Policies

Privacy Policy

1. Introduction

This privacy policy (the “Privacy Policy”) describes the types of information collected by Medik8 Canada Limited d/b/a Medik8 (“Medik8,” “we,” “us,” or “our”) in connection with our website operated in Canada namely ca.medik8.com,and any related websites on sub-domains, extensions, and locales that we own, and any related online platforms, mobile apps, social media, applications and software systems that we operate (together, the “Site”). The Privacy Policy is applicable only to visitors, users, vendors, customers, merchants, and others, who currently reside in or select a shipping address in Canada  (“you” or “your”).

By accessing the Site on any computer, mobile phone, tablet, or other device (collectively, “Device”), making a purchase from us, expressly agreeing to the Privacy Policy, or otherwise interacting with us through the Site, you agree to the terms of the Privacy Policy. If you do not agree to the Privacy Policy, please do not use the Site.

We may modify the Privacy Policy at any time, and will post the current version on the Site from time to time. We encourage you to periodically review the Privacy Policy to stay informed about how we are using the information we collect.

2. Collection, Use, and Disclosure of Personal Information

The following table sets forth the categories of personal information we collect from you, the source of that personal information, and how we use and share such personal information.

Category of Personal Information Collected

Source of Information

Purpose for Our Collection

Categories of Third-Party Recipients (other than Medik8)

Contact information: Such as your first name, maiden name, last name, billing address, delivery address, email address, telephone numbers, or other contact information

From you

To fulfill your requests for products and services, respond to your inquiries, send you a confirmation email when you make a purchase, send you marketing emails or SMS messages, catalogs, information, promotional materials and other offerings, when you contact us or request customer service or support, including when not logged into the Site

We only use your information for marketing purposes with your express opt-in consent or based on your implied consent through an existing business relationship where applicable

Our service providers, including cloud storage and software providers; marketing and advertising providers; order fulfilment and logistics providers, payment processors, website and analytics providers, customer service and relationship providers


 

Other identifiers: Such as your username, date of birth, gender, and age

From you

To fulfill your requests for products and services and provide you with product information and offers that may be of interest to you

Our service providers, including cloud storage and software providers; marketing and advertising providers; order fulfilment and logistics providers, payment processors, website and analytics providers, customer service and relationship providers

Purchase and order information: Contact information, together with purchase details online and in store through e-receipts, delivery details, payment details, and any communications we have received about your order or purchase

From you

To validate, confirm, verify, deliver, install, and track your order, including to arrange for shipping, handle returns and refunds, maintain a record of the purchases you make, to service products you purchased from us, to predict your skin concerns and interests to provide relevant product advice and marketing and to provide you offers that may be of interest to you

Our service providers, including software providers, delivery and logistics providers, who process, fulfill, and ship orders, marketing analytics platforms and customer service and relationship management providers

Other delivery information: Name and address of recipient for delivery, if different from customer’s

From you

To deliver to the person at the address which you have requested

Our service providers, including software providers,  delivery and logistics providers, who process, fulfill, and ship orders

Payment information: Name, card issuer and card type, credit or debit card number, expiration date, CVV code and billing address

From you and your payment card issuer

To check that the right person is using the right card or account, meet the requirements of the card brands or account issuers, and make sure we are paid for what you buy


Our payment processors may also process personal information for their own purposes (e.g., fraud detection) in accordance with their privacy policies

Our service providers, including payment processors, who process payments for us. These payment processors are contractually required to comply with laws and requirements applicable to payment processing, which may include the Payment Card Industry Data Security Standard (PCI-DSS), a security standard developed and maintained by the Payment Card Industry Security Standards Council

Legal information: Fraud checks or flags raised about your transactions, the payment card you want to use, payment card refusals, suspected crimes, complaints, claims and accidents

From you, the police, crime and fraud prevention agencies, payment card providers, the public, regulators, your and our professional advisors and representatives

This information is collected and processed where permitted by law, such as in connection with an investigation into potential fraud. This information may be used to protect you, other customers and our business against criminal activities and risks, make sure we understand and can meet our legal obligations to you and others and can defend ourselves

