Privacy Policy

INTRODUCTION‍

‍YOUR ACCEPTANCE OF THIS POLICY

‍Prepare Medical Inc. and our affiliates (“Prepare”, “we”, “us”, and “our”) respect your privacy and are committed to protecting it.

This policy applies to information we collect, use, or disclose about you on [www.preparemedical.com] and its related web pages (the “Website”), through your correspondence with us, and when you interact with us or our advertising and applications on third-party websites and services.

‍Please read this policy carefully to understand Prepare’s policies and practices for collecting, processing, and storing your personal information. If you do not agree with our policies and practices, please do not use the Website.‍

‍By accessing or using the Website, you indicate that you understand, accept, and consent to the practices described in this policy. This policy may change from time to time. Your continued use of this Website after we make changes indicates that you accept and consent to those changes, so please check the policy periodically for updates. Moreover, if you provide Prepare or our service providers and agents with personal information of another individual, you represent that you have all necessary authority or have obtained all necessary consents from such person to enable us to collect, use, and disclose such personal information for the purposes set forth in this policy. If you do not have the necessary authority or consents, please do not provide the personal information of that other individual. We will notify you in advance of any material changes to this policy and obtain your consent to any new ways that we collect, use, and disclose your personal information to the extent required by law.

‍WHAT IS PERSONAL INFORMATION AND WHAT IS COVERED BY THIS POLICY
‍
Canadian privacy laws generally define "personal information" as any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate an individual.

This Privacy Policy applies to both personal information and, where applicable, personal health information (“PHI”). Personal health information is a subset of personal information. It includes identifying information about an individual’s health status, health services provided, prescriptions, or payment information related to healthcare. When Prepare acts as a service provider or agent in relation to PHI (for example, where we receive information from the Pillexa Platform regarding prescription orders), we will handle such information in accordance with the applicable provincial health privacy legislation.

Because Prepare may facilitate certain health-related products and services, certain provisions of provincial health privacy laws (such as Ontario’s PHIPA, Alberta’s HIA, British Columbia’s PIPA, and Quebec’s Law 25) may apply in addition to the Personal Information Protection and Electronic Documents Act (“PIPEDA”). Where such provincial laws apply, we will comply with the higher standard of protection required.

This policy describes how we collect, use, disclose, and protect your personal information when you visit or use the Website or purchase any of our products or services, the types of information we may collect from you or that you may provide when you visit the Website, and Prepare’s practices for collecting, using, maintaining, protecting, and disclosing that information.

We will only use your personal information in accordance with this policy or as otherwise permitted or required by applicable law. We take steps to ensure that the personal information we collect about you is adequate, relevant, not excessive, and used for limited purposes.

‍THIRD-PARTY WEBSITES:
‍
The Website may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third-party website or engage a third-party plugin, please note that we do not control these third-party websites, these third parties have their own privacy policies and we are not responsible or liable for these policies, and we encourage you to read the privacy policy of every website you visit.

‍INFORMATION WE COLLECT ABOUT YOU

‍We collect and use several types of information from and about you, including:

: Personal information, such as your name, mailing address, e-mail address, telephone number, Internet protocol (IP) address used to connect your computer to the Internet, username or other similar identifier, billing and account information, and any other identifier we may use to contact you;

: Non-personal information, that does not directly or indirectly reveal your identity or directly relate to an identifiable individual, such as non-personal demographic information or statistical or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the percentage of users accessing a specific feature of the Website in a way that cannot be used to identify an individual;

: Technical information, including your login information, if any, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access the Website, and usage details; and

: Non-personal details about your interactions with the Website,including the full Uniform Resource Locators (URLs), clickstream to, through, and from the Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from the Website.

In addition to the information already listed, we may, in limited circumstances, receive PHI related to your use of the Pillexa Platform or other third-party services we use to process and fulfill your health-related orders and the provision of any third party medical services. This may include prescription identifiers, product information, or payment details associated with health products. We do not directly collect your medical history, diagnostic records, or clinical notes.
‍
‍HOW WE COLLECT INFORMATION ABOUT YOU

‍We use different methods to collect your information, including through:

: Direct interactions with you where you provide information to us, for example, by filling in forms on the Website or corresponding with us;
‍
: Automated technologies or interactions, as you navigate through the Website. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies;
‍
: Third parties or publicly available sources, for example, Prepare’s business partners, or when you connect a digital wallet or social media account to the Website

‍INFORMATION YOU PROVIDE TO US

The information we collect directly from you on or through the Website may include:

: Information that you provide by, for example, filling in forms on the Website. This may include information provided at the time of registering to use the Website, subscribing to or purchasing Prepare’s goods or services, posting material, responding to surveys requesting further goods or services, or otherwise contacting us. We may also ask you

