Body Restoration is committed to respecting the privacy of individuals and to recognizing the need of our patients and employees for the appropriate management and protection of any personal and personal health information that we receive. We acknowledge the responsibility in regards to personal and personal health information that is collected, used, retained or disclosed. Body Restoration is compliant with federally and substantially similar provincially mandated legislation, specifically Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta’s Personal Information Protection Act (PIPA).
Definition of personal and/or personal health information
Under PIPEDA, personal information is defined as including any factual or subjective information about an identifiable individual, recorded or otherwise. Examples include:
- Age, name, ID numbers, income, ethnic origin, or blood type;
- Opinions evaluations, comments, social status, or disciplinary actions; and
- Employee files, credit records, loan records, medical records, existence of a dispute between a customer and a merchant and intentions (for example, to acquire goods and services).
Personal information does NOT include the name, title, business address or telephone number of an employee of an organization.
Under PIPA in Alberta, personal information is defined as information about an identifiable individual. In BC, PIPA defines personal information as information about an identifiable individual and includes employee personal information, but does NOT include contact information or work product information.
Accountability for Body Restoration’s compliance with the policy rests with the Body Restoration Privacy Officer. The Privacy Officer is responsible for monitoring company-wide adherence to privacy policies; ensuring Body Restoration is in compliance with applicable legislation and acting as a liaison with the Federal and Provincial Privacy Commissioner’s offices as needed. The Privacy Officer acts as a resource for employees within Body Restoration who are responsible for the day-to-day collection and use of personal information. The Privacy Officer manages complaints and responds on behalf of Body Restoration to any internal or external requests for personal and personal health information and any inquiries about Body Restoration’s health information management. Body Restoration is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing.
As an organization, Body Restoration:
- Implements policies and procedures to protect personal information, including information relating to patients, staff, employees, and agents.
- Has established policies and procedures to receive and respond to complaints and inquiries.
- Trains and communicates to staff and agents information about Body Restoration’s privacy policies and practices.
In addition, all Body Restoration employees sign an internal confidentiality agreement which states that they agree to comply with all applicable legislative regulations as well as Body Restoration’s own internal privacy codes.
Commitment to privacy
i. COLLECTION – Body Restoration collects, uses, discloses and retains personal and personal health information in order to provide superior health care and service. Body Restoration makes all reasonable efforts to fully inform patients and employees about the planned use and disclosure of their personal and personal health information and will obtain explicit consent from patients in regards to their information when necessary.
The collection of personal and personal health information is limited to that which is necessary for the purposes identified by Body Restoration. Information is collected by fair and lawful means.
- Body Restoration does not collect personal or personal health information from staff or patients indiscriminately. Both the amount and the type of information collected are limited to that which is necessary to fulfill the purposes identified.
- Body Restoration recognizes and respects the need to collect personal and personal health information by fair and lawful means. At or before the time personal or personal health information is collected, Body Restoration staff identifies the purposes for which personal and personal health information is collected. For employees, the information is used for the purposes of staffing, payroll and legal requirements around human resources.
For patients, the primary purposes for collecting personal and personal health information are the delivery of direct patient care, the administration of the health care systems, research, teaching, statistics, and meeting legal and regulatory requirements.
At the time of collection, Body Restoration staff:
- Identifies the purposes for which personal or personal health information is collected from the individual.
- The identified purposes of the personal or personal health information are explained to the individual. Depending upon the way in which the information is collected, this explanation can be given orally or in writing: for example, an admission form or posted notice may give notice of the purposes.
- When personal information that has been collected is to be used for a purpose not previously identified, the new purpose will be disclosed prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose.
- Persons collecting personal information shall be able to explain to individuals the purposes for which the information is being collected.
ii. CONSENT FOR COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION
Body Restoration will limit collection and use of personal and personal health information to that which the person has provided consent for.
The knowledge and consent of the individual is required for the collection, use or disclosure of personal or personal health information, except where inappropriate.