Our service providers including payment processors, who process payments for us and   who help us with fraud protection and credit risk reduction, and law enforcement and other governmental authorities in accordance with applicable law

Preference information: Your marketing preferences, your account settings (including any default preferences), any preferences you have indicated, the types of services/offers that interest you, the areas of our Site that you have visited or ways that you interact with our Site

From you, and from our Site technology’s interaction with your browser/Device and cookies and other similar technologies tracking the pages you visit, the marketing messages you open and the links you follow

You have the right to withdraw consent for non-essential cookies at any time

To enhance your online shopping experience, including as a way to recognize you and welcome you to the Site, to provide you with customized Site content, targeted offers, promotions and advertising on the Site that might be of interest to you

Our third-party vendors and service providers that perform website analytic services for us such as Google Ads or enable the customization of offers to you to improve your shopping experiences through our Site and customer service and relationship management providers

Communications: Communications we have with you through the Site, by email, by online live chat, through our AI Agent chatbot on the Site, or otherwise. 

From you

To handle your requests, to contact you when necessary or requested, including responding to your questions and comments and providing customer support, and to obtain customer feedback and improve our customer service and customer shopping experience.  Online chats (including through our AI Agent chatbot) may be analyzed for training, quality control and for sales and marketing purposes

Our service providers who assist us with customer service and relationships, including third party vendors who facilitate chats

Voluntary information: Any voluntary information you provide us with, by any means including by email, such as responses to surveys or competitions, your health details or philosophical beliefs, information or images related to a complaint of an adverse reaction to any of our products, or when you post a product review, question, answer, or other information on the Site

From you and your social media account provider

To know you better, make our communications with you more personal, learn and improve from your survey feedback, organize events and pick competition winners.

Health information or images related to a complaint or an adverse reaction to any of our products is handled with a higher level of security and used only for regulatory compliance and or /safety purposes 

Our service providers who administer surveys and promotions, or for regulatory compliance governmental authorities in accordance with applicable law, and our professional advisors 

Photographs and physical characteristics  information: Such as your photos and pictures, including your profile picture and before and after pictures related to your use of our products

From you when you upload them to the Site or otherwise share with us, including through email or social media

To better understand your needs for our products and services 


Social media photos may be reposted on social media or used in marketing materials with your consent 

Our service providers; to other current and potential customers when we repost photographs in social media posts or use in marketing, with your consent where required

Personalization: Your journey online and how you use our Site, whether and when you open our marketing emails and respond to our advertisements

From you, and from our Site technology’s interaction with your browser or Device and cookies tracking the pages you visit, when enabled by you 

To improve our Site, products and services, customer service, and customer shopping experience

Our third-party vendors and service providers that perform website analytic services for us or enable the customization of offers to you to improve your shopping or website experience for our Site

Device information: IP address, internet provider, operating system and browser used, type of Device (such as laptop or smart phone), Device cookie settings and other Device details (such as MAC address and geolocation)

From you and from the Site technology’s interaction with your browser or Device


This information is only collected and processed for non-essential purposes when enabled by you

To make sure the Sites’ technology works properly with your Device and make sure you can see and use the Sites on the Device you are using, for analytical and demographic purposes, and to provide offers that may be of interest to you

We also use this information to protect the security and integrity of the Site and our business, such as by protecting against and preventing fraud, unauthorized transactions, and managing risk exposure, including by identifying potential hackers and other unauthorized users

Our service providers who help us with fraud protection, and third-party vendors and service providers that perform website analytic services for us or enable more relevant offers to you on the Site

Information automatically collected from your browser and the Site: When you use the Site, some data is automatically transferred from your browser to our server, including your browser type, operating system type or mobile device model, viewed webpages, links that are clicked, IP address, mobile device identifier or other unique identifier, sites or apps visited before coming to the Site, the amount of time you spend viewing or using the Site, the number of times you return, or other clickstream or Site usage data, information you enter into forms on the Site - including before you hit a submit or similar button - emails we send that you open, forward, or click through to the Site

From you and from the Site technology’s interaction with your browser or Device


This information is only collected and processed for non-essential purposes when enabled by you

