Privacy Policies

Website Privacy Policy

Introduction

We use a number of safeguards to protect the privacy of our users and the confidentiality of their Personal Information including Personal Health Information (collectively referred to together in this Privacy Policy as “Confidential Information”).

This Privacy Policy summarizes how we collect, use, disclose, retain, dispose of, destroy and protect information as well as other information that does not identify an individual in the course of providing our services. We are committed to complying with this Policy and with applicable Provincial and Federal privacy legislation.

Confidential Information.

To enrol in, purchase, or use our Products or Services, we may seek personal data or information including your name, email address, phone number, street address, billing information, birthday, preferences, interests, assignments, or other personally identifying information (“Confidential Information”), or you may offer or provide a comment, photo, image, video, writing sample, copy, or any other submission to us when using or participating in our Products or Services (“Other Information”).

 By providing such Confidential Information or other Information to us, you grant us permission to use and store such information. We, in turn, will use our best efforts to keep your Confidential Information safe, secure and confidential in accordance with these Terms of Use and Privacy Policy which may be found on our website. If you believe that any of your Confidential Information is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any Confidential Information found to be incorrect.

 What We Do With Confidential Information.

 We request and require various personal data and/or Confidential Information to understand your needs and to provide you with better Services. In addition, we may use such data in Confidential Information for the following reasons: (1) for internal record-keeping; (2) to improve our Products or Services; (3) to periodically send promotions about new Products or Services, or other special offers from which you may unsubscribe at any time; (4) for aggregate, non-identifiable data for research purposes; (5) to customize the respective Programs and Services that you purchase or use according to your interests; and/or (6) for support or communication related to your program, product, service or Programs and Services.

We will not sell or rent this information to anyone. We will not collect personal information indiscriminately. We will limit the amount and the type of information we collect to that necessary to fulfill the purposes we have identified to you, or as otherwise permitted or required by law.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy. If you do not want to receive such messages, you can find an ‘unsubscribe” link at the bottom of each email. You can also contact us directly to request that you be removed from our distribution list. Please note that you cannot unsubscribe or opt-out of non-promotional messages regarding your account, such as account verifications, changes or updates to features or technical or security notices.

 Storage.

 All data and Confidential Information are stored through a data management system. This data and Confidential Information can only be accessed by those who help manage that information in order to deliver email or otherwise contact those would like to receive our correspondence. You agree and acknowledge that we, including but not limited to our team, staff and affiliates, and those who manage the data management system, may have access to your Confidential Information.

Security.

We have reasonable security measures in place to prevent the loss, misuse, and alteration of the Confidential Information, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of such loss, misuse, or alteration. However, due to the nature of the Internet, we cannot completely ensure or warrant the security of your Confidential Information or any other data or information transmitted to us or through our services; therefore, submitting Confidential Information, data or other information to us is done at your own risk. Submitting contributions or information on or through our Website is done entirely at your own risk. We make no assurances about our ability to prevent any such loss or damage to you or to any other person, company or entity arising out of your use of our Products or Services and you agree that you are assuming such risks.

 Disclosure of Confidential Information.

 All Confidential Information will be held in confidentiality and will not be disclosed to third parties, except that we may disclose Confidential Information and personally identifiable information: (1) pursuant to these provisions in our Terms of Use; (2) if we are required to do so by law; (3) in the good-faith belief that such action is necessary to conform to the law; (4) to comply with any legal process served on either us or our partners, sponsors or investors; (5) to protect and defend our rights or our property or those of our users or purchasers; and/or (6) to act as immediately necessary in order to protect the personal safety of our users, purchasers, or the public.

 We will not sell, distribute, or lease your Confidential Information to third parties unless we have your explicit permission or are required by law to do so.

 Viewing by Others.

 Note that whenever you make your Confidential Information or other information available for viewing by others such as through our Products or Services, website, or social media, the Confidential Information or other information that you share can also be seen, collected, and used by others. Therefore, we cannot be responsible for any Unauthorized Use by others of such Confidential Information or other information that you voluntarily share online or in any other manner.

 How We Use Cookies and Third-Party Links.

 We may use the standard “cookies” feature of major web browsers. We do not set any Confidential Information in cookies, nor do we employ any data capture mechanisms on our website other than cookies. You may choose to disable cookies through your own web browsers settings. However, disabling this function may diminish your experience on the website and some features of our Programs, Products and Services or Program Materials may not work as intended.

