Book an Appointment

PRIVACY POLICY

Rose Beauty Clinic

Last Updated: October 23, 2025

1. INTRODUCTION

Rose Beauty Clinic (“we,” “us,” “our,” or “the Clinic”) is committed to protecting the privacy and confidentiality of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario privacy legislation.

By using our services, visiting our clinic, or interacting with our website, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. DEFINITIONS

Personal Information: Information about an identifiable individual, including but not limited to name, address, email, phone number, date of birth, medical information, and payment details.

Personal Health Information: A subset of personal information relating to your physical or mental health, health care history, treatment information, and related data.

Consent: Your voluntary agreement to the collection, use, and disclosure of your personal information for specified purposes.

3. INFORMATION WE COLLECT

3.1 Personal Identification Information

  • Full name
  • Date of birth
  • Gender
  • Contact information (address, phone number, email)
  • Emergency contact information
  • Government-issued identification (when required)

3.2 Medical and Health Information

  • Medical history and current health conditions
  • Current medications and supplements
  • Allergies and adverse reactions
  • Previous cosmetic procedures and treatments
  • Treatment records and progress notes
  • Consultation notes and assessments
  • Pre- and post-treatment photographs (with consent)
  • Contraindications and risk factors

3.3 Treatment Information

  • Services requested and received
  • Treatment dates and frequency
  • Treatment outcomes and follow-up care
  • Practitioner notes and recommendations
  • Consent forms and signed agreements

3.4 Financial Information

  • Payment method details
  • Billing address
  • Transaction history
  • Insurance information (if applicable)
  • Credit card information (processed securely)

3.5 Communication Information

  • Email correspondence
  • Text messages and phone call records
  • Appointment reminders and confirmations
  • Marketing communication preferences

3.6 Technical Information (Website and Online)

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Cookies and tracking technologies
  • Referral sources

3.7 Other Information

  • Reviews and testimonials
  • Survey responses and feedback
  • Social media interactions
  • Gift certificate purchases and redemptions

4. HOW WE COLLECT INFORMATION

We collect personal information through various methods:

4.1 Direct Collection

  • Consultation and intake forms
  • In-person conversations during appointments
  • Phone calls and email communications
  • Online booking systems
  • Website contact forms
  • Consent forms and treatment agreements

4.2 Automated Collection

  • Website cookies and analytics
  • Appointment scheduling software
  • Electronic medical records systems
  • Payment processing systems

4.3 Third-Party Sources

  • Healthcare providers (with your consent)
  • Referring physicians or clinics
  • Insurance companies (when applicable)
  • Payment processors

5. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

5.1 Primary Purposes

  • Providing Services: To deliver safe and effective aesthetic treatments tailored to your needs
  • Medical Assessment: To evaluate your suitability for treatments and identify contraindications
  • Treatment Planning: To develop personalized treatment plans and recommendations
  • Safety and Care: To ensure your safety during and after treatments
  • Follow-Up Care: To provide post-treatment support and monitor outcomes
  • Record Keeping: To maintain accurate medical records as required by law

5.2 Administrative Purposes

  • Appointment Management: To schedule, confirm, and manage appointments
  • Communication: To contact you regarding appointments, treatments, and clinic updates
  • Billing and Payment: To process payments and manage financial transactions
  • Quality Assurance: To evaluate and improve our services
  • Staff Training: To train practitioners (with anonymized or consented information)

5.3 Legal and Regulatory Purposes

  • Compliance: To comply with legal and regulatory requirements
  • Professional Standards: To meet professional practice standards and guidelines
  • Legal Defense: To defend against legal claims or disputes
  • Regulatory Reporting: To report to regulatory bodies when required

5.4 Marketing and Communications (With Consent)

  • Promotional Materials: To send newsletters, special offers, and promotions
  • Educational Content: To provide skincare tips and treatment information
  • Event Invitations: To invite you to clinic events or workshops
  • Marketing Analytics: To understand customer preferences and improve marketing

5.5 Research and Development

  • Treatment Efficacy: To analyze treatment outcomes (anonymized data)
  • Service Improvement: To develop new services and improve existing ones
  • Industry Research: To contribute to aesthetic medicine research (anonymized data)

6. CONSENT

6.1 Express Consent

We obtain your express (explicit) consent for:

