Privacy Policy
1. HEAL and Data Privacy
1.1 HEAL Group and its subsidiaries and affiliates (collectively, “HEAL Group”, or “we”, or “us”, or “our”) are committed to protecting and respecting your privacy.
1.2 This Privacy Statement provides information regarding the practices of HEAL Group regarding personal information, health information, personal data, or other information that can be used alone or in combination with other information to identify you (collectively, “personal data”) collected, used, processed, or disclosed by HEAL Group, and will apply if you use [www.healgroup.ca] or other websites that HEAL Group operates and that link to this Privacy Statement (collectively the “Websites”), utilize or purchase our products and services, or interact with our personnel or representatives.
1.3 This Privacy Statement sets out the basis on which we will process any personal data that we may collect or receive about you as a customer or business partner contact.
2. The Personal Data That We Collect About You
We may collect and process the following information about you:
2.1.1 Information That You Give Us
(a) Information about you that you give to us when registering for an account on any of the Websites, completing a survey or product review, signing up for a newsletter or other communication, filling in forms that we ask you to complete, purchasing products or services from us, or corresponding with us by telephone, post, email, through social media, or otherwise, and information obtained when you sign up to or attend a clinic, webinar, meeting or networking event. This may include:
(i) Contact details such as your name, address, email address and phone number;
(ii) The contents of your message, correspondence, or communication;
(iii) Payment information, such as your method of payment, credit card number, or other billing or shipping information; and
(iv) [Physical or mental health details, queries, or information].
2.1.2 Other Information
(a) We may also collect some information from other sources. For example:
(i) Social networks or media that you use to connect with us;
(ii) Data analytics providers; and
(iii) We sometimes collect information from third party data or service providers or publicly available sources, and to protect our business and comply with our legal and regulatory obligations.
2.1.3 Information We Automatically Collect
(i) We and our service providers and other third parties may use cookies, beacons, pixel tags, log files, or other technologies to automatically collect certain information when you use the Websites or other services or interact with our emails or advertisements on our Websites, or other websites or services.
(ii) A cookie is a small data file that is sent to your browser from a web server and stored on your computer's hard drive. The information that we and our providers collect through cookies and other technologies, along with information that we share with them, enables us or our providers to recognize you or your device and to serve ads to you or your device. For example, these technologies may allow us to automatically collect information such as your IP address, geolocation data, unique user ID, Device ID, Mobile Ad Identifiers, browser type and version, character set, screen size and color, language, cell phone model, operating system and version, carrier, and internet service provider. This information: (I) allows us to accurately and properly pay for ads placed on our behalf (e.g., an ad that led you to purchase or download one of our products) and get paid when you see an ad on our Websites; (2) helps prevent you from repeatedly seeing the same ads; (3) helps select and display targeted ads or other content on your computer or device (such as on a site or social networking service you are visiting or a mobile application you are using) that may be of interest to you; and (4) helps us measure and analyze interactions with our ads and Websites.
(iii) We also may collect information about your use of the Websites, such as the time you spend using the Websites, the number of times you return, whether you click-through, open, or forward links, e-mails, and ads, and other usage data.
(iv) These technologies, such as cookies, also allow us to keep track of any purchase or order you have made when you make a purchase through the Websites, to make Websites better and function more efficiently, to maintain your preferences and settings, to provide enhanced features, to combat fraud, to recognize registered users when they visit, and to provide registered users with information and advertising that is more relevant to them.
(v) You may adjust your browser settings to limit certain tracking or to decline cookies, but by doing so, you may not be able to use certain features on the Websites or take full advantage of our offerings.
3. The Uses That We Make of Your Personal Data
3.1. We may use your personal data for the following purposes:
3.1.1. to provide you with products and services requested by you;
3.1.2. to operate, manage, develop and promote our business and related transactions – this includes, for example, processing, concluding, and executing business transaction and for billing/payment purposes;
3.1.3. processing incidental to the management of HEAL Group’s business, including keeping proper records of communications and transactions and accounting purposes;
3.1.4. addressing problems with the Websites or our products or services, protecting the security of the Websites and our business, and protecting against fraud;
3.1.5. to help us learn more about Website visitors and customers, and to improve their experience and our business;
3.1.6. to provide you with customized content, offers, and with your consent, advertising including promotions based on your profile or account on the Websites; and
3.1.7. to comply with our legal and regulatory obligations and bring and defend legal claims.
