Privacy Policy
Version: 1.0
Date of Publication: December 17, 2025
Effective Date: December 17, 2025
Issued by: Privacy Officer
Table of Contents
1. Introduction
2. Scope and Applicability
3. Definitions
4. Regulatory Requirements
5. Policies
6. Procedures
7. Roles and Responsibilities
8. Documentation and Record-Keeping
9. Monitoring and Reporting
10. Training and Awareness
11. Risk Management
12. Audits and Reviews
13. Corrective Actions
14. Penalties and Sanctions
15. Continuous Improvement
16. Appendices
1. Introduction
1.1 Purpose
This Privacy Policy outlines the principles and procedures that July Health Inc. (“the Company”) follows to protect the privacy of individuals whose Personal Information is collected, used, and disclosed through their interaction with our website. It is designed to be a robust framework ensuring compliance with applicable privacy laws and to inform users about their rights and our responsibilities.
This policy also serves to provide essential disclaimers, clarifying that content available on the July Health Inc. website is for informational purposes only and does not constitute personalized medical advice, diagnosis, or treatment.
1.2 Context
As a provider of outpatient care and health practitioner services across Canada, July Health Inc. handles Personal Information and, in the context of direct service delivery, Personal Health Information. This policy is necessary to build trust with our website users and clients, ensure legal compliance, and establish clear guidelines for our employees and contractors regarding the handling of data collected via our website.
1.3 Objectives
- To ensure all Personal Information collected through our website is managed in accordance with Canadian privacy laws.
- To be transparent with individuals about what information we collect, why we collect it, and how it is used.
- To implement and maintain appropriate safeguards to protect Personal Information against loss, theft, or unauthorized access.
- To define the roles and responsibilities of personnel in relation to privacy management.
- To provide a clear process for individuals to access their information and address privacy-related concerns.
2. Scope and Applicability
2.1 Scope
This policy applies to all Personal Information collected, used, or disclosed by July Health Inc. from individuals who interact with our website, regardless of their location within Canada. This includes information collected through contact forms, newsletter sign-ups, cookies, and other web technologies.
This policy’s scope is distinct from, but complementary to, policies governing data collected during the provision of direct health services. For specific details on the handling of Personal Health Information collected for therapeutic purposes, users who become clients must refer to the relevant consent form provided at the start of service.
2.2 Applicability
This policy applies to all users, customers, and any individual who visits or interacts with the July Health Inc. website. It is also binding on all employees, contractors, and third-party agents of July Health Inc. who have access to or are involved in the processing of Personal Information collected via the website.
3. Definitions
| Term | Definition |
| Personal Information (PI) | Information about an identifiable individual. This can include name, email address, IP address, and any other data that, alone or in combination with other data, can identify a person. For the purposes of this policy, it is generally distinct from Personal Health Information unless submitted directly by a user for the purpose of inquiring about services. |
| Personal Health Information (PHI) | Identifying information about an individual in oral or recorded form, if the information relates to the physical or mental health of the individual, the providing of health care to the individual, or is a plan of service for the individual. PHI is primarily governed by service-specific consent forms. |
| Consent | Voluntary agreement with what is being done or proposed. Consent can be either express (given explicitly, either orally or in writing) or implied (inferred from a person’s action or inaction). |
| Data Subject | The individual to whom the Personal Information relates. In the context of this policy, this refers to any user of the July Health Inc. website. |
| Privacy Officer | The individual designated by July Health Inc. who is accountable for the organization’s compliance with this policy and applicable privacy legislation. |
| Processing | Any operation performed on Personal Information, such as collection, use, storage, disclosure, alteration, or destruction. |
4. Regulatory Requirements
4.1 Relevant Laws and Regulations
| Legislation | Description |
| Personal Information Protection and Electronic Documents Act (PIPEDA) | Canada’s federal private-sector privacy law governing how organizations collect, use, and disclose Personal Information in the course of commercial activities. This policy is designed to meet all PIPEDA requirements. |
| Provincial Privacy Legislation | Includes substantially similar provincial laws in Alberta, British Columbia, and Quebec, as well as provincial health-specific privacy laws (e.g., Ontario’s PHIPA). July Health Inc. adheres to the highest applicable standard. |
| An Act to modernize legislative provisions as regards the protection of personal information (Law 25) | Quebec’s comprehensive privacy legislation that introduces new requirements for consent, transparency, and data governance. This policy incorporates principles to ensure compliance for all users, consistent with the standards set for Quebec residents. |
4.2 Compliance Standards
While not formally certified, July Health Inc. endeavors to align its privacy practices with the principles of internationally recognized standards such as ISO/IEC 27001 (Information Security Management) and ISO/IEC 27701 (Privacy Information Management).
5. Policies
5.1 Privacy Principles
July Health Inc. is committed to the following fair information principles:
- Accountability: We are responsible for Personal Information under our control and have designated a Privacy Officer to ensure compliance.
- Identifying Purposes: We will identify the purposes for which Personal Information is collected at or before the time of collection.
- Consent: We will obtain an individual’s consent for the collection, use, or disclosure of their Personal Information.
- Limiting Collection: We will limit the collection of Personal Information to that which is necessary for the purposes identified.
- Limiting Use, Disclosure, and Retention: Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Information will be retained only as long as necessary.
- Accuracy: We will endeavor to keep Personal Information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: We will protect Personal Information with security safeguards appropriate to the sensitivity of the information.
- Openness: We will make readily available to individuals specific information about our policies and practices relating to the management of Personal Information.
- Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of their Personal Information and shall be given access to that information.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated Privacy Officer.
