2. What information do we collect and how do we use it?
Personal information is generally defined by applicable privacy or data protection laws as information about an identifiable individual. An identifiable individual is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
You will be required to provide us personal information when you use our Services. This information may include your full name, date of birth, ethnicity, religion, marital status, sex/gender, family status, full home address, employment information, academic information, e-mail address, telephone numbers (cell/home/work), name of emergency contact, psychiatric and medical history including mental health treatment history, current habits/stressful life events and relationship information. When you receive clinical services, other personal information about you may be collected, as set out in more detail below.
Other personal information is automatically collected when you use our Services, including your IP address, the domain name and host from which you access the internet, the pages of our Services that you visit, your browsing history, your browser software or operating system and your browser’s country setting.
In general, the personal information that is collected is used to administer and deliver the Services. To help you better understand how your personal information will be used, you will find below a more detailed explanation on how your personal information will be used in relation to specific activities.
Request for and Administration of Clinical Services.
Once an initial appointment is booked with a clinician through the admission service, your personal information, including your name and email address, is then added to a workflow system, housed on another private server and kept for a maximum of 90 days, that ensures all necessary information required to attend a first appointment is being provided in a timely manner. These systems ensure that new clients receive “onboarding emails” with information about the time, date, and location of their upcoming appointment, the provision of links to facilitate scheduling/rescheduling, and the provision of the intake forms for therapy. This system also operates to ensure that returning clients receive regular emails reminding them of upcoming appointments, sending official receipts and information about outstanding invoices, collecting session feedback, sending booking links to schedule follow-up appointments, managing notification subscription information, and providing up-to-date information about eventual changes to clinical services.
Upon your first appointment with a clinician, clients are requested to come prepared by completing and signing the intake and consent to treatment form. This form is reviewed with all incoming clients and includes information regarding the nature of the assessment/treatment and a review of the limits of confidentiality. Information requested by the intake form includes full name, date of birth, ethnicity, religion, marital status, sex/gender, family status, full home address, employment information, academic information, telephone numbers (cell/home/work), name of emergency contact, psychiatric and medical history including mental health treatment history, current habits/stressful life events and relationship information. This information is requested in order to facilitate the intake process and to gather base information for assessment and treatment planning, and is not shared with any external party or organization. Physical copies of the intake form are stored in locked filing cabinets with confidential client files and are scanned and uploaded securely (via an encrypted email system) to our electronic medical practice management system, which uses the latest security mechanisms. Once this process is completed, the physical copies are shredded and confidentially discarded. In the case of the completion of the electronic version of the intake form, upon reception, the admission service uploads this document to the client’s file housed on our electronic practice management system and all other copies are deleted promptly.
In addition to the information provided at the onset via the intake and consent to treatment form, your clinician will take progress notes and may prepare personal evaluations throughout your treatment. As per OPQ standards, all clinical notes including psychological records, appointment notes, treatment interventions and the results of treatment will be stored in your personal file housed exclusively on our electronic practice management software and will only be made available to those individuals who are required to access it. This will ensure that the standards of care continue to be met throughout and after the course of your treatment.
While all clients will have the opportunity to pay securely through point of sale physical terminals for all in-person sessions, the Clinic also offers you the opportunity to pay online. Therefore, we will use the personal information that is collected to process your payment request and to send you invoices through our secure online invoicing system, with only the client’s name, email address, and invoice number being stored to ensure timely processing and for accounting purposes. Invoices are then sent via an encrypted email server to the client, at which point you can select your preferred transaction method (e.g., PayPal or credit card). Importantly, no payment information (account or credit card numbers) are directly stored or processed by the Clinic and this information will only be communicated to our payment service provider in order to complete the transaction.
Online Communication and Telehealth/Telepsychology.
Our Service includes the ability for online communication between clinicians and clients through our secure and encrypted email servers. All clinicians use 2-factor authentication in order to ensure the safeguarding of all information and only the client’s name, email address and the body of the email are stored, with all official communications being added to the client’s electronic file.
