Our promise to you
Whether you are a registered patient or a member of our digital community, your personal data is of the utmost importance to Dermnurse Medical Aesthetics. We use your data to provide excellent service, relevant and helpful communications and to facilitate your interaction with our online community. We value the trust you place in us and will never misuse your data or abuse it.
As a registered provider of healthcare services, we take great care when handling your sensitive data. We understand the importance of protecting your right to privacy, and as a partially digitalized business, we have taken great care to ensure we keep your personal data safe and secure.
Our reputation depends on the integrity of our service to you; therefore, we remain committed to the ongoing review of our data storage and processing to give you peace of mind. We will remain open and honest, and comply with the transparency obligations of your right to be informed.
What type of information do we hold about you?
We currently collect and process personal information about you, including your name, age, and contact details. We also collect what is classed as ‘special category data’ – personal data that needs more protection because it is sensitive. Specifically, this includes:
- personal data revealing racial or ethnic origin
- data concerning health, including lifestyle, menopause, and mental health symptoms
- data concerning a person’s sex life.
We use special category data to help us assess your individual needs and provide the right treatment, products, and services.
How we get the information and why we have it
Most of the personal, sensitive, and medical information we process is provided to us directly by you. You are responsible for the accuracy of the information that you provide to us.
|You have registered as a website user to purchase a product, leave a comment or sign up to clinician services.||When you register as a website user to purchase a product, interact with our online community, pause, or register for clinician services, you will provide personal information such as your name, contact details, gender and date of birth.|
|You have completed our online menopause assessment questionnaire||When you complete the menopause assessment questionnaire you share your email address with us so that we can send you your personalised report. You may also share sensitive information on your health and lifestyle that we use to determine your personalised report and tailor any subsequent healthcare provision you choose to engage with us for.|
|You have signed up to our online community||When you register to engage with other users within our online community, pause, you will provide personal information such as your name, contact details, gender and age. Only your name will be shared with other community users. We will not share contact details or sensitive information.|
|You have completed one of our online contact forms or surveys||You may choose to contact us via an online contact form or provide feedback via a customer satisfaction survey. You will be asked to provide your name and contact details so we can respond to you appropriately.|
|You have sent us an email or a letter||If you write to us by email or letter your details may be recorded as a contact so that we can fulfil the purpose of your enquiry. Your details will be stored and processed safely and securely and you will not be opted in to marketing communications unless you express your wish to do so.|
|You have contacted us by telephone||If you contact us by telephone your details may be recorded as a contact so that we can fulfil the purpose of your enquiry. Your details will be stored and processed safely and securely and you will not be opted in to marketing communications unless you express your wish to do so.|
|You have registered as a patient with Dermnurse Medical or our Model M-MAP||When you register as a private patient of Dermnurse Medical you will need to provide an Alberta Health number and up-to-date photographic ID for identification purposes during consultations.|
|You have shared this information during an appointment||During an initial consultation or routine appointment, you may disclose personal and sensitive information to your clinician. This information is treated in the strictest confidence and stored and processed in line with UK legislation.|
|You have attended one of our events||If you attend an in-person or virtual event with Dermnurse Medical, you may have opted in to sharing your personal and contact information with us. You may receive a follow-up communication from us but will be able to opt out of any communications easily.|
|You have opted into marketing and have posted publicly on social media||We may collect anonymous information from customers from social media to help us continue to better understand your needs and concerns. We may share anonymous data, for example, demographic information, with platforms such as Facebook for the purposes of serving you relevant content through paid advertising.|
|You have used our third-party prescription service, from Fullscript, Script, or Creative Pharmacy||We partner with Fullscript to process payment for and fulfil your prescription and repeat prescription ordering. Once you have ordered a prescription online, we process your information safely and securely. The data we provide to Fullscript is your email contact details and the data we receive is the current status of your order.|
|You have used a third-party blood testing service, Tap Lab or Alberta Health Services Dyna Lab. We also have partnered with DUTCH (Dried Urine Test for Comprehensive Hormones) for urine testing.||We refer interested patients to Tap Lab to provide private blood testing services. Once you have ordered a blood test, we process your personal information and blood test results safely and securely in accordance with Alberta legislation. The data we provide to lab services is your telephone and email contact details. The data we receive is the status of your requisition and your test results and analysis.|
Information and accuracy
For us to provide the level of service and care that you need it is really important that the information you provide at any point during your engagement with Dermnurse Medical is accurate and up to date. If there are any changes to your contact details or personal information or if information relating to your health changes, please let us know. You can do so by calling us at 403-475-9296.