5.2 Disclaimer: No Medical Advice
All content, including text, graphics, images, and information, available on or through this website is for general informational purposes only. The content is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Never disregard professional medical advice or delay in seeking it because of something you have read on this website. Reliance on any information provided by July Health Inc. on this website is solely at your own risk.
6. Procedures
6.1 Data Collection
- Step 1: Identify the specific and legitimate purpose for collecting Personal Information via the website (e.g., responding to an inquiry, sending a newsletter).
- Step 2: Provide a clear notice at the point of collection explaining the purpose.
- Step 3: Collect only the minimum amount of information necessary for the stated purpose.
6.2 Access and Correction Requests
- Step 1: Individuals must submit a written request to the Privacy Officer to access or correct their Personal Information.
- Step 2: The Privacy Officer will verify the identity of the requestor.
- Step 3: The Company will respond to the request within 30 days, either by providing the information, confirming the correction, or providing a reason for any refusal.
6.3 Complaints and Inquiries
- Step 1: Individuals should direct any privacy-related complaints or inquiries to the Privacy Officer.
- Step 2: The Privacy Officer will acknowledge receipt of the complaint and initiate an investigation.
- Step 3: The Privacy Officer will provide a formal response to the complainant, outlining the findings and any actions taken. Individuals will also be informed of their right to complain to the relevant Privacy Commissioner.
7. Roles and Responsibilities
| Role | Duties and Tasks |
| Privacy Officer | Overseeing the development, implementation, and maintenance of this policy. Acting as the primary point of contact for all privacy inquiries and complaints. Managing data subject access and correction requests. Ensuring privacy training is conducted for all staff. Leading privacy breach response and notification procedures. Liaising with regulatory authorities. |
| All Employees and Contractors | Complying with this policy and all related procedures. Handling Personal Information in a confidential and secure manner. Reporting any suspected or actual privacy breaches to the Privacy Officer immediately. Completing all required privacy and security training. |
| IT Department | Implementing and maintaining technical safeguards to protect Personal Information stored on company systems. Assisting the Privacy Officer in investigating security incidents. Ensuring secure data destruction methods are used when information is no longer needed. |
8. Documentation and Record-Keeping
- Consent Records: Records of implied or express consent obtained from website users will be maintained.
- Access/Correction Requests: All written requests and responses will be documented and retained for 2 years.
- Training Records: Records of employee privacy training completion will be maintained by the Compliance Department.
- Breach Investigation Reports: All privacy incidents and breaches will be documented, including the investigation process and outcomes.
- Client Records: Data collected as part of direct service delivery is considered a client record and is managed according to the retention protocols specified in the relevant service consent forms.
9. Monitoring and Reporting
9.1 Compliance Monitoring
The Privacy Officer will conduct regular reviews of website data collection points and data handling practices to ensure ongoing compliance with this policy. This may include periodic log reviews and assessments of third-party service providers.
9.2 Reporting Protocols
Any employee who becomes aware of a potential or actual privacy breach must immediately report it to the Privacy Officer at privacy@julyhealth.com.
10. Training and Awareness
10.1 Training Programs
All employees and contractors with access to Personal Information will receive mandatory privacy training upon hiring and on an annual basis thereafter. Training will cover the principles of this policy, data handling procedures, and breach reporting obligations.
10.2 Awareness Campaigns
The Privacy Officer will promote privacy awareness through regular communications, such as internal newsletters, intranet posts, and team meetings, to reinforce the importance of protecting Personal Information.
11. Risk Management
11.1 Risk Assessments
Privacy Impact Assessments (PIAs) will be conducted for any new or significantly modified systems, projects, or processes involving the collection of Personal Information via the website to proactively identify and mitigate privacy risks.
11.2 Mitigation Strategies
Identified risks will be addressed through appropriate mitigation strategies, which may include implementing enhanced security controls, modifying data collection practices, or providing additional training to staff.
12. Audits and Reviews
12.1 Internal Audits
The Privacy Officer or a designated internal audit function will conduct periodic internal audits of privacy practices to assess compliance with this policy and relevant legislation.
12.2 External Audits
July Health Inc. may engage third-party auditors to review its privacy program as deemed necessary or as required by law.
12.3 Review Mechanisms
This policy will be reviewed annually or as needed in response to changes in legislation, business practices, or technology.
13. Corrective Actions
13.1 Non-Compliance Handling
Upon the discovery of non-compliance with this policy, the Privacy Officer will initiate an investigation to determine the root cause and impact. Immediate steps will be taken to contain any harm and remediate the issue.
13.2 Corrective Action Plans
A formal Corrective Action Plan will be developed to address the findings of any investigation. The plan will outline specific steps, responsibilities, and timelines to prevent recurrence of the non-compliance.
14. Penalties and Sanctions
14.1 Consequences of Non-Compliance
Non-compliance with this policy may lead to disciplinary action, up to and including termination of employment or contract, in accordance with the July Health Inc. Employee Code of Conduct and other applicable agreements. Violations may also carry legal consequences for both the individual and the Company.
14.2 Enforcement Mechanisms
The Compliance Department, in consultation with the Privacy Officer, is responsible for enforcing the disciplinary consequences of non-compliance.
15. Continuous Improvement
15.1 Feedback Loops
July Health Inc. encourages feedback on this policy and its privacy practices from employees and website users. Feedback can be submitted to the Privacy Officer and will be considered during policy reviews.
15.2 Process Improvements
The Company is committed to the ongoing improvement of its privacy program. Learnings from audits, risk assessments, and incident responses will be used to refine policies, procedures, and controls.
16. Appendices
16.1 References
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- An Act to modernize legislative provisions as regards the protection of personal information (Quebec Law 25)
- Provincial Health Information Acts (as applicable)