We use this information in an aggregated non-specific format for analytical and demographic purposes

We also use this information to protect the security or integrity of the Site and our business, such as by protecting against and preventing fraud, unauthorized transactions, and managing risk exposure, including by identifying potential hackers and other unauthorized users

Our third-party vendors and service providers that perform website analytic services for us or enable the customization of offers to you to improve your shopping or website experience and the relevance of offers to you on the Site

Suspected crime information: Details of your identity, image, name and address, suspected or alleged thefts, fraud, assault or other criminal behavior

From crime and fraud prevention agencies, from you, witnesses, and from the police

This information may be collected and processed in the event of an investigation to protect customers, the public and our business against risks and crime, to prevent loss, to prosecute crime, and to defend ourselves

Law enforcement and other governmental authorities in accordance with applicable law, and our professional advisors

Loyalty & rewards data (e.g., points balance, tier status, birthday, skin quiz results)

From you when you join the programme

To manage your rewards, track spending, calculate points, provide birthday gifts, and offer personalized skincare recommendations based on your shared preferences and sending out marketing and offers with your consent 

Our third-party vendors and service providers that provide loyalty platform services and and our customer service and relationship management providers


Aggregated personal information does not personally identify you or any other user of the Site. We may use aggregated personal information such as statistical or demographic information for any purpose, including for statistical analysis and research.

3. Additional Purposes for Using Personal Information

In addition to the uses set forth in the “Collection, Use, and Disclosure of Personal Information” section above, we may use and share the categories of personal information identified above:

  • To comply with applicable legal and regulatory requests and obligations (including investigations)

  • To establish or defend legal claims and allegations

  • For security or the prevention, detection, or investigation of fraud, suspected or actual illegal activity, violations of company policy or rules, or other misconduct

  • To seek advice and consultation from lawyers, auditors, insurance companies, and other professional advisers

  • With potential or actual purchasers of all or part of our business in connection with a business transaction

4. Cookies and Tracking Technologies 

As described in our "Collection, Use, and Disclosure" table, we and our third-party partners use cookies, pixels, and similar tools (like JavaScript tags) to collect information automatically.

Purposes for Collection: We use these technologies for the following specific purposes:

  • Functionality: To recognize you, maintain your session, and allow you to use the Site without re-entering credentials

  • Performance & Management: To monitor and manage Site usage and improve our products and services

  • Enhanced Experience: To personalize your shopping journey and "remember" your preferences

  • Incomplete Form Capture: We may collect information you enter into forms on the Sites before you click "submit" or a similar button to understand where users encounter difficulties

  • Targeted Marketing: To provide you with interest-based ads and advertising emails. Note: We may use this technology to identify you and send advertising emails even when you are not logged into the Site

Consent and Your Choices:

  • While strictly necessary cookies are deployed to make the site work and for security purposes, we rely on your express opt-in consent for performance, personalization, and marketing cookies (including those used for interest-based advertising and unlogged email targeting)

  • You can provide, refuse, or withdraw your consent at any time via our cookie management service or preference page

  • You may also set your browser to reject cookies. However, doing so may limit your access to certain features. Please note that browser-management tools are outside of our control.

We may combine cookie data with other information we have collected from you for the purposes outlined above. 

5. Interest-Based Advertising & Your Choices 

We work with third-party advertising partners (such as Google Ads) and social media platforms to display advertisements for our products on other websites and apps. These partners use tracking technologies (including cookies and pixels) to collect information about your activities on our Site and across the internet to serve you "personalized" or "interest-based" ads that are tailored to your inferred interests.

Cookie Consents:

  • We won't deploy non-essential tracking technologies for interest-based advertising unless you have provided express opt-in consent via our cookie banner.

  • By using our Site and not adjusting your cookie settings, you provide implied consent to the use of your information for interest-based advertising.


How to Opt-Out: If you prefer not to receive personalized advertisements, you can exercise your choice through the following Canadian and international industry programs:

  • AdChoices Canada: Visit youradchoices.ca to opt-out of participating companies.