You are responsible for the accuracy of the information you provide to us and we will not be responsible for any losses arising from any inaccurate, incomplete, inauthentic, or deficient data that you provide to us.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Building a profile about you
We collect anonymous information on our website via Google Analytics and Go Daddy. We collect some information on how you interact with our website, such as using cookies or device IDs, to monitor our digital platform and the efficiency of our service. We do this so that we can continually improve our content and provide you with the very best customer experience.
We also use Simple Texting and Chaport analytics to monitor and analyse web traffic and to keep track of user behaviour.
Lawful rights to process data
Under the Alberta Privacy Act , the lawful bases we rely on for processing this information are:
- (a) Your consent. You are able to remove your consent at any time. You can do this by contacting the Data Protection Officer at firstname.lastname@example.org. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- (b) We have a contractual obligation. This means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- (c) We have a legal obligation.
- (d) We have a legitimate interest. This means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
What we do with the information we have
We use the information that you have given us in order to:
- Add you to our contacts database to ensure you receive relevant communications from our company and community, pause.
- Provide a personalised assessment on completion of the online Model Menopause pre-screening Questionnaire
- Create an accurate patient record
- Better assess your needs, lifestyle, and symptoms to provide appropriate and necessary care
- Process your online appointment booking
- Process online prescription ordering and fulfilment
- Processing blood requisitions using our third-party service, TapLab, as requested
- Create, edit and maintain your patient records in our digital platform, Jane EMR
Where necessary, we may also use and disclose your personal data:
- As part of regulatory requirements to audit consultations, your data, and other interactions with our service. This enables Dermnurse Medical to comply with the regulatory and compliance standards to which we are bound.
- Compile your data as part of any aggregated research into the menopause and its associated impacts.
Strict confidentiality and data security provisions will apply at all times to any such audit and data use. We may share this information with:
- Jane EMR – our patient management software
- Tap Lab or Dyna Labs – our blood test service partners
- Script pharmacy or Creative Pharmacy – our prescription ordering and fulfilment partners
- Specific health authorities, Alberta Health, legal authorities, and ambulance services
There are times where you may be required to provide Dermnurse Medical with specific permission to use and access your data. At these times, Dermnurse Medical will provide you with all the details required in order for you to make your decision.
Updating your personal information
If you would like to change the information we hold about you, or want your information removed from our database, please contact us by advising that you wish to make a change by emailing email@example.com. You can use the “unsubscribe” option which will be included in our marketing email communications to opt-out of our marketing emails.
How we store your information
Your information is securely stored in the following locations:
- Alberta PIA encrypted servers
By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data: see your legal rights above for further information. In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We do not collect or process any payment information. All payment details entered into our website are processed through our third-party processor ‘Clover’ and you can refer to their website to see how they will store all payment information and transaction details. We will not retain any payment information.
- Bright Squid -secure email communication as needed.
- Netcare - Accessing personal health records as necessary
* Jane EMR - Charting
* Simple Texting - SMS marketing
* Ackroo - Rewards cards
* Bambora Canada - Gift card processing
* Net2phone Canada -Secure phone communication
* Gmail-Regular email communication
We use Google products and Go Daddy to track the performance of our website:
- Google – https://privacy.google.com/businesses/compliance* Go Daddy
We keep your medical records in accordance with national guidelines – Records Management Code of Practice 2020 – A guide to the management of health and care records. We will dispose your information in line with best practice described in the guidance.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Links to other websites
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising, the following personal data control mechanisms:
Promotional offers from us
We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased [goods or services] from us and you have not opted out of receiving that marketing.
You can ask us or third parties to stop sending you marketing messages at any time (by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you OR by contacting us at any time). Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
How to complain
Please contact us at firstname.lastname@example.org if you wish to make a complaint.