Privacy and Security Policy

Dufort et Lavigne’s Privacy & Security policy

 

1. Which laws regulate the disclosure of personal information in the Province of Québec?

 

2. What is personal information?

 

3. What measures has the company taken to protect and safeguard personal information? 

 

4. Does Dufort et Lavigne only protect information about individuals? 

 

5. What information is requested when opening an account?

 

6. What information must Dufort et Lavigne have in its possession in order to carry out transactions with customers? 

 

7. Will Dufort et Lavigne use my account information for purposes other than commercial transactions?

 

8. Is it possible to verify the information retained about customers (for example, about the practitioner or clinic)?

 

9. Will it be safe to make transactions on Dufort et Lavigne’s website?

 

10. Is Electronic Data Interchange (EDI) safe?

 

11. Is it likely that the Privacy and Security policy will change?

 

1. Which laws regulate the disclosure of personal information in the Province of Québec?

Dufort et Lavigne fully complies with the applicable federal laws (Privacy Act (RS, 1985, Chap. P-21) and Law on the Protection of Personal Information and Electronic Documents Act (SC 2000, Chap. 5)) as well as the applicable provincial law (An Act respecting the Protection of Personal Information in the Private Sector (RSQ, Chapter P-39.1)).

 

2. What is personal information?

Personal information refers to any information which relates to a natural person and allows that person to be identified.

 

3. What measures has taken the company to protect and safeguard personal information?

Dufort et Lavigne takes the protection of its clients’ personal information seriously and, for that reason, the company applies specific protection measures.

Starting on their date of hire, employees with access to clients’ account information must sign a written confidentiality agreement under which they agree not to disclose any information whatsoever, except when they are required to do so within the scope of their functions, both during their period of employment at Dufort et Lavigne and following termination.  

Moreover, we have established specific electronic security measures. Passwords and personal ID numbers are created for each employee with access to a workstation. Employees also have limited access to customer account information, which is restricted and determined based on their functions and needs.

In no event does Dufort et Lavigne disclose, sell, lease, lend or market information about its customers. The company uses customer data solely for internal administrative purposes, such as responding to calls for tender, billing, delivery and invoice processing, issuing account statements or following up in the event of a recall and communicating with manufacturers.

 

4. Does Dufort et Lavigne only protect information about individuals?

No. Dufort et Lavigne’s policy encompasses the protection of personal information for all clientele (private, public, semi-public and institutional sectors).

Dufort et Lavigne requires employees given access to information about customer accounts to exercise good judgment and discretion at all times to ensure that all information about individuals, clinics, drugstores, organizations, corporations, companies, etc., is protected. We also protect information about private and public institutions that do business with Dufort et Lavigne.

 

5. What information is requested when opening an account? 

The Accounting Department is responsible for setting up new accounts and collecting the necessary information, such as personal identification information, billing and shipping addresses, telephone and fax numbers, and email addresses. The accounts receivable clerk will request information about the best delivery day and time for goods purchased, as well as preferences for the sending of invoices and account statements. Lastly, the clerk will ask for credit references, namely, the name and bank details of two major suppliers. 

As for practitioners, Dufort et Lavigne will request information about their field of activity (doctor, dentist, etc.) and licence number in order to comply with requirements concerning the sale of prescription drugs. This information is also necessary for the customer’s credit evaluation. In addition, the clerk may request the names and contact information of a resource person and the best delivery days and times for the goods ordered.

When deemed appropriate and necessary, a credit investigation may be required to open an account with Dufort et Lavigne. Information and authorizations in this regard will be requested.

 

6. What information must Dufort et Lavigne have in its possession in order to carry out transactions with customers?

Dufort et Lavigne only collects information needed to process requests and complete transactions. We ensure that we have the necessary information, whether it is a company or health care provider account, or a remote or direct order from one of our stores. The information retained also depends on the delivery terms for goods purchased and the preferred payment method.


Purchases:
Dufort et Lavigne provides an invoice (in compliance with the Consumer Protection Act, RSQ, Chap. P-40.1) upon payment of the goods ordered. The invoice solely includes the information deemed necessary. Furthermore, the buyer’s identification information (first and last name, if an individual), full address and telephone number as well as the preferred method of payment must appear on all invoices.

All credit or debit payments are transmitted to RBC Royal Bank of Canada, which has established its own policies for the protection and safeguarding of personal information. This financial institution has also developed an encryption technique designed to make transactions safe.  

Remote purchases (online, by phone, fax, mail, email or EDI):
When Dufort et Lavigne processes remote purchase requests, the following information is required: the buyer’s identification information (first and last name, if an individual), billing and shipping addresses, telephone and fax numbers, business hours and delivery times and, if applicable, the name and contact information of a resource person to keep track of the order.

If an account has not been opened with Dufort et Lavigne, we will require the following information: the buyer’s identification information (first and last name, if an individual), delivery and billing addresses, telephone number and the information deemed necessary for credit card payments (cardholder's name, date of expiry and credit card number).

 

7. Will Dufort et Lavigne use my account information for purposes other than commercial transactions?

Dufort et Lavigne may, in some cases, use account information to trace customer orders with the manufacturer, drug or equipment supplier, particularly to ensure compliance with the guarantees on the equipment purchased or to notify you of a product recall as required by Health Canada or the manufacturer.

 

8. Is it possible to verify the information retained about customers (for example, about the practitioner or clinic)?

You may access your account information at all times, after verifying and confirming your identification information. 
The Accounts receivable officers at Dufort et Lavigne’s headquarters, whom you may contact during regular office hours, manage your account information.

Customers may, at any time, update their account information with Dufort et Lavigne.

 

9. Is it safe to carry out transactions on Dufort et Lavigne’s website?

Dufort et Lavigne ensures that all transactions carried out on its site are in accordance with industry standards and provide the highest level of security.

 

10. Is Electronic Data Interchange (EDI) safe?

Dufort et Lavigne is a technology partner of Commport Communications International Inc, which has adopted its own policies on the security of information and privacy while being at the cutting edge of secure protection systems and measures. 
For years, the company has used EDI (Electronic Data Interchange) in its trade relations with key Canadian and US suppliers and with large hospitals in the Province of Québec. Data confidentiality within an EDI system is primarily ensured by encrypting all messages sent between business partners. Thus, only the intended recipients can access their messages.

 

11. Is it likely that the Privacy and Security policy will change?

Dufort et Lavigne’s concerns and activities regarding privacy and security are constantly changing, and may vary and be modified according to changes in the products and services offered by Dufort et Lavigne. These changes may result from technological developments and breakthroughs in this field and, lastly, changes in the applicable laws.

Dufort et Lavigne invites its customers to consult this section regularly to learn about new releases or updates. For example, in a very near future, the site will offer options such as account consultation, contracts and price agreements consultation, and the possibility of paying bills or shopping online. Moreover, the company will disclose its security protocols aiming to provide the best possible protection (namely, through usernames and passwords) and ensure optimal security for all transactions on our website.