: for information when you enter a contest or promotion sponsored by us, or when you report a problem with the Website;
: Details of transactions you carry out through the Website, if applicable, and of the fulfillment of your orders. You may be required to provide financial information before placing an order through the Website; and
: Your search queries on the Website.
‍
You may also provide information to be posted on public areas of the Website or transmitted to other users of the Website or third parties (collectively, "User-Generated Content"). Your User-Generated Content is posted on the Website and transmitted to others at your own risk. We cannot control the actions of other users of the Website with whom you may choose to share your User-Generated Content. Therefore, we cannot and do not guarantee that unauthorized persons will not view your User-Generated Content.
‍
We do not collect PHI from you when you order Health Products (as defined in our terms of use). Order fulfilment for Health Products is facilitated by the Pillexa online pharmaceutical fulfilment platform (the “Pillexa Platform”) and is subject to their terms of use and privacy policy – please visit [www.pillexa.com] for more information. You acknowledge and agree that by making any order for any Health Product, you agree to the Pillexa Platform’s Privacy Policy. However, we may receive certain personal information about you through the Pillexa Platform, including the status of your order, payment, and other information related to the order fulfillment process. In facilitating your Health Product order, the Pillexa Platform may from time to time, provide us with access to certain PHI, and our access and use of any such PHI will be in strict compliance with the terms of this policy.

‍INFORMATION WE COLLECT THROUGH COOKIES AND OTHER AUTOMATIC DATA COLLECTION TECHNOLOGIES

As you navigate through and interact with the Website, we may use cookies or other automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including: details of your visits to the Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website; andInformation about your computer and internet connection, including your IP address, operating system, and browser type.

We may also use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). To learn more or to opt-out of tailored advertising please visit Digital Advertising Alliance of Canada Opt-Out Tool.

The information we collect automatically is statistical information and may include personal information, and we may maintain it or associate it with personal information we collect in other ways. It helps us to improve the Website and to deliver a better and more personalized service, including by enabling us to estimate our audience size and usage patterns, store information about your preferences, speed up your searches, and recognize you when you return to the Website.

The technologies we use for this automatic data collection may include:
‍
: Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you direct your browser to the Website;
: Flash Cookies. Certain features of the Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on the Website. Flash cookies are not managed by the same browser settings that are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see the section on Choices About How We Use and Disclose Your Information;
: Web Beacons. Pages of the Website or emails we send to you may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to, for example, count users who have visited those pages or opened that email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity); and
: Third-party Analytics. We may use third-party analytics companies, for example Google Analytics, to evaluate use of the Website. We use these tools to help us understand use of, and to improve, the Website, performance, ad campaigns, and user experiences. These third parties may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services.
‍
‍CONSENT FOR GENERAL PERSONAL INFORMATION
‍
‍We will not use or disclose any of your personal information to anyone except as described in this policy. We will not sell your personal information to other parties without your consent. Except as explicitly specified below, we will obtain your express or implied consent to collect, use, sell or disclose any personal information. You can provide consent orally, in writing, electronically or through an authorized representative. 

You provide us with implied consent where our purpose for collecting, using or disclosing personal information is necessary for the provision of our services or would be considered obvious or reasonable in the circumstances. Your consent may also be implied where you have received notice and a reasonable opportunity to opt-out of having the personal information used, and you have not provided us with notice of your opting-out, including but not limited to use for mail-outs, marketing, fundraising, or in the event of the sale of our business undertaking.
‍

‍HOW WE USE YOUR INFORMATION

For non-sensitive personal information, we may rely on implied consent where appropriate. However, for sensitive personal information, including PHI, we require express, informed consent. Where required by provincial law (e.g., PHIPA in Ontario, HIA in Alberta, Law 25 in Quebec), consent may need to be documented in writing or clearly recorded. You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting our Privacy Officer.

WITHDRAWAL OF CONSENT
‍
You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting our Privacy Officer through the contact information listed below. Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.

LIMITED USE WITHOUT CONSENT

‍We may collect, use or disclose your personal information without your consent in the following circumstances:

: when permitted or required by law;
: in an emergency that threatens an individual's life, health, or personal security;
: when the personal information is available from a public source;
: when we require legal advice from a lawyer; or
: or the purposes of collecting a debt or protection from fraud (with the exception of PHI);
: or other legally established reasons.

THIRD PARTIES
We may also collect information, including personal information, about you from third parties, which we may combine with other information we have collected.

Some content or applications on the Website, including advertisements, are served by third parties, including advertisers, ad network's and server's, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content.

You can opt-out of several third-party ad server's and network's cookies simultaneously by using an opt-out tool created by the Digital Advertising Alliance of Canada or the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

We do not control these third-party tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For more information about how you can opt out of receiving targeted advertising from many providers, see the section on Choices About How We Use and Disclose Your Information.

