Privacy Policy (Ontario, Canada)

Effective date: October 14, 2025
Website: southernontariocounselling.com (the “Website”)
Organization: Southern Ontario Counselling Centre (“we,” “us,” “our”)
Privacy Officer: Anna Goldcontactsocounselling@gmail.com | 519-746-2323 | 1760 Erb’s Road East, St. Agatha, ON N0B 2L0 (update if different)

We are committed to protecting your privacy. As a counselling/psychotherapy practice in Ontario, we are a Health Information Custodian (HIC) under Ontario’s Personal Health Information Protection Act, 2004 (PHIPA) and also comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) where applicable.


1) Scope

This policy covers how we collect, use, disclose, store, and protect:

  • Personal Health Information (PHI): information about your physical/mental health, health history, services provided, payments, insurer details, and any information that identifies you in a health context.
  • Personal Information (PI): contact details, billing identifiers, and technical data (e.g., IP address) collected via our Website.

Applies to information gathered through the Website, by email/phone/SMS, via telehealth, and in person.


2) Information we collect

You provide directly

  • Contact details (name, email, phone)
  • Intake/inquiry details (reasons for counselling, preferences, availability)
  • Appointment details and clinical records (session dates/times, notes – PHI)
  • Payment information (processed by our payment processor; we do not store full card numbers)

Automatically via the Website

  • IP address, device/browser type, pages viewed, and time on page
  • Cookies/analytics (see “Cookies & Analytics” below)

From third parties (with consent or as permitted/required by law)

  • Referring practitioners, insurers/benefits, emergency contacts, or others you authorize

We collect only what is reasonably necessary for your care and to operate our practice.


We use PHI/PI for:

  1. Assessment, treatment, and continuity of care (PHIPA)
  2. Scheduling and client administration
  3. Billing and payments
  4. Quality assurance, supervision, and clinical auditing (de-identified where possible)
  5. Legal and regulatory compliance (record-keeping, college standards)
  6. Security and fraud prevention (protecting our systems)
  7. Website functionality and analytics (see Cookies & Analytics)
  8. Marketing communications (only if you opt in; you may opt out anytime)

We do not sell your personal information.


  • Care context: We obtain your consent at intake and prior to disclosing information except where PHIPA/PIPEDA permits/ requires otherwise. You may withdraw consent at any time, subject to legal/contractual limits and our ability to continue services.
  • Email/SMS: Used for scheduling/reminders and basic admin. Avoid sending sensitive content by these channels. You can opt out of non-essential messages.
  • Marketing: We send marketing messages only if you opted in; you can unsubscribe anytime.

5) Disclosures

We disclose PHI/PI only as needed and permitted by PHIPA/PIPEDA, for example to:

  • Your care team or other providers with your consent
  • Service providers (processors): secure IT, hosting, email, payments, analytics, scheduling, or telehealth vendors who act on our instructions and are bound by confidentiality/safeguards
  • Legal/regulatory bodies (e.g., pursuant to court order or professional college oversight)
  • Prevent or reduce serious risk of significant harm, as permitted/required by law
  • Insurance/benefits you authorize us to contact

A current list of key service providers is available upon request.


6) Cross-border transfers

Some service providers may store or process information outside Ontario/Canada (e.g., U.S.). Those jurisdictions may have different privacy laws and lawful access regimes. We use reputable vendors, apply contractual protections, and limit disclosures to what’s necessary.


7) Cookies & Analytics

We use cookies to operate our site and improve performance.

  • Analytics tool in use: Google Analytics
  • Data collected: page views, on-site actions, device/browser info, IP-based geolocation
  • Managing cookies: adjust your browser settings to block or delete cookies. Blocking some cookies may impact functionality.
  • Do Not Track: We do not currently respond to DNT signals.

Where required, we display a cookie banner for consent to non-essential cookies.


8) Telehealth & electronic communication

We use approved platforms with encryption and access controls for telehealth. You’re responsible for privacy on your end (private space, secure connection, updated device). Email/SMS are for administrative purposes unless you explicitly consent otherwise.


9) Safeguards

We maintain administrative, technical, and physical safeguards appropriate to the sensitivity of PHI/PI, including:

  • Access controls and role-based permissions
  • Encryption in transit (HTTPS) and, where supported, at rest
  • Strong authentication for staff and vendors
  • Confidentiality agreements and privacy training
  • Secure disposal/destruction at end of retention

No method is 100% secure; we review and improve safeguards regularly.


10) Retention & destruction

Clinical records are retained at least 10 years from the date of the last entry. For clients under 18, records are kept at least 10 years after the day the client turns 18. Administrative/Website inquiry records may have shorter retention. When retention ends, we securely destroy or de-identify information.


11) Access, correction & accounting of disclosures

You have rights to:

  • Access your records and receive copies (reasonable fees may apply)
  • Request correction of incomplete/inaccurate information
  • Request an accounting of certain disclosures

Contact our Privacy Officer (details above). We’ll respond within statutory timeframes and explain any lawful limitations.


12) Breach notification

If a privacy incident results in unauthorized access, use, or disclosure of your PHI/PI, we will notify you and, where required, notify the Information and Privacy Commissioner of Ontario (IPC) and any other applicable authorities.


13) Children & minors

We provide services to minors consistent with Ontario law and professional standards. Capacity and consent are assessed clinically. We protect minors’ information in line with PHIPA and applicable custodial/parental rights.


14) Equity & Inclusion Statement

Our practice is grounded in principles of equity, inclusion, and respect for all people. We recognize that individuals and relationships exist within broader social systems that impact access, safety, and wellbeing. We are committed to creating a therapeutic environment that acknowledges these realities and works actively to reduce harm and barriers to care.

We value ongoing reflection and education to expand our cultural awareness and responsiveness. This includes attention to factors such as race, culture, gender identity, sexual orientation, relationship structure, ability, age, religion, and socioeconomic context.

Equity and inclusion are not static goals but ongoing practices. We take responsibility for the perspectives we bring, remain open to feedback, and seek repair and growth when our own assumptions or biases limit understanding.


Our Website may link to third-party sites we do not operate. Review their privacy policies; we are not responsible for their practices.


16) Changes to this policy

We may update this policy from time to time. The Effective date will change when revisions are posted. We will notify you of material changes when required by law.


17) Questions or complaints

Privacy Officer: Anna Gold
Email: contactsocounselling@gmail.com | Phone: 519-746-2323
Mailing address: 1760 Erb’s Road East, St. Agatha, ON N0B 2L0 (update if different)

If you are not satisfied with our response, you may contact the Information and Privacy Commissioner of Ontario (IPC): 1-800-387-0073 | ipc.on.ca.