TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS

These Terms and Conditions of Use shall apply to the access of the INFORMATION ASSETS of VIGILANCE SANTÉ INC. ("VIGILANCE"). Any user who accesses the INFORMATION ASSETS, whether through the software as a service, the installed software, or the mobile application (the "USER"), accepts without limitation or reservation the present terms and conditions.

Without limiting the generality of the foregoing, any USER who is a health care professional must read and accept the important provisions relating to professional liability set forth in paragraph 8.

1. 1. DEFINITIONS AND INTERPRETATION

   For the purposes of these Terms of Use, the following words and phrases shall have the following meanings:

   1. 1.1. "INFORMATION ASSETS" means all banks of information, information systems, and information technologies, including the APPLICATION, SOFTWARE, and PLATFORM (as defined below) and all the information of which they are composed, hosted by VIGILANCE, including PERSONAL INFORMATION, downloaded by a client of VIGILANCE or sent by VIGILANCE to a client;
   2. 1.2. "APPLICATION" means all the features of one or more programs currently developed by VIGILANCE, or that may be developed in the future, accessible through the PLATFORM;
   3. 1.3. "ACCESS KEY" means a "token" in the form of an electronic key that allows the USER to access the INFORMATION ASSETS;
   4. 1.4. "DOCUMENTATION" means any documentation intended for the USER and any instruction manual, online support, or policy made available from time to time by VIGILANCE in connection with the INFORMATION ASSETS;
   5. 1.5. "SOFTWARE" means all products currently developed by VIGILANCE or that will be developed in the future, including their programming source code, the programming object code, and the applications, databases, photo banks, documentation, and updates, upgrades, or modified versions thereof, operated by VIGILANCE under the trademarks "RXVIGILANCE," "VIGILANCEdata," "RXPHOTOS," and "RXCONSULTACTION," and whose main function is to provide pharmacological information relevant for drugs used in Canada;
   6. 1.6. "PLATFORM" means any hardware, operating system, database, or environment provided by VIGILANCE on which the APPLICATION will be operated;
   7. 1.7. "PERSONAL INFORMATION" means any information about an identifiable individual within the meaning of any federal or provincial law governing the protection of PERSONAL INFORMATION that applies to the USER or VIGILANCE;
   8. 1.8. "USER" means any natural or legal person who uses and accesses the INFORMATION ASSETS.

2. 2. USE

   1. 2.1. Any USER having a right of use of the INFORMATION ASSETS or having an ACCESS KEY under a contract between the USER and VIGILANCE or any other licensee authorized by VIGILANCE will have the limited, non-transferable, and non-exclusive right to access and use the INFORMATION ASSETS solely under the conditions and for the purposes described herein and within the limits provided for in said contract.
   2. 2.2. The USER is authorized to use the INFORMATION ASSETS only in the context of their professional practice if they are a health care professional.
   3. 2.3.

      Any use not specifically mentioned in the present terms and conditions or not expressly authorized in writing by VIGILANCE is prohibited. Without limiting the generality of the foregoing, it is prohibited for the USER to

      1. 2.3.1. use or allow third parties to use the INFORMATION ASSETS for purposes other than those for which they are intended and designed or in a manner that is abusive or contrary to the DOCUMENTATION;
      2. 2.3.2. proceed with any representation, dissemination, publication, or resale of the INFORMATION ASSETS, with or without monetary consideration;
      3. 2.3.3. use the INFORMATION ASSETS in any way whatsoever for the purpose of designing, producing, distributing, or marketing a similar, equivalent, or alternative installed software, software as a service, platform, or application, except with the prior written consent of VIGILANCE for this purpose;
      4. 2.3.4. make any direct or indirect provision of INFORMATION ASSETS for the benefit of a third party, including via rental, sale, or loan, even free of charge, or entrust them to any service provider whatsoever in the context of outsourcing;
      5. 2.3.5. modify, adapt, translate, reverse engineer, decompile, disassemble, or otherwise attempt to reproduce the components of the INFORMATION ASSETS or authorize or otherwise help others to do so;
      6. 2.3.6. perform automated tests on or the massive download of the INFORMATION ASSETS in any way whatsoever;
      7. 2.3.7. plan or execute an attack of any kind on the INFORMATION ASSETS;
      8. 2.3.8. monitor the INFORMATION ASSETS; or
      9. 2.3.9. attempt to gain unauthorized access to the INFORMATION ASSETS using an ACCESS KEY that was not delivered to the USER or by any other underhanded means.
      10. 2.3.10. use or allow third parties or third-party software to use any content, data, output or other information received or derived from the INFORMATION ASSETS to, directly or indirectly, create, train, test or otherwise develop any machine learning algorithms, including any language model, classification, regression, activation function and synaptic weight model, estimation of statistical distribution or data filtering.

3. 3. USER OBLIGATIONS

   1. 3.1. The USER shall have sufficient computer equipment, bandwidth, and access to the network to access the INFORMATION ASSETS.
   2. 3.2. The USER must protect their ACCESS KEY against unauthorized access and may not share their ACCESS KEY with anyone else, nor use an ACCESS KEY that is not their own.

4. 4. SUSPENSION OF ACCESS RIGHTS

   1. 4.1. VIGILANCE may at any time suspend the USER’s right of use and access to the INFORMATION ASSETS by means of a written notice to that effect if the USER infringes a provision herein or if VIGILANCE is in the obligation to do so under applicable laws. Where applicable, the USER shall cease all use and access to the INFORMATION ASSETS and, if required by VIGILANCE, destroy all copies of the SOFTWARE and its components, if any, upon receipt of the written notice provided pursuant to the present paragraph.

