Please be assured that all verbal and written information exchanged with your counsellor or coach is strictly confidential.
We are committed to protecting and safeguarding your privacy. We will only use the information that we collect about you lawfully (in accordance with the Data Protection act 1998). This policy sets out how we will treat your personal information.
1. What information do we collect online?
We may collect, store, and use the following kinds of personal data:
- Information about your computer and your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit, and the number of page views).
- Information that you provide to us for the purpose of registering with us.
- Information that you provide to us for the purpose of subscribing to our website services, email notifications, and/or newsletters.
- Any other information that you choose to send to us.
A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the webserver to identify and track the web browser.
We may use both "session" cookies and "persistent" cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognize you when you make subsequent visits to this website.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer, you can refuse all cookies by clicking "Tools," "Internet Options," "Privacy," and selecting "Block all cookies" using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites[, including this one.
3. Using your online personal data
We may use your personal information to:
- Administer the website.
- Improve your browsing experience by personalizing the website.
- Enable your use of the services available on the website.
- Send you email notifications which you have specifically requested.
- Send to you our newsletter and other marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications).
- Provide third parties with statistical information about our users – but this information will not be used to identify any individual user.
- Deal with inquiries and complaints made by or about you relating to the website.
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
In addition, we may disclose information about you:
- To the extent that we are required to do so by law.
- In connection with any legal proceedings or prospective legal proceedings.
- In order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
6. Security of your personal data
We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
7. Policy amendments
8. Your rights
You may instruct us to provide you with any personal information we hold about you. The provision of such information may be subject to the payment of a fee (currently fixed at CAD$10.00).
You may instruct us not to process your personal data for marketing purposes by email at any time. (In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.)
9. Third-party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
10. Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.
Health Information Security Compliance
Privacy and Security Compliance
PIPEDA (Personal Information Protection and Electronic Documents Act) is a Canadian federal law that sets rules for how businesses must handle personal data in the course of commercial activity.
PHIPA (Personal Health Information Protection Act) is a local, provincial (Ontario) legislation that protects the confidentiality and privacy of personal health information.
HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.
GDPR (General Data Protection Regulation) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
PIPEDA is close in structure to the GDPR regulations in the EU, and PHIPA closely aligns to the US HIPAA regulations.
Personal Information Protection and Electronic Documents Act (PIPEDA) Compliant
Personal Health Information Protection Act (PHIPA) Compliant
Health Insurance Portability and Accountability Act (HIPPA) Compliant
General Data Protection Regulation (GDPR) Compliant
Electronic Records and Digital Data Storage
We store and maintain all client records and data electronically with a PIPEDA, HIPPA, and GDPR compliant healthcare data storage solution delivered by IntakeQ.
Digital Communication and Collaboration
All client care delivered by video collaboration, teleconferencing, and phone is PHIPA, PIPEDA, HIPPA, and GDPR compliant using the "Zoom for healthcare solution."
- Submits privacy practices to independent assessment and certification with TrustArc
- Undergoes an annual SSAE-16 SOC 2 audit by a qualified independent third-party
- Performs regular vulnerability scans and penetration tests to identify new threats
- Executes “Data Protection Agreements” for adequate transfer mechanisms
- Protects data in transit by TLS 1.2 using 256-bit Advanced Encryption Standard (AES-256)
- Leverages the physical and environmental protection of our TIER 1 data center providers. Zoom’s hosting facilities have 24/7 manned security and monitoring
- Does not monitor, view, or track the video or audio content of meetings or webinars
- Does not share customer data with third parties
- Limits retainment of accounts to 30 days after termination to assist with product reactivation upon request. After 30 days, the account is permanently deleted