Privacy Policy

We are extremely sensitive to your privacy and the confidentiality of your information.

1. Our Commitment to Privacy

Opal Skin Lab is committed to protecting the privacy and confidentiality of the personal information of our clients and website users. As a medical spa operating in Ontario, we are committed to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the provincial Personal Health Information Protection Act (PHIPA) concerning the collection, use, and disclosure of personal health information.

This policy outlines how we manage your personal information and safeguard your privacy.

2. What is Personal Information?

Personal Information is any information about an identifiable individual. It may include, but is not limited to:

  • Identification and Contact Information: Name, address, telephone number, email address, date of birth, emergency contact.

  • Billing Information: Insurance information (if applicable), payment card details, and billing history.

  • Website and Usage Data: IP address, browser type, pages visited, and other technical information collected via cookies or analytics tools.

3. What is Personal Health Information (PHI)?

For the purposes of this policy, Personal Health Information (PHI) is a specific type of personal information related to your health or the provision of health care services, including:

  • Information concerning your physical or mental health, medical history, and diagnosis.

  • Information concerning the health services provided to you (e.g., treatment plans, procedure notes, before and after photos).

  • Your Ontario Health Card number (if collected and legally authorized).

4. Collection of Personal Information and PHI

We collect only the information that is necessary for the purposes of providing you with our services, as outlined below.

A. Directly from You: We collect information directly from you through:

  • Client intake and consent forms (paper or electronic).

  • Consultations and treatment sessions.

  • Website forms (e.g., booking requests, contact forms, newsletter sign-ups).

  • Correspondence via email, phone, or in person.

B. Indirectly: We may collect information indirectly from third parties, with your consent or as legally required, such as:

  • Other healthcare providers (with your written consent).

  • Service providers (e.g., online booking systems, payment processors).

  • Website analytics providers.

5. Purposes for Collecting, Using, and Disclosing Information

Opal Skin Lab collects, uses, and discloses your personal information and PHI for the following purposes:

A. To Provide Care and Services:

  • To identify you and ensure accuracy of your health records.

  • To assess, plan, and provide you with safe, effective, and personalized medical spa treatments and services.

  • To communicate with you about your appointments, treatment follow-ups, and post-procedure care.

  • To ensure our services do not conflict with existing medical conditions.

B. For Administration and Business Operations:

  • To establish and maintain client records and medical charts.

  • To process payments, manage billing, and collect outstanding accounts.

  • For quality assurance, risk management, and training purposes.

  • To comply with legal, regulatory, and professional obligations (e.g., College of Physicians and Surgeons of Ontario guidelines).

C. For Website, Marketing, and Communication:

  • To monitor and analyze website usage (e.g., Google Analytics) to improve our services and website experience.

  • To respond to your inquiries and requests.

  • To send you news, special offers, and promotional information about our services (where you have explicitly consented or have not opted-out).

6. Consent

A. Implied Consent (for Care): When you seek treatment or care from Opal Skin Lab, your consent for us to collect, use, and disclose your PHI for the purposes of providing you with care is implied, unless you instruct us otherwise. This includes sharing information with other healthcare providers involved in your care (e.g., referring physician).

B. Express Consent (for Marketing and Specific Disclosures): We will obtain your express, written consent for:

  • Marketing communications (e.g., email newsletters).

  • Using your "before and after" photos for promotional purposes (de-identified or with specific photo release).

  • Disclosing your PHI to third parties for purposes other than treatment or legal requirements (e.g., for research or to a non-healthcare-related third party).

C. Withdrawing Consent: You may withdraw your consent for certain uses or disclosures of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may limit our ability to provide you with certain services. To withdraw consent, please contact our Privacy Officer.

7. Limiting Use, Disclosure, and Retention

We do not use or disclose personal information for purposes other than those for which it was collected, except with your consent or as required or permitted by law.

A. Authorized Disclosures: We may disclose your information to third-party service providers (e.g., secure electronic medical record systems, IT support) who are obligated by contract to protect your information and only use it for the purposes we direct.

B. Legal and Regulatory Disclosure: We may be required to disclose your PHI without your consent to comply with a subpoena, court order, or search warrant, or to meet the legal requirements of our regulatory body (e.g., public health reporting).

C. Retention: We retain your personal information and PHI for the period necessary to fulfill the purposes for which it was collected, to provide high-quality care, and to meet our legal and professional record-keeping requirements in Ontario. When your information is no longer required, it is destroyed in a secure and irreversible manner.

8. Security and Safeguards

Opal Skin Lab takes the security of your information seriously. We use a combination of physical, technological, and administrative safeguards to protect your personal information and PHI from theft, loss, unauthorized access, disclosure, copying, use, or modification.

These safeguards include:

  • Physical security measures (e.g., locked filing cabinets, secure premises).

  • Technological safeguards (e.g., password protection, encryption, secure networks, use of PHIPA-compliant electronic medical record systems).

  • Organizational controls (e.g., staff training, confidentiality agreements, need-to-know access policies).

9. Your Rights: Access and Correction

You have the right to access and request a copy of your own record of personal information and PHI, subject to limited exceptions under PHIPA. You also have the right to request a correction if you believe your record is inaccurate or incomplete.

  • To Request Access or Correction: Please submit a written request to our Privacy Officer (contact details below). We will respond to your request within the timeframe required by law.

  • We may charge a nominal fee for providing a copy of your record, as permitted by law.

10. Website Data, Cookies, and Third Parties

Our website may use cookies and similar tracking technologies to enhance your experience, track usage, and collect certain non-personally identifiable information.

  • You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you do not accept cookies, you may not be able to use some portions of our website.

  • Our website may contain links to other sites. We are not responsible for the privacy practices of those other sites.