5. 5. PLATFORM SECURITY AND TECHNOLOGICAL PROTECTION MEASURES

   1. 5.1. Through the security rules in place, VIGILANCE protects all the INFORMATION ASSETS, the results, the treatments, and the transmissions performed on the PLATFORM, as well as any information, including PERSONAL INFORMATION and other data, which may be transferred by the USER to VIGILANCE when using INFORMATION ASSETS.
   2. 5.2.

      Without limiting the generality of the foregoing, the USER acknowledges the characteristics and limitations related to the use of the Internet and, among other things, that:

      1. 5.2.1.data transmissions on the internet only benefit from relative technical reliability;
      2. 5.2.2.some specific networks may be subject to special agreements and access restrictions that do not allow access to the INFORMATION ASSETS, in whole or in part;
      3. 5.2.3.data circulating on the internet is not protected against possible diversions. Although the PLATFORM has an SSL certificate, any communication of sensitive information is performed by the USER at their own risk; and
      4. 5.2.4.the provision of the INFORMATION ASSETS to the USER may be subject to unauthorized third-party intrusions and therefore be corrupt despite the provision by VIGILANCE of protected access to the USER.
   3. 5.3.The USER acknowledges and expressly agrees that, in accordance with applicable laws, the PLATFORM includes technical features (cookies or other technologies) which, during an internet connection, may allow the USER via a web service, either automatically or on the initiative of VIGILANCE, to send to VIGILANCE information on the identification of the USER (e.g., the USER’s IP address, which constitutes PERSONAL INFORMATION); the information obtained by VIGILANCE through these technical devices may be used by VIGILANCE in the fight against counterfeiting, to identify and prevent any possible illicit or non-compliant use of the PLATFORM.
   4. 5.4.The USER represents and warrants that all PERSONAL INFORMATION that may be transferred or otherwise made available to VIGILANCE by the USER while using the PLATFORM has been obtained in compliance with the laws relating to PERSONAL INFORMATION and that any required consent has been duly obtained, when necessary.
   5. 5.5.VIGILANCE undertakes not to distribute or make available to a third party any PERSONAL INFORMATION that it has received. Without limiting the generality of the foregoing, VIGILANCE may, on the basis of the information transferred to it by the USER, compile anonymized data for the purposes of quality assurance, statistics, and continuous improvement of the PLATFORM, or when required by law.

6. 6. EXTERNAL LINKS AND INTERACTION WITH OTHER SYSTEMS

   1. 6.1.Links and references to other websites are provided for convenience purposes only. VIGILANCE has not verified and does not endorse, either expressly or implicitly, these other websites, the information or material contained therein, or accessibility to these websites via said links. Furthermore, VIGILANCE does not assume any responsibility for other websites, the information or material contained therein, or the products or services offered thereon. VIGILANCE makes no representations or warranties as to the security of any information, including PERSONAL INFORMATION, that the USER may be asked to provide to a third party.
   2. 6.2.In some circumstances, access to the INFORMATION ASSETS may require interaction with third-party software, platforms, or computer programs. When necessary, the USER may be subject to the terms and conditions of use of third parties that are not under the control of VIGILANCE.

7. 7. DISCLAIMER AND LIMITATION OF LIABILITY

   1. 7.1.

      VIGILANCE (as well as its shareholders, officers, directors, employees, associates, and subcontractors) gives no warranty, express or implied, with respect to

      1. 7.1.1.the operation of the INFORMATION ASSETS without interruption or without errors, defects, viruses, or other harmful elements;
      2. 7.1.2.the suitability of the functions and capacity of the INFORMATION ASSETS with the expectations and needs of the USER;
      3. 7.1.3.the USER’s computer equipment, its operation, or the operation of its hardware and software components; or
      4. 7.1.4.the benefits, financial or otherwise, real or anticipated, positive or not, resulting or likely to result from the use of the PLATFORM.
   2. 7.2. The USER is solely responsible for: (a) selecting the INFORMATION ASSETS to achieve the expected results; (b) obtaining, procuring, configuring, maintaining, paying for, and protecting against any damage or loss of any equipment or service required for the installation and use of the INFORMATION ASSETS; (c) providing a safe and suitable site and environment for the installation and use of the INFORMATION ASSETS; (d) overseeing the use, installation, implementation, and operation of the INFORMATION ASSETS and the results obtained from them; (e) identifying and preventing the introduction and transmission of viruses, "Trojan horse" intrusion software, worms, or other destructive or disruptive components; and (f) maintaining complete and up-to-date backup and archival copies of all data contained on the USER's computer equipment or mobile device prior to installing or using the INFORMATION ASSETS.
   3. 7.3.

      VIGILANCE (as well as its shareholders, officers, directors, employees, affiliates, agents, and contractors) gives no warranty and may not under any circumstances be held liable to the USER for any fault or any direct or indirect damages in any of the following situations:

      1. 7.3.1.changes are made by the USER or by one of their subordinates to the content of the INFORMATION ASSETS;
      2. 7.3.2.changes or additions of hardware or software are made by the USER or by one of their subordinates to any computer equipment, affecting the functioning of the INFORMATION ASSETS;
      3. 7.3.3.a computer virus is negligently or intentionally introduced by the USER or by one of their subordinates to any computer equipment, affecting the functioning of the INFORMATION ASSETS; or
      4. 7.3.4.business opportunities or revenues are lost in relation to the operation or the lack thereof or to the use or lack of use of the INFORMATION ASSETS by the USER or by one of their subordinates.

      In all cases mentioned above, the USER undertakes to indemnify and hold harmless VIGILANCE (as well as its shareholders, officers, directors, employees, affiliates, agents, and contractors) with respect to any claim arising out of any of the situations mentioned in the present section.

