Privacy Policy

PRIVACY POLICY — The New Years Inc.

Effective Date: December 5, 2025

Legal Name: The New Years Inc.
Operating As: The New Years
Address: 556 Edward Ave, Unit 71, Richmond Hill, ON L4C 9Y5
Email: hello@thenewyears.ca
Privacy Officer: privacy@thenewyears.ca
Phone: (289) 212-9322

1. Purpose and Scope

This Privacy Policy outlines how The New Years Inc. (“The New Years,” “we,” “our,” or “the Clinic”) collects, uses, discloses, protects, and retains personal information and personal health information in compliance with:

  • Personal Health Information Protection Act, 2004 (PHIPA)

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Applicable regulatory college standards (COTO, CPO, CDHO, etc.)

     

This policy applies to all clinical services, website use, electronic communication, and data processing activities.

2. Definitions

Personal Health Information (PHI): Information relating to an individual’s physical or mental health, developmental history, care provided, or health card number.

Personal Information (PI): Non-health identifying information such as name, contact details, preferences, or website analytics data.

Agent: Any clinician, employee, contractor, student, or service provider acting on behalf of the Clinic under PHIPA. All agents are required to follow our privacy and security policies.

3. What Information We Collect

We may collect PHI and PI from the following sources:

3.1 Directly from You

  • Intake and consent forms
  • Clinical assessments and therapy sessions
  • Phone, email, or text communication
  • Appointment scheduling through Jane App

3.2 Automatically via Website & Software

  • Cookies and device information

     

  • Website analytics through Google Analytics

  • Marketing analytics through Meta/Facebook Pixel

(This data is de-identified and is not linked to your clinical record.)

3.3 From Third Parties (With Consent)

  • Referring physicians or healthcare providers
  • Schools, childcare providers, or specialists involved in care
  • Records provided for continuity of care

     

4. How We Use Your Information

Your information is used for:

4.1 Clinical Purposes

  • Assessment, treatment, and care planning
  • Communication with you regarding appointments and follow-up
  • Coordination with other healthcare providers (with your consent)

     

4.2 Administrative Purposes

  • Billing and receipts
  • Treatment notes and required documentation
  • Quality improvement and internal audits

     

4.3 Website & Marketing

  • Improving website performance
  • Measuring ad effectiveness
  • Understanding general visitor behaviour (aggregated and de-identified)

We do not sell your information or use PHI for marketing.

5. Consent

We obtain express or implied consent unless otherwise permitted or required by law.

By providing your email or phone number, you consent to receiving electronic communication regarding your care. We take reasonable precautions to secure electronic communication, but risks associated with email transmission may remain.

You may withdraw consent at any time, subject to legal and contractual limitations.

6. Disclosure of Information

We may disclose information:

6.1 With Your Consent

  • To healthcare providers involved in your care
  • To schools, childcare staff, or other third parties at your direction

     

6.2 Without Consent (As Permitted by Law)

  • Mandatory reporting (e.g., child protection, risk of harm)
  • Regulatory college audits
  • Court orders or subpoenas

     

6.3 To Third-Party Service Providers

The Clinic uses the following secure service providers:

  • Jane App (PHIPA-compliant; Canadian data residency)
  • Zoho Mail (with signed Addendum to Canadian Privacy Terms for compliance)
  • Google Analytics (non-health, aggregate website data; may be processed outside Canada)
  • Meta/Facebook Pixel (non-health marketing analytics; may be processed outside Canada)
  • CRM and secure communication tools

     

Service providers act as agents or processors and are contractually obligated to maintain strict confidentiality and security standards.

7. Cross-Border Data Processing

Some non-health website analytics data may be stored or processed in the United States or other countries.

No personal health information is transferred outside Canada.

8. Safeguards and Security Measures

We use administrative, physical, and technical safeguards including:

  • Encrypted data transmission (SSL/TLS)
  • Role-based access control
  • Two-factor authentication
  • Secure Canadian servers for clinical records
  • Privacy training for all agents

     

9. Retention and Destruction

Clinical records are retained:

  • 10 years after the date of last contact, or
  • 10 years after the client turns 18, whichever is later

Financial records may be retained for 7 years per CRA requirements.

Records are destroyed securely using industry-standard destruction methods.

10. Access, Correction, and Requests

You have the right to:

  • Access your record
  • Request corrections
  • Request a list of disclosures made

Requests may be made in writing to the Privacy Officer.

11. Privacy Breaches

In the event of a privacy breach:

  • We will immediately investigate and mitigate harm
  • Notify affected individuals as required under PHIPA
  • Report to the IPC (Information and Privacy Commissioner of Ontario) where applicable
  • Document the breach and corrective actions taken

     

12. Cookies and Tracking Technologies

You may adjust your browser settings to refuse cookies or opt out of targeted advertising through:

  • Google Ad Settings
  • Meta Ads Preferences
  • Your browser’s cookie controls

     

13. Contact – Privacy Officer

Privacy Officer: The New Years Inc.
 Email: privacy@thenewyears.ca
 Phone: (289) 212-9322
 Mail: 556 Edward Ave Unit 71, Richmond Hill, ON L4C 9Y5

Concerns may also be directed to:
 Information and Privacy Commissioner of Ontario at www.ipc.on.ca

14. Updates

This Privacy Policy may be updated periodically. The latest version will always be posted on our website.