Privacy POLICY

 

Privacy POLICY

This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the Service and explains your privacy rights and how the law protects you.

We use your personal information to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Health-care note (Ontario): As a health information custodian, Orthopaedic Institute handles personal health information (PHI) in accordance with Ontario's Personal Health Information Protection Act, 2004 (PHIPA). We also follow Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada's anti-spam law (CASL). If anything in this policy conflicts with PHIPA, PHIPA governs.

Interpretation and Definitions

Interpretation

Words with initial capital letters have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access our Service or parts of our Service.
  • Company (referred to as either "the Company," "we," "us," or "our" in this Agreement) refers to Orthopaedic Institute.
  • Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among other uses.
  • Country refers to: Canada.
  • Device means any device that can access the Service such as a computer, cellphone, or digital tablet.
  • Personal Data means any information that relates to an identified or identifiable individual (includes PHI where applicable).
  • Personal Health Information (PHI) means identifying information about you that relates to your health or health care (e.g., medical history, assessments, treatment plans), as defined by PHIPA.
  • Service Provider means any natural or legal person who processes data on behalf of the Company (e.g. hosting, booking, analytics, email, or payments vendors).
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to Orthopaedic Institute, accessible from https://orthoinstitute.ca/
  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you, including but not limited to:

  • Email address
  • First and last name
  • Date of birth
  • Phone number
  • Address, City, Province/State, Postal/ZIP code
  • Appointment and intake information (e.g., symptoms, injury history)
  • Insurance/benefits details (where applicable)
  • Marketing preferences (e.g., newsletter opt-in)

Personal Health Information (PHI)

When you seek or receive care, we collect PHI necessary to provide services, such as health history, assessments, clinical notes, treatment plans, imaging/reports, referring provider information, and outcomes.

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include your Device's IP address, browser type/version, pages visited, time and date of visit, time spent on pages, unique device identifiers, and other diagnostic data. When you access the Service via a mobile device, we may collect similar information specific to that device.

Information from Third-Party Social Media Services (if enabled)

If we offer login through Google, Facebook, Apple, LinkedIn, etc., we may collect Personal Data already associated with your third-party account (e.g., name, email). You can choose whether to share additional information with us through that account.

Tracking Technologies and Cookies

We use Cookies and similar technologies (beacons, tags, scripts) to operate the Website, remember preferences, and analyze performance.

  • Cookies or Browser Cookies. You can configure your browser to refuse Cookies or alert you when Cookies are set. Some features may not work without essential Cookies.
  • Web Beacons. Certain sections of our Service and emails may contain small electronic files (e.g., pixel tags) to, for example, count users who have visited a page or opened an email.

Cookies can be "Persistent" (remain after you close your browser) or "Session" (deleted when you close your browser).

We use both Session and Persistent Cookies for the purposes below:

  • Necessary / Essential Cookies (Session; administered by us): enable core functions like security, network management, and accessibility.
  • Cookies Policy / Notice Acceptance Cookies (Persistent; administered by us): store your cookie preferences.
  • Functionality Cookies (Persistent; administered by us): remember choices (e.g., language, forms).
  • Tracking and Performance Cookies (Persistent; administered by third parties): help us understand how the Website is used and improve it.

For more information about cookies and your choices, please see the Cookies section of this policy or your browser settings. If we present a cookie banner on first visit, it will allow you to accept, reject, or customize non-essential cookies.

Use of Your Personal Data

The Company may use Personal Data and PHI for the following purposes:

  • Provide and maintain our Service and our health-care services.
  • Manage your Account (if any) to provide features available to registered users.
  • Care delivery and coordination within your circle of care (PHIPA).
  • Scheduling and communication (confirmations, reminders, follow-ups).
  • Billing/claims and payments, and related administration.
  • To contact you by email, phone, or SMS for service updates and necessary notifications.
  • With your consent, marketing (e.g., newsletters). You may opt out at any time.
  • Operate, maintain, secure, and improve the Website (including analytics).
  • Compliance with legal and regulatory obligations and professional standards.
  • Other purposes such as data analysis and quality improvement.

We do not use PHI for targeted advertising or to create marketing "audiences" on social media platforms.

Sharing Your Information

We do not sell your personal information.

We may share information:

  • Within your circle of care as permitted by PHIPA (e.g., referring physicians, other providers) to support your treatment.
  • With Service Providers under contract (hosting, booking, secure messaging, email, analytics, payments). They must protect your information and use it only to provide services to us. Some may be located outside Canada; your information may be processed in other jurisdictions and subject to local laws.
  • With insurers/benefits administrators to verify coverage and process claims (if applicable).
  • For business transactions (e.g., merger or acquisition) in accordance with law.
  • For legal reasons (e.g., court orders, preventing harm, protecting rights).
  • With your consent or at your direction.

Retention

We retain personal information only as long as necessary for the purposes above and as required by law.

  • Health records: retained in accordance with PHIPA and applicable professional guidelines (e.g., generally at least 10 years after the last entry; for minors, at least 10 years after they reach the age of 18).
  • Website forms/analytics: retained per operational needs and legal requirements.

Transfer of Your Personal Data

Your information may be processed at our offices and by Service Providers in other provinces/countries. We take reasonable steps to ensure appropriate protections are in place for cross-border transfers as required by applicable laws.

Your Choices and Rights

Subject to limited exceptions under PHIPA and other laws, you can:

  • Access your Personal Data/PHI.
  • Request corrections to incomplete or inaccurate information.
  • Withdraw consent to non-essential uses (this may affect some services).
  • Opt out of marketing communications at any time.

Note: We may not be able to delete information from clinical records we are required to retain by law. We will explain any applicable exceptions when you make a request.

Security of Your Personal Data

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including access controls, staff training, encryption in transit (and, where appropriate, at rest), and vendor due diligence. No method of transmission or storage is 100% secure. If a privacy breach creates a real risk of significant harm, we will take steps required by law, which may include notifying you and regulators.

Detailed Information on Processing

Analytics (if enabled)

We may use third-party analytics to monitor and analyze Website use. These services collect Usage Data; they are not provided with PHI.

Email Marketing (if enabled)

With your consent, we may send newsletters or updates. You can unsubscribe using the link in our emails or by contacting us. We may use providers to manage email. These providers process contact information but are not provided with PHI.

Behavioral Remarketing (only if enabled)

If we run remarketing, we and our vendors may use cookies or similar tech to show ads on third-party sites. We do not use PHI for remarketing. Vendors may include Google Ads, Microsoft Advertising, Facebook/Meta, etc. Review each vendor's privacy policy for details.

Maps/Location Services (if enabled)

If we use Google Maps/Places or similar, those services may collect certain data per their privacy policies. We do not send PHI to mapping services.

Children's Privacy

Our Service is intended for a general audience. We do not knowingly collect Personal Data from children under 13 without appropriate consent from a parent or guardian. For health services to minors, we handle PHI in accordance with PHIPA and professional standards.

Links to Other Websites

Our Service may contain links to third-party websites or services not operated by us. We are not responsible for their content or privacy practices. Review their privacy policies before providing information.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the new Privacy Policy on this page and update the "Last updated" date above. Where required, we will provide additional notice.

Contact Us

If you have any questions about this Privacy Policy, or to make an access/correction request or complaint, contact us:

Orthopaedic Institute

Phone: (289)674-4400

Email: info@orthoinstitute.ca