   4. 7.4. VIGILANCE (as well as its shareholders, officers, directors, employees, affiliates, agents, and contractors) shall not be liable to the USER for indirect or punitive damages, including, without limitation, for any loss of profit or other economic loss resulting from the use of the PLATFORM or inability to use it, even if VIGILANCE has been warned of the possibility of such damage occurring.

8. 8. IMPORTANT PROVISIONS – PROFESSIONAL LIABILITY

   When the USER is a health care professional, and without limitation, a pharmacist, medical doctor, or nurse:

   1. 8.1. The USER acknowledges that the professional obligation to provide health care services to patients is the sole responsibility of the USER. INFORMATION ASSETS shall not be considered as substitutes for standard practices or for the professional judgment, skills, and expertise of the health care professional who uses them, but rather as a reference aid for the USER.
   2. 8.2. The USER understands and acknowledges that the INFORMATION ASSETS contain summaries based on the scientific literature originally intended for the Canadian market and are not to be used as a substitute for professional judgment. Further information may be available directly from the manufacturer.
   3. 8.3. The USER releases VIGILANCE from any responsibility concerning the content and the pharmacological and professional recommendations of the various reference works used to develop and update the INFORMATION ASSETS.
   4. 8.4. The use of the INFORMATION ASSETS does not exempt the USER from constituting a medical file in accordance with their professional obligations.
   5. 8.5. The USER acknowledges that the professional obligation that consists of providing health care services to patients is the exclusive responsibility of health care professionals. VIGILANCE therefore assumes no liability of any kind whatsoever in connection with the information or data provided through the INFORMATION ASSETS, or with the diagnoses made or treatments provided on the basis of information or data thus consulted.
   6. 8.6. VIGILANCE shall not be held liable for acts likely to engage the professional liability of the person who has performed the act in question or constitute professional misconduct, a lack of information, or negligence.
   7. 8.7. The limitations of liability of VIGILANCE herein also apply to the benefit of its shareholders, officers, executives, employees, associates, subcontractors, and distributors.

9. 9. INTELLECTUAL PROPERTY

   1. 9.1. VIGILANCE is the exclusive owner of all intellectual property rights relating to the INFORMATION ASSETS. Such intellectual property rights are protected under Canadian intellectual property laws, international treaties, and applicable laws in countries where they are used. VIGILANCE will enforce its intellectual property rights in all measures permitted by applicable laws. The structure and organization of the INFORMATION ASSETS are valuable trade secrets and confidential information belonging to VIGILANCE. The use of the INFORMATION ASSETS does not grant any right on VIGILANCE’s intellectual property, nor on any information, document, image, or other element displayed therein.
   2. 9.2. The entire content of the INFORMATION ASSETS, including any image and any text, may not be distributed, modified, reused, republished, or otherwise used in whole or in part, whether in textual, graphics, audio, video, or executable form except in accordance with the present terms and conditions or the written permission of VIGILANCE. The use of VIGILANCE’s trademarks, except as expressly authorized herein and in compliance with the instructions of VIGILANCE, is prohibited and may constitute a violation of applicable laws and regulations.

10. 10. GENERAL PROVISIONS

    1. 10.1.The PLATFORM is managed and operated by VIGILANCE, of Repentigny, province of Quebec, Canada. The present terms and conditions are governed by the laws of Quebec and the applicable laws of Canada, without reference to principles of conflict of law. The USER agrees to be bound by these laws and to submit to the exclusive jurisdiction of the courts of Montreal, province of Quebec, any claim with respect to the interpretation or application of the present terms and conditions and in relation to any dispute arising from the terms and conditions or the use of the INFORMATION ASSETS.
    2. 10.2. Any maintenance and technical assistance relating to the INFORMATION ASSETS is provided by (i) the service provider to which VIGILANCE has conferred the right to grant sublicences for the use of the INFORMATION ASSETS or (ii) VIGILANCE itself when the license for the use of the INFORMATION ASSETS is granted directly by VIGILANCE to the User. In the first case, the USER acknowledges and agrees that VIGILANCE has no obligation whatsoever with respect to the provision of maintenance or technical assistance services relating to the INFORMATION ASSETS.
    3. 10.3.The USER shall comply with and ensure that its use of INFORMATION ASSETS complies with all applicable laws and regulations, whether municipal, provincial, federal, or foreign, including, without limitation, any laws relating to the protection of PERSONAL INFORMATION.
    4. 10.4.VIGILANCE makes no representation as to the availability or suitability for use of the INFORMATION ASSETS outside Canada. The USER is responsible for complying with all applicable laws in their jurisdiction. VIGILANCE reserves the right to change, suspend, withdraw, or disable access to the INFORMATION ASSETS in one or more jurisdictions at any time and without notice to protect its legitimate business interests or to ensure compliance with the law. In such cases, VIGILANCE cannot be held responsible for the withdrawal or disabling of access to the INFORMATION ASSETS.
    5. 10.5.The USER may not assign or transfer the rights of use granted herein without the prior written consent of VIGILANCE.
    6. 10.6.VIGILANCE may amend the present terms and conditions or any additional condition that applies to the INFORMATION ASSETS, in particular to reflect changes to the law or to the INFORMATION ASSETS. VIGILANCE will publish a notice of additional or modified conditions of use on the PLATFORM, which notice shall be approved by the USER before they continue using the INFORMATION ASSETS.
    7. 10.7. The present terms and conditions, and all related policies and documents, have been written in English at the express wish of the parties, the parties acknowledging having first read the French version available on the following page: Conditions générales d’utilisation des actifs informationnels. Les présentes conditions d’utilisation, ainsi que toutes les politiques et tous documents y étant rattachés, ont été rédigés en anglais selon la volonté expresse des parties, les parties reconnaissant avoir d’abord pris connaissance de sa version française disponible sur la page suivante : Conditions générales d’utilisation des actifs informationnels.

