Privacy Policy
(English only)
Last Updated: 20th Dec 2024
At Virtrapy (the “Centre”), we understand that seeking counselling services online requires a deep trust in how we handle your personal and health information. We take this responsibility seriously. This Privacy Policy explains, in detail, the steps we take to comply with Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) and Ontario’s Personal Health Information Protection Act (“PHIPA”). We want you to feel reassured by knowing exactly how and why we collect, use, disclose, store, and protect your information.
The policy is written to help you understand our privacy practices in a clear, friendly manner. If you have any questions, please feel free to contact us at the details provided at the end of this document.
1. Our Role and Responsibilities under PIPEDA and PHIPA
Under PIPEDA: As a private-sector organization offering services in Canada, we are responsible for protecting your personal information (e.g., name, contact details, payment information) in accordance with PIPEDA’s Ten Fair Information Principles. These principles guide our approach to accountability, transparency, and security.
Under PHIPA: Since we operate in Ontario and handle Personal Health Information (“PHI”), such as mental health records, treatment notes, and other information related to your well-being, we are considered a “health information custodian” under PHIPA. PHIPA sets out rules that ensure your PHI is collected, used, and disclosed only as necessary for providing health services and only with your meaningful consent, unless otherwise permitted or required by law.
2. Accountability (PIPEDA Principle 1) & Our Duties (PHIPA)
- We designate a Privacy Officer who is responsible for our data protection strategies and compliance. This individual ensures that all staff and associated professionals understand and follow PIPEDA and PHIPA requirements.
- Under PHIPA, as a health information custodian, we ensure that everyone involved in your care, including registered counsellors and administrative staff, receives appropriate privacy training and signs confidentiality agreements.
- We regularly review and update our privacy policies and procedures to ensure ongoing compliance with both PIPEDA and PHIPA.
3. Identifying Purposes (PIPEDA Principle 2)
- For Counselling Services: We collect information about your mental health history, presenting issues, treatment goals, and relevant personal details to develop and deliver personalised counselling services.
- For Communication: We use your contact information to confirm appointments, send reminders, and provide updates about our services.
- For Billing and Administration: We may collect payment details to process fees securely, as well as maintain administrative records.
- For Quality Assurance and Compliance: Under PHIPA, we keep health records that document the care you receive. This is both a professional and a legal requirement to ensure continuity of care and compliance with professional standards.
We will always explain the purpose of our data collection before or at the time we collect the information. We do not use your information for new purposes without first obtaining your consent, unless otherwise permitted by law.
4. Consent (PIPEDA Principle 3) & Your Rights under PHIPA
- Implied or Express Consent: By voluntarily providing personal health information for the purpose of receiving counselling, you are giving us implied consent to use it for delivering care. In situations where the information is particularly sensitive, or if we wish to use it for a purpose not originally agreed upon, we will seek express (direct) consent.
- Withdrawing Consent: You have the right to withdraw your consent to certain uses or disclosures of your information at any time, subject to legal and contractual limitations. If you withdraw consent, we will explain any potential implications for your care.
- Capacity and Substitute Decision-Makers: Under PHIPA, if a client is not capable of providing informed consent, a substitute decision-maker (e.g., a parent or legal guardian) may do so on their behalf, following the law’s requirements.
5. Limiting Collection (PIPEDA Principle 4)
We only collect personal and health information that is strictly necessary for providing you with quality counselling services, meeting professional standards, and complying with legal requirements under PHIPA. We do not collect information that is unrelated to our services or retain it simply because it may be useful in the future.
6. Limiting Use, Disclosure, and Retention (PIPEDA Principle 5) & PHIPA Safeguards
- Primary Purpose: Your information is primarily used to understand your mental health needs, develop treatment plans, and maintain records of the care provided.
- Disclosure Without Consent: Under PHIPA, we may disclose certain information without your consent if required by law (e.g., court orders or where there is a significant risk of serious harm to you or others). In all such cases, we will only disclose the minimum information necessary.
- Third-Party Service Providers: If we use secure third-party platforms or billing services, we ensure they meet strict privacy and security standards and sign agreements to protect your data.
- Retention: We keep your health records for as long as required by Ontario regulations and professional guidelines. Once the retention period lapses, or it becomes clear we no longer need the information, we securely destroy or anonymise it.
7. Accuracy (PIPEDA Principle 6)
We make every effort to keep your personal and health information accurate, complete, and up-to-date. Under PHIPA, you have the right to request corrections to your health records. If you believe something is inaccurate or missing, please let us know and we will promptly review and amend the information if appropriate.
8. Safeguards (PIPEDA Principle 7) & PHIPA Security Measures
- We use secure, encrypted communication channels for the therapy sessions, encrypted databases to store records, and secure servers protected by firewalls and robust authentication measures.
- Everyone who handles your data is trained in privacy and security best practices, with ongoing training to stay updated.
- In the rare event of a data breach, we have procedures aligned with PIPEDA and PHIPA for prompt containment, investigation, notification, and prevention of future breaches. You will be notified if there is any breach that poses a risk of significant harm.
9. Openness (PIPEDA Principle 8)
Our privacy practices are clearly described in this policy. If you require more details, we are happy to provide additional information about our methods, policies, and complaint processes. We endeavour to make our policy accessible and understandable, free of unnecessary jargon.
10. Individual Access (PIPEDA Principle 9) & Access Rights under PHIPA
Under PHIPA, you can access your health records by contacting us. We will provide you with the information, usually within a reasonable timeframe and often at minimal or no cost. We will let you know if there are any fees or if any specific legal exceptions apply.
If you feel information is inaccurate or incomplete, you can request a correction. We will carefully review your request and update the record if warranted. If we choose not to update certain information, we will explain the reasons why and make a note of your request in your file.
11. Challenging Compliance (PIPEDA Principle 10)
If you have any questions, concerns, or complaints about our privacy practices, please contact our Privacy Officer (details below). We will investigate and respond to all privacy complaints promptly and thoroughly.
If we are unable to resolve your concerns, you have the right to contact the Office of the Privacy Commissioner of Canada (for PIPEDA matters) and/or the Information and Privacy Commissioner of Ontario (for PHIPA matters).
12. Children and Youth
For clients under the age of consent or those who cannot consent on their own, we obtain consent from a parent, guardian, or substitute decision-maker in line with PHIPA requirements. We take special care to explain privacy policies to young clients in a clear and supportive manner, ensuring they understand how their information is handled, where appropriate.
13. Cookie and Website Preferences
Our website uses a single cookie to remember your language preference for enhancing your browsing experience. This cookie does not collect or store personal information and is considered essential for website functionality.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect new laws, technological changes, or improved practices. Any changes will be posted on our website with the “Last Updated” date. Significant changes that affect how we handle your information will be communicated more prominently, and if required, we will seek your renewed consent.
15. Contact Us
If you have questions about this Privacy Policy, wish to access your records, request a correction, or have any privacy-related concerns, please contact our Privacy Officer:
Privacy Officer
Virtrapy Inc.
info@virtrapy.com
We are here to provide a supportive environment, and that includes ensuring your personal and health information is treated with the utmost respect and care, fully in line with the values and requirements of PIPEDA and PHIPA. Thank you for placing your trust in us. For more detailed information about how we protect your data, please refer to our Data Security.