  • DAA / NAI (US): You may also use the NAI Opt-Out Tool or the DAA WebChoices Tool.

  • Site-Specific Settings: You can manage your preferences at any time by clicking the cookie preference link in our website footer.

Note on Non-Targeted Ads: If you opt-out, you will still see advertisements for our products. However, these ads will be "contextual" (based on the webpage you are currently viewing) rather than based on your past browsing history or interests.

6. Retention and Disposal of Personal Information 

We retain your personal information only for as long as is strictly necessary to fulfill the purposes for which it was collected or to comply with applicable legal, tax, or regulatory requirements.

  • Retention Criteria: Our retention periods are determined based on the nature of the information, our legal obligations (such as consumer protection laws or tax requirements), and the necessity of the data for providing you with requested services.

  • Anonymization and Destruction: Once the purpose for collection has been fulfilled and any legal retention periods have expired, we either securely destroy your personal information or permanently anonymize it. Anonymization in Canada means the data can no longer be linked to you, directly or indirectly, and we use it solely for legitimate purposes (such as internal business analytics).

  • Best practice: We ensure that the destruction or anonymization process follows recognized security best practices to prevent any unauthorized recovery of the data.

7. Security of Your Personal Information 

We are committed to protecting your personal information and have implemented physical, organizational, and technological safeguards appropriate to the sensitivity of the information in our care.

  • Access Controls: Within our organization, your personal information will only be accessible to personnel with a need to access the information in order to carry out their duties. Depending on the nature of personal information, this may include customer service, marketing, advertising, IT, security, and finance personnel.

  • Our Responsibility: We ensure that our employees and third-party service providers only have access to the information they need to perform their duties. We use contractual agreements to ensure that any third parties processing your data outside of Canada provide a level of protection comparable to our own standards.

  • Mandatory Breach Notification: In the event of a "confidentiality incident" or security breach that poses a real risk of significant harm to you (such as identity theft, financial loss, or humiliation), we notify you and the relevant privacy regulators (such as the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec) as soon as feasible, in accordance with applicable laws.

  • Your Role: While we take extensive steps to protect your data, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

8. Children and Minors 

Our Site is intended for use by adults. We do not knowingly collect personal information from children under the age of 18 in Canada. 

  • Consent Requirements: If you are under the age of 18 you must not provide any personal information to us. If we learn that we have collected personal information from a minor without verifiable parental or guardian consent, we delete that information immediately.

  • Parental Rights: If you are a parent or legal guardian and believe your child has provided us with personal information, please contact our Privacy Officer (see "Contact Us" below). We take steps to investigate and permanently delete the information from our records.

9. Third-Party Links and Shared Platforms 

Our Site may contain links to third-party websites (such as Instagram, Facebook, and YouTube) or allow you to use third-party accounts (like "Sign in with Google") to purchase our products.

  • Your Responsibility: These external sites have their own privacy policies. We encourage you to review them, as their practices are not governed by this policy.

  • Our Accountability: When you use a third-party service to interact with our Site (e.g., using a social media account to create a profile), we may receive certain information from that third party. We treat all such information in accordance with this policy.

  • Social Media & Tracking: If you are logged into a social media account while visiting our Site, that platform may collect information about your visit via integrated tools (such as "Like" buttons or pixels). These technologies are deactivated by default on our Site and will only be activated if you provide express opt-in consent via our cookie banner.

  • Third-Party Marketplace Accounts: If you purchase our products through a third-party platform, that platform acts as an independent "controller" of your data. We are only responsible for the information shared with us to fulfill your order.

10. Changes to this Privacy Notice 

We may update this policy from time to time to reflect changes in our personal information practices or relevant privacy laws.

  • Notification of Changes: For minor changes, your continued use of our Site following the posting of the revised policy constitutes your acceptance of those changes.

  • Material Changes: If we make material changes to the way we collect, use, or disclose your personal information—particularly changes that significantly affect your privacy rights—we provide a more prominent notice (e.g., via email or a pop-up banner on our Site).

  • Fresh Consent: If the changes involves using your personal information for a new purpose that was not previously disclosed, we obtain your express consent before using your data in that manner.

