Privacy Policy for Shanti Psychotherapy Inc.
Effective Date: February 10th, 2025
Welcome to Shanti Psychotherapy. This Privacy Policy outlines our privacy practices and policies regarding confidentiality, the collection, use, and disclosure of your personal health information while engaged in services through our organization. By using our website (www.shantipsychotherapy.ca) and our services, you consent to the collection and use of your information in accordance with this policy.
Who We Are
Shanti Psychotherapy is a grassroots, community-centred psychotherapy practice dedicated to serving individuals and families from diverse cultural backgrounds. Our team of multicultural therapists provides compassionate, culturally informed, and confidential therapeutic care. Our goal is to offer accessible, inclusive, and effective mental health services to support your wellness journey.
What is Personal Health Information?
Personal health information includes data that can identify a person and details about their healthcare. This may include:
- Contact details (name, address, phone number, email)
- Personal characteristics (age, gender, ethnicity, cultural background)
- Health information (presenting concerns, treatment history, mental health conditions, therapy notes, and progress reports)
We collect personal health information to provide quality therapy services, assess treatment needs, and offer personalized care.
Collection and Use of Personal Health Information
The primary purposes of collecting personal health information include:
- Evaluating your mental health and treatment needs
- Providing therapy and related healthcare services
- Documenting progress and therapy outcomes
- Processing payment for services and insurance claims
- Contacting you regarding appointments and treatment-related communication
We may also collect information for research, program development, and evaluation purposes. However, your data will never be shared for these purposes without explicit consent.
If applicable, third-party payers such as extended-health benefits insurers, auto insurers, WSIB, long-term disability insurers, and legal representatives may request relevant information about your treatment to determine funding eligibility.
Electronic Communication of Personal Health Information (Email and Virtual Services)
Shanti Psychotherapy offers email and virtual communication for appointment confirmations, invoicing, and general inquiries. However, please note that email is not a secure form of communication, and there are risks associated with transmitting sensitive information electronically.
By choosing to communicate via email or virtual services, you acknowledge the following:
- Emails may be intercepted, forwarded, or stored without encryption.
- Email should not be used for discussing sensitive personal health details.
- If you do not receive a response within a reasonable time, follow up with a phone call to ensure your message was received.
- You have the right to opt out of email communication at any time.
Shanti Psychotherapy provides virtual therapy sessions via a secure, PHIPA-compliant platform (e.g., JaneApp). Clients are responsible for ensuring they use a secure internet connection and a private location for sessions. Your clinician will discuss the benefits and risks of virtual therapy with you prior to your first session.
Confidentiality and Disclosure of Personal Health Information
Your personal health information is confidential and will not be shared without your consent, except in the following circumstances:
- Risk of Harm: If there is reason to believe that you or someone else is in danger of harm, we are required to take necessary action to ensure safety, including contacting emergency services.
- Child Protection: If we suspect a child under 16 is at risk of abuse, neglect, or harm, we are mandated to report this to the appropriate child protection agency.
- Court Orders: If required by law, we may be obligated to release client records in response to a court order or legal subpoena.
- Sexual Abuse by a Health Professional: If a registered health professional is suspected of sexual misconduct, we must report this to their regulatory body.
- Regulatory Compliance: Our professional regulatory organizations (e.g., the College of Registered Psychotherapists of Ontario) may audit client records for quality assurance and compliance with professional standards.
- Missing Persons: If law enforcement presents a Court Order, Search Warrant, or Urgent Demand for records related to a missing person, we are legally required to provide the requested information.
Your Rights and Access to Your Information
As a client, you have the right to:
- Access your personal health records
- Request corrections to factual errors in your file
- Withdraw consent for the collection, use, or disclosure of your information (except where legally required)
- Request a copy of your therapy records (processing fees may apply)
Requests for access to personal health records will be processed within 30 days. If we are unable to provide access, you will receive a written explanation.
Storage and Destruction of Personal Health Information
We retain client records for 10 years after the last session (or, for minors, 10 years after they turn 18). After this period, all records are securely destroyed to protect privacy.
Website Analytics and Cookies
Our website uses Google Analytics and similar tracking technologies to analyze visitor interactions. These tools collect anonymous information such as:
- Browser type and device information
- Pages visited on our website
- Geographic location (city-level data)
This data helps us improve our services and online experience. Users can opt out of tracking by adjusting browser settings or using browser extensions that block cookies.
Data Security Measures
Shanti Psychotherapy implements industry-standard measures to protect personal information, including:
- Encrypted client records stored on secure servers
- Limited access to client files, restricted to authorized professionals
- Secure payment processing for all transactions
Despite our efforts, no method of data transmission is 100% secure. We encourage clients to take precautions when sharing sensitive information online.
Privacy Policy Updates
This Privacy Policy may be updated periodically to reflect changes in legal requirements or clinic policies. We encourage you to review this page regularly.
