Toronto.Hair handles patient information under Canadian privacy law (PIPEDA) and Ontario’s Personal Health Information Protection Act (PHIPA). Below: plain-language summary of what we collect, why, and what we do with it.
Photo consultation submissions: the photos you upload, the medical history you provide, your contact information, and any notes you include. All used for clinical review by Dr. Jones.
Surgical patient records: if you proceed with surgery, the standard medical record — pre-op assessment, surgical notes, post-op photos, follow-up records. Subject to Ontario medical-records retention requirements.
Website analytics: aggregated, anonymous data about page views and navigation patterns. We don’t track individual users across sessions or sell any data.
Newsletter sign-ups: your email address only, used for the monthly newsletter you signed up for. Unsubscribe one click, full deletion on request.
Photo and consultation data is encrypted in transit (TLS 1.3) and at rest. Stored on Canadian servers under PIPEDA jurisdiction. Access is restricted to clinical staff who need it for your care.
We do not share, sell, license, or otherwise disclose your information to third parties. We do not use your photos in advertising or marketing without explicit written consent — and even with consent, we’d ask separately for each use.
The exceptions: 1. If you authorise disclosure to another physician (e.g., for ongoing care). 2. If legally required by court order or regulatory body. 3. Aggregated, fully de-identified data may be used in research or quality-improvement work — but only in forms that cannot be traced back to you.
Access: you can request a copy of any information we hold about you, free of charge, within 30 days.
Correction: if any information is inaccurate, you can request correction. We’ll update or annotate the record as appropriate.
Deletion: you can request deletion of consultation data if you don’t proceed to surgery. Surgical records are subject to Ontario medical-records retention requirements (typically 10 years from last contact, longer for minors), but you can request restriction of access during that period.
Withdrawal of consent: you can withdraw consent for any non-essential use of your information at any time. Email the clinic or call (905) 236-1048.
Email the clinic directly or call (905) 236-1048. We respond to privacy-related inquiries within five business days.