that Sobeys holds, except as provided by law. Where Sobeys is unable unauthorized to provide access to all the Personal Information it holds about you, it will provide the reasons whyand any recourse available to you.
Where Sobeys receives a written request from a Customer to examine Personal Information collected and retained, Sobeys will respond to the request within 30 business days. Sobeys will provide assistance upon receipt of an individual data access request. If such a request is not sufficiently precise or unclear, Sobeys will assist the individual in identifying the information sought. In the event of a refusal, the reasons for such refusal will be provided in addition to remedies available to the requesting applicant.
You may request access to your Personal Information by making a request, in writing, to Sobeys Privacy Officer, at the addresses provided under Contact Us. Note that, in an effort to prevent fraudulent or unauthorized requests for access, we may request identification for authentication purposes.
You may also make a subsequent request to the Sobeys Privacy Officer to correct any Personal Information that you feel is inaccurate or incomplete. You may also request the deletion of your Personal Information, subject to legal and contractual restrictions; however, please note that deletion of some information may impact our ability to provide you with certain services.
Changes and Updates
Sobeys may revise this Privacy Commitment from time to time as our business evolves, in response to legal developments, as new technologies become available, or as we introduce new features, products or services.
When we make changes to this Privacy Commitment we will revise the “last updated” date at the top of the Commitment. You should check back here periodically to find out if any changes have been made. If we make substantial changes we will, as appropriate, prominently post these changes to our website or notify registered Customers directly.
If you disagree with any change to the Privacy Commitment, you may close your account and refrain from using our services, or in some cases, by opting out. Continuing to use our services, including our websites, after we post or communicate a change signifies that you consent to the revised terms of the Privacy Commitment.
On occasion, we may also identify new purposes for the collection or use of Personal Information, such as in connection with a new promotion or Program. We will describe such uses in separate notices or other communications.
Should you have any questions about this Privacy Commitment, or the manner in which Sobeys collects, uses, shares and protects your Personal Information, you may write to our Privacy Officer at the postal or email addresses provided below
If you would like to opt-out of any uses of your Personal Information, obtain access, request correction or deletion, make a complaint, or generally have any questions or concerns about our Privacy Commitment, you may contact the Sobeys Privacy Officer at the address provided below. For questions with respect to our Privacy Commitment as it relates to pharmacy operations, you may also ask your pharmacist.
Sobeys Privacy Officer
4980 Tahoe Blvd.
Sobeys will consider all complaints, and will respond within 30 business days after receipt of written complaint. If the complaint is well-founded, Sobeys will take suitable measures to address the complaint.
Copies of this Privacy Commitment may be obtained at any time by request directed to the Sobeys Privacy Officer. This Privacy Commitment is also available on Program websites.
Provisions Relating to Pharmacy Operations
In addition to the disclosures, safeguards and options set out above, the following provisions of the Sobeys Privacy Commitment apply specifically to the pharmacy operations of Sobeys which include Lawtons and all in-store pharmacies (“Pharmacy Operations”). In the event of an inconsistency between the provisions below and those above, the provisions below prevail with respect to Pharmacy Operations.
Health care providers such as pharmacists are subject to the personal health information privacy law that applies in the province in which they operate, and our Pharmacy Operations may also be subject to private sector privacy laws applicable in the province in which they operate.
Your Personal Health Information
This Privacy Commitment applies to your personal health information, which we collect in the course of providing pharmacy services to you. Personal health information is a subset of Personal Information that relates specifically to the mental or physical health of an individual, the provision of health care to an individual or any payments or eligibility for health care or health care coverage with respect to an individual. It also includes information that is generally collected in the course of providing health care services to an individual (“Personal Health Information”).
We obtain most Personal Health Information directly from you, as needed in order to provide you with the services you request. For example, we ask about any drug allergies you have in order to fill your prescriptions, while avoiding the potential for harmful reactions. We may also collect Personal Health Information about you that may be provided by your physician, hospital, clinic, or other health care provider, or by your local health authority or network.
