Privacy policy

Last Updated: October 31, 2023

By visiting or using the First Session Health Inc. (“First Session”) website at www.firstsession.com, applications, or other online resources provided by First Session (collectively, the “Website”), each web user, counsellor, social worker, psychotherapist, psychologist, client, patient or other member of the public (each a “User”) acknowledges that they may be providing personal information and/or personal health information to First Session.  

First Session is committed to protecting the privacy and personal information of each User. To accommodate any concerns with how personal information is protected, First Session has created this Privacy Policy which details how First Session collects, uses and discloses personal information obtained by First Session when Users are visiting the Website, utilizing the services provided via the Website, as well as information received from email and other downloadable material.

Application of this Privacy Policy

The obligations set out in this Privacy Policy apply to all Users of the Website.

This Privacy Policy applies to all personal information and personal health information (defined below) collected by First Session through the operation of the Website.

The Privacy Policy does not apply to third-party online resources to which the Website may link, where First Session does not control the content or the privacy practices of such resources.   

This Privacy Policy also does not apply to information communicated between any patient and social workers, psychotherapists, psychologists (each, a “Mental Healthcare Professional”) that is offline or otherwise not through the Website.

This Privacy Policy does not cover any information involving more than one individual where the identity of the individuals is not known and cannot be inferred from the information (“Aggregated Data”). First Session retains the right to use Aggregated Data in any way that it determines appropriate.

What is Personal Information?

Personal Information is defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. In other words, it does not include the information that one expects to find on a business card or information that is available in public records. Personal Information includes, but is not limited to, a User’s name, mailing address, telephone number, e-mail address, facsimile number, age, gender, marital status, health status, financial status, credit card information, credit history, interests, browsing preferences, web logs, internet protocol addresses, network and server particulars, and/or other information relevant to the Website, promotional and marketing activities.

Personal health information is more specific, and is defined in the Personal Health Information Protection Act, 2004 (Ontario) (“PHIPA”) as identifying information about an individual which relates to that individual’s physical or mental health, the provision of health care to that individual, payments made or eligibility for health care or health care coverage of that individual.

Since 2004, all Canadian organizations engaged in commercial activities have been required to comply with the PIPEDA and the Canadian Standards Association Model Code for the Protection of Personal Information. These obligations extend to First Session, and apply with and in addition to the terms of this Privacy Policy.

As the Website connects Mental Healthcare Professionals with potential patients/clients, First Session may at times be subject to the more stringent obligations imposed by PHIPA to the extent that personal health information is collected. First Session will abide by these higher standards when the more stringent obligations apply.

Consent

