1) Scope

This Policy applies to information we collect in-clinic and through our website, booking platforms, forms, messages, email, and social channels that we control.

2) Information We Collect

• Identifiers: name, date of birth, contact details, government-issued ID (where required by law or for medical safety).
• Personal Health Information (PHI): medical history, allergies, medications, prior procedures, treatment notes, clinical photos.
• Transactional: appointment history, services purchased, payment method tokens (we do not store full card numbers).
• Technical: device/browser data, IP address, and cookies or similar technologies for functionality and analytics.
• Communications: emails, messages, and feedback you send us.

3) How We Use Information

• Provide, coordinate, and document clinical services and aftercare.
• Verify identity, manage bookings, process payments, and prevent fraud.
• Communicate about appointments, care instructions, updates, and offers you opt into.
• Improve safety, quality, training, and user experience.
• Comply with legal, regulatory, and professional obligations.

4) Legal Bases / Consent

• We rely on your consent for collecting and using PHI, except where PHIPA permits otherwise.
• We rely on legitimate interests (e.g., quality improvement, security) and contract (providing requested services) for certain non-PHI data.
• You may withdraw consent at any time, subject to legal or clinical limitations and reasonable notice.

5) How We Share Information

• Clinical team & regulators: providers involved in your care; disclosures required by law, professional colleges, or public health.
• Vendors: secure scheduling, charting, messaging, payment, analytics, and cloud providers who must safeguard information and use it only on our instructions.
• Legal & safety: to protect you, other clients, our staff, or to establish/exercise legal claims.
• We do not sell personal information.

6) Cookies & Analytics

We use necessary cookies for core functions (e.g., booking). With consent, we may use analytics to understand aggregate usage. You can manage preferences in your browser or through any consent banner we provide. Disabling cookies may affect site features.

7) Security

We employ administrative, technical, and physical safeguards appropriate to the sensitivity of the information. No system is perfectly secure; please contact us if you suspect unauthorized access.

8) Retention

We retain records for the periods required by Ontario and Canadian law and by professional standards, and then securely delete or de-identify them.

9) Your Rights

• Access or request a copy of your records, subject to legal limits and fees permitted by law.
• Request corrections to incomplete or inaccurate information.
• Withdraw consent or change preferences for communications not related to your care.
• Lodge a complaint with us or with the Information and Privacy Commissioner of Ontario (IPC).

10) Cross-Border Transfers

Some service providers may process data outside Ontario/Canada. We take steps to ensure comparable protections, but data may be subject to foreign laws and lawful access by authorities in those jurisdictions.

11) Minors

Services are for adults 18+. We do not knowingly collect personal information from minors for cosmetic treatments.

12) Changes to This Policy

We may update this Policy periodically. Material changes will be indicated by updating the “Last updated” date above and posting the revised Policy.

13) Contact

To ask questions, exercise privacy rights, or make a complaint, contact:
My Nurse Injector — Privacy Officer
931 Danforth Avenue, Toronto, Ontario, M4J 1L8, Canada
[email protected]

14) Additional Notes

Ontario privacy guidance: https://www.ipc.on.ca/