 We may also collect analytics data, or use third-party analytic tools such as Google Analytics, to help us measure traffic and usage trends and to understand more about our user demographics. You can learn more about Google’s practices at https://policies.google.com/technologies/partner-sites and view the currently available opt-out options at https://tools.google.com/dlpage/gaoptout.

 We have no access to or control over any information collected by other individuals, companies or entities whose website or materials may be linked to our Programs or and Services as these third-party links are independent and have separate privacy policies. However, we seek to protect the integrity of our site and welcome any feedback about these linked sites.

 Privacy Officer.

If you have any concerns about your Confidential Information or wish to obtain a Copy of the Confidential Information you have provided to us, please contact our Privacy Officer in writing. Their email address is info@kuranaturopathic.ca and mailing address is 15 Yarmouth St., Guelph, ON, N1H 4G2.

Kura Clinic Privacy Statement

Our Privacy Commitment to You 

We are committed to protecting your privacy and ensuring the confidentiality of your personal health  information. The types of personal health information we may collect include your name, date of birth,  contact information, health history, health measurements, health conditions, and records of the care  provided to you. We collect, use and disclose personal health information for the following purposes: 

  • To assess health needs and provide naturopathic care or massage therapy to our clients To establish a baseline of health to identify changes over time 
  • To obtain payment for goods and services provided 
  • To enable us to contact clients and maintain communication in regards to such things as scheduling To allow us to communicate with other treating health-care providers 
  • To advise clients about our clinic, new services, special events and opportunities (with consent) To comply with external regulators and various government agencies 
  • To educate staff and preceptors 
  • To facilitate the sale of our organization or individual practices 

We will collect, use and disclose only as much personal health information as is needed to achieve  these purposes. You can withhold or withdraw your consent to the collection, use of disclosure of your  personal health information by contacting us (details below). 

Access to Health Records 

You have the right to seek access to your health records that we keep and to ask us to correct a  record if you believe it is inaccurate or incomplete. Please contact us for more information. 

Questions or Concerns? 

If you have questions or want to make a complaint about our privacy practices, please contact: 

Dr. Alexandra Verge, ND 

15 Yarmouth St., Guelph 

Phone: (519) 766-9759 Fax: (519) 766-9871 

You also have the right to complain to the Information and Privacy Commissioner of Ontario at the  address below if you have concerns about our privacy practices or how your personal health  information has been handled: 

Information and Privacy Commissioner of Ontario 

2 Bloor Street E. – Suite 1400 

Toronto, ON M4W 1A8 

Phone: (416) 326-3333 Toll Free: (800) 387-0073 www.ipc.on.ca 

Our privacy policies and procedures comply with the provincial legislation called the Personal  Health Information Protection Act (PHIPA). Our Privacy Policy sets out this clinic’s  commitment to protecting your private health and personal information. It is available on  request by asking any of our practitioners or staff.

Kura Clinic Privacy Policy

Privacy of personal information is an important principle to us at Kura Clinic. We are  committed to collecting, using and disclosing personal information responsibly and only to the extent  necessary for the goods and services we provide. We try to be open and transparent about how we  handle personal information. This document describes our privacy policies. 

What is Personal Health Information? 

Personal health information is information about an identifiable individual. Personal health information  includes information that relates to: 

  • The physical or mental health of the individual (including family health history); The provision of health care to the individual (including identifying the individual’s health care provider); Payments or coverage for health care; 
  • The testing of an individuals’ body part or bodily substance’ 
  • The identification of the individual’s substitute decision-maker. 

This information can include: 

  • Name, address, telephone number, fax number, e-mail address, date of birth, occupation, place of  employment, insurance company, insurance coverage 
  • Education, gender, sexual orientation, ethnicity, health history, health records, family history, hours of  work, income 
  • Activities or views (e.g. religion, politics, opinions, community involvement) 

Who We Are 

Our organization, Kura Clinic, includes regulated health professionals and support staff. We have a few consultants and agencies that may, in the course of their  duties, have limited access to personal health information we hold. These include computer consultants,  bookkeepers and accountants, lawyers, temporary workers to cover holidays, credit card companies,  website managers, cleaners, volunteers and naturopathic preceptors. We restrict their access to any  personal information we hold as much as is reasonably possible. We also have their assurance that they  follow appropriate privacy principles.

