Effective date: 13th day of March, 2023
pfhphysio.ca (the “Site”) is owned and operated by PFH Physiotherapy. PFH Physiotherapy can be
contacted at:
[email protected]
(289) 644-3566
________________________________________
Purpose
The purpose of this privacy policy (this “Privacy Policy”) is to inform users of our Site of the following:
1. The personal data we will collect;
2. Use of collected data;
3. Who has access to the data collected;
4. The rights of Site users; and
5. The Site’s cookie policy.
This Privacy Policy applies in addition to the terms and conditions of our Site.
Consent
By using our Site users agree that they consent to:
1. The conditions set out in this Privacy Policy; and
2. The collection, use, and retention of the data listed in this Privacy Policy.
Personal Data We Collect
We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect
any additional data beyond the data listed below without notifying you first.
Data Collected Automatically
When you visit and use our Site, we may automatically collect and store the following information:
1. IP address;
2. Approximate Location (e.g. Toronto, Ontario);
3. Hardware and software details;
4. Clicked links; and
5. Content viewed.
Data Collected in a Non-Automatic Way
We may also collect the following data when you perform certain functions on our Site:
1. First and last name;
2. Age;
3. Date of birth;
4. Email address;
5. Phone number;
6. Address;
7. Payment information; and
8. Medical history and current presenting complaint.
This data may be collected using the following methods:
1. Contact form & booking an appointment; and
2. Intake forms, consent forms, & charting physiotherapy sessions.
How We Use Personal Data
Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated
on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy
Policy.
The data we collect automatically is used for the following purposes:
1. Advertising purposes; and
2. To improve our website.

The data we collect when the user performs certain functions may be used for the following purposes:
1. Communication, complete booking an appointment; and
2. Aid in providing services, for emergencies, and charting physiotherapy sessions.
Who We Share Personal Data With
Employees
We may disclose user data to any member of our organization who reasonably needs access to user data
to achieve the purposes set out in this Privacy Policy.
Third Parties
We may share user data with the following third parties:
1. Embodia.
We may share the following user data with third parties:
1. Personal information given to us for booking appointments and completing/charting
physiotherapy sessions.
We may share user data with third parties for the following purposes:
1. We use Embodia to securely (HIPAA, PHIPA & PIPEDA compliant) store information for booking
appointments and completing/charting physiotherapy sessions.; and
2. Personal health information will only be disclosed with the patient’s consent, unless required by
law or is needed in the event of an emergency.
Third parties will not be able to access user data beyond what is reasonably necessary to achieve the
given purpose.
Other Disclosures
We will not sell or share your data with other third parties, except in the following cases:
1. If the law requires it;
2. If it is required for any legal proceeding;
3. To prove or protect our legal rights; and
4. To buyers or potential buyers of this company in the event that we seek to sell the company.

If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and
have no control over their privacy policies and practices.
How Long We Store Personal Data
Patient records will be retained for at least 10 years following the last patient encounter, or when the
patient reaches 18 years of age, whichever occurs later, as required by regulatory College.
You will be notified if your data is kept for longer than this period.
How We Protect Your Personal Data
1. Ensure to verify patients’ identity before beginning a session
2. Personal health information will only be disclosed with the patient’s consent, unless required by law,
is needed in the event of an emergency, or is used to communicate with other health care providers in the
patient’s circle of care.
3. Patients have the right to access and request copies of their personal health information, and may
request corrections if they believe it to be inaccurate in accordance with PHIPA, PIPEDA, and the
standards of the College of Physiotherapists of Ontario.
4. We will keep an audit log of who accessed patient charts and personal health information, when, and
why.
5. Personal health information will be stored securely and protected from unauthorized access in
accordance with PHIPA, PIPEDA, and the standards of the College of Physiotherapists of Ontario.
Agents/employees will be trained on privacy and security protocols.
6. Regularly back up all important patient and clinic data and store in a secure location. All data will be
encrypted and will be backed up on a weekly basis.
7. Keep technology in a secure, safe space that is locked, in addition to strong passwords for extra
security. The office space will be locked, restricted use, and no unauthorized individuals will receive
access nor be present during patient encounters.
8. Clinical and financial patient records will be retained for at least 10 years following the last patient
encounter, or when the patient reaches 18 years of age, whichever occurs later, as required by the
standards of the College of Physiotherapists of Ontario.
9. Patients will be informed about this protocol and informed consent will be received from patients for
the collection, use, and disclosure of their personal health information as described to meet the
requirements of PHIPA, PIPEDA, and the standards of the College of Physiotherapists of Ontario.
10. Any privacy breach will be dealt with by the health information custodian (HIC) notifying the
information and privacy commissioner (IPC). The HIC will also file the annual statistical report with the
IPC for all privacy breaches. HIC will notify the affected individuals and advise that a complaint may be
made to the IPC of Ontario. The HIC will notify the College of Physiotherapists of Ontario within 30
days if an agent/employee was suspended/terminated or facing disciplinary action due to a breach. The
HIC will also notify the College of Physiotherapists of Ontario of a breach that led to the
loss/unauthorized use of personal health information.
11. Any agents/employees will be trained to identify privacy breaches and report to the HIC for further
action.
12. Ensure that all team members who work with virtual physiotherapy technology are trained in the safe
handling and storage of personal health information and that there is a confidentially agreement with all
team members explaining their responsibilities.
13. We will document any updates in patients’ information, events in which patients requested a copy of
their charts, sharing of any patient information with anyone else, any privacy breaches, or any other
relevant information, the actions taken, and the outcomes.
14. The clinic will regularly review and update the protocol to ensure compliance with PHIPA, PIPEDA,
and the standards of the College of Physiotherapists of Ontario.
Informed consent will be taken throughout physiotherapy sessions. Even after you give your consent,
you can withdraw consent at any time.
While we take all reasonable precautions to ensure that user data is secure and that users are protected,
there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we
are unable to guarantee the security of user data beyond what is reasonably practical.
Children
We do not knowingly collect or use personal data from children under 13 years of age. If we learn that
we have collected personal data from a child under 13 years of age, the personal data will be deleted as
soon as possible. If a child under 13 years of age has provided us with personal data their parent or
guardian may contact our privacy officer.
How to Access, Modify, Delete, or Challenge the Data Collected
If you would like to know if we have collected your personal data, how we have used your personal data,
if we have disclosed your personal data and to who we disclosed your personal data, or if you would like
your data to be deleted or modified in any way, please contact our privacy officer here:

Shaima Behery
[email protected]
(289) 644-3566

_____________________________________

Cookie Policy
A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating
to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can
also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your
user experience.
We use the following types of cookies on our Site:
1. Functional cookies
Functional cookies are used to remember the selections you make on our Site so that your
selections are saved for your next visits;
2. Analytical cookies
Analytical cookies allow us to improve the design and functionality of our Site by collecting data
on how you access our Site, for example data on the content you access, how long you stay on
our Site, etc; and
3. Third-Party Cookies
Third-party cookies are created by a website other than ours. We may use third-party cookies to
achieve the following purposes:
a. To allow for secure and smoother website browsing experience.
Modifications
This Privacy Policy may be amended from time to time in order to maintain compliance with the law and
to reflect any changes to our data collection process. When we amend this Privacy Policy we will update
the “Effective Date” at the top of this Privacy Policy. We recommend that our users periodically review
our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by
email of changes to this Privacy Policy.
Contact Information
If you have any questions, concerns or complaints, you can contact our privacy officer, Shaima Behery,
at:
[email protected]
(289) 644-3566

________________________________________

©2002-2023 LawDepot.ca®