Privacy Policy

Introduction and Scope

Donya Medical Spa (“we,” “us,” or “our”) is dedicated to protecting the privacy and confidentiality of our clients’ information. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of your personal information in compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario’s Personal Health Information Protection Act (PHIPA).

This document should be read in conjunction with our separate Legal Terms and Conditions, which govern your use of our website and services.

1. Information We Collect

We collect information necessary to provide you with safe, effective, and personalized services.

a. Personal Information (PI)

This includes identifiable information such as your name, email address, telephone number, and mailing address, which you provide when booking appointments, contacting us, or subscribing to communications.

b. Personal Health Information (PHI)

As a medical spa, we are a Health Information Custodian under PHIPA. We collect necessary health information to ensure your safety and the efficacy of our treatments. This PHI may include, but is not limited to:

• Your and your family’s relevant medical history (e.g., surgeries, injuries, health conditions).
• Current health status, known skin conditions, allergies, and sensitivities.
• Current medications and/or medical supplements.
• Information about previous aesthetic or medical treatments.
• Treatment goals and concerns discussed during consultations.
• The name of your primary care physician, if relevant.
• Billing information related to your treatments.

c. Derivative and Technical Data

Information automatically collected when you access our Site, such as your IP address, browser type, and browsing behavior. This data is used for analytics and advertising purposes.

2. Use of Your Information

Your information is used for specific, defined purposes:

• To Provide Safe and Effective Services: We use your PHI to assess your suitability for treatments, provide care, and maintain your client record as required by law and professional standards.
• To Communicate With You: To send transactional communications (confirmations, reminders) for your appointments.
• For Marketing and Promotions: With your explicit consent, we may send you marketing communications. You may opt-out at any time.
• For Billing and Administration: To process payments and manage your account.
• To Improve Our Operations: We analyze anonymized and aggregated data to improve our website, services, and advertising.

3. Confidentiality and Disclosure of Your Information

Your Personal Health Information is held in the strictest confidence. It will not be disclosed to third parties without your express written consent, except in the rare and specific circumstances where we are legally and/or ethically required to do so, such as:

• If there is reason to suspect that you are at risk of serious bodily harm to yourself or others.
• If there is reason to suspect that a child under the age of 16 is being or has been abused or neglected.
• If we are required to release records by a court order, subpoena, or other legal mandate.
• If required by a professional regulatory body (e.g., the College of Massage Therapists of Ontario) for a quality assurance assessment.

If such a situation arises, we will only disclose the minimum information necessary and, where possible, we will discuss the situation with you before any disclosure is made.

4. Data Retention, Storage, and Security

We retain client records containing PHI for a minimum of **10 years after the date of your last treatment**, or for 10 years after a minor client turns 18, to comply with professional and legal requirements.

We use third-party software for booking, client management, and communications. We take care to select reputable providers with strong security and privacy practices. Your data may be stored on secure servers located within Canada or in other jurisdictions, such as the United States, under strict privacy safeguards. We have implemented robust administrative, technical, and physical security measures to protect your information.

5. Your Privacy Rights

As a client, you have the right to:

• Access and Correct Your Information: You may request access to your personal and health information file and request corrections to any inaccuracies.
• Withdraw Consent: You may withdraw your consent for the collection, use, and disclosure of your information for marketing purposes at any time. Withdrawal of consent for the collection of PHI may impact our ability to provide you with services.
• Ask Questions: You have the right to ask questions about our privacy practices.
• File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with our Privacy Officer. If you are not satisfied with the resolution, you may file a complaint with the **Information and Privacy Commissioner of Ontario (IPC)**.

6. Tracking Technologies (Cookies, Analytics, Ads)

Our website utilizes third-party services and tracking technologies, including cookies, for analytics and advertising. These include Google Analytics, Google Ads, Meta Ads, and Microsoft Clarity. You can manage cookies through your browser settings.

7. On-Premise Media and Intellectual Property

For security, our premises may be monitored by video surveillance. For marketing, our staff may capture photos or videos (“Assets”) only with your express, prior, written consent. These Assets are the property of Donya Medical Spa and may not be used without permission.

8. Third-Party Content and External Links

Our Site may contain links or content from third parties. We are not responsible for their privacy practices. If you believe any content on our site infringes on your rights, please contact us for immediate removal.

9. Contact Us

If you have any questions, concerns, or requests regarding this policy, please contact our designated Privacy Officer: