Privacy Policy

Effective Date: November 2025

Last Updated: November 25, 2025

Stephanie Annesley (“I,” “me,” or “my practice”) is committed to protecting your personal information and personal health information. This Privacy Policy outlines how your information is collected, used, stored, and disclosed when you receive services from Stephanie Annesley, whether online or in person.

This policy is designed to comply with Ontario’s Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable Canadian privacy requirements.

1. What Information I Collect

I may collect three types of information:

1.1 Personal Information

Examples include:

Full name

Date of birth

Contact details (email, phone number, address)

Billing and payment information

Emergency contact details

Location (province/territory)

Account or communication preferences

1.2 Personal Health Information (PHI)

Examples include:

Mental health history

Information shared during sessions

Treatment goals and progress notes

Intake forms and assessments

Medication or health-related information (if relevant)

Insurance details (if used)

1.3 Technical Information

If you use online services, I may receive:

IP address and device type

Browser information

Usage or log data

Cookies or similar tools used for secure platform functioning

2. How Your Information Is Used

2.1 To Provide Therapy Services

I use your information to:

Offer therapy and related support

Schedule sessions and manage your file

Maintain clinical records as required by regulation

Communicate with you about appointments and care

2.2 To Operate the Practice

Your information may be used to:

Process payments

Maintain secure online access

Improve service delivery

Ensure safety, security, and fraud prevention

2.3 To Meet Legal and Professional Requirements

I may use or disclose information to:

Comply with Ontario and federal regulations

Fulfill obligations to my regulatory college (if applicable)

Respond to lawful requests, audits, or investigations

3. Consent

3.1 How You Provide Consent

You provide consent when you:

Complete intake paperwork

Agree to treatment

Submit information voluntarily

3.2 Implied Consent

Your consent may be implied when information is used:

To provide care directly to you

For purposes that are consistent with your treatment

3.3 Withdrawing Consent

You may withdraw or change your consent at any time by contacting:

[email protected] 

Withdrawal of consent may limit my ability to provide services

4. When Information May Be Shared

4.1 With Your Permission

With your explicit consent, I may share information with:

Other healthcare providers

Family members or supports you identify

Insurance providers processing a claim

4.2 Without Your Permission

I may be required to share information without consent when:

There is risk of serious harm to you or others

A child may be in need of protection

Records are requested by court order or legal authority

A regulatory college requires information for quality assurance

Public health reporting is required

Research is conducted under strict ethics board approval

4.3 With Service Providers

I may use trusted third-party services such as:

Secure video platforms

Cloud storage

Payment processors

These providers are required to protect your information and follow privacy regulations.

5. How Your Information Is Protected

5.1 Administrative Safeguards

Confidentiality agreements

Staff training (when applicable)

Limited access based on role

5.2 Physical Safeguards

Secure storage of physical files

Controlled office access

Secure destruction of paper records

5.3 Technical Safeguards

Encryption of data

Secure servers

Multi-factor authentication

Regular software updates

6. How Long Information Is Kept

Your records are kept according to regulatory and legal standards:

Adult records: Stored for at least 10 years after your last appointment

Records for minors: Stored for 10 years after the client turns 18

Financial/administrative records: Kept for a minimum of 7 years

Electronic communications: Stored in accordance with platform requirements

After the required period, records are securely destroyed or deleted.

7. Your Rights

You have the right to:

7.1 Access Your Record

Request access to your personal information or PHI.

7.2 Request Corrections

Ask that outdated or inaccurate information be corrected.

7.3 Manage Your Consent

Change or withdraw consent for certain uses or disclosures.

7.4 Express Concerns

You may file a concern directly with the practice or with the Information and Privacy Commissioner of Ontario.

8. Working With Minors

When working with individuals under 18:

Capacity to consent is assessed

Parent/guardian consent is obtained when required

Privacy rights are explained in developmentally appropriate ways

Information is only shared with parents/guardians as permitted by law

9. Cross-Border Use of Technology

Your information is stored in Canada unless otherwise stated.
If any service providers store information outside Canada, they are required to follow strong privacy protections comparable to Canadian standards.

No PHI will be transferred outside Canada without your express consent unless required for healthcare or legal reasons.

10. Privacy Breaches

If a privacy breach occurs, I will:

- Notify you if there is a risk of harm

- Report the breach to the Information and Privacy Commissioner (if required)

Take steps to contain and investigate the breach

Document what happened and how it was resolved

11. Changes to This Policy

This policy may be updated periodically. Any significant updates will be posted and the “Last Updated” date will change. Additional consent may be requested if changes affect how PHI is handled.

12. Contact Information

For questions, concerns, or privacy requests, please contact:

Stephanie Annesley

Email: [email protected]

Address: P.O. Box 923, Diamond Valley, AB T0L 0H0

Information and Privacy Commissioner of Ontario

2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8
Phone: 1-800-387-0073
www.ipc.on.ca