In addition, the Clinic also offers our clients the opportunity to engage in our Service virtually through web conferencing. In an effort to once again provide a safe and secure environment, we use a private web conferencing solution that is easy to use and minimizes the amount of personal information collected. Clients are sent access information via email, and upon clicking are asked to provide their desired screen name before joining the virtual waiting room. The clinician is then able to accept each client into the therapy space so that the session can take place. The client’s screen name (as entered by the client), their IP address, and any documents and/or discussions undertaken via the web-interface are stored on our encrypted servers.
Use of interactive features.
Clients may choose to provide words of appreciation for their clinician and the services offered to them on our Website. While the Clinic ensures that the client’s name will not be posted, it is understood that the client may choose to provide certain personal information with regards to the treatment received by the clinician. Remember that this information will be publicly available and caution should be exercised when deciding to disclose personal information that may identify you and other individuals.
Subscribing to our mailing list, newsletter and email communication.
Sometimes, we may collect personal information to send you emails containing our latest news, products, services or promotions as well as those of third parties to whom we are linked. You can unsubscribe from our mailing list at all times by following the instructions provided at the end of every email. You can also unsubscribe from our mailing list by following the instructions set out in the section titled “Contact us” below. Your request will be processed within the statutory timeframes.
Communicating with us to ask a question, submit a comment or file a complaint.
If you choose to send us an electronic feedback form or to send comments, questions or feedback via email, we collect some personal information as well as your comments, suggestions and feedback. This personal information is used to respond to your comments, questions or feedback. We can also keep this information to help you in the future. We can also use your comments, suggestions and feedback to monitor and/or enhance our products and service offerings and our Service.
Management database and customer relationship management (CRM).
When you participate in one of the above-mentioned activities, we collect personal information provided to complete and update our customer relationship database. In this context, the personal information collected is used to manage the relationship with customers, to generate mailing lists, to follow up with potential clients and to create internal reports on relationships between the Clinic and its clients, to monitor and/or enhance our Service.
Applying for a job with the Clinic.
When you apply for a job with the Clinic, either online or otherwise, we collect personal information about you as set out in your application. We use that personal information in order to evaluate and process your application and your interest in employment with us, to communicate with you about your application, and to manage our recruitment needs.
3. Information Collected Automatically
Consulting the content on the Services.
When you browse our Services, information pertaining to your user behavior is collected by cookies and other technological means, as further described below. This personal information is used to personalize the content displayed on our Services and to improve the content recommendations intended for you.
Cookies and other technologies.
Our Services use a technology called “cookies” which are a tiny element of data that is sent to your device, which may then be stored on your device so we can identify you as an authorized user of our Services. Cookies are used in order to ensure the optimal user experience and will ensure user preferences are saved (e.g., language preference, dismissal of information boxes, etc.) to ensure ease of navigation. User information is also collected and aggregated (without any identifying information) for the following purposes: technical troubleshooting, development of new interfaces for enhanced user experience, and in order to track marketing efforts.
You may set your web browser or other device to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies from our Services, you may not be able to take advantage of all of the features of our Services.
Professional web analysis service
We can also use third party services (such as Google Adwords or Facebook Pixel) to:
- Remarket our Services, which consists of advertising to individuals who have already visited our Website through other websites or by using internet navigation habits to make sure that the appropriate demographic views our ads; and
- Collect, analyze and/or gather your personal information (such as internet users’ IP address, sex, age and interests), as well as create reports on the demographic data of internet users and their interests, in order to help us understand how visitors interact with our website or our ads and to improve our products, our marketing and our websites.
The companies conducting remarketing can combine the use of first-party cookies, and third-party cookies, to (i) gather personal information; (ii) to inform, optimize and advertise based on your previous visits on our websites; and (iii) to determine the relationship between the registered visits to our websites and the advertising impressions, the other uses of advertising services and the interactions with these advertising impressions and these advertising services. To measure the effectiveness of our ads, these companies may also use tracer tags or web beacons to account for certain information regarding your visits to our websites and to the websites that have links to our site and that advertise it.
