TELUS Health Pharmaconnect Privacy

Commitment

Effective as of July 8, 2022

Our privacy commitment to you:

At TELUS Health[1] we respect our customers’ privacy and take great care to safeguard personal information, which includes personal health information. As part of our ongoing commitment to putting customers first, we have a long- standing policy of protecting privacy. We believe that an important part of protecting privacy is to be clear about how we handle customers' personal information, and to make information about our approach easily accessible.

While the TELUS Privacy Code sets out the general principles that govern the collection, use and disclosure of our customers’ personal information[2], we have also developed this TELUS Health Privacy Commitment to provide you with more specific details about our privacy practices supporting our health related products and services[3].

We have learned from our customers that sometimes you just want the big picture, while other times you may want more details or examples of how a policy or process works. For this reason, we have structured this Privacy Commitment in layers.

Importantly, both our Privacy Code and Privacy Commitment reflect the requirements of Canada’s applicable privacy legislation, including the Personal Information Protection and Electronic Documents Act, and applicable provincial health legislation[4] along with our own continuing commitment to customer privacy. The bottom line is that we want you to understand the purposes for which we collect, use and disclose personal information and about our customers. The following is a summary of our privacy practices.

Why we collect personal information

If you are a TELUS Health customer, TELUS Health collects certain personal information from or about you. We collect personal information only for the following purposes:

To establish and maintain a responsible commercial relationship with you and to provide ongoing service.

Here are some examples of what we mean by this:

Health account number(s), any other authorized users, unique account security PIN(s) and email address;

To understand your needs and preferences. Here are some examples of what we mean by this:

To develop, enhance, market or provide products and services. Here are some examples of what we mean by this:

To help us provide tailored content and services, such as personalized product recommendations and special offers from TELUS Health and others that we think will interest you;

To recommend a new feature of the applications you use;

To better understand your preferences, and to help us develop or enhance our products and services;

To recommend a new service or TELUS app that we think you’ll enjoy based on your existing services with us or the apps you use.

We note that our customers who do not wish to receive these types of recommendations or offers may choose to be removed from our marketing lists at any time.

To manage and develop our business and operations. Here are some examples of what we mean by this:

To meet legal and regulatory requirements. Here are some examples of what we mean by this:

When we share personal information

We take great care with what information we share, and why. There are circumstances where we share some personal information about our customers:

To facilitate and improve the provision of products and services to you. Here are examples of what we mean by this. We may share personal information with:

To enable our service providers and partners to help us serve you better.

We may share personal information with our suppliers, agents or other organizations or individuals contracted to TELUS Health to perform services or functions on our behalf where they require the information to assist us in serving you. We strive to minimize the amount of personal information that we share with our service providers and partners; we share the information reasonably necessary to achieve the stated purpose, and require that it only be used to achieve that stated purpose.

Examples of what we mean by service providers or partners include organizations that:

For credit-related purposes.

We may share personal information with credit bureaus:

We may share your personal information with collection agencies to collect an account if your account has been referred for collection.

For emergency purposes.

We may share personal information with a public authority, agent of a public authority or other party if, in the reasonable judgment of TELUS Health, it appears that there is imminent danger to the life, health or security of an individual which could be avoided or minimized by disclosure of the personal information.

Where required by law or applicable regulation.

We share personal information with law enforcement, other government agencies or other parties if we are required to do so to meet legal and regulatory requirements; for example, if TELUS Health is required to provide records to law enforcement in response to a valid court order.

Personal information collected by TELUS Health may be stored and processed in Canada or another country. In either case, the personal information is protected with appropriate security safeguards, but may be available to foreign government agencies under applicable law. When we do transfer data outside the country, we strive to minimize the amount of personal information that we transfer, using de-identification or other means where appropriate.

Some of the ways we respect your privacy

For example, we may de-identify certain usage or health trend data for long term planning where individual customers' personal information is not required. We may also de-identify information prior to conducting analytics that don’t require personal information;

Commitment. For more information, please refer to our Cookies Notice;

Examples include emergency circumstances;

Choices we offer you

We rely on your consent to continue to collect, use and disclose your personal information for the purposes we have identified to you. However, we want you to know that you do have choices and can refuse or withdraw your consent as follows:

Unless you tell us otherwise, we will assume that we have your consent to continue to collect, use and disclose your personal information for the purposes we have identified to you.

Questions?

We want you to be comfortable with how we protect the privacy of the personal information you entrusted to us. If you have questions that are not addressed in this Commitment or our Privacy Code, please refer to our Frequently Asked Questions; you can also call us or email privacyhealth@telus.com.


[1] In this Privacy Commitment, the words “we”, “us”, “our”, or “TELUS Health” refer to TELUS Health and Payment Solutions and its subsidiary companies, The word

“TELUS” alone refers to TELUS Communications Inc. and its subsidiary companies, as they may exist from time to time, including those subsidiaries or divisions that carry on business under the names TELUS, TELUS Communications, TELUS Mobility, TELUS Quebec, Koodo, Public Mobile and PC Mobile, and TELUS Health but does not include independent dealers and distributors of TELUS products and services.

[2] The TELUS Privacy Code and this Commitment do not limit the collection, use or disclosure by TELUS Health of information that is publicly available. This includes: (a) a customer’s name, address, telephone number, and email address, when listed in a directory or available through directory assistance; and (b) other information about the customer that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act or other applicable legislation. This Commitment and TELUS Privacy Code do not apply to information regarding TELUS Health corporate customers, which are covered under the TELUS Health and Payment Solutions Privacy Policy. The TELUS Privacy Code and the privacy practices described in this Commitment are subject to the provisions of all applicable legislation and regulations.

[3] The definitions set out in the TELUS Privacy Code apply to this Commitment.

[4] Examples of applicable provincial health legislation include Ontario’s Personal Health Information Protection Act, , Alberta’s Health Information Protection Act, and British Columbia’s Personal Health Information Access and Protection of Privacy Act.

[5] De-identifying information involves adding information or removing identifiers, such that the information can no longer reasonably be associated to a specific individual.