In certain circumstances, examples of which are described below, we may disclose your personal information to third parties who may use it for their own purposes and subject to their own privacy policies:

A current list of third-party service providers who may have access to certain types of your Personal Information is as follows:

Aptible – we use Aptible to assist us with cloud infrastructure for the purposes of complying with applicable legislation, including HIPAA/PEPIDA. Aptible’s data practices are governed by the Aptible Privacy Policy, as it may be amended from time to time. 

‍Amazon Web Services – we use AWS to facilitate our services through the provision of cloud infrastructure services. AWS ’s data practices are governed by the AWS Privacy Policy, as it may be amended from time to time.

‍Cloudflare – we use Cloudflare to enhance the internet performance and security of our services. Cloudflare’s data practices are governed by the Cloudflare Privacy Policy, as it may be amended from time to time.

‍Datadog – we use datadog for security based services to maintain the privacy, security and observability of our services. Datadog ’s data practices are governed by the Datadog Privacy Policy, as it may be amended from time to time.

‍GoogleAds / Google Analytics – we use GoogleAds to administer certain online marketing campaigns. Google Analytics to help us understand how our customers use the Services. Google may collect your IP address, data related to the device/browser, or other information about your use of our website and may do so using cookies.  Google’s data practices are governed by the Google Privacy Policy, as it may be amended from time to time. 

‍Klaviyo – we use Klaviyo to facilitate email marketing campaigns and mail-outs. Klaviyo’s data practices are governed by the Klaviyo Privacy Policy, as it may be amended from time to time.

Meta (Facebook / Instagram) Ads – We use Meta for the purposes of operating social media marketing campaigns, Meta’s data practices are governed by the Meta Privacy Policy, as it may be amended from time to time.

Microsoft Azure – we use Azure for the purposes of cloud infrastructure services.  Azure’s data practices are governed by the Microsoft Privacy Policy, as it may be amended from time to time.

‍PostHog – we use PostHog as a development tool to gain insight into user behaviour and metrics. Posthog’s data practices are governed by the PostHog Privacy Policy, as it may be amended from time to time.

SendGrid/Twilio – we use this platform to assist with customer communication and lifecycle management.  SendGrid/Twilio’s data practices are governed by their Privacy Policy, as it may be amended from time to time.

Stripe – we use Stripe as a payment processor to facilitate payment for your products. Stripe’s data practices are governed by the Stripe Privacy Policy, as it may be amended from time to time.

Vouched – we use Vouched for digital identification services. Vouched’’s data practices are governed by the Vouched Privacy Policy, as it may be amended from time to time.

Webflow – we use Webflow to assist with our website development and maintenance. Webflow’s data practices are governed by the Webflow Privacy Policy, as it may be amended from time to time.

HOW WE USE YOUR INFORMATION

We use information, including personal information, that we collect about you or that you provide to us:

: To present the Website and its contents to you, provide you with information, products, or services that you request from us, allow you to participate in interactive features, social media, or similar features on the Website, or notify you about changes to the Website or any products or services we offer or provide though it;

: To fulfill the purposes for which you provided the information or that were described when it was collected, or any other purpose for which you provide it;

: To carry out our obligations and enforce our rights arising from any contracts with you or to comply with legal requirements, protect the safety, rights, property, or security of Prepare or the general public, detect, prevent, or otherwise address fraud, security, or technical issues, and to prevent or stop activity that we consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity;

: To improve the Website, products or services, marketing, or customer relationships and experiences, measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you, or monitor, analyze and understand usage and activity trends and for other research, analytical, and statistical purposes and;

: For any other purpose with your consent or as permitted by law.

DISCLOSURE OF YOUR INFORMATION
‍
‍We may disclose aggregated information about our users and information that does not identify any individual without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:
‍
: To fulfill the purpose for which you provide it, for any other purpose disclosed by us when you provide the information or permitted by law, or with your consent;

: To our subsidiaries and affiliates, as applicable;

: In accordance with applicable law, to another entity in connection with an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer in which personal information held by Prepare is among the assets transferred, including during negotiations related to such transactions;

: To advertisers and advertising networks that require the information to select and serve relevant advertisements to you and others. We may use aggregate information about our users to help advertisers target a specific audience. We may make use of the personal information we have collected from you to enable us to display our advertisers advertisement to that target audience;

: To contractors, service providers, and other third parties we use to support our business (such as the Pillexa Platform, and analytics and search engine providers that assist us with Website improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy; or

: To comply with any court order, law, or legal process, including to respond to any government or regulatory request, in accordance with applicable law, enforce or apply our term of use [www.preparemedical.com/terms-of-use] and other agreements, or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Prepare, our customers, or others. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction
‍
‍TRANSFERRING YOUR PERSONAL INFORMATION

We may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business (such as the Pillexa Platform, and analytics and search engine providers that assist us with website improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy

By providing us with personal information, you acknowledge and agree that such personal information may be transferred to other jurisdictions for processing and storage, including in servers located across Canada. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of the jurisdiction of destination may be able to obtain access to your personal information through the laws of that jurisdiction. Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.