4. Safeguarding your information
All personal information in our custody and control is kept securely and protected by administrative, technical and physical safeguards aiming to protect the personal information against unauthorized access, use, modification and disclosure and which are designed based on the sensitivity of the information provided. All management of this data, from initial consultation, client characteristics, automation services and email systems, are protected via two-factor authentication for all clinicians and system administrators, including the following systems: electronic practice management software (clinical notes and record keeping); encrypted email client (automated reminders and client communication); online invoicing software (invoicing and payment). Any and all sensitive personal information (e.g., clinical record keeping,) is stored on our cloud-based electronic practice management system. In addition, certain personal information such as the client’s name, place of work, email address, appointment notes, cancellation notes, the name of their clinician and invoices are also stored outside of the electronic practice management system in order to facilitate processing of information. Our electronic practice management software manages appointment reminders/confirmations, receipts, and any letters or documents; the workflow server deals with welcome emails, sending of intake packages, session feedback, and follow-up scheduling.
5. Limiting collection, use, and disclosure of information
- in the event that the clinician has reasonable cause to believe any of the following, the clinician must disclose this information to the person exposed to that danger, that person’s representative or to persons who can come to that person’s aid:
- there is imminent danger such as suicide, death or serious bodily injury to a person or identifiable person and/or group;
- there is a risk that a child will run away;
- there is suspected or known abuse or neglect of a child or older adult; or
- there is a risk that an individual is operating a motor vehicle in an unsafe manner;
- in the event that the individual receiving treatment is under the age of 14, we will disclose your personal information as-well as all clinical notes to the parents or legal guardians of the individual if requested by the parents or legal guardians;
- we may disclose your information to our personnel such as for example to our administrative staff but only if access to the information is required for them to carry out their professional duties;
- we may disclose your personal information to entities, organizations and authorities for legal purposes. In other words, we can disclose your personal information in response to a legally valid inquiry or order, or as otherwise required or permitted by applicable law. We may also disclose personal information where necessary for the establishment, exercise or defense of legal claims and to prevent actual or suspect loss or harm to persons or property;
- we may disclose your personal information to service providers, i.e., third parties (or otherwise make your personal information available to them) who provide services on our behalf in Canada, in the United States or abroad. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own marketing or other purposes;
- we may disclose your information to our business partners in order to support our business operations and to allow us to provide our products and services to you. These business partners include companies whose products and services integrate with the Services such as Microsoft Cloud Solutions Provider, Amazon AWS Partner Network, Google Suite and Google Cloud and various SAAS applications. We do not authorize them to use or disclose personal information for their own marketing or other purposes; and
- we may disclose your information to another entity in connection with a merger or sale including all or part of our company or as part of a corporate reorganization or stock sale or other change in corporate control. In that case, we may transfer your personal information to a third party as part of the transaction.
6. How long will my information be stored for?
As per standards set forth by the OPQ, the Clinic is responsible for the safeguarding and storage of all client-related information for a period of 5-years from the date of the last professional service provided. Subject to this requirement, all clinical information including any physical copies may be destroyed/shredded only after this 5-year period in order to ensure the protection and confidentiality of all clients.
7. Can I access my information? What if I find an error?
You have the right to access, update, and correct inaccuracies in your personal information in our custody and control, subject to certain exceptions prescribed by law.
In the event that a client requires access to the file, the Clinic asks that this request be made in writing and sent to the email address listed below or by using the contact form provided on our website. Upon receipt of this request, the Clinic has 30 days to respond to the request in question and can process the request subject to administrative fees. In the event that the clinician is unable to accommodate this request (for example, because the information being requested is deemed to be harmful for the client), the clinician must make this clear to the client (verbally and/or in writing), and inform the client of any potential recourse.
In the event that a client (or person authorized by the client) determines information kept by the Clinic to be inaccurate, incomplete, ambiguous, outdated, or unjustified, you may request this information to be updated, corrected or deleted. The clinician will have 30 days from receipt of the request to have this correction or deletion processed.
8. Withdraw Your Consent To The Retention, Use and Disclosure of Your Personal Information
You may withdraw your consent to our retention, use or disclosure of your personal information at any time by contacting us through the contact form located on the website or by using the contact information provided below. We will process your request within 30 days after we receive it. However, if you withdraw your consent, we may not be able to respond to your requests, process your requests or provide you with any help regarding the Services.
9. Third Party Links
11. Contact us