Note: In certain circumstances personal or personal health information can be collected, used or disclosed without the knowledge and consent of the individual. For example, legal, medical or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In these circumstances, the Body Restoration representative should, where possible, seek consent from a substitute decision maker. In addition, if Body Restoration does not have a direct relationship with the individual, it may not be possible to seek consent.
- Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Body Restoration staff members seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected, but before use (for example, when Body Restoration staff wish to use information for a purpose not previously identified).
Consent means “knowledge and consent”. Body Restoration staff members make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information is to be used or disclosed.
- The form of the consent sought by the Body Restoration representative may vary, depending upon the circumstances and type of information. In determining the form of consent to use, Body Restoration takes into account the sensitivity of the information.
- The way in which Body Restoration seeks consent may vary, depending upon the circumstances and the type of information collected. For example, Body Restoration seeks express consent when the information is likely to be considered sensitive. Body Restoration seeks consent from an authorized representative such as a substitute decision maker if the patient is not capable of giving or refusing consent.
- Individuals can give consent in many ways, for example:
- An admission form may be used to seek consent, collect information and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and the specified uses.
- Individuals will have the opportunity to request that that their names and addresses not be given to other organizations or transferred to a third party.
- Consent may be given orally when information is collected over the telephone. Consent may be given at the time that individuals use a health service.
- An individual may withdraw consent at any time, subject to legal or contractual restrictions, application college regulations and reasonable notice. The Body Restoration representative informs the individual of the implications of such withdrawal.
iii. ACCURACY OF PERSONAL OR PERSONAL HEALTH INFORMATION
Body Restoration will make every reasonable effort to ensure that personal and personal health information collected and used is accurate. Patients providing personal information will have the opportunity to review and correct their personal information.
If Body Restoration discloses personal or personal health information about an individual, Body Restoration will take reasonable steps to ensure that the information is accurate, complete and up-to-date for the purposes that are known to Body Restoration at the time of the disclosure. Otherwise, Body Restoration will clearly set out any limitations or qualifications relating to the accuracy of the disclosure.
iv. LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION
Body Restoration will store personal and personal health information using hard copy and/or electronic means in such a way as to prevent unauthorized collection, access, use, disclosure or disposal of the personal information. Body Restoration will not disclose any personal or personal health information unnecessarily to employees or any third party unless the affected patient consents or unless required by law.
Personal or personal health information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal or personal health information is retained only as long as necessary for the fulfillment of those purposes and/or as required by an applicable regulatory body.
- If using personal information for a new purpose, Body Restoration documents this purpose.
- Body Restoration has guidelines and implements procedures with respect to the retention of personal information. These guidelines include retention periods for personal health information as required by college regulations. Personal information that has been used to make a decision about an individual is retained long enough to allow the individual access to the information after the decision has been made.
- Personal or personal health information that is no longer required to fulfill the identified purposes and/or has past the required retention period as set out in college regulations is destroyed, erased, or made anonymous. Body Restoration has guidelines and implements procedures to govern the destruction of personal and personal information in accordance with applicable legislative requirements.
v. ENABLING SAFEGUARDS FOR PERSONAL INFORMATION
Security safeguards appropriate to the sensitivity of the information protect personal information. Security safeguards protect personal information against loss, theft, unauthorized access, disclosure, copying, use or modification or destruction. Body Restoration protects personal information regardless of the format in which it is held. The nature of the safeguards varies depending on the sensitivity of the information that has been collected, the amount of information collected, the extent of the distribution of information, the format of the information and the method of storage. A higher level of protection safeguards more sensitive information, such as personal health information records. Extreme care is taken when disposing or destroying personal information in order to prevent unauthorized parties from gaining access to the information.
The methods of protection include:
- Physical measures, for example, locked filing cabinets and restricted access to offices;
- Organizational measures, for example, limiting access on a “need-to-know” basis; and
- Technological measures, for example, the use of passwords, encryption, password protection on email attachments and audits.