THE USER CONFIRMS THAT THEY ACCEPT THESE TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS AS AMENDED ON APRIL 17, 2024, AND AGREES TO BE BOUND BY THEM.

PRIVACY POLICY – INFORMATION ASSETS

1. 1. PURPOSE

   This Privacy Policy – Information Assets (hereinafter the “POLICY”) is an integral part of the TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS (available at https://store.vigilance.ca/legal-documents#terms-conditions-of-use) and specifies the terms and conditions under which VIGILANCE shall apply the sections concerning the protection of PERSONAL INFORMATION.

2. 2. DEFINITIONS

   Words or expressions capitalized in the POLICY and not defined herein shall be construed to have the meanings set forth in the TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS.

   Otherwise, the following definitions apply to the corresponding capitalized terms in this Policy:

   1. 2.1.

      “PRIVACY IMPACT ASSESSMENT” or “PIA” means a risk management process that consists in identifying all the positive and negative impacts on individuals’ privacy. Conducting a PIA involves

      1. (1) ensuring that the information technology project or communication complies with applicable privacy laws and their underlying principles;
      2. (2) identifying any privacy risks resulting from the project or communication and assessing their impacts; and
      3. (3) implementing effective strategies to prevent or limit these risks.
   2. 2.2. “STATE” means any jurisdiction recognized by the international community or by a nation-state within its borders, regardless of the political or constitutional system, including but not limited to the Canadian provinces/territories, Canada, the United States, the American states, the European states, and the European Union.
   3. 2.3. “CONFIDENTIALITY INCIDENT” means any of the following incidents: i) unauthorized collection or access to personal information; ii) unauthorized use of personal information; iii) unauthorized disclosure or communication of personal information; iv) loss of personal information; or v) any other breach of the protection of personal information.
   4. 2.4. “BUSINESS TRANSACTION” means the sale or lease of all or part of VIGILANCE or its assets, a change in its legal structure by merger or otherwise, the obtaining of a loan or other form of financing by it, or the taking of a security interest to secure one of its obligations.

3. 3. SCOPE

   1. 3.1. The POLICY applies to PERSONAL INFORMATION that is collected, disclosed or communicated, used, held, modified, or destroyed by a USER through the INFORMATION ASSETS.
   2. 3.2. The POLICY applies regardless of the jurisdiction in which the USER is located.

4. 4. COLLECTION OF PERSONAL INFORMATION

   1. 4.1. The USER is fully responsible for complying with any obligation incumbent on the person collecting PERSONAL INFORMATION under the applicable laws and regulations governing the protection of such information. For the sake of clarity, the USER is responsible for collecting PERSONAL INFORMATION from patients, as well as from any person concerned, only as permitted by law.
   2. 4.2. The INFORMATION ASSETS have predefined data entry fields for entering PERSONAL INFORMATION. These fields are generally required by several USERS. However, the USER acknowledges that the means and purposes of collecting PERSONAL INFORMATION and communicating it to VIGILANCE will depend on internal procedures.
   3. 4.3. By accepting the TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS, the USER acknowledges that VIGILANCE shall use, disclose/communicate, and hold PERSONAL INFORMATION only in its capacity as a service provider and solely for the purpose of providing the services required.
   4. 4.4. Insofar as the USER accepts the TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS, VIGILANCE presumes that the USER shall comply with their legal and regulatory obligations, in particular their obligation to draw up their own privacy policy, to obtain the informed consent of patients and other persons concerned if required, to notify patients of the purposes for which PERSONAL INFORMATION will be collected, used and disclosed/communicated, including that PERSONAL INFORMATION will be disclosed to VIGILANCE and other related third parties for purposes reasonably connected to the provision of services by VIGILANCE, and to respond to their requests to exercise their rights. In accordance with section 5.5 of the TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS, the USER shall make a declaration in this regard.

5. 5. DISCLOSURE/COMMUNICATION OF PERSONAL INFORMATION TO VIGILANCE

   1. 5.1. Patients’ PERSONAL INFORMATION is disclosed/communicated to VIGILANCE by the USER via the web platform or Windows platform.
   2. 5.2. The USER has the right to ask VIGILANCE for authorization to verify the confidentiality of the PERSONAL INFORMATION thus disclosed/communicated.

6. 6. SUBSEQUENT DISCLOSURE OF PERSONAL INFORMATION HELD BY VIGILANCE

   1. 6.1. VIGILANCE acknowledges that, except in the cases and subject to the conditions described below, the disclosure of PERSONAL INFORMATION to a third party requires the USER’s consent. However, VIGILANCE may disclose PERSONAL INFORMATION without their consent where permitted or required by law.
   2. 6.2. Whenever VIGILANCE is required to disclose PERSONAL INFORMATION, VIGILANCE will not disclose more information than is necessary under the circumstances and only for purposes connected with the provision of the services.
   3. 6.3.

      To provide its services, VIGILANCE may disclose/communicate PERSONAL INFORMATION to service delivery partners or mandatory bodies. A written contract shall require them to

      • only use the PERSONAL INFORMATION necessary to provide a service;
      • refrain from disclosing or communicating PERSONAL INFORMATION without VIGILANCE’s consent;
      • implement strict security measures as appropriate in the circumstances and in accordance with the law;
      • allow VIGILANCE to conduct compliance audits relating to the confidentiality of PERSONAL INFORMATION, either directly or through a third party;
      • notify VIGILANCE without delay of any breach or attempted breach of the confidentiality of PERSONAL INFORMATION;
      • destroy the PERSONAL INFORMATION at the end of the contract.
   4. 6.4.