  • We ensure that all material changes are communicated in a clear and simple manner, and we provide you with a summary of the significant changes to help you understand how your rights are impacted.

11. Your Privacy Rights

Depending on where you reside in Canada, you have specific rights regarding your personal information. These rights are subject to limitations and exclusions under applicable laws.

Your Rights May Include:

  • Right to Access: You may have the right to request a copy of the personal information we hold about you and/or to receive an account of how that information is being used or to whom it has been disclosed.

  • Right to Rectification: You have the right to challenge the accuracy and completeness of your personal information and have it amended as appropriate.

  • Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time (e.g. opting out of marketing), subject to legal or contractual restrictions and reasonable notice. You may withdraw your consent to receive marketing communications at any time by using the "unsubscribe" link provided in our messages, or following the instructions set out in SMS messages.

  • Right to Erasure: You may request that we erase your personal information as required by law. 

  • Right to Data Portability: You may have the right to receive your computerized personal information in a structured, commonly used technological format or request that it be transferred to another organization.

  • Right to Information on Automated Processing: If we use your personal information to make a decision based exclusively on automated processing, we inform you at or before the time of the decision and provide you with the opportunity to submit observations.

How to Exercise Your Rights: To submit a request, please contact our Privacy Officer at the address provided below. To protect your privacy, we may be required to take reasonable steps to verify your identity (such as requiring a login or verifying recent order details) before granting access or making corrections.

No Discrimination: We won’t discriminate against you for exercising any of your privacy rights. Exercising these rights will not result in a change in the price or quality of our goods or services.

12. Transfer of Information Outside of Canada 

We are an international company, and your personal information will be transferred to, stored, and processed outside of Canada, in the United States and potentially other countries where our service providers are located. If you are located in Quebec, please note your personal information may be communicated outside of Quebec.

  • Foreign Legal Access: When your information is stored outside of Canada, it is subject to the laws of that jurisdiction. This means that your personal information may be accessible to government, national security, or law enforcement authorities of the United States (or other host countries) under lawful orders or applicable local laws.

  • Our Commitment to Protection: We remain accountable for your personal information regardless of where it is stored. Before transferring data outside of Canada, we take steps to ensure that the recipient provides a level of protection comparable to that required under Canadian privacy laws. This includes using specialized contractual agreements with our service providers to mandate strict security and confidentiality. We take steps, including carrying out impact assessments where appropriate, to ensure that your information will receive adequate protection. By providing us with your personal information, you acknowledge that it will be transferred and stored outside of your province.

If you have any questions, or wish to receive further written information about our policies and practices with respect to our use of service providers or affiliates outside of Canada, please contact us our Privacy Officer at the information provided below.

13. Accountability and Responsibilities

Medik8 Canada Limited is responsible for the personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with Canadian privacy laws. This includes managing the day-to-day administration and implementation of our privacy program, such as developing and delivering privacy training to relevant personnel, establishing and publishing relevant policies and procedures, investigating and responding to complaints and potential violations of our privacy policies or relevant laws, responding to requests from individuals to exercise their rights under applicable privacy laws, and regularly reviewing and identifying opportunities to improve our privacy program.

Medik8’s Privacy Officer is responsible for managing our data security program, including preparing a written information security program, assisting with breach prevention, response and containment, and evaluating and implementing information security controls.

In addition, all personnel are responsible for: protecting the confidentiality and security of any personal information they handle in connection with their employment or engagement; following our security measures and policies and procedures for handling personal information; refraining from any unauthorized access, use or disclosure of personal information; facilitating data subject requests; and reporting security or confidentiality incidents.

14. Contact Us

If you have questions or concerns about the Privacy Policy or how we collect and use the information of our customers, you can contact us by:

  • Emailing our Data Protection Officer at privacy (at) medik8.us,

  • postal address at Medik8 Inc. d/b/a Medik8, 915 Broadway Suite 1005 New York, NY 10010; ATTN: Privacy Request.

If we need, or are required, to contact you concerning any event that involves your information, we may do so by email, telephone, or mail. If you make a purchase, we send you a confirmation email.