This policy (together with our terms of website use and any other documents referred to on it) sets out the basis on which The Mental Health Clinic (“Clinic”, “us”, “we”, or “our”) will collect and process any personal data we collect from you, or which you provide to us, in the course of using our site www.mentalhealthclinic.co. We may change or add to this privacy notice, so we encourage you to come back and read it periodically.
By using the site, you agree to the collection and use of information in accordance with this policy. By providing us with your data, you also warrant to us that you are over 18 years of age.
While using our site, we may ask you to provide us with certain personal data that can be used to identify or contact you. Personally Identifiable Information (PII) may include, but is not limited to:
- First and last name, age, and gender
- Postal address, email address, telephone number, and other contact information
For clients who work with the clinic, we may also collect Protected Health Information (PHI) to provide appropriate services. Protected Health Information may include:
- Your medical history, family history, medical diagnosis, health background, and current health status
- Age, gender, sexual behavior and sexual orientation
- Demographic information, including race, ethnicity, marital status, salary, education, criminal convictions, political, religious, and trade union information
- Information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, and payments for treatment and health insurance information
We may collect this information voluntarily from you to provide appropriate services. Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for the purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at firstname.lastname@example.org. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.
Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, provide appropriate services and to establish, pursue or defend legal claims.
User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
Information Collected Automatically
Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
Technical Data that includes data about your use of our website and online services such as your Internet Protocol (“IP”) addresses, operating systems, browser types, device types, URLS, access dates and times; Website pages that you visit; referring website information; universally unique identifiers (“UUID”), advertising identifier (“IDFA”), carrier and country location, hardware and processor information, network type, and other related data. The source of this data is from our analytics tracking system. We process this data to analyze your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
For more information on Google Analytics, including how to opt out from certain data collection, please visit https://www.google.com/analytics. If you opt out of any service, you may not enjoy the full functionality of the Website.
Other Third-Party Tracking Tools. We may also collect or receive information from third parties, such as Facebook, Instagram and/or other third-party social media and similar sites.
We may use the above forms of data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful grounds for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
How we keep your information secure
As a mental health clinic, we are committed to protecting your PII and PHI. As such, we have applied appropriate administrative, technical, and physical safeguards designed to protect your Information from illegal access, use or sharing. All information you provide to us through the website is protected and encrypted within Google Cloud servers. We have ensured Google Cloud services are HIPAA, PIPEDA and PHIPA compliant in providing safeguards that encrypt all PII and PHI. If you are an ongoing client, rest assured that video and tele meetings are secured through JaneApp as well as all documentation. JaneApp is a HIPAA, PIPEDA and PHIPA compliant software for counsellors, therapists and medical practioners.
Health Insurance Portability and Accountability Act (HIPAA) outlines Privacy Rule standards for the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s version of HIPAA. The PIPEDA provides a set of rules that protects the confidentiality of personal health information and the privacy of the individual to whom that information relates. While the act is similar to the the United States HIPAA, PIPEDA has some significant differences to ensure more stringent protection.
The Personal Health Information Protection Act (PHIPA) is Ontario’s health privacy legislation. The PHIPA also outlines a set of rules regarding the collection, use and storage of personal health information (PHI).
GDPR Data Protection Rights
If you live in the EU, your data may be subject to protection by the General Data Protection Regulation (the “GDPR”), a privacy regulation intended to help you have greater control over your personal data.
To learn more: https://gdpr.eu/