      To carry out a BUSINESS TRANSACTION, VIGILANCE may communicate PERSONAL INFORMATION to another party. A contract shall require this party to

      • use only the PERSONAL INFORMATION necessary to carry out the BUSINESS TRANSACTION;
      • implement strict security measures as appropriate in the circumstances and in accordance with the law;
      • refrain from disclosing or communicating PERSONAL INFORMATION without VIGILANCE’s consent;
      • notify VIGILANCE without delay of any breach or attempted breach of the confidentiality of PERSONAL INFORMATION;
      • destroy the PERSONAL INFORMATION if the BUSINESS TRANSACTION is not carried out or if the PERSONAL INFORMATION is no longer required to carry out the BUSINESS TRANSACTION.
   5. 6.5. To comply with an order or a decision of a competent authority, VIGILANCE may be required to disclose PERSONAL INFORMATION. These courts and authorities are required by law to implement security safeguards to protect the confidentiality of PERSONAL INFORMATION.
   6. 6.6. To defend itself or to assert its rights, VIGILANCE may communicate PERSONAL INFORMATION to its lawyers or attorneys.
   7. 6.7.

      VIGILANCE may disclose/communicate PERSONAL INFORMATION to parties outside Quebec, particularly in other Canadian provinces/territories. Prior to this disclosure/communication, VIGILANCE shall conduct a PIA, taking into account

      • the sensitivity of the PERSONAL INFORMATION;
      • the purpose for which it is to be used;
      • the protection measures in place; and
      • the legal framework applicable in the STATE where the PERSONAL INFORMATION will be disclosed/communicated.
   8. 6.8. VIGILANCE will only proceed with the disclosure of information specified in section 6.7 if the PIA demonstrates that the PERSONAL INFORMATION will have adequate safeguards in keeping with generally recognized privacy principles and the law.
   9. 6.9. The disclosure of information specified in section 6.7 will be subject to a written agreement, taking into account the PIA’s conclusions and the agreed upon terms and conditions, with a view to mitigating the risks identified in the PIA.

7. 7. VIGILANCE’S USE OF PERSONAL INFORMATION

   1. 7.1.

      The use of PERSONAL INFORMATION refers to all operations carried out internally by VIGILANCE personnel for the following purposes:

      • Providing the USER with INFORMATION ASSETS and ensuring their optimal performance; and
      • Supporting the client in their use of INFORMATION ASSETS
   2. 7.2. VIGILANCE may use PERSONAL INFORMATION without the USER’s consent for purposes consistent with those listed in section 7.1. For a purpose to be legitimate within the meaning of this section, it must have a relevant and direct connection to the purposes for which the information was collected.
   3. 7.3. VIGILANCE may use PERSONAL INFORMATION without the USER’s consent when necessary for the prevention and detection of fraud, the evaluation and improvement of protection and security measures, including measures aimed at product quality and safety, or as otherwise permitted by law.
   4. 7.4. VIGILANCE may use PERSONAL INFORMATION without the USER's consent when necessary for study or research purposes, or for the production of statistics, where the information is de-identified. For the purposes of this agreement, PERSONAL INFORMATION is de-identified when it is no longer possible to directly identify the person concerned by the information.
   5. 7.5.

      With respect to the use of PERSONAL INFORMATION, VIGILANCE applies the following principles:

      • Each VIGILANCE staff member who uses PERSONAL INFORMATION is bound by confidentiality obligations and has received appropriate training, and may only access information that is necessary for the performance of their duties.
      • Any VIGILANCE staff member who breaches their confidentiality obligations is liable to disciplinary action, up to and including dismissal.
      • These sanctions are set out in VIGILANCE’s internal policies and are communicated to staff members prior to any use of PERSONAL INFORMATION.
      • VIGILANCE uses PERSONAL INFORMATION provided by clients only for the purposes described above, or for compatible purposes having a relevant and direct connection to the original purposes.
   6. 7.6. The USER has the right to give instructions on the use of the PERSONAL INFORMATION they collect. VIGILANCE may inform a USER when, in its opinion, one of their instructions infringes the laws protecting PERSONAL INFORMATION, without any obligation on its part to consult a lawyer or attorney. Such information shall not constitute a legal opinion. The USER may thereafter, at their discretion, obtain such an opinion from a lawyer or attorney licensed to practise their profession in their jurisdiction.

8. 8. RETENTION AND DELETION OF PERSONAL INFORMATION

   1. 8.1. PERSONAL INFORMATION is hosted on our servers and those of our internal applications. These servers are located in Canada. This hosting is subject to section 6.3 (communication of information to a service provider) and, where applicable, sections 6.7 to 6.9 (communication of information to parties outside Quebec).
   2. 8.2. Deletion and rectification requests submitted by USERS are analyzed by VIGILANCE’s teams upon receipt and immediately forwarded to subcontractors. Deletions and updates in the VIGILANCE databases are carried out within thirty (30) days.
   3. 8.3. USER accounts are deleted within thirty (30) days of such requests. However, for technical reasons, certain traces of user activity may remain in our systems, notably in connection logs and backup copies, for three (3) years.
   4. 8.4.Where this obligation applies, the USER shall establish their own schedule for the storage of PERSONAL INFORMATION and provide VIGILANCE with instructions as to its deletion. For legal reasons, certain PERSONAL INFORMATION related to USER accounts may be retained by VIGILANCE.
   5. 8.5. Notwithstanding the foregoing, PERSONAL INFORMATION communicated via the RXVIGILANCE and RXCONSULTACTION SOFTWARE is only stored temporarily. Once the USER has the answers they need, this information is deleted. In accordance with section 8.4 of the TERMS AND CONDITIONS OF USE OF INFORMATION ASSETS, the USER remains responsible for constituting any medical file required to comply with their professional obligations.

