Privacy Policy and
Health Information Security Compliance

Privacy Policy

Please be assured that all verbal and written information exchanged with your coach is confidential. The following privacy policy relates to online data only.

We are committed to protecting and safeguarding your privacy. We will only use the information that we collect about you lawfully (in accordance with the Data Protection act 1998). This policy sets out how we will treat your personal information.

1. What information do we collect online?

We may collect, store, and use the following kinds of personal data:

  • Information about your computer and your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit, and the number of page views).
  • Information that you provide to us for the purpose of registering with us.
  • Information that you provide to us for the purpose of subscribing to our website services, email notifications, and/or newsletters.
  • Any other information that you choose to send to us.

2. Cookies

A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the webserver to identify and track the web browser.

We may use both "session" cookies and "persistent" cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognize you when you make subsequent visits to this website.

Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

We use Google Analytics to analyze the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at http://www.google.com/privacypolicy.html.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer, you can refuse all cookies by clicking "Tools," "Internet Options," "Privacy," and selecting "Block all cookies" using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites[, including this one.

3. Using your online personal data

Personal data submitted on this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use your personal information to:

  • Administer the website.
  • Improve your browsing experience by personalizing the website.
  • Enable your use of the services available on the website.
  • Send you email notifications which you have specifically requested.
  • Send to you our newsletter and other marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications).
  • Provide third parties with statistical information about our users – but this information will not be used to identify any individual user.
  • Deal with inquiries and complaints made by or about you relating to the website.

Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.

We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.

4. Disclosures

We may disclose information about you to any of our employees, officers, agents, suppliers, or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose information about you:

  • To the extent that we are required to do so by law.
  • In connection with any legal proceedings or prospective legal proceedings.
  • In order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

Except as provided in this privacy policy, we will not provide your information to third parties.

6. Security of your personal data

We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall-protected) servers.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

7. Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

8. Your rights

You may instruct us to provide you with any personal information we hold about you. The provision of such information may be subject to the payment of a fee (currently fixed at CAD$10.00).

You may instruct us not to process your personal data for marketing purposes by email at any time. (In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.)

9. Third-party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

10. Updating information

Please let us know if the personal information which we hold about you needs to be corrected or updated.

11. Contact

If you have any questions about this privacy policy or our treatment of your personal data, please write to us by email or post via the details on our contact page.

Privacy Policy
Privacy and Security Compliance

Health Information Security Compliance

PIPEDA (Personal Information Protection and Electronic Documents Act) is a Canadian federal law that sets rules for how businesses must handle personal data in the course of commercial activity.

PHIPA (Personal Health Information Protection Act) is a local, provincial (Ontario) legislation that protects the confidentiality and privacy of personal health information.

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.

GDPR (General Data Protection Regulation) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. 

PIPEDA is close in structure to the GDPR regulations in the EU, and PHIPA closely aligns to the US HIPAA regulations.

Compliance Adherence

Canada

  • Personal Information Protection and Electronic Documents Act (PIPEDA) Compliant

Ontario, Canada

  • The Personal Health Information Protection Act (PHIPA) Compliant

United States

  • Health Insurance Portability and Accountability Act (HIPPA) Compliant

Europe

  • The General Data Protection Regulation (GDPR) Compliant

Electronic Records and Digital Data Storage

We store and maintain all client records and data electronically with a PIPEDA, HIPPA, and GDPR compliant healthcare data storage solution delivered by IntakeQ.

Digital Communication and Collaboration

All client care delivered by video collaboration, teleconferencing, and phone is PHIPA, PIPEDA, HIPPA, and GDPR compliant using the "Zoom for healthcare solution."

  • Submits privacy practices to independent assessment and certification with TrustArc
  • Undergoes an annual SSAE-16 SOC 2 audit by a qualified independent third-party
  • Performs regular vulnerability scans and penetration tests to identify new threats
  • Executes “Data Protection Agreements” for adequate transfer mechanisms
  • Protects data in transit by TLS 1.2 using 256-bit Advanced Encryption Standard (AES-256)
  • Leverages the physical and environmental protection of our TIER 1 data center providers. Zoom’s hosting facilities have 24/7 manned security and monitoring
  • Does not monitor, view, or track the video or audio content of meetings or webinars
  • Does not share customer data with third parties
  • Limits retainment of accounts to 30 days after termination to assist with product reactivation upon request. After 30 days, the account is permanently deleted
Data Privacy and Security