Questions and Contact Information
If you have questions or concerns about this Privacy Policy, please contact:
Angie Agrawal Holstein
Owner & Clinical Director
Shanti Psychotherapy
Toronto, Etobicoke, Ontario, Alberta, and British Columbia
Phone: (437) 747-0692
Email: hello@shantipsychotherapy.ca
If we are unable to resolve your concerns, you have the right to file a complaint with the following regulatory bodies:
The College of Registered Psychotherapists of Ontario (CRPO)
375 University Avenue, Toronto, Ontario M5G 2J5
Phone: (416) 479-4330
Website: www.crpo.ca
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400, Toronto, Ontario, M4W 1A8
Phone: (416) 326-3333 or (800) 387-0073
Website: www.ipc.on.ca
By continuing to use our services, you acknowledge that you have read and understood this Privacy Policy.
Personal Data processed for the following purposes and using the following services:
Analytics
Google Analytics (Universal Analytics)
Personal Data: Cookies; Usage Data
Google Analytics 4
Personal Data: browser information; city; device information; latitude (of city); longitude (of city); number of Users; session statistics; Trackers; Usage Data
Contacting the User
Contact form
Personal Data: email address; first name; last name; various types of Data
Phone contact
Personal Data: phone number
Mailing list or newsletter
Personal Data: email address; first name; last name; Usage Data
Content commenting
Comment system managed directly
Personal Data: Cookies; email address; first name; last name; Usage Data; website
Displaying content from external platforms
Google Maps widget, Vimeo video and YouTube video widget
Personal Data: Cookies; Usage Data
Google Fonts
Personal Data: Trackers; Usage Data
Gravatar
Interaction with external social networks and platforms
Instagram button and social widgets and Facebook Like button and social widgets
Personal Data: Cookies; Usage Data
SPAM protection
Google reCAPTCHA
Personal Data: answers to questions; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events; Trackers; Usage Data
Tag Management
Google Tag Manager
Personal Data: Trackers; Usage Data
Further information about the processing of Personal Data
Jane App
Provider: Jane App is a cloud-based appointment booking service provided by Jane Software Inc.
Purpose: To create client contracts and for bookkeeping and accounting requirements.
Personal Data Collected: first name, last name, email address, home address, date of birth, phone number, billing address, usage data and various types of data as specified in the privacy policy of the service.
Place of processing: Canada
Privacy Policy: https://jane.app/privacy
A2
Hosting provided by A2 hosting/Flexer Hosting. No personal data is kept on the server
Purpose: This type of service has the purpose of hosting Data and files that enable this Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Website. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Privacy Policy: https://www.iubenda.com/privacy-policy/18557277
Personal Data collected through sources other than the User
The Owner of this Application may have legitimately collected Personal Data relating to Users without their knowledge by reusing or sourcing them from third parties on the grounds mentioned in the section specifying the legal basis of processing.
Where the Owner has collected Personal Data in such a manner, Users may find specific information regarding the source within the relevant sections of this document or by contacting the Owner.
Automated decision-making
Automated decision-making means that a decision which is likely to have legal effects or similarly significant effects on the User, is taken solely by technological means, without any human intervention. This Application may use the User’s Personal Data to make decisions entirely or partially based on automated processes according to the purposes outlined in this document. This Application adopts automated decision-making processes as far as necessary to enter into or perform a contract between User and Owner, or on the basis of the User’s explicit consent, where such consent is required by the law.
Automated decisions are made by technological means – mostly based on algorithms subject to predefined criteria – which may also be provided by third parties.
The rationale behind the automated decision making is:
to enable or otherwise improve the decision-making process;
to grant Users fair and unbiased treatment based on consistent and uniform criteria;
to reduce the potential harm derived from human error, personal bias and the like which may potentially lead to discrimination or imbalance in the treatment of individuals etc.;
to reduce the risk of User’s failure to meet their obligation under a contract. To find out more about the purposes, the third-party services, if any, and any specific rationale for automated decisions used within this Application, Users can check the relevant sections in this document.
Consequences of automated decision-making processes for Users and rights of Users subjected to it.
As a consequence, Users subject to such processing, are entitled to exercise specific rights aimed at preventing or otherwise limiting the potential effects of the automated decisions taken.
In particular, Users have the right to:
obtain an explanation about any decision taken as a result of automated decision-making and express their point of view regarding this decision;
challenge a decision by asking the Owner to reconsider it or take a new decision on a different basis;
request and obtain from the Owner human intervention on such processing.
To learn more about the User’s rights and the means to exercise them, the User is invited to consult the section of this document relating to the rights of the User.
Analysis and predictions based on the User’s Data (“profiling”)
The Owner may use the Personal and Usage Data collected through this Application to create or update User profiles. This type of Data processing allows the Owner to evaluate User choices, preferences and behaviour for the purposes outlined in the respective section of this document.
User profiles can also be created through the use of automated tools like algorithms, which can also be provided by third parties. To find out more about the profiling activities performed, Users can check the relevant sections of this document.
The User always has a right to object to this kind of profiling activity. To find out more about the User’s rights and how to exercise them, the User is invited to consult the section of this document outlining the rights of the User.
The Service is not directed to children under the age of 13
Users declare themselves to be adult according to their applicable legislation. Minors may use this Application only with the assistance of a parent or guardian. Under no circumstance persons under the age of 13 may use this Application.
Owner and Data Controller
Angie Agrawal Holstein
Privacy Officer
Owner/Clinical Director Toronto, Etobicoke, Ontario, Alberta and British Columbia
Shanti Psychotherapy
(437) 747-0692
Owner contact email: hello@shantipsychotherapy.ca