 

Why We Collect Personal Information 

Primary Purposes: We collect, use and disclose personal information in order to serve our clients. For  our clients, the primary purpose of collecting personal health information is to provide naturopathic care  (NDs) or massage therapy (RMTs). For example, we collect information about a client’s health history,  including their family history, physical condition and function and social situation in order to help us assess  what their health needs are, to advise them of their options and then to provide the health care they  choose to have. A second primary purpose is to obtain a baseline of health and social information to that in  providing ongoing health services we can identify changes that are occurring over time. 

We also collect, use and disclose personal health information for purposes related to or secondary to our  primary purposes. The most common examples of our related and secondary purposes are as follows: 

Related Purpose #1: To invoice and obtain payments for services or goods provided. 

Related Purpose #2: To enable us to contact you and maintain communication with you in regard to things such as appointment bookings and confirmations. 

Related Purpose #3: To allow us to communicate with other treating health-care providers, including  specialists, family practitioners, referring physicians, and any other provider involved in the care. 

Related Purpose #4: To promote our clinic, new services, special events and opportunities that we have  available. We will obtain express consent from you (in the intake form) prior to collecting or handling  personal health information for this purpose. 

Related Purpose #5: To comply with external regulators. Our professionals are regulated by CONO (NDs)  and CMTO (RMTs) who may inspect our records and interview our staff as a part of their regulatory  activities in the public interest. Each College has its own strict confidentiality and privacy obligations. In  addition, as professionals, we will report serious misconduct, incompetence or incapacity of other  practitioners, whether they belong to other organizations or our own. In addition, we may be required by  law to disclose personal health information to various government agencies. 

Related Purpose #6: To educate our staff and preceptors. We value the education and development of  future and current professionals. We may review client records in order to educate our staff and students  about the provision of health care. 

Related Purpose #7: To facilitate the sale of our organization or individuals’ practices. If the organization,  its assets or a practice were to be sold, the potential purchaser would want to conduct a “due diligence”  review of the organizations records to ensure that it is a viable business that has been honestly portrayed.  The potential purchaser must first enter into an agreement with the organization to keep the information  confidential and secure and not to retain any of the information longer than necessary to conduct the due  diligence. Once a sale has been finalized, the organization may transfer records to the purchase, but it will  make reasonable efforts to provide notice to the individual before doing so.

 

Protecting Personal Information 

We understand the importance of protecting personal information. For that reason, we have taken the  following steps: 

  • Paper information is either under supervision or secured in a locked or restricted area. Electronic hardware is either under supervision or secured in a locked or restricted area. Our physical location is protected by an alarm system. 
  • We try to avoid taking personal health information home to work on there. However, when we do so,  we transport, use and store the personal health information securely. 
  • Our staff members are trained to collect, use and disclose personal information only as necessary to  fulfill their duties and in accordance to our privacy policy. 
  • We do not post any personal information about our clients on social media sites. External consultants and agencies with access to personal information must enter into privacy  agreements with us. 
  • Special note in regard to e-mail communication: we try to strike a balance between efficient and  convenient exchange of information while taking reasonable precautions. Please be aware that e-mail  communication carries inherent risks and can be intercepted in transmission, misdirected or be  otherwise accessed inappropriately. As a result, consider communicating any sensitive information by  telephone, fax, mail, or in person. 

Retention and Destruction of Personal Information  

We need to retain personal information for some time to ensure that we can answer any questions you  might have about the services provided and for our own accountability to external regulatory bodies.  However, in order to protect your privacy, we do not want to keep personal information for too long. We  keep our client files for at least ten years from the date of the last client interaction or from the date the  client turns 18. 

We destroy paper files containing personal health information by shredding. We destroy electronic  information by deleting in a manner that it cannot be restored. When hardware is discarded, we ensure that  the hardware is physically destroyed, or the data is erased or overwritten in a manner that the information  cannot be recovered. 

Accuracy and Access of Personal Information 

Kura Clinic endeavors to ensure that your personal information is as accurate,  complete, and as up-to-date as necessary for the purposes that it is to be used. Information shall be  sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information is  used to make a decision about you as our patient. 

