Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information in compliance with Canadian privacy laws and GDPR.

Table of Contents
Last Updated: August 26, 2025

1. Overview

Ryvona Massage Therapy ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.ryvona.org) or use our massage therapy services.

We operate in compliance with:

  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
  • Ontario's Personal Health Information Protection Act (PHIPA)
  • General Data Protection Regulation (GDPR) - European Union
  • California Consumer Privacy Act (CCPA) where applicable
Important: By using our services or website, you consent to the collection and use of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us, including:

  • Contact Information: Name, email address, phone number, mailing address
  • Appointment Information: Preferred appointment times, service preferences
  • Payment Information: Billing address, payment method details (securely processed by third-party payment processors)
  • Communication Records: Records of our communications with you via email, phone, or contact forms

2.2 Health Information

As a healthcare service provider, we collect health-related information necessary for providing safe and effective massage therapy:

  • Health History: Medical conditions, previous injuries, medications, allergies
  • Treatment Notes: Records of treatments provided, areas of concern, client responses
  • Consent Forms: Signed consent forms for treatment

2.3 Website Usage Information

When you visit our website, we may automatically collect:

  • Technical Information: IP address, browser type, operating system, device information
  • Usage Data: Pages visited, time spent on pages, referral sources
  • Cookies and Similar Technologies: See our Cookie Policy for details

2.4 Information from Third Parties

We may receive information from:

  • Insurance providers (for coverage verification)
  • Healthcare providers (with your consent)
  • Payment processors (transaction confirmations)

3. How We Use Your Information

3.1 Primary Purposes

We use your personal information for the following primary purposes:

  • Service Provision: To provide massage therapy and wellness services
  • Appointment Management: To schedule, confirm, and manage appointments
  • Health and Safety: To ensure treatments are safe and appropriate for your health conditions
  • Payment Processing: To process payments and maintain financial records
  • Legal Compliance: To comply with professional and legal requirements

3.2 Secondary Purposes (With Consent)

With your explicit consent, we may use your information for:

  • Marketing Communications: To send wellness tips, promotions, and service updates
  • Service Improvement: To analyze and improve our services
  • Research: For anonymized research purposes to advance massage therapy practices

3.3 Legal Basis for Processing (GDPR)

For EU residents, our legal bases for processing include:

  • Consent: You have given clear consent for processing
  • Contract: Processing is necessary for our service contract with you
  • Legal Obligation: Processing is required by law
  • Legitimate Interest: Processing is necessary for our legitimate business interests

4. Information Sharing & Disclosure

4.1 When We Share Information

We may share your personal information only in the following circumstances:

  • With Your Consent: When you have explicitly agreed to information sharing
  • Healthcare Providers: With other healthcare providers involved in your care (with consent)
  • Insurance Companies: For coverage verification and claims processing
  • Legal Requirements: When required by law, court order, or regulatory authorities
  • Emergency Situations: To protect your health and safety or that of others

4.2 Service Providers

We work with trusted third-party service providers who may access your information to provide services on our behalf:

  • Payment Processors: To process credit card and debit transactions
  • Email Service Providers: To send appointment confirmations and communications
  • Website Hosting: To maintain our website and online booking system
  • IT Support: To maintain our computer systems and ensure data security

All service providers are required to maintain confidentiality and use information only as directed by us.

4.3 What We Don't Share

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your personal information:

  • Physical Security: Locked filing cabinets, secure office premises, controlled access
  • Technical Security: Encrypted data transmission, secure servers, regular security updates
  • Administrative Security: Staff training, confidentiality agreements, access controls
  • Digital Security: Firewalls, antivirus software, secure backup systems

5.2 Data Breach Response

In the unlikely event of a data breach, we have procedures in place to:

  • Immediately assess and contain the breach
  • Notify affected individuals within 72 hours (as required by law)
  • Report to relevant regulatory authorities
  • Take corrective measures to prevent future breaches
Your Role in Security: Please help us protect your information by keeping your contact details up to date and notifying us immediately of any suspected unauthorized access to your information.