9. 9. REQUEST TO EXERCISE RIGHTS

   1. 9.1. The USER is responsible for processing any request to exercise rights from an individual concerned by PERSONAL INFORMATION that was communicated to VIGILANCE by this USER.
   2. 9.2. As specified in section 8.5 of this POLICY, VIGILANCE does not retain certain PERSONAL INFORMATION.
   3. 9.3. When VIGILANCE does retain certain PERSONAL INFORMATION, VIGILANCE does so only on behalf of and in the name of the USER. In such cases, VIGILANCE is required by law to confirm the source of the PERSONAL INFORMATION to the USER. VIGILANCE may inform an individual concerned of the USER’s name and contact details so that they may exercise their rights.

10. 10. SECURITY MEASURES

    1. 10.1. Taking into account factors such as the nature, scope, context, and purposes of the use, disclosure/communication, and retention of PERSONAL INFORMATION, VIGILANCE shall implement appropriate administrative and technical protection measures to ensure a level of security appropriate to the risks to the information’s confidentiality, integrity, and availability.
    2. 10.2. The USER and VIGILANCE agree that they will use commercially reasonable care and diligence not to transmit to each other, during their exchanges, computer viruses, worms, bugs, or any other computer program that may compromise the confidentiality, integrity, or availability of the information.
    3. 10.3.

       Without limiting the foregoing, VIGILANCE undertakes to implement the following protection measures:

       • The encryption of PERSONAL INFORMATION
       • An information security policy, including measures for the destruction of PERSONAL INFORMATION
       • A privacy incident response plan
       • The technological means to ensure the ongoing confidentiality, integrity, availability, and resilience of information systems
       • The means to restore the availability of INFORMATION ASSETS and access to PERSONAL INFORMATION in a timely manner in the event of a physical or technical incident
       • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring secure processing.
    4. 10.4. To ensure the highest possible level of security, certain safeguards applied by VIGILANCE are not included in section 10.3. The USER has the right to request additional information on these measures, within reason.

11. 11. REPORTING PRIVACY INCIDENTS

    1. 11.1. VIGILANCE undertakes to keep a register of all confidentiality incidents in accordance with the legal and regulatory requirements in effect in the province of Quebec and the other provinces and territories of Canada.
    2. 11.2. VIGILANCE will notify the USER of any violation or attempted violation of the confidentiality of PERSONAL INFORMATION.
    3. 11.3. In the event of a confidentiality incident, VIGILANCE will provide written notice to the USER. The written notice may be sent by email to an address specified by the USER.
    4. 11.4.

       VIGILANCE will provide the USER with all useful documentation so they can report the confidentiality incident to the competent authority and the individuals concerned by means of a notice containing

       • a description of the incident, its cause, its date and location, the categories and approximate number of individuals concerned, the categories and approximate number of personal data records concerned, and the type of media on which the PERSONAL INFORMATION is recorded;
       • a description of the likely consequences of the confidentiality incident, including an assessment of the risk of misuse or harm to the individuals concerned by the PERSONAL INFORMATION;
       • a description of the measures taken or proposed by the privacy officer to reduce the risk of harm and prevent further incidents of the same nature;
       • the name and contact details of VIGILANCE’s privacy office or another contact person who can provide further information.

12. 12. END OF CONTRACT

    1. 12.1. It is the responsibility of the USER and not VIGILANCE to retain any PERSONAL INFORMATION as may be required by law. At the end of the contract with the USER, the USER may choose to have the PERSONAL INFORMATION disclosed/communicated to VIGILANCE returned in a common format. VIGILANCE will not retain PERSONAL INFORMATION for any longer than is reasonably connected to the provision of the service and will destroy PERSONAL INFORMATION at the end of the contract.

13. 13. LANGUAGE

    1. 13.1. Unless the USER wish to refer specifically to the English version of this POLICY, the USER must consult the French version available on the following page: Politique sur la protection des renseignements personnels – Actifs informationnels . À moins que la volonté de l’utilisateur soit de se référer spécifiquement à la version anglaise de la présente politique, l’utilisateur doit consulter sa version française disponible sur la page suivante : Politique sur la protection des renseignements personnels – Actifs informationnels .

PRIVACY POLICY – WEBSITE

PLEASE READ OUR PRIVACY POLICY CAREFULLY BEFORE USING THE WEBSITE.

1. 1. PURPOSE AND SCOPE

   Vigilance Santé (hereinafter “Vigilance” or “we”) takes great care to protect the Personal Information (as defined below) provided to us.

   The purpose of this policy is to establish and describe

   • Vigilance’s obligations regarding the collection, use, communication, retention, and destruction of Personal Information;
   • the scope of the consent given by individuals concerned by this information and the ways in which they can exercise their rights; and
   • the security and governance measures in place to protect the privacy of these individuals.

   The Policy applies to the direct collection of Personal Information concerning the users of the website https://www.vigilance.ca/ (hereinafter: the “Website”) by Vigilance.

   This Policy does not apply to Personal Information related to patients or other individuals that is communicated by a USER while using INFORMATION ASSETS (as defined in the Terms and Conditions of Use of Information Assets, available here: https://store.vigilance.ca/legal-documents#terms-conditions-of-use). If you have any questions or concerns about this information, please refer to the Privacy Policy – Information Assets, available here: https://www.vigilance.ca/legal-documents#data-privacy-policy. For the sake of clarity, the latter applies regardless of the method of access to the INFORMATION ASSETS, whether by the web portal or Windows portal.

2. 2. COLLECTION OF PERSONAL INFORMATION

   “Personal Information” refers to any information about an identifiable individual and includes information that relates to a natural person and can be used to identify them, either directly or indirectly.