With only a few exceptions, you have the right to see what personal information we hold about you, by  contacting Dr. Alexandra Verge, ND. We can help you identify what records we might have about you. We  will also try to help you understand any information you do not understand (e.g. short forms, technical  language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this  access. We reserve the right to charge $30.00 for the first twenty pages of records and 25 cents for each  additional page. We may ask you to put your request in writing. We will respond to your request as soon as 

possible and generally within 30 days, if at all possible. If we cannot give you access, we will tell you the  reason, as best we can, as to why. 

If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This  applies to factual information and not to any professional opinions we may have formed. We may ask you  to provide documentation that our files are wrong. Where we agree that we made a mistake we will make a  correction. At your request and where it is reasonably possible, we will notify anyone to whom we sent this  information (but we may deny your request if it would not reasonably have an effect on the ongoing  provision of health care). If we do not agree that we have made a mistake, we will still agree to include in  our file a brief statement from you on the point. 

If there is a Privacy Breach 

While we will take precautions to avoid any breach of your privacy, if there is a loss, theft or unauthorized  access of your personal health information we will notify you. 

Upon learning of a possible or known breach, we will take the following steps: 

  • We will contain the breach to the best of our ability, including by taking the following steps: o Retrieving hard copies of personal health information that have been disclosed o Ensuring no copies have been made 

o Taking steps to prevent unauthorized access to electronic information (e.g., change  passwords, restrict access, temporarily shut down system) 

  • We will notify affected individuals: 

o We will provide our contact information in case the individual has further questions o We will provide the Commissioner’s contact information 

  • We will investigate and remediate the problem, by: 

o Conducting an internal investigation 

o Determining what steps should be taken to prevent future breaches 

o Ensuring staff is appropriately trained and conduct further training if required 

Depending on the circumstances of the breach, we may notify and work with the Information and Privacy  Commissioner of Ontario. In addition, we may report the breach to the relevant regulatory College if we  believe that it was the result of professional misconduct, incompetence or incapacity. 

Consent 

Generally, we need implied or express consent before collecting, using or disclosing personal health  information. Implied consent can be assumed from surrounding circumstances that a client would  reasonably agree to the collection, use or disclosure of their personal health information. An example of  this would be a client booking an appointment, attending an appointment and answering questions  required to open a record. Relying on implied consent is only proper w 

  • Clients have the information they need to understand why their information is being collected and it  may be used or disclosed (as outlined by this Privacy Policy) 
  • That Privacy Policy Notices are posted in high traffic areas or waiting rooms describing why  information is collected, used and disclosed and informing clients that they may withhold or  withdraw their consent (and how to do so), and
  • Clients have not withheld or withdrawn their consent 

Express consent is required in a few situations such as when disclosing personal health information to  someone other than a health information custodian such as an employer or insurance company (except  where otherwise directed by statute) and when using personal health information for a purpose other than  providing health care. 

It is our policy at Kura Clinic to preferentially seek express consent for the collection,  use and/or disclosure of personal information, except where it might be inappropriate to obtain your  consent, and subject to some exceptions set out in law. Once consent is obtained, we do not need to seek  consent again, unless the use, purpose or disclosure changes. Consent may be withdrawn at any time. A  client’s withdrawal has no effect on information collected, used or disclosed before the patient withdrew  consent.  

Do You Have Questions or Concerns? 

Our Information Officer Dr. Alexandra Verge, ND can be reached at 519-766-9759. She will attempt to  address any questions or concerns you may have. 

If you wish to make a formal complaint about our privacy practices, you may make it in writing to our  Information Officer. She will acknowledge receipt of your complaint, ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing. 

You also have the right to complain to the Information and Privacy Commissioner of Ontario if you have  concerns about our privacy practices or how your personal health information has been handled, by  contacting: 

Information and Privacy Commissioner/Ontario 

2 Bloor St. East, Suite 1400 

Toronto, Ontario M4W 1A8 

Telephone: (416) 326-3333/(800) 387-0073 Fax: (416) 325-9195 

www.ipc.on.ca 

This policy is made under the Personal Health Information Protection Act, 2004, S.O. 2004, c.3. It is a  complex statute and provides some additional exceptions to the privacy principles that are too detailed to  set out here.