Introduction, purpose and scope
- This policy explains how personal information is collected, used, communicated and retained within Clinique Kiroclinique in order to ensure compliance with legal requirements relating to the protection of personal information.
Collection, use, disclosure, retention and destruction of personal information
Collecte
- Purpose of collection. Kiroclinique collects and uses personal information necessary to carry out its activities, including:
a. About his patients,
- The date the file was opened ;
- The patient’s name at birth, address, telephone number, date of birth and sex ;
- A summary description of the reasons for each consultation ;
- X-rays, if any, and the results of all other examinations of the patient performed or requested by the chiropractor ;
- The diagnosis of the patient’s condition ;
- A description of professional services rendered and their date ;
- The recommendations made to the patient ;
- Annotations, correspondence and other documents relating to professional services rendered to the patient ;
- Financial information relating to the payment of honoraires.
b. At its employees, suppliers and business relations.
- First name ;
- Last name ;
- Professional title ;
- Business telephone number;
- Cell phone number, if applicable (if provided by the person concerned);
- Business e-mail address;
- Personal e-mail address, if any (if provided by the person concerned) ;
- Professional postal address ;
- Financial information relating to the payment of salaries or fees.
Kiroclinique may collect any other personal information submitted by an individual through its website contact form or an e-mail address from the clinic or chiropractor.
- (If applicable) Kiroclinique uses the services of to accept your payments.
Collects, uses, maintains, discloses and protects your personal information, including your payment information in accordance with its most current privacy policy. This personal information may include transaction data, information about your identity, and information about your online activity. By proceeding with payment, you consent to the collection, use, retention and disclosure of your personal information by . You also consent that your personal information collected by may be transferred outside Quebec, including to the United States or elsewhere in the world, in a manner consistent with applicable laws. It may also be disclosed in accordance with applicable laws. You have the right to request the destruction and rectification of your personal information collected by
in accordance with the terms of its privacy policy.
- Kiroclinique uses the services of to host its patient records.
Stores, discloses and protects personal information in accordance with the most recent version of its privacy policy and in accordance with the terms and conditions set forth in the contract entered into with Kiroclinique. This personal information may include your full name and e-mail address, as well as any information referred to in section 2a. of this policy. You have the right at any time to request the rectification and deletion of your personal information held by us in accordance with the terms of our Privacy Policy.
- Method and source of collection. Personal information is generally collected by Kiroclinique directly from the individuals concerned and with their consent. Kiroclinique may collect personal information without the knowledge or consent of the individual in limited circumstances authorized by the Act respecting the protection of personal information in the private sector.
Communication
- General. Kiroclinique will not disclose any personal information it holds to a third party without the consent of the individual to whom the personal information relates unless
if :
- These are business contact details, the communication of which is reasonable in the context of its activities ;
- The transmission of information without notifying the person concerned is required for Kiroclinique to comply with its legal obligations ;
- The transmission of information without notifying the person concerned is required to avoid serious harm to the person to whom the information relates.
- Communication to a Kiroclinique supplier. The Kiroclinique may not disclose personal information to a service provider unless the processing of personal information is governed by an appropriate contract approved by the person responsible for the protection of personal information.
- Communication outside Quebec. Kiroclinique does not generally communicate personal information outside Quebec. Should this be the case, and before communicating personal information outside Quebec (including in another Canadian province), Kiroclinique must ensure that the personal information communicated will benefit from adequate protection.
Storage and destruction
- Computerized personal information held by the kiroclinique (or chiropractor) is maintained by means of a database protected by reasonable computer and organizational security measures.
- The Kiroclinique (or chiropractor) retains the personal information it holds for a period of seven years after its last use except where a different retention period is provided by law.
- After the expiry of the retention period, personal information is destroyed unless computer limitations force its retention or unless it is transmitted to a person or organization that will use it in denominalized form for study, research or statistical purposes.
Security of personal information
- Kiroclinique (or Chiropractor) takes reasonable security measures to protect personal information under its control.
- Limited Access. Kiroclinique staff members may access only the personal information they need to perform their duties.
- Physical Security Measures. Kiroclinique (or chiropractor) personnel take appropriate measures to protect physical documents that contain personal information.
- Technological safety measures. In particular, Kiroclinique (or chiropractor) staff must comply with the following security measures:
- Check documents that contain lists of personal information ;
- Use a password to access databases containing personal information and ;
- Change passwords on a regular basis.
- Administrative security measures. The Kiroclinic (or chiropractor) implements the following security measures:
- Anyone with access to personal information held by Kiroclinique (or the chiropractor) must sign a confidentiality agreement ;
- Staff receive training in information security risk awareness.
Access to personal information and rectification
- Personal information collected by Kiroclinique (or chiropractor) is accessible at its principal place of business. The person concerned by this information may access it upon request online at or by mail.
- The Kiroclinique (or chiropractor) responds to requests from individuals for access to personal information that the Clinic (or chiropractor) holds about them, by providing access to such information, rectifying it when it is inaccurate or incomplete, ensuring its portability where appropriate, destroying it when its retention is no longer necessary, or de-indexing it.
- A person concerned by personal information held by the Clinic (or by the chiropractor) may ask the Clinic to:
- Confirm the existence of the information and transmit a copy to the company or to any person authorized by the company ;
- Rectify inaccurate, incomplete or ambiguous information, or information that has been collected, communicated or retained in a manner not authorized by this policy or by law ;
- Delete outdated or irrelevant information.
Governance
Privacy Officer
- Dr. Simon Lupien, chiropractor, D.C. is responsible for the protection of personal information with the Clinic (or chiropractor). He can be contacted at the following e-mail address or postal address. info@kiroclinique.ca
Staff roles and responsibilities
- All employees of the Clinic (or chiropractor) are required to comply with this policy, as well as applicable laws, regulations and contractual obligations when handling, using or communicating personal information held by Kiroclinique.
Complaints
- Any person may file a complaint regarding the protection of personal information held by Kiroclinique by contacting the Privacy Officer at the email address or postal address referenced in paragraph 21 of this policy.
- The Privacy Officer shall respond to the complainant within 30 days of receipt of a complaint.
- Privacy incidents
Procedure for managing confidentiality incidents
- In the event of a confidentiality incident, the Kiroclinique or chiropractor agrees to
- identify the cause of the incident ;
- remedy the incident ;
- reduce the risk of damage being caused, and ;
- prevent similar incidents from occurring in the future.
Register of confidentiality incidents
- The Privacy Officer shall maintain a register of privacy incidents.
Questions
- Any questions regarding this policy should be directed to Kiroclinique’s (or chiropractor’s) Privacy Officer at email, or postal address.
info@kiroclinique.ca
Policy date: 21 september 2023