6. Data Retention

6.1 Retention Periods

We retain your personal information for different periods depending on the type of information and legal requirements:

  • Treatment Records: 10 years from last treatment (as required by professional standards)
  • Financial Records: 7 years from last transaction (for tax and accounting purposes)
  • Marketing Consent Records: Until consent is withdrawn
  • Website Usage Data: 2 years from collection

6.2 Secure Disposal

When retention periods expire, we securely dispose of personal information using methods appropriate to the type of information (shredding of paper records, secure deletion of digital files).

7. Your Privacy Rights

You have important rights regarding your personal information. The specific rights available to you may vary depending on your location and applicable privacy laws.

Right Description How to Exercise
Access Request a copy of your personal information we hold Contact us using the information below
Correction Request correction of inaccurate or incomplete information Contact us with the correct information
Deletion Request deletion of your personal information (subject to legal requirements) Contact us with your deletion request
Consent Withdrawal Withdraw consent for optional uses of your information Contact us or use opt-out links in communications
Portability (GDPR) Receive your data in a machine-readable format Contact us with your portability request
Objection (GDPR) Object to processing based on legitimate interests Contact us with your objection

7.1 Exercising Your Rights

To exercise your privacy rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days (or as required by applicable law).

7.2 Verification Process

To protect your privacy, we may need to verify your identity before processing certain requests. This may involve asking for identification or confirming personal details.

8. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to improve your browsing experience and provide personalized content. For detailed information about our use of cookies, please see our Cookie Policy.

8.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality
  • Performance Cookies: Help us understand how visitors use our site
  • Functional Cookies: Remember your preferences and choices
  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

8.2 Managing Cookies

You can manage cookie preferences through our cookie banner or your browser settings. Note that disabling certain cookies may affect website functionality.

9. Third-Party Services

9.1 External Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

9.2 Integrated Services

We may integrate with third-party services such as:

  • Google Maps: For location services (subject to Google's privacy policy)
  • Payment Processors: For secure payment processing
  • Email Services: For appointment confirmations and communications

These services have their own privacy policies that govern their collection and use of your information.

10. International Data Transfers

Your personal information is primarily stored and processed in Canada. In some cases, information may be transferred to and processed in other countries where our service providers operate.

10.1 Safeguards

When information is transferred internationally, we ensure appropriate safeguards are in place:

  • Contractual protections with service providers
  • Adequacy decisions for transfers to approved countries
  • Standard contractual clauses where required

11. Children's Privacy

Our services are intended for individuals 16 years of age and older. We do not knowingly collect personal information from children under 16 without parental consent.

11.1 Minors' Services

If we provide services to minors (under 18), we require:

  • Parental or guardian consent for treatment
  • Parent/guardian present during intake and treatment (unless otherwise agreed)
  • Limited collection of personal information to what is necessary for treatment

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.1 Notification of Changes

When we make significant changes to this policy, we will:

  • Post the updated policy on our website with a new "Last Updated" date
  • Notify existing clients via email where possible
  • Obtain new consent where required by law

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Us About Privacy

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

13.1 Privacy Contact Information

  • Privacy Officer: Elena Rodriguez
  • Business Name: Ryvona Massage Therapy
  • Address: 33 Gerrard St West, Toronto, Ontario, Canada
  • Phone: +1 306-664-3013
  • Email: [email protected] (or [email protected])
  • Website: www.ryvona.org

13.2 Regulatory Contacts

If you are not satisfied with our response to your privacy concerns, you may contact:

  • Privacy Commissioner of Canada: www.priv.gc.ca
  • Information and Privacy Commissioner of Ontario: www.ipc.on.ca
  • EU Data Protection Authorities (for GDPR-related complaints)
Response Time: We will acknowledge receipt of your privacy inquiry within 5 business days and provide a substantive response within 30 days (or as required by applicable law).

Questions About Your Privacy?

We're committed to transparency and protecting your privacy. Don't hesitate to contact us if you have any questions or concerns about how we handle your personal information.

Contact Us Email Privacy Officer
Privacy Policy | Ryvona Massage Therapy | Toronto, Canada