Privacy Policy
Who we are
Tantus Health Co was established to serve medical cannabis clients across Canada. Our focus is providing clients with the best possible experience including efficient service, quality of product and inventory availability as well as strict adherence to privacy and security.
Our website address is: https://www.tantushealthco.com
What personal data we collect and why we collect it
Client and Medical Information
When clients apply for an account on our website we collect the data shown in the application form, and also the visitor’s IP address and browser user agent string to help spam detection. When clients and/or medical practitioners provide prescription and practitioner information, we collect the data for mandatory compliance and reporting purposes.
All information is transmitted and stored securely using encryption protocols for data during transmission and while stored.
A user account is created created from your name and email address. After verification of your email address, you account is active but before purchasing is enabled, you must complete a consultation with a medical practitioner and provide a valid prescription document. Once the medical document and practitioner are verified, you will be able to order on the website to the monthly maximum indicated by the prescription that has been provided.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact and Registration Forms
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our registration and/or login pages, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, comment, review or link, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
Data analytics include server-side logging for performance, security and operational purposes. We may also use third-party services that correspond to traffic, usage and ordering trends on the website and in the e-commerce store.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Information that we store for medical purposes is stored for the minimum time required to fulfill our compliance obligations for Health Canada under the terms of the rules and regulations governing our federal medical cannabis sales license.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Client registration medical information will be checked with the medical practitioner.
Medical practitioner information will be checked with the appropriate provincial or territorial licensing bodies.
Visitor comments may be checked through an automated spam detection service.
Your contact information
Tantus Health Co can be contacted online, through this website on the Contact page.
Additional information
How we protect your data
Data is encrypted both in-transit and at-rest. This means when you send us information through the website, the connection to our servers is encrypted using SSL. When we receive the information, it is stored securely in a database with encryption applied to the data and the database. Only authorized members of our team have the ability to access this information and only for the purposes of verification and/or order processing, as indicated in this Privacy Policy or our company’s Standard Operating Procedures.
What data breach procedures we have in place
What third parties we receive data from
Anonymized, aggregate information is used for analytical purposes including the efficient and secure operation of this website.
Required shipping information for your orders is shared with the parties responsible for delivery of packages, in order to make sure everything gets to where it is supposed to go.
Reporting and compliance information is shared with the government agencies responsible for compliance, including, but not limited too, Health Canada. Individually identifiable information about our Clients is not included in the data we provide to Health Canada.
What automated decision making and/or profiling we do with user data
Marketing systems may use cookies or scripts to understand how visitors have arrived at our site but this information is in aggregate and not individually identifiable.
General product and sales volumes are reported and analyzed, including automated and/or manually, for planning purposes and is done so in aggregate with no individually identified correlation to specific clients or users.
Industry regulatory disclosure requirements
As a company that is federally licensed by Health Canada to provide medical cannabis to registered patients, we are required to report monthly data regarding the sale of medical cannabis, including the type of product sold, amount of product sold and in which provinces or territories this was all sold.
We are required to provide medical practitioner information and statistics.
We do not report specific client information including personal information or medical information. The only medical data that is reported to Health Canada is an aggregate number of prescriptions and product but not to whom this is sold or shipped to.