   We only collect Personal Information about you that is necessary to establish, manage, and maintain our relationship with you and provide the best possible service. Depending on the circumstances, we may collect the following Personal Information about you:

   • Name and language of correspondence
   • Email address
   • Phone number
   • Mailing address
   • Profession
   • Professional licence number
   • Website usage data and browsing history
   • Any request you may send us (for processing and archiving purposes)

   We may collect Personal Information on the Website, either directly or through forms (e.g., technical support, general information). More generally, we may collect information when you communicate with one of our employees or representatives by email, on the phone, or in person.

3. 3. CONSENT

   Your consent to the collection, use, and communication of your Personal Information must be clear, free and informed. It must be given for the specific purposes and objectives identified in the following section of this Policy.

   Depending on the nature and sensitivity of your Personal Information, your consent may be express (i.e., given verbally, in writing, or electronically) or implied (e.g., when you provide Personal Information voluntarily). Where Personal Information is sensitive, we will ensure that your consent is expressly given.

   BY USING THE WEBSITE, YOU CONSENT TO THE COLLECTION, USE, COMMUNICATION, AND RETENTION OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS POLICY. PLEASE READ IT CAREFULLY.

   If you do not consent, please do not use the Website. Except where otherwise provided by law, you may withdraw your consent at any time upon reasonable notice. Please note that if you choose to withdraw your consent to the collection, use, and communication of your Personal Information, certain features of our Website may no longer be available to you, or we may no longer be able to offer you certain services.

4. 4. PURPOSES FOR THE USE OF PERSONAL INFORMATION

   We may use your Personal Information for the following purposes:

   • Website management, planning, and improvement
   • Analyzing the use of the Website, including the use of specific features
   • Developing and improving the Website based on your searches, activity, and choices
   • Identifying and correcting Website anomalies
   • Responding to your emails and technical support requests
   • Communicating information to clients about changes and improvements to our services

   Your personal information will not be used for purposes other than those listed above, except with your consent or as required or permitted by law.

5. 5. UNDERTAKINGS AND GOVERNANCE MEASURES

   We have security measures in place to ensure the protection of your personal information. Specifically, we undertake to

   • implement protection measures to protect the personal information we collect, use, communicate, retain, hold or destroy;
   • implement the physical, administrative, and technological measures necessary to prevent unauthorized persons from gaining direct or indirect access to Personal Information;
   • ensure that only our employees, mandataries, agents, service providers and contractors who are authorized to consult Personal Information have access to it and that they consult only the Personal Information necessary for the performance of their duties; and
   • ensure that our employees, mandataries, agents, service providers, and contractors who have access to Personal Information are subject to confidentiality undertakings and guidelines with sanctions in the event of a breach of their obligation of confidentiality.

6. 6. COMMUNICATION/DISCLOSURE OF PERSONAL INFORMATION

   • To whom may we communicate or disclose Personal Information?

     Whenever we need to communicate your Personal Information, we will endeavour not to disclose more information than is necessary under in the circumstances.

     We recognize that, except in the cases and subject to the conditions described below, the communication/disclosure of your Personal Information to a third party requires your consent. However, we may, without your consent, communicate/disclose your Personal Information where permitted or required by law. Below is a description of the parties to whom we may communicate/disclose your Personal Information, for what purposes, and the measures taken to protect such information during transmission.

     Recipient	Purpose	Measures
     Subcontractors, service providers, agents and mandataries	We sign contracts with subcontractors, service providers, agents and mandataries to provide you with a service and/or improve existing services.	Subcontractors, service providers, agents and mandataries sign a contract that requires them to Only use the Personal Information necessary to provide a service to us; refrain from disclosing or communicating Personal Information without our consent; implement strict security measures; allow us to audit these measures; notify us immediately of any confidentiality incident; and destroy Personal Information at the end of the contract.
     Another party in a business transaction Such a transaction includes the sale or lease of all or part of our company or its assets, a change in its legal structure by merger or otherwise, the obtaining of a loan or other form of financing by it, or the taking of a security interest to secure one of its obligations (hereinafter “Business Transaction”).	Where necessary to determine whether to proceed with a Business Transaction and, if the decision is made to proceed, to complete the Business Transaction.	The parties sign a contract requiring them to use only the Personal Information necessary to carry out the Business Transaction; implement strict security measures; refrain from disclosing or communicating Personal Information without our consent; notify us immediately of any confidentiality incident; destroy the Personal Information if the Business Transaction is not carried out or if the Personal Information is no longer required to carry out the Business Transaction; and provide notice to the persons concerned that it now holds Personal Information concerning them because of the Business Transaction.
     Lawful authorities	To comply with an order or decision of a court, including a valid search warrant, or of a regulatory authority, we may be required to provide Personal Information.	The laws governing these authorities require them to put in place measures to respect and preserve the confidentiality of your Personal Information. We generally refuse to grant access if a request is not legally binding.
     Our lawyers or attorneys	To ensure our defense or assert our rights, we may, in certain cases, disclose your Personal Information.	Both the law and the engagement letters we sign obligate our lawyers and other legal advisors to protect the confidentiality of all our communications with them.

   • Where may we communicate Personal Information?

     To fulfill the purposes set out in section 4 of this Policy, we may communicate Personal Information outside of Quebec, particularly to parties in other Canadian provinces.

     Before communicating Personal Information outside of Quebec, we will conduct a Privacy Impact Assessment, which will take into account the following factors:

     • The sensitivity of the Personal Information
     • The purpose for its use
     • The protection measures in place
     • The legal framework applicable in the state where the Personal Information will be communicated.

     We will proceed with the communication only if this assessment demonstrates that the Personal Information will have adequate safeguards, in keeping with generally recognized privacy principles. In addition, this communication will be the subject of a written contract that takes into account all the conclusions of the assessment, as well as the measures taken to mitigate the identified risks.

