Kinesis Health Co.
Privacy Policy
Kinesis Health Co. ("Kinesis," "we," "us," or "our") is committed to protecting the privacy of our clients, patients, and website visitors. This Privacy Policy explains what personal information we collect, how we use and protect it, and the choices you have regarding your information.
Because we provide health-related services, including physiotherapy, kinesiology, and personal training, much of the information we collect is considered personal health information and is subject to additional legal protections. This Policy is designed to comply with Ontario’s Personal Health Information Protection Act, 2004 ("PHIPA") and the federal Personal Information Protection and Electronic Documents Act ("PIPEDA").
By using our website, completing our intake form, or receiving services from Kinesis, you agree to the practices described in this Policy.
1. Who We Are
Kinesis Health Co. operates the Scarborough Academy and provides physiotherapy, kinesiology, rehabilitation, and personal training services in Toronto, Ontario. For the purposes of PHIPA, Kinesis Health Co. is a Health Information Custodian responsible for personal health information collected in the course of providing care.
Privacy Officer: Dr. Kennedy Hindley
Email: privacy@kinesishealthco.ca
Mailing Address: 103-801 York Mills Road, North York, Ontario, M3B 2R2
For general inquiries, you may also reach our clinic by phone and ask to speak with the Privacy Officer.
2. Information We Collect
We collect only the information we need to provide safe, effective care and to operate our clinic. The information we collect through our website intake form and during your time as a client may include:
2.1 Contact and Identification Information
- First and last name
- Phone number
- Email address
- Team or group affiliation where applicable
2.2 Personal Health Information
- Area of injury or physical concern, such as a right knee, lower back, or shoulder
- Description of how an injury occurred, when symptoms began, and current limitations
- Additional health history, assessment findings, treatment notes, and progress records gathered during your care
2.3 Information Collected Automatically
When you visit our website, we may automatically collect limited technical information such as your IP address, browser type, device information, and pages visited. This information is used to operate and improve the website and is not used to identify you personally.
3. How We Use Your Information
We use the information we collect to:
- Review your intake submission and determine how we can help
- Schedule appointments and communicate with you about your care
- Provide assessment, treatment, training, and rehabilitation services
- Maintain accurate health and clinical records as required by professional and regulatory standards
- Process payments and manage billing where applicable
- Operate, protect, and improve our clinic and website
4. Consent
In most cases, we collect, use, and disclose personal health information with your consent, either express or implied, as permitted by PHIPA. By submitting the intake form, you consent to Kinesis using the information you provide to review your request and contact you regarding next steps in care.
You may withdraw your consent for certain uses of your information, subject to legal and clinical limitations. Withdrawing consent may affect our ability to provide services safely or effectively.
5. When We Share Information
We do not sell your information. We only share it when necessary to provide care, operate the clinic, or comply with legal obligations. This may include sharing information:
- Within Kinesis Health Co. among authorized team members involved in your care
- With third-party service providers who support our website, scheduling, records, communications, and business operations
- When required or permitted by law, including for regulatory, legal, or safety purposes
6. Service Providers and Cross-Border Processing
To operate our website and manage intake submissions, we rely on a small number of trusted third-party service providers. We have chosen these providers because they offer strong security practices, but you should be aware of the following:
- Cloudflare: processes intake form submissions in transit to help protect against malicious traffic and ensure secure delivery. Cloudflare does not retain a copy of your form data.
- Google Workspace (Google Sheets): intake form submissions, including the personal health information you provide, are stored in a Google Sheet within our Google Workspace account. Access is restricted to authorized Kinesis staff.
- Slack: when an intake form is submitted, a notification is sent to a private Slack channel restricted to the relevant team’s care providers at Kinesis. The Slack notification contains your name, team name, email address, and phone number so that staff know to review your submission and can contact you if needed. It does not contain injury details or other health information, which remain in the secure Google Sheet.
Some of these service providers, including Google and Slack, are operated by companies based in the United States, and your information may be stored or processed on servers located outside of Canada. While stored or processed in another country, your information may be subject to the laws of that country, including lawful access requests by foreign authorities. We take reasonable steps to ensure that these providers maintain appropriate safeguards to protect your information.
If you have questions or concerns about this, or would prefer to provide your information through an alternative method, please contact our Privacy Officer using the information in Section 1.
7. How We Protect Your Information
We take reasonable administrative, technical, and physical safeguards to protect your information against loss, theft, and unauthorized access, use, disclosure, or modification. These safeguards include:
- Restricting access to personal information to staff who need it to perform their duties
- Storing electronic records on secure, password-protected systems
- Storing paper records in locked or access-controlled areas
- Training our team on privacy and confidentiality obligations
- Using secure connections (HTTPS) for our website and intake form
While we work hard to protect your information, no method of transmission or storage is completely secure. If we ever become aware of a privacy breach affecting your information, we will respond in accordance with applicable law, including notifying you and the Information and Privacy Commissioner of Ontario where required.
8. How Long We Keep Your Information
We retain personal health information for the period required by Ontario’s health regulatory colleges and applicable law. In general, clinical records are retained for at least ten years after your last interaction with us, or, in the case of minors, ten years after the client reaches the age of majority.
Other personal information that is not part of a clinical record is kept only for as long as needed to fulfill the purpose for which it was collected, or as required by law, after which it is securely destroyed or anonymized.
9. Your Rights
Subject to certain legal exceptions, you have the right to:
- Access the personal information and personal health information we hold about you
- Request a correction of information you believe is inaccurate or incomplete
- Withdraw your consent to certain uses or disclosures of your information
- Ask questions or raise concerns about our privacy practices
To exercise any of these rights, please contact our Privacy Officer using the contact information in Section 1. We may need to verify your identity before responding to a request.
10. Website and Cookies
Our website may use cookies and similar technologies to help the site function properly and to understand how visitors use it. You can control or disable cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of the website.
11. Third-Party Websites
Our website may contain links to third-party websites that are not operated by Kinesis Health Co. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal information.
12. Children and Minors
Where services are provided to a minor, intake information and consent are typically provided by a parent or legal guardian. We collect only the information necessary to support the minor’s care and follow applicable rules under PHIPA regarding consent and access for minors.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The updated version will be posted on our website with a new "Last Updated" date. We encourage you to review this Policy periodically.
14. How to Contact Us
If you have questions about this Privacy Policy, want to access or correct your information, or wish to make a privacy-related complaint, please contact:
Privacy Officer, Kinesis Health Co.
103-801 York Mills Road, North York, Ontario, M3B 2R2
privacy@kinesishealthco.ca
For general inquiries, you may also reach our clinic by phone and ask to speak with the Privacy Officer.
If you are not satisfied with our response, you may also contact the Information and Privacy Commissioner of Ontario:
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400, Toronto, Ontario M4W 1A8
Toll-free: 1-800-387-0073
Website: www.ipc.on.ca