By visiting or using the First Session Health Inc. (“First Session”) website at www.firstsession.co, applications, or other online resources provided by First Session (collectively, the “Website”), each web user, counsellor, social worker, psychotherapist, psychologist, client, patient or other member of the public (each a “User”) acknowledges that they may be providing personal information and/or personal health information to First Session.
What is Personal Information?
Personal Information is defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. In other words, it does not include the information that one expects to find on a business card or information that is available in public records. Personal Information includes, but is not limited to, a User’s name, mailing address, telephone number, e-mail address, facsimile number, age, gender, marital status, health status, financial status, credit card information, credit history, interests, browsing preferences, web logs, internet protocol addresses, network and server particulars, and/or other information relevant to the Website, promotional and marketing activities.
Personal health information is more specific, and is defined in the Personal Health Information Protection Act, 2004 (Ontario) (“PHIPA”) as identifying information about an individual which relates to that individual’s physical or mental health, the provision of health care to that individual, payments made or eligibility for health care or health care coverage of that individual.
As the Website connects Mental Healthcare Professionals with potential patients/clients, First Session may at times be subject to the more stringent obligations imposed by PHIPA to the extent that personal health information is collected. First Session will abide by these higher standards when the more stringent obligations apply.
A User who does not consent to the collection of personal information or personal health information, or who withdraws their consent, should immediately cease use of the Website and inform Fist Session’s Privacy Officer (see contact information below). If a User withdraws or limits its consent for First Session to collect or disclose personal information or personal health information, First Session may be limited in its ability to provide services or access to certain aspects of the Website.
Personal information or personal health information will only be collected or disclosed without the consent of the User in the limited circumstances that are expressly permitted by law. For example, privacy legislation allows for the collection and/or disclosure of personal information where there is an emergency, or a serious concern for health and safety.
THE SITE IS INTENDED FOR USERS WHO ARE OVER 18 YEARS OF AGE. Persons who are under 18 years of age should not provide personal information or personal health information without the express consent of their parents or guardians.
Collection of personal information and personal health information
First Session collects personal information and/or personal health information in one (or more) of three ways:
1. Volunteered Information
First Session may collect personal information and/or personal health information that is voluntarily provided by a User utilizing the Website (i.e. data or comments entered into forms or data fields on the Website).
2. Information from Public or Third-Party Sources
First Session may collect personal information and/or personal health information about Users who register or access the Website from public or third-party sources.
3. Information Collected from a User’s Computer or other Electronic Device
First Session collects information from a User’s computer and other electronic devices (i.e. phones, tablets, etc.) when a User accesses the Website. The information collected includes but is not limited to: a User’s Internet Protocol (IP) address, domain name, browser type, date and time of a User’s request and information provided by tracking technologies, such as cookies and single-pixel tags.
First Session may also anonymously use log information on operational systems, and identify categories of Users by items such as domains and browser types to properly manage the Website.
First Session only collects personal information and personal health information that is necessary to accomplish the specific goals for which it is being collected.
How is the personal information and personal health information used?
First Session collects, uses, and discloses personal information and personal health information to provide the User with better services. In particular, personal information and personal health information is collected for the following reasons:
- to register a User for, and facilitate a User’s participation in, certain areas of the Website (for example, by collecting a User’s name and email address in order to contact the User);
- to connect potential patients/clients with Mental Healthcare Professionals (for example, basic information may be collected to assist in filtering or matching a User with Health Cate Providers – provided however that such information will not be shared with a Health Care Provider without the express permission of a User);
- to provide information and reminders to Users regarding their appointments or consultations;
- to properly advertise and promote Mental Healthcare Professionals and their degrees, specifications, and certifications;
- to gather a User’s opinion and feedback;
- internal record keeping;
- to improve the Website;
- to audit online resources for authorized access and security;
- to customize the Website according to a User’s interests; and
- such other uses as may be permitted or required by applicable law.
Specifically, the personal information of Users who are seeking to connect with Mental Healthcare Professionals may be collected in order to filter or match a User with Mental Healthcare Professionals. In these circumstances, certain information such as a User’s name, email address, phone number, gender, occupation, therapy history and responses to assessment questions may be used.
Aggregated Data may be used for data analytics, and for such purpose may be reported to third parties assisting First Session in managing the Website and providing its services.
In certain limited circumstances, First Session may be required to release or provide access to personal information or personal health information in response to a subpoena, search warrant, court order, law, or regulation. In such case, First Session will take all appropriate measures to ensure that Users’ personal information and personal health information is protected to the greatest extent possible while First Session cooperates fully with court and law enforcement authorities in this regard.
To whom does First Session disclose personal information and personal health information?
When a User agrees to be matched with a Health Care Provider, First Session will disclose a User’s personal information (to the extent consented to by such User) to the Health Care Provider in order to facilitate appointments and communication.
Requests to stop collection, use, and/or disclosure
Users may withdraw their consent to First Session’s collection, use, and disclosure of personal information and personal health information at any time, subject to legal and/or contractual restrictions and upon reasonable notice, by contacting First Session’s Privacy Officer (see contact information below).
Notwithstanding the above, certain personal information may be collected automatically when a User visits the Website. Continued use of the Website will be deemed by First Session to be consent to obtain any personal information that derives from Users’ use of the Website notwithstanding the fact that such User has previously communicated their withdrawal of consent for such collection.
How do Users limit the collection, use, and disclosure of information?
Users may choose not to provide personal information or personal health information by not entering it into forms or data fields on the Website when prompted. Users should be aware that choosing not to provide this information may limit their ability to access all features of the Website.
Users who previously agreed to permit the use of personal information for marketing, advertising, or other promotional purposes may revoke their consent by following the opt-out instructions provided in each communication they receive, or by making a request in writing to First Session’s Privacy Officer.
How does First Session protect a User’s Personal Information?
First Session employs physical, administrative, and technological security safeguards appropriate to the sensitivity of the information. With respect to personal health information collected, First Session acts as custodian thereof and takes all precautions required by PHIPA to prevent the unauthorized disclosure thereof. First Session confirms that it does not use any personal health information for treatment purposes. First Session also confirms that it does not take any steps to verify the accuracy of any personal health information.
Access and correction to personal information and personal health information
Users may access, update, and correct inaccuracies in personal information in First Session’s possession, subject to certain exceptions prescribed by law.
Upon written request, First Session will provide a User with any personal information and personal health information in its possession to the extent required by law.
If a User would like to access any of its personal information and personal health information, or believes that any of the personal information and personal health information collected by First Session relating to a User is incorrect or incomplete, they should contact First Session’s Privacy Officer (see contact information below).
Terms and Conditions of Use of Website
Third Party Links and Web Sites
For more information on your privacy rights, you may also contact the Federal Privacy Commissioner at:
Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Or your provincial office of the Information and Privacy Commissioner for more information.