  • Collection and use of personal health information
  • Sharing information with third-party healthcare providers
  • Use of photographs for marketing purposes
  • Disclosure of information beyond primary treatment purposes

Express consent is typically obtained through:

  • Signed consent forms
  • Written agreements
  • Electronic consent during online booking
  • Verbal consent (documented in records)

6.2 Implied Consent

We may rely on implied consent for:

  • Routine appointment communications
  • Standard administrative purposes directly related to services
  • Service improvement based on your feedback

6.3 Withdrawing Consent

You may withdraw consent at any time by:

  • Contacting us in writing at info@rosebeautyclinic.ca
  • Calling our clinic
  • Submitting a written request in person

Important: Withdrawing consent may affect our ability to provide certain services. We will inform you of any consequences before you withdraw consent. We may still retain information as required by law or for legitimate business purposes.

6.4 Exceptions to Consent

We may collect, use, or disclose personal information without consent when:

  • Required or authorized by law
  • There is a medical emergency
  • Information is publicly available
  • Necessary to collect a debt you owe
  • Required for regulatory or legal proceedings

7. HOW WE SHARE YOUR INFORMATION

7.1 Within the Clinic

Personal information is shared among our authorized staff members on a need-to-know basis to provide services, including:

  • Practitioners performing treatments
  • Administrative staff managing appointments
  • Billing and financial staff

7.2 Healthcare Providers

With your consent, we may share information with:

  • Your family physician or specialist
  • Referring healthcare providers
  • Other healthcare professionals involved in your care
  • Laboratories or diagnostic facilities

7.3 Service Providers and Third Parties

We may share information with trusted service providers who assist us in operating our business, including:

  • Payment Processors: To process credit card and debit transactions
  • IT Service Providers: To maintain our electronic systems and website
  • Appointment Booking Systems: To manage scheduling
  • Email Marketing Platforms: To send newsletters (with your consent)
  • Cloud Storage Providers: To securely store records
  • Accounting and Legal Professionals: For business operations

All third-party service providers are bound by confidentiality agreements and must comply with applicable privacy laws.

7.4 Legal and Regulatory Authorities

We may disclose information to:

  • Law enforcement agencies when required by law
  • Regulatory bodies (e.g., College of Physicians and Surgeons)
  • Courts and legal proceedings
  • Government agencies as required

7.5 Business Transactions

In the event of a sale, merger, or acquisition of our business, personal information may be transferred to the new owner, subject to the same privacy protections.

7.6 Emergency Situations

We may disclose information without consent in medical emergencies to protect your health and safety.

7.7 What We Do NOT Do

We do NOT:

  • Sell your personal information to third parties
  • Share your information for unrelated marketing purposes
  • Disclose your information internationally without adequate protections
  • Use your information for purposes beyond those described in this policy without consent

8. DATA SECURITY

8.1 Security Measures

We implement physical, technical, and administrative safeguards to protect your personal information, including:

Physical Security:

  • Secured clinic premises with controlled access
  • Locked filing cabinets for paper records
  • Restricted access to treatment and records areas
  • Security cameras (in public areas only)

Technical Security:

  • Encrypted electronic health records systems
  • Secure password-protected computers
  • Firewall and antivirus protection
  • Regular software updates and security patches
  • Secure data backup systems
  • Encrypted email for sensitive communications
  • Secure payment processing systems (PCI DSS compliant)
  • SSL encryption on our website

Administrative Security:

  • Staff training on privacy and confidentiality
  • Confidentiality agreements with all staff
  • Access controls limiting who can view information
  • Regular privacy audits and assessments
  • Clear privacy policies and procedures

8.2 Data Breach Response

In the unlikely event of a data breach:

  • We will take immediate action to contain and investigate the breach
  • We will notify affected individuals as required by law
  • We will notify relevant authorities (e.g., Privacy Commissioner)
  • We will take steps to prevent future breaches

8.3 Limitations

While we use reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials (if applicable).