3.2. We may from time to time review information about you held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above. This may include reviews for the purposes of disclosure of information relevant to litigation; reviews of records relevant to internal or external regulatory or criminal investigations and/or review relating to compliance with internal policies and standards. These reviews will be conducted in a reasonable and proportionate way or otherwise in compliance with applicable law and approved at an appropriate level of management. They may ultimately involve disclosure of your information to a court, governmental agencies, regulatory bodies and litigation counterparties as described below.
3.3. We may also be required by law to disclose or otherwise process your personal data. We will tell you, when we ask you to provide information about yourself, if provision of the requested information is necessary for compliance with a legal obligation or, on the other hand, if it is purely voluntary and there will be no implications if you decline to provide the information.
3.4. If personal data is required to enter into a contract or otherwise provide products or services to you we may be unable to enter into the contract or provide such products and services if you fail to provide the requested personal data. We will inform you if this is the case.
4. Our Legal Basis For Using Your Personal Data
4.1. We rely on the following lawful bases under applicable data protection law for our use and processing of your personal data for the purposes outlined above:
4.1.1. Consent. You have given your consent to the processing;
4.1.2. Performance of a Contract. It is necessary for the performance of and compliance with our contract with you – or the processing of a transaction with you – or it is necessary in order to take steps prior to entering into that contract or transaction;
4.1.3. Legal or Regulatory Obligation: We need to process your personal data in order to comply with an applicable legal or regulatory obligation; or
4.1.4. Legitimate Interests: It is necessary for our legitimate interests (or those of a third party). Please see the section “When Do We Have Legitimate Interests?” below for more information.
4.2 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by applicable law.
5. When Do We Have Legitimate Interests?
5.1. We use or process your personal data where this is necessary for our legitimate interests (or those of a third party). This includes where use or processing of your personal data is necessary to:
5.1.1. Administer our operations and business in an efficient and effective way, including undertaking management planning and improving and developing our Websites, products and services;
5.1.2. Manage and administer our services and business arrangements;
5.1.3. Understand and respond to queries, complaints and feedback;
5.1.4. Send direct marketing or promotions, subject to your consent;
5.1.5. Transfer personal data in relation to an actual or proposed sale, transfer or re-organisation of all or part of our business and the acquisition of the business;
5.1.6. Ensure network and information security; and/or
5.1.7. Enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice.
6. Special Category Personal Data
6.1. Certain types of personal data are more sensitive than others. This special category personal data about you includes information about your health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion.
6.2. We may process health information as set out in Sections 2 and 3 above. We rely on the following lawful bases under data protection law for our use of your special category personal data, including health information:
6.2.1. Physical or Mental Health Details
(a) Explicit consent.
7. Disclosure and International Transfer of Your Personal Data
7.1. Your personal data will be processed by our personnel, including employees and contractors, who have a need to know that information in order to perform their assigned duties and responsibilities.
7.2. There are also certain circumstances where we will transfer your personal data to third parties. These include:
7.2.1. HEAL Group Companies. We may share your personal data with other group companies if your enquiry or requirements would be best provided by a different group company. We also share your personal data within our group for management forecasting and financial planning purposes – although this would generally be aggregated data where no individual is identifiable.
7.2.2. Service Providers. Third parties may process your personal data based upon on our instructions. These include information service providers, cloud hosting providers, professional advisors, marketing agencies, database providers, backup and disaster recovery specialists, and email providers. Our suppliers and service providers will be required under contract to meet appropriate standards on processing information and security when processing your personal data. The information we provide them, including your information, will only be processed in connection with the performance of their assigned function. They will not be permitted to use your information for any purposes other than those outlined in this Privacy Statement.
7.3. Your personal data may be transferred to other third party organisations in certain scenarios, such as:
7.3.1. If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
7.3.2. If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
7.3.3. If we're required to by applicable law, or under any regulatory code or practice we follow, or if we are asked by any court, public or regulatory authority, other governmental agencies, or litigation counterparties, in any country or territory (e.g. in order to assist fraud protection and minimise credit risk); or
7.3.4. If we are defending a legal claim your information may be transferred as required in connection with defending such claim.