Examples of the type of Personal Health Information that we may typically collect in the course of our Pharmacy Operations, include your name, street and email addresses, telephone number, birth date, gender, medical conditions, medication history and physician name.
We may also ask you to provide the following information:
• Birth Date and Gender – Your date of birth and gender help us to identify you, serving as a “double check” (along with your name and address) to help ensure that your patient records are accurate and complete. A person’s age can also affect the recommended dosage of medication that they should receive (especially in children and the elderly)
• Medical Conditions – Knowing the medical conditions that may affect you helps us ensure that any medications you receive are safe and appropriate for you. It also helps us to provide you with information and advice that is helpful, appropriate, and necessary for your health and safety.
• Address and Telephone Number – We collected contact details to communicate with you, as required, to answer your questions, or to provide information about your medication (for example, if a drug that you have been prescribed is recalled or withdrawn).
We generally collect your Personal Health Information in order to provide you with quality care and to meet legal and professional requirements, including maintaining a record of medications dispensed and services provided.
We will not collect, use or disclose your information without your consent unless required or permitted by law (please see below). In some cases, your consent will be requested in writing; at other times, you may indicate your consent to us verbally or by some action on your part. When your consent is required, we will provide you with information about the purposes for which the information is being collected and used, and circumstances in which it will be disclosed.
We will only share your Personal Health Information with others as reasonably necessary to provide you with services or products, for example to send a claim on your behalf to your drug plan for payment of a prescription. Where appropriate, in the professional judgment of your pharmacist, we may contact you, a person authorized by you, or the prescriber of your medication or other healthcare professional to discuss and/or verify the medication/prescription, instructions and relevant options. We may also contact you or a person authorized by you to provide or offer services associated with your prescriptions or health care, alternatives to prescribed medication (such as generics) and other relevant health services, and to make or verify payment and/or pickup or delivery arrangements. Personal Health Information shared with such parties must be used solely for the purposes of providing you with pharmacy services, or with health care more generally, and is shared only to the extent required to perform the services in question.
We will not otherwise share, sell or in any other way provide your Personal Health Information to third parties, for any purpose whatsoever, without your further consent.
Note that we do not engage in Interest-Based Advertising with respect to our Pharmacy Operations or your use of our Pharmacy Websites. While you may still see some ads displayed on our websites, or see ads for Sobeys, Lawtons and our Pharmacy Operations on other websites and platforms that you may visit, these ads will be placed based on the nature of the website in question and assumptions about likely visitors, not based on any usage of pharmacy services or actions taken by you on our Pharmacy Websites.
Disclosure When Required by Law
As noted above under Sharing, in some cases, we may be required to provide Personal Information, including Personal Health Information, to law enforcement agencies, government departments, regulators, or courts where required by law.
In some instances, legislation or regulations require that we disclose your Personal Health Information to government agencies for the purpose of safer health care – for instance, where there is a provincial “Drug Information System” that hosts a complete medication history for each person in the province. Likewise, we are required in some provinces to disclose information to agencies that monitor the use of certain drugs (narcotic and controlled drugs).
Access to Your Information
You can access the personal health information we retain about you. Upon receipt of your written request, we will provide you with a copy of your Personal Health Information. We will make every reasonable effort to keep your information accurate and up-to-date. If you find any errors in our information about you, please let us know. Please help us by keeping us informed of any changes such as a change of address or telephone number. Having accurate information about you allows us to give you the best possible care and service.
Additional Information regarding Use of Our Pharmacy Websites
We operate various websites in association with our pharmacy businesses (collectively, “Pharmacy Websites”). In general, you can visit our Pharmacy Websites without revealing any personal information. At times, though, we may need personal information about you in order to process a request for information, or to provide a correct response. In such cases, we may require contact information such as your name, e-mail address and postal code or other information about you, such as your date of birth). You may choose whether or not to provide such data to us. Please be aware, however, that if you choose not to provide the personal information, you may not be able to use some of the features on the website. If you choose to provide us with personal information, we will use this information in strict adherence with the terms of this Privacy Commitment. If you ask us not to use this information as a basis for further contact with you, we will respect your request.