9. DATA RETENTION

9.1 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal requirements:

  • Medical Records: Minimum 10 years from last treatment (as required by Ontario regulations)
  • Financial Records: 7 years from last transaction (as required by tax laws)
  • Marketing Communications: Until you unsubscribe or withdraw consent
  • Website Data: Varies by type (cookies may be retained for shorter periods)
  • Consent Forms: Retained with medical records

9.2 Destruction of Records

When personal information is no longer required:

  • Paper records are shredded or securely destroyed
  • Electronic records are permanently deleted or anonymized
  • Storage media is securely wiped or physically destroyed

9.3 Archival Records

Certain information may be retained indefinitely for:

  • Historical research (anonymized)
  • Legal defense purposes
  • Regulatory compliance

10. YOUR PRIVACY RIGHTS

Under Canadian privacy law, you have the following rights:

10.1 Right to Access

You have the right to request access to your personal information. We will provide:

  • Confirmation of what information we hold about you
  • A copy of your personal information
  • Information about how we use and disclose your information

How to Request: Submit a written request to info@rosebeautyclinic.ca or in person at our clinic.

Timeframe: We will respond within 30 days of receiving your request.

Fees: We may charge a reasonable fee for extensive or repetitive requests.

10.2 Right to Correction

You have the right to request correction of inaccurate or incomplete information.

Process:

  1. Notify us of the error in writing
  2. We will investigate and verify the correction
  3. We will update the information or explain why we cannot
  4. We will notify third parties who received the incorrect information (if applicable)

10.3 Right to Withdraw Consent

You may withdraw consent for certain uses of your information:

  • Marketing communications (unsubscribe at any time)
  • Use of photographs for promotional purposes
  • Sharing information with third parties (where consent was obtained)

Note: You cannot withdraw consent for information necessary to provide services or comply with legal obligations.

10.4 Right to File a Complaint

If you believe we have violated your privacy rights, you may:

  • Contact our Privacy Officer (see Section 15)
  • File a complaint with the Privacy Commissioner of Canada (www.priv.gc.ca)
  • File a complaint with the Information and Privacy Commissioner of Ontario (www.ipc.on.ca)

10.5 Right to Opt-Out of Marketing

You can opt out of marketing communications by:

  • Clicking “unsubscribe” in emails
  • Contacting us at info@rosebeautyclinic.ca
  • Calling our clinic
  • Notifying us in person

Timeframe: We will process opt-out requests within 10 business days.

Note: You may still receive transactional communications (appointment reminders, treatment follow-ups) even after opting out of marketing.

11. WEBSITE PRIVACY

11.1 Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

  • Remember your preferences
  • Analyze website traffic and usage
  • Improve user experience
  • Deliver relevant content
  • Track marketing campaign effectiveness

Types of Cookies:

  • Essential Cookies: Necessary for website functionality
  • Performance Cookies: Help us understand how visitors use our site
  • Functional Cookies: Remember your preferences
  • Marketing Cookies: Deliver relevant advertisements (with consent)

Managing Cookies: You can control cookies through your browser settings. Disabling cookies may affect website functionality.

11.2 Analytics

We use analytics tools (e.g., Google Analytics) to understand website usage. These tools may collect:

  • Pages visited
  • Time spent on site
  • Browser and device information
  • Geographic location (general)
  • Referral sources

Analytics data is typically anonymized or aggregated.

11.3 Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review their privacy policies.

11.4 Online Booking and Forms

When you book appointments or submit forms online:

  • Information is transmitted securely (SSL encryption)
  • Data is stored in secure systems
  • Access is limited to authorized personnel

11.5 Social Media

We may have social media profiles (Facebook, Instagram, etc.). Information you share on social media is governed by the platform’s privacy policy, not ours. We may use social media plugins that may track your activity.

12. CHILDREN’S PRIVACY

Our services are intended for adults (18+). We do not knowingly collect personal information from children under 18 without parental consent. If we become aware that we have collected information from a minor without proper consent, we will delete it promptly.

13. INTERNATIONAL DATA TRANSFERS

13.1 Data Location

Your personal information is primarily stored and processed in Canada. However, some third-party service providers (e.g., cloud storage, email platforms) may store data on servers located outside Canada, including the United States.