7.4. Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
7.5. These disclosures may involve transferring your personal data internationally.
7.6. When providing your personal data, you acknowledge that you are providing this to the HEAL Group entity that has directly engaged in you, and that your personal data will be held and processed in the jurisdiction in which that entity is located.
7.7. You should be aware that processing by such HEAL Group entity may also include transfers to other countries outside the country in which you are located (including outside Canada, the U.S., or the EEA and UK), which do not have similarly strict data privacy laws. In those cases, where we transfer personal data internationally we will ensure that the transfer complies with applicable data protection law including (where applicable) entering into data transfer agreements, designed to ensure that your personal information is protected, on terms approved for this purpose by the relevant data protection authority (including, for example, the European Commission or relevant UK Government department Standard Contractual Clauses). Please contact us (at the contact details below) if you would like to know whether any such agreements are in place or, if so, to see a copy.
8. Retention and Deletion of Your Personal Data
8.1. We will delete the personal data that we hold about you when we no longer need it. How long we keep personal data depends on the type of personal data and the purpose(s) for which we collected it, and the applicable legal requirements. We keep personal information for no longer than is reasonably necessary or required by applicable law.
9. Legal Requirements
9.1. Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in relation to court disclosures or the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
10. Direct Marketing
10.1. At all times, you have the option of "opting out" of receiving direct marketing or e-mail marketing messages or updates from us by clicking on the “Unsubscribe” function in the email or marketing update, or by sending us an e-mail with "unsubscribe" in the subject line at [insert email address]. Even if you opt-out, you may continue to receive non-marketing e-mail messages from us, including, for example, order confirmations.
10.2. If you previously registered for a text messaging campaign and now want to opt-out, text "STOP" to the short code/number for the program that you have signed up for.
10.3. Please note that if you choose not to receive direct marketing or e-mail marketing messages from us, we will still communicate with you in relation to any current or ongoing transaction, contract and other product or service related communications.
11. Your Rights
11.1. You may have a right of access to the personal data that we hold about you, and to some related information, under applicable data protection law. You may also be able to request that any inaccurate personal information to be corrected or deleted. You can object to our use of your personal data for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal data (and require it to be deleted) as well as the right to data portability in some other circumstances.
11.2. You may also have a right to lodge a complaint with a supervisory or regulatory authority. You may lodge a complaint with the supervisory authority in the country or territory where you are habitually resident, or where an alleged infringement of applicable data protection legislation has taken place.
12. Security
12.1. We have implemented a variety of physical, administrative, and technical security measures designed to help protect the confidentiality of your personal data under our care or control, and to appropriately limit access to that information. We also enable encryption technology to help protect certain personal data, including your credit card number.
12.2. We are committed to protecting your information, but no website, app, or system is completely safe from cyber-attacks. We need your help! If you have an account on any of our Websites, keep your personal data safe by creating a unique, strong password and protect against unauthorized access to that password and your device. Be sure to sign off when finished using a shared device and do not share your password with anyone.
13. Children’s Privacy
13.1. We do not sell products or services for purchase by children. We do not direct the Websites to, nor do we knowingly collect any personal information from, children under the age of 14.
13.2. You must be 14 years of age or older to submit personal data to us, including to register or place an order on the Websites or participate in any of our online promotions.
13.3. Please see our Website Terms of Use for additional information regarding the use of the Websites.
14. Contact Us
14.1. We welcome questions, comments and requests regarding this Privacy Statement and our processing of personal data. Please send them to [insert contact details].
14.2. If you are located in the EEA, you can contact our GDPR EU Representative here: [insert contact details]
14.3. If you are located in the UK, you can contact our UK GDPR Representative here: [insert contact details].
15. Changes to this Privacy Statement
15.1. Any changes we make to this Privacy Statement in the future will be posted to our Websites. Please check back frequently to see any changes. You can tell when this Privacy Statement was last updated by looking at the date at the end of the Privacy Statement.
15.2. If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly changes how or why we use personal data, we will notify you by way of a prominent notice on our Websites or, if we have your email address, by email.
15.3. Any changes to this Privacy Statement will become effective upon posting.
Issued Date: [Insert], 2025