   We may use service providers located outside of Canada to collect Personal Information or we may transfer Personal Information to service providers located outside of Canada. For more information on our policies and practices on our use of service providers located outside of Canada, please contact our Privacy Officer at the address set out in Section 10 below.

7. 7. RETENTION OF PERSONAL INFORMATION

   We retain your Personal Information only for as long as necessary to fulfill the purpose for which it was collected, subject to any legal retention requirements, and for as long as necessary to protect our legitimate business interests to the extent permitted by applicable law.

   We reserve the right to establish Personal Information destruction policies from time to time. Upon request, we can inform you of the amount of time your Personal Information will be retained.

   If you request the destruction of your Personal Information, we will use reasonable efforts to comply with your request as soon as possible. Your Personal Information will be deleted within thirty (30) days following your request.

8. 8. YOUR RIGHTS

   ALL REQUESTS FROM USERS OR OTHER INDIVIDUALS CONCERNED WHOSE INFORMATION IS TRANSMITTED TO US UNDER A SERVICE CONTRACT MUST BE ADDRESSED TO THE USER PRIVACY OFFICER. EXCEPT TO INFORM YOU OF THE SOURCE OF SUCH PERSONAL INFORMATION, WE DO NOT RESPOND TO SUCH REQUESTS. WE LIMIT ITS USE TO THAT WHICH IS NECESSARY TO FULFILL THE CONTRACT WITH OUR CLIENTS AND RECTIFY OR DELETE THE INFORMATION ACCORDING TO THEIR INSTRUCTIONS AS SPECIFIED IN THE PRIVACY POLICY – INFORMATION ASSETS.

   • The right to be informed of the use, communication, retention, and destruction of your Personal Information. This is what this Policy is meant to achieve.
   • The right to access your Personal Information to obtain, where appropriate, more details on how we use, communicate, retain, and destroy such information.
   • In some cases, you may object to, restrict, or withdraw your consent to such operations by giving reasonable notice by email to the email address provided at the end of this Policy.
   • The right to have your Personal Information corrected if you can demonstrate that it is inaccurate or misleading and to have it completed if it is incomplete.
   • The right to have your Personal Information deleted subject to our legal obligations.
   • The right to be informed of a confidentiality incident involving your Personal Information and that we believe may cause you serious harm and/or real risk of significant harm according to applicable laws. To this end, we maintain a register of all confidentiality incidents and assess the harm they may cause.

   You may exercise these rights by sending an email to the email address provided at the end of this Policy. We will respond to any request within 30 days of receipt, except where the law permits an extension of that time. We will require verification of your identity prior to providing access to any of your Personal Information to you.

   Any rectification or deletion of Personal Information will be communicated to third parties to whom such information has been communicated.

   If we refuse to furnish or correct your information, we will provide you with the reasons for the refusal, the applicable sections of the law, and information about your remedies, all subject to the limitations of the law.

   If we refuse to rectify your Personal Information, we will allow you to place written comments in your file regarding the Personal Information for which rectification has been refused. We will also retain the Personal Information that has been the subject of an access request for as long as necessary to allow you to exhaust any remedies provided by law.

9. 9. COOKIES

   When you visit our Website, we may use a feature of browser software called a “cookie” to collect information anonymously and establish your user profile. A cookie is a small text file with a unique identification number that identifies your browser (but not you) to our computers each time you visit our Website. We use these cookies to customize our Website based on your preferences and to compile statistics on your activity. The information collected may include the following:

   • Your computer’s Internet Protocol (IP) address
   • Your geolocation
   • The operating system you’re using
   • Your language preference
   • The date and time you access our Website
   • The previous website you visited that provided you with a link to our Website
   • The content you viewed and downloaded from our Website and the number of visits

   Generally, the cookies we use fall into three categories:

   • Technical:

     Technical cookies are used throughout the browsing experience to facilitate the use of our Website. For example: a technical cookie may be used to remember your username to facilitate your login or to remember your preferences or options you have chosen.

   • Analytics:

     These cookies are anonymous and are used to collect statistics on the use of our Website.

   • Advertisement:

     These cookies may be placed by the Website or by other sites displaying advertisements or announcements. These cookies collect information anonymously and build up your visitor profile.

   If you wish, you can set your browser to notify you when you receive cookies or to refuse them. You can erase cookies from your computer’s hard drive, block the creation of cookies, or receive a warning before a cookie is stored.

   In doing so, however, your use of our Website may be affected and you may no longer have access to all its features. Please refer to My Ad Center and the Network Advertising Initiative, as well as your browser’s instructions or help section, to learn more about cookies.

10. 10. PRIVACY OFFICER

    If you have any questions about this Privacy Policy or the way in which we handle your Personal Information, or to exercise your rights, please contact our Privacy Officer by email or by mail at the following coordinates:

    • Privacy Officer
    • 202-440 Notre-Dame
    • Repentigny (Quebec)
    • J6A 2T4

    Or by e-mail: rprp@vigilance.ca

    Please provide sufficient detail in all correspondence to enable us to identify the information you wish to access or have corrected, if applicable. We recommend that you keep your e-mails secure. Please note that we may ask you to verify your identity before responding to your request.

11. 11. CHANGES TO THE POLICY

    Vigilance reserves the right to modify the content of this Policy at any time. Any changes will appear on our Website and will be brought to your attention when you log in. We recommend that you print a copy of this Policy for your records and review this section of our Website periodically.

12. 12. LANGUAGE

    Unless you wish to refer specifically to the English version of this Policy, please consult the French version available on the following web page: Politique de confidentialité – Site Web. À moins que votre volonté soit de vous référer spécifiquement à la version anglaise de la présente politique, veuillez consulter sa version française disponible sur la page suivante de notre site web : Politique de confidentialité – Site Web.