Where PHI or personal information is transferred across borders (e.g., to servers located in the United States), it may be subject to the laws of that jurisdiction, including lawful access by government authorities (e.g., the U.S. Patriot Act or CLOUD Act). We will take contractual and technical measures to ensure that any third-party service providers handling PHI on our behalf provide privacy and security safeguards equivalent to those required by Canadian federal and provincial health privacy laws.

‍CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

: Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of the Website may not be accessible or may not function properly. For more information about tracking technologies, see the section on Information We Collect Through Cookies and Other Automatic Data Collection Technologies

: Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by contacting our Privacy Officer.

: Promotional Offers from Prepare. If you have opted in to receive certain emails from us but no longer wish to have your email address or contact information used by Prepare to promote our own or third parties' products or services, you can opt-out by contacting our Privacy Officer. If we have sent you a promotional email, you may unsubscribe by clicking the unsubscribe link we have included in the email. This opt-out does not apply to information provided to Prepare as part of a product purchase, warranty registration, product service experience, or other transaction.

: Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertiser's target-audience preferences, you can opt out by contacting our Privacy Officer. For this opt-out mechanism to function, you must have your browser set to accept browser cookies. We do not control third parties' collection or use of your information to serve interest-based advertising. These third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of several third-party ad servers and networks' cookies simultaneously by using an opt-out tool created by the Digital Advertising Alliance of Canada or the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.
‍
‍DATA SECURITY
‍
The security of your personal information is very important to us. We use reasonable physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Any payment transactions performed by Prepare will be encrypted using SSL technology.

In addition to the safeguards already described, when handling PHI we apply enhanced protections, including: role-based access controls, user authentication, and audit logging of access to PHI. We also maintain written policies for responding to privacy breaches involving PHI, including mandatory reporting to regulators and affected individuals as required by PIPEDA and applicable provincial laws (e.g., PHIPA, HIA, Law 25).

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website, which any Website visitor can view.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

In the unlikely event that our system is breached, and any personal information has been compromised, we will notify such local authorities and regulators as may be required within seventy-two (72) hours of the breach and will also use our best efforts to notify you, using the most current contact information that we have on file. We are not responsible for any failure to notify you based on incorrect or outdated contact information.
‍
‍DATA RETENTION

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any purpose without further notice to you or your consent and may sell or otherwise transfer such data to third parties.

For general personal information, we retain data only as long as necessary for the purposes identified, unless longer retention is required by law. For PHI, provincial laws may impose specific retention periods (e.g., in Ontario, at least 10 years after the last entry for adults, or 10 years after a minor turns 18). Where Prepare is required to retain PHI, we will follow these statutory minimums. When records are no longer required, they will be securely destroyed or anonymized in accordance with recognized industry practices.

‍CHILDREN UNDER THE AGE OF 18

No one under the age 18 may provide any personal information through or on the Website without parental or guardian consent. We do not knowingly collect personal information from children under 18 without such consent. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact our Privacy Officer.

‍ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

‍It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law, you have the right to request access to and to correct or delete the personal information that we hold about you.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Under PIPEDA, you have the right to access and request correction of your personal information, including PHI, that we hold. We will respond to such requests within 30 days, unless an extension is permitted by law, and will provide reasons if we refuse access (for example, if disclosure would reveal another person’s information or is subject to legal privilege). Under provincial health laws, you may have additional rights of access or correction, and we will respect those rights where applicable.

We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation.

If you are concerned about our response or would like to correct the information provided, you may contact our Privacy Officer.

CHANGES TO OUR PRIVACY POLICY

It is our policy to post any changes we make to our privacy policy on this page. We include the date the privacy policy was last revised at the top of the page. You are responsible for periodically visiting the Website and this privacy policy to check for any changes.

‍CONTACT INFORMATION AND CHALLENGING COMPLIANCE

‍We have designated a Chief Privacy Officer who is accountable for compliance with this policy and all applicable privacy laws. You may contact our Chief Privacy Officer at:

Attn: Chief Privacy Officer

Prepare Medical Inc.
Email: support@preparemedical.com
Mailing Address: 300-15300 Croydon Drive, Surrey BC V3Z0Z5

We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. Our Privacy Officer is responsible for coordinating the investigation of any complaints and resolving privacy-related issues, and will manage any complaints received in a timely manner and provide you with a response to your complaint.

To discuss our compliance with this policy please contact our Privacy Officer using the contact information listed above. You have the right to make a complaint at any time to the relevant privacy regulator. We would, however, appreciate the opportunity to address your concerns before you do so. You can contact the Information & Privacy Commissioner for BC or the relevant provincial privacy commissioner for your province of residence