How We Manage Your Personal Information
The first thing to know is that as a business, we are governed by The Personal Information Protection and Electronic Documents Act (PIPEDA). You can click here for a brief overview of PIPEDA. Basically, it’s a law that applies to private-sector organizations across Canada which collect, use, or disclose personal information in the course of a commercial activity.
The second thing to know is that both our people and systems follow PIPEDA’s 10 fair information principles for the collection, use, and disclosure of personal information as well as for providing access to it. Below is a list of the 10 fair information principles along with explanations of how they apply at Body Works Med Spa & Wellness.
- We commit to complying with all 10 fair information principles!
- Catherine Crosbie is the Owner-Operator of Body Works Med Spa & Wellness and the custodian of our records. She is responsible for PIPEDA compliance.
- We have security measures in place to protect the personal information that we hold. If we share your information with a third party, we do so with your permission and in accordance with the law.
- We developed and continuously implement personal information policies and practices to ensure proper management and security measures.
- There is always a purpose for the information that we collect. This way, we do not collect more than we need.
- When we collect personal information, we generally identify the reasons why we need it. This may be done orally or in writing.
- If we have a new purpose for your information, we request your consent again to use your information for this new purpose.
Information that we collect when a Merchant’s customers make a payment
When a customer makes a payment via our online web shop or Clover POS, we collect information about the transaction, which may include personal data. Information about transactions includes the payment card used, name associated with the payment card, the location of the merchant’s store, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction.
Additional information Merchants’ customers provide through the Clover POS ancillary to a payment
We may collect additional information ancillary to the payment. This information may include:
- Customers’ email address or phone number, such as when the customer chooses to receive an electronic receipt
- Customers’ marketing preferences, such as whether the customer wishes to receive marketing communications or newsletters
- Information about participating customers’ activity in a merchant loyalty program
- Customers’ physical address, where needed for delivery of goods or services
- Other information the customer provides, such as birthdate, interests or preferences, reviews, and feedback
- We obtain meaningful consent for the collection, use, and disclosure of personal information. In other words, we ensure that you understand what you are consenting to.
- You may withdraw consent at any time with reasonable notice. This withdrawal of consent may be subject to legal and contractual restrictions. We will inform you if there are consequences of your withdrawal of consent.
- As previously mentioned, we do not collect more personal information than we need.
- We are honest about the reasons we are collecting your information (if you check out our core values, you’ll see that being honest and upfront is always important to us).
- We only collect your information by fair and lawful means.
Limiting Use, Disclosure, and Retention
- We may disclose personal information if the disclosure is in accordance with its purpose for collection and the law.
- You may notice that we obtain fresh consent if we intend to use or disclose your information for a new purpose.
- We only keep personal information as long as it is needed to serve its purpose. For example, after we have final “before & after” comparisons, we delete all photos for which there is no more purpose.
- We take steps to ensure that the personal information that we collect is accurate, especially when it involves making a decision about your treatments and when disclosing information to third parties.
- We also protect all personal information against loss, theft, or any unauthorized access, disclosure, copying, use, or modification.
- Our information management practices are clear, easy to understand, and readily available.
- If you ask, we will advise you about what information of yours we hold.
- We are happy to explain where or how we obtained your information, how it is or was used, and to whom it has been disclosed.
- At your request, we will provide what information of yours that we have. There may be a small administrative fee associated with this. If there is a reason why we cannot provide your information, we will explain this to you.
- We correct or amend personal information in cases where accuracy and completeness are lacking.
- If there are disputes about your personal information, we note them on your chart and advise third parties where appropriate.
- Should you wish to challenge our compliance with the fair information principles, you may address your challenge to the person at Body Works Med Spa & Wellness who is accountable for compliance with PIPEDA (this is Catherine, the Owner-Operator). In this situation, we will tell you about your avenues of recourse and provide simple complaint handling and investigation procedures.
- We commit to investigating all complaints that we receive.
- If our information-handling practices and policies are deemed problematic, we will improve them!
To contact us about privacy, please call 902-405-0858 and leave a message for Catherine. You can also email us at email@example.com or write to:
Attn: Catherine Crosbie
Body Works Med Spa & Wellness
1535 Dresden Row, Suite 206