Privacy Policy
1. Commitment to Privacy
At Nanima Women’s Health, your privacy is very important. We follow the Personal Health Information Protection Act (PHIPA) of Ontario and all rules from the College of Naturopaths of Ontario (CONO). This Privacy Policy explains how we collect, use, store, and share your personal information and personal health information (PHI) when you use our website or online clinic.
By using our website or online platform, you agree to this Privacy Policy. If you do not agree, please do not use our services.
2. Who May Use the Website and Platform
Our website and online clinic are intended for Ontario users only. Users in other countries should not submit personal information.
For patients under 18, a parent or legal guardian must provide consent and control access until the patient reaches the age of majority.
3. Information We Collect
We only collect information that is necessary to provide care and manage the clinic. This may include:
| Category | Examples | Purpose |
|---|---|---|
| Identification & Contact | Name, email, phone, address | Create patient record; identity verification |
| Health & Demographics | Date of birth, health history, symptoms, lab results | Assessment, treatment, continuity of care |
| Device & Usage | IP address, browser type, session analytics | Security, website performance, traffic analysis |
| Payment | Credit card info, billing address | Process payments securely |
| Communication | Messages, emails, phone calls (may be recorded for quality purposes) | Support care and administration |
We do not collect unnecessary information or use your information for unrelated purposes without consent—unless required by law.
4. How We Use Your Information
We use your information to:
Deliver naturopathic care, virtual and in-person
Create and manage your patient record and treatment plan
Book and confirm appointments, send reminders
Order lab tests and share results with your authorized circle of care
Coordinate with other healthcare providers with your consent
Perform quality assurance and de-identified analytics to improve services
Comply with legal and regulatory obligations
No automated decisions are made about your care without human review.
5. Sharing & Disclosure
We do not sell your personal information. We may share your information only with:
Circle of Care: NDs, NPs, and authorized staff involved in your treatment
Service Providers & Sub-processors: EMR systems, telehealth platforms, payment processors, cloud hosting, email/SMS gateways
Legal & Regulatory Authorities: Courts, law enforcement, or CONO when required by law
Business Transfers: In mergers or acquisitions, your data will be protected under this policy
Some service providers may store data outside Canada (e.g., U.S.), and your PHI may be subject to foreign laws.
6. Cookies, Analytics & Website Use
We may use cookies, pixel tags, and analytics to improve security, track website traffic, and enhance user experience. You may refuse or delete cookies through your browser settings.
We do not link cookies to personal health information. We do not use your information for advertising without consent.
7. Access, Correction & Deletion
You have the right to:
Access the personal information we hold about you
Request corrections to inaccurate or incomplete information
Request deletion or withdrawal of consent, except for data required by law
Deleted data is removed from active systems, but may remain in backups or archives. Data already shared with third parties may not be retractable. De-identified data may be retained indefinitely.
8. Retention of Records
| Record Type | Retention Period |
|---|---|
| Clinical charts & PHI | 10 years from last entry or 10 years after a minor turns 18 |
| Website server logs | 18 months |
| De-identified analytics | Indefinite |
9. Security Measures
We protect your information using:
Encrypted electronic medical records
Password-protected accounts and systems
Staff training on privacy
Limited access based on roles
Secure telehealth and communication platforms
Despite our safeguards, no system is 100% secure.
10. Communication & Virtual Care
Email, forms, and virtual visits are encrypted whenever possible.
Email may not be fully secure; avoid sending sensitive information unless necessary.
Virtual care follows PHIPA rules and secure telehealth standards.
11. Children’s Privacy
We protect the information of patients under 18. Parent/guardian consent is required for care and account creation.
12. Links to Other Websites
Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies.
13. Business Transfers
If Nanima Women’s Health is sold or merges with another company, your information may be transferred, but it will remain protected under this Privacy Policy.
14. Changes to This Policy
We may update this policy at any time. Policy is revised yearly. Continued use of our website or platform constitutes acceptance of the changes.