13.2 Safeguards

When data is transferred internationally:

  • We ensure adequate privacy protections are in place
  • Service providers must comply with contractual obligations
  • Data is subject to foreign laws and may be accessible to foreign authorities

By using our services, you consent to these transfers subject to the protections described in this policy.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Right to Modify

We reserve the right to modify this Privacy Policy at any time to reflect:

  • Changes in privacy laws
  • Changes in our business practices
  • Improvements in data protection
  • New services or technologies

14.2 Notification of Changes

We will notify you of material changes by:

  • Posting the updated policy on our website with a new “Last Updated” date
  • Sending email notification to clients on our mailing list
  • Posting a notice at our clinic

14.3 Your Continued Use

Your continued use of our services after changes to this policy constitutes acceptance of the updated policy.

14.4 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. CONTACT INFORMATION AND PRIVACY OFFICER

15.1 General Inquiries

For questions about this Privacy Policy or our privacy practices, contact us:

Rose Beauty Clinic
Thornhill, Ontario, Canada

Email: info@rosebeautyclinic.ca
Website: rosebeautyclinic.ca

15.2 Privacy Officer

Our Privacy Officer is responsible for overseeing compliance with this Privacy Policy and applicable privacy laws.

To Contact the Privacy Officer:

  • Email: info@rosebeautyclinic.ca (Subject: Privacy Officer)
  • Mail: Rose Beauty Clinic, Attn: Privacy Officer, [Full Address]
  • Phone: [Clinic Phone Number]

15.3 Access Requests and Complaints

To request access to your personal information, request corrections, or file a privacy complaint:

  1. Submit a written request to our Privacy Officer
  2. Include sufficient detail to identify yourself and your request
  3. Provide contact information for our response

Response Timeframe: We will acknowledge your request within 5 business days and respond fully within 30 days (or notify you if more time is needed).

16. REGULATORY AUTHORITIES

If you believe your privacy rights have been violated, you may file a complaint with:

16.1 Federal

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca
Email: info@priv.gc.ca

16.2 Provincial

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Toll-free: 1-800-387-0073
Website: www.ipc.on.ca
Email: info@ipc.on.ca

17. GLOSSARY OF KEY TERMS

Anonymization: The process of removing identifying information so that individuals cannot be identified.

Consent: Voluntary agreement to the collection, use, and disclosure of personal information.

Disclosure: Sharing personal information with third parties.

Electronic Health Record: Digital version of medical and health information.

Encryption: The process of encoding information to prevent unauthorized access.

Personal Health Information: Information about your physical or mental health, healthcare, or payment for healthcare.

Personal Information: Any information about an identifiable individual.

PIPEDA: Personal Information Protection and Electronic Documents Act, the federal privacy law governing private sector organizations.

Privacy Breach: Unauthorized access, collection, use, disclosure, or disposal of personal information.

Third Party: An individual or organization outside of Rose Beauty Clinic.

18. ACKNOWLEDGMENT

By using our services, visiting our clinic, or providing your personal information to us, you acknowledge that:

✓ You have read and understood this Privacy Policy
✓ You consent to the collection, use, and disclosure of your personal information as described
✓ You understand your privacy rights
✓ You know how to contact us with questions or concerns

19. ADDITIONAL PRIVACY COMMITMENTS

Rose Beauty Clinic is committed to:

  • Transparency: Being open about our privacy practices
  • Accountability: Taking responsibility for protecting your information
  • Security: Implementing appropriate safeguards
  • Accuracy: Keeping your information accurate and up-to-date
  • Limited Collection: Collecting only information necessary for our purposes
  • Limited Use: Using information only for stated purposes
  • Individual Access: Providing you access to your information
  • Compliance: Following all applicable privacy laws

20. SPECIFIC CONSENT PROVISIONS

20.1 Consent to Collect and Use Personal Health Information

By receiving services at Rose Beauty Clinic, you consent to our collection, use, and retention of your personal health information for the purposes described in this policy.

20.2 Consent to Share Information with Healthcare Providers

You may provide separate consent for us to share your information with your physician or other healthcare providers.

20.3 Consent for Marketing Communications

You may opt in to receive marketing communications. This consent can be withdrawn at any time.

20.4 Consent for Photographs

Separate written consent is required for clinical photographs and additional consent is required for use in marketing materials.

Thank you for trusting Rose Beauty Clinic with your personal information. Your privacy is important to us, and we are committed to protecting it.

This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. It reflects our commitment to protecting your privacy while providing exceptional aesthetic services.

Last Updated: October 23, 2025

For the most current version of this Privacy Policy, please visit rosebeautyclinic.ca or request a copy at our clinic.