Body Restoration makes its staff and agents aware of the importance of maintaining the confidentiality of personal information. As a condition of employment, appointment, or agency, all Body Restoration staff and agents must sign the Body Restoration Confidentiality Agreement. In addition, those with access to electronic health records must sign individual User Agreements.
Body Restoration uses third party service providers to process and store the personal information we collect from our patients. This personal information may be stored on servers located outside of Canada. As such, this information may be available to the government or agencies of that country under a lawful order made in that country. Body Restoration remains accountable for all information we collect. We ensure that personal information sent to or shared with any foreign jurisdiction for processing or storage will be safeguarded, used, disclosed, and disposed of in a way that is compliant with Canadian federal and provincial privacy laws as well as with Body Restoration internal privacy policies. Personal information will only be used for purposes in keeping with the original reason for its initial collection.
vi. ACCESS TO PERSONAL OR PERSONAL HEALTH INFORMATION
Body Restoration promotes an employee’s or patient’s right of access to his/her personal or personal health information and will provide this information in an understandable format. Body Restoration will provide access to information upon request within 30 days as required under federal law, although the Privacy Officer may request an extension of another 30 days.
Upon request, an individual is informed of the existence, use, and disclosure of his or her personal information and is given access to that information. Body Restoration may ask the individual to supply enough information in order to confirm the existence, use and disclosure of the personal or personal health information. Body Restoration will inform the individual how the information is or has been used and will provide a list of any organization to which it has been disclosed (if any). An individual is able to challenge the accuracy and completeness of the information and have it corrected or amended as appropriate.
When a challenge is not resolved to the satisfaction of the individual, Body Restoration records the nature of the unresolved challenge. When appropriate, the existence of the unresolved challenge is transmitted to third parties having access to the information in questions (if any).
Note: In certain situations, Body Restoration may not be able to provide access to all the personal information they hold about an individual. Exceptions to the access requirement are limited and specific. The reasons for denying access are provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
vii. OPENNESS ABOUT PERSONAL INFORMATION POLICIES AND PRACTICES
Body Restoration makes readily available to individuals specific information about its policies and practices relating to the management of personal information. Individuals are able to acquire information about Body Restoration policies and practices without unreasonable effort. This information is made available in a form that is generally understandable.
The information made available includes:
- The contact information to reach the Privacy Officer who is accountable for the Body Restoration privacy policies and practices, and to whom complaints or inquiries can be forwarded;
- The means of gaining access to personal information held by Body Restoration;
- A description of the type of personal information held by Body Restoration, including a general account of its use;
- A copy of any brochures or other information that explains the Body Restoration policies, standards, or codes.
Body Restoration makes information on their policies and practices available in a variety of ways to address varied information needs and to ensure accessibility to information: for example, Body Restoration may choose to make brochures available in its places of business, mail information to its clients, post signs, provide online access, or through the Internet and Intranet.
viii. CHALLENGING COMPLIANCE
pBody Restoration has established procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. In case of a complaint, the complainants will be informed about how to proceed. On its website and consent forms, Body Restoration provides contact information for the Body Restoration Privacy Officer. The Privacy Officer tracks and investigates all complaints made about Body Restoration’s personal and personal health information management and will take appropriate action to correct any inaccurate personal information or modify policies and procedures if needed.
ix. Website Privacy
This section is designed to ensure you are aware of how your data is being used while you are visiting our website and to provide you with choices about that use. Your continued use of the Body Restoration website after any modification indicates your agreement to the new terms.
We use Google Analytics, Remarketing with Google Analytics, Google AdWords Conversion tracker, and other Google services such as display advertising that place cookies on a browser across the website. These cookies help us increase our website’s effectiveness for our visitors. These cookies are set and read by Google. To opt out of Google tracking, please visit this pagehttp://www.google.com/policies/technologies/ads/.
x. CAN-SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process online bookings and to send information, updates and reminders pertaining to online bookings.
- We may also send you additional information related to your product and/or service.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can email us at
- Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Links to Other non Body Restoration Web Sites
The privacy officer can be reached at our toll-free number, (866) 749-7461, or at firstname.lastname@example.org.