Privacy Policy
Version: 2.0
Date of Publication: April 9th 2026
Effective Date: April 9th 2026
Issued by: Privacy & Compliance Officer
Table of Contents
1. Introduction
2. Scope and Applicability
3. Definitions
4. Regulatory Requirements
5. Privacy Principles and Data Practices
6. Procedures
7. Roles and Responsibilities
8. Documentation and Record-Keeping
9. Monitoring and Reporting
10. Training and Awareness
11. Risk Management
12. Audits and Reviews
13. Corrective Actions
14. Penalties and Sanctions
15. Continuous Improvement
16. Appendices
1. Introduction
1.1 Purpose
This Privacy Policy outlines the principles and procedures that July Health Inc. (“the Company”) follows to protect the privacy of individuals whose Personal Information is collected, used, and disclosed through their interaction with our website. It is designed to be a robust framework ensuring compliance with applicable privacy laws and to inform users about their rights and our responsibilities.
1.2 Context
As a provider of outpatient care, mental health, and miscellaneous health practitioner services across all Canadian provinces and territories, July Health Inc. handles Personal Information and, in the context of direct service delivery, Personal Health Information. This policy is necessary to build trust with our website users and clients, ensure legal compliance, and establish clear guidelines for our employees and contractors regarding the handling of data collected via our website.
1.3 Objectives
- To ensure all Personal Information collected through our website is managed in accordance with Canadian privacy laws.
- To be transparent with individuals about what Personal Information we collect, why we collect it, and how it is used and protected.
- To implement and maintain appropriate safeguards to protect Personal Information against loss, theft, or unauthorized access.
- To define the roles and responsibilities of personnel in relation to privacy management.
- To provide a clear process for individuals to access their information and address privacy-related concerns.
2. Scope and Applicability
2.1 Scope
This policy applies to all Personal Information collected, used, or disclosed by July Health Inc. from individuals who interact with our website, regardless of their location within Canada. This includes information collected through contact forms, newsletter sign-ups, cookies, and other web technologies.
This policy’s scope is distinct from, but complementary to, policies governing data collected during the provision of direct health services. For specific details on the handling of Personal Health Information collected for therapeutic purposes, users who become clients must refer to the relevant consent form provided at the start of service.
2.2 Applicability
This policy applies to all users, customers, and any individual who visits or interacts with the July Health Inc. website. It is also binding on all employees, contractors, and third-party agents of July Health Inc. who have access to or are involved in the processing of Personal Information collected via the website.
For Clients receiving specific health services, the terms outlined in their service-specific consent form will supplement and, where there is a conflict, supersede the general terms in this document.
3. Definitions
| Term | Definition |
| Company | Refers to July Health Inc. (which may also be referred to as “July Health” or operate under the trade name “July Health Clinic”), its affiliates, and subsidiaries. |
| Website | Refers to all public and private web pages hosted under the July Health Inc. domain, including all content, features, and functionality. |
| User | Any individual who accesses, browses, or uses the Website for any purpose. This includes casual visitors and registered clients. |
| Client | A User who has registered for an account and/or engages with the Company for the provision of paid or unpaid Services. |
| Personal Information (PI) | Information about an identifiable individual. This can include name, email address, IP address, and any other data that, alone or in combination with other data, can identify a person. For the purposes of this policy, it is generally distinct from Personal Health Information. |
| Personal Health Information (PHI) | Identifying information about an individual in oral or recorded form, if the information relates to the physical or mental health of the individual, the providing of health care to the individual, or is a plan of service for the individual. PHI is primarily governed by service-specific consent forms. |
| Records | A Client’s file which may contain session notes, contact information, assessments, information from external sources, referral notes, relevant emails, and other information obtained during the provision of Services. The specific contents and handling of Records for health services are detailed in the applicable Client consent form. |
| Consent | Voluntary agreement with what is being done or proposed. Consent can be either express (given explicitly, either orally or in writing) or implied (inferred from a person’s action or inaction). |
| Privacy & Compliance Officer | The individual designated by July Health Inc. who is accountable for the organization’s compliance with this policy and applicable privacy legislation. |
| No-show | An appointment missed by a Client without any prior notice. Specific policies and fees related to a No-show are defined in Client service agreements. |
| Emergency Situation | An urgent police, medical, or child protection situation. This definition is relevant to the limits of confidentiality as described in Client service agreements. |
4. Regulatory Requirements
July Health Inc. operates in compliance with applicable Canadian federal and provincial laws and regulations. These privacy practices are designed to be consistent with these legal frameworks.
4.1 Relevant Laws and Regulations
| Regulation/Act | Description |
| Personal Information Protection and Electronic Documents Act (PIPEDA) | Federal legislation governing how private-sector organizations collect, use, and disclose personal information in the course of commercial activities. |
| Provincial Health Information Legislation | Provincial laws governing the collection, use, and disclosure of personal health information (e.g., PHIPA in Ontario, PIPA in Alberta/BC). These laws are paramount for any health services provided. |
| Quebec’s Law 25 | An Act to modernize legislative provisions as regards the protection of personal information, which sets specific requirements for organizations operating in Quebec. |
| Canada’s Anti-Spam Legislation (CASL) | Federal law regulating the sending of commercial electronic messages (CEMs). |
| Provincial Consumer Protection Acts | Legislation in each province and territory that provides rights to consumers and sets rules for businesses regarding contracts, advertising, and sales. |
5. Privacy Principles and Data Practices
5.1 Disclaimer: Not Medical Advice
The Content provided on the Website is for informational purposes only and is not intended as a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read on this Website.
5.2 Privacy and Personal Information
July Health Inc. is committed to protecting your privacy. Our practices are designed to comply with PIPEDA and applicable provincial privacy legislation.
- Accountability: We have appointed a Privacy & Compliance Officer who is responsible for our compliance with these privacy principles.
- Identifying Purposes: We collect Personal Information through the Website for purposes such as responding to inquiries, processing registrations, providing newsletters, and improving our Website and Services. We will identify the purposes for which PI is collected at or before the time of collection.
- Consent: Your knowledge and consent are required for the collection, use, or disclosure of Personal Information, except where inappropriate. By using this Website, you consent to the collection and use of your PI as described in this policy. You may withdraw consent at any time, subject to legal or contractual restrictions.
- Limiting Collection: We limit the collection of Personal Information to that which is necessary for the purposes identified by the Company.
- Limiting Use, Disclosure, and Retention: Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with your consent or as required by law. We will retain PI only as long as necessary for the fulfillment of those purposes.
- Accuracy: We will endeavor to keep Personal Information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: We protect Personal Information with security safeguards appropriate to the sensitivity of the information.
- Openness: We will make readily available to you specific information about our policies and practices relating to the management of Personal Information.
- Individual Access: Upon request, you shall be informed of the existence, use, and disclosure of your Personal Information and shall be given access to that information. You are entitled to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: You can address a challenge concerning compliance with the above principles to our Privacy & Compliance Officer.
The collection, use, and disclosure of Personal Health Information (PHI) for Clients receiving health services are governed by stricter rules outlined in service-specific agreements and consent forms, such as the “Dietitian Consent Form – All Provinces except QC” and “Consent Form – Quebec (English)”.
6. Procedures
6.1 Accessing or Correcting Your Personal Information
To request access to, or correction of, your Personal Information held by July Health Inc., please submit a written request to the Privacy & Compliance Officer at privacy@julyhealth.com. This officer serves as the central point of contact for such requests and will ensure they are directed to the appropriate personnel. We will respond to your request in accordance with applicable privacy laws.
6.2 Complaints and Inquiries
To submit a privacy-related complaint or inquiry, Users should contact the Privacy & Compliance Officer by emailing privacy@julyhealth.com, providing specific details. The Privacy & Compliance Officer will acknowledge receipt, initiate an investigation, and provide a formal response outlining the findings and any actions taken. Users also have the right to complain to the Privacy Commissioner of Canada at any time if they are not satisfied with our privacy practices.
7. Roles and Responsibilities
| Role | Duties and Tasks |
| All Users | Read, understand, and comply with this Privacy Policy. Provide accurate and truthful information when required. Report any suspected privacy breaches to the Privacy & Compliance Officer. |
| July Health Inc. (“Company”) | Maintain privacy practices in accordance with this policy. Protect User data and Personal Information. Periodically review and update this policy. |
| Privacy & Compliance Officer | Serve as the primary contact for all privacy inquiries, complaints, and access requests. Investigate reports of non-compliance. Oversee the review and update process for this policy and ensure compliance with privacy legislation. |
8. Documentation and Record-Keeping
8.1 Required Documents
The Company will maintain records of privacy-related inquiries and requests, records of consent obtained from website users, and communications related to non-compliance reports.
8.2 Record-Keeping Protocols
Administrative records related to the administration of this policy will be retained for a period of ten years or as required by applicable law. Clinical records containing Personal Health Information (PHI) will be retained for the longer of either ten years or the period required by the applicable provincial legislation and the professional college governing the practitioner.
9. Monitoring and Reporting
9.1 Compliance Monitoring
The Privacy & Compliance Officer will conduct regular reviews of website data collection points and data handling practices to ensure ongoing compliance with this policy. This may include periodic log reviews and assessments of third-party service providers.
9.2 Reporting Protocols
Any suspected privacy breach or privacy-related concern should be reported immediately to the Privacy & Compliance Officer at privacy@julyhealth.com. In addition, Users have the right to complain to the Privacy Commissioner of Canada at any time if they are not satisfied with our privacy practices.
10. Training and Awareness
10.1 Training Programs
All Company employees and contractors who manage the Website or interact with Users are trained on this policy and the Company’s associated privacy practices upon hiring and on an ongoing basis.
10.2 Awareness Campaigns
Updates to this policy will be communicated to Users via on-site notifications, email, or other appropriate channels. Continued use of the Website after such notification constitutes acceptance of the revised policy.
11. Risk Management
11.1 Risk Assessments
The Company periodically conducts Privacy Impact Assessments (PIAs) for any new or significantly modified systems, projects, or processes involving the collection of Personal Information via the website, to proactively identify and mitigate privacy risks.
11.2 Mitigation Strategies
Mitigation strategies include implementing technical and administrative security measures, clarifying policies, providing clear disclaimers, and establishing procedures for handling non-compliance.
12. Audits and Reviews
12.1 Internal Audits
Internal reviews of this policy and related procedures will be conducted annually or as needed to ensure they remain relevant, effective, and compliant with legal requirements.
12.2 External Audits
The Company may engage third-party auditors to review its privacy program as deemed necessary or as required by law.
12.3 Review Mechanisms
This policy shall be reviewed periodically or in response to significant changes in legal requirements or business operations.
13. Corrective Actions
13.1 Non-Compliance Handling
Upon identification of a privacy breach or non-compliance with this policy, the Privacy & Compliance Officer will initiate an investigation to determine the root cause and impact. Immediate steps will be taken to contain any harm and remediate the issue.
13.2 Corrective Action Plans
For systemic issues, a corrective action plan will be developed to address the root cause and prevent recurrence.
14. Penalties and Sanctions
14.1 Consequences of Non-Compliance
Non-compliance with this policy by employees or contractors may lead to disciplinary action, up to and including termination of employment or contract. Violations may also carry legal consequences for both the individual and the Company.
14.2 Enforcement Mechanisms
The Company will enforce this policy through its Privacy & Compliance Officer and designated compliance personnel.
15. Continuous Improvement
15.1 Feedback Loops
Users may provide feedback on this policy or our privacy practices by emailing privacy@julyhealth.com.
15.2 Process Improvements
The Company is committed to continuously improving its privacy program based on user feedback, internal reviews, and changes in the regulatory landscape.
16. Appendices
16.1 References
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- Canada’s Anti-Spam Legislation (CASL)
- Relevant Provincial Health Information and Consumer Protection Acts
- An Act to modernize legislative provisions as regards the protection of personal information (Quebec Law 25)
16.2 Related Company Policies
- Dietitian Consent Form – All Provinces: This is a service-specific agreement for clients receiving dietitian services outside of Quebec. It contains detailed terms regarding confidentiality, fees, cancellation, and the handling of Personal Health Information that supplement and may supersede the general terms in this policy for those specific clients.
- Consent Form – Quebec: This is a service-specific agreement for clients receiving services in Quebec. It addresses Quebec-specific legal requirements, including Law 25, and contains detailed terms that govern the client-provider relationship, taking precedence over this general policy for those specific clients.
- Terms & Conditions and Privacy Policy July Health Inc. (Source Document): This document supersedes and replaces the previous, separate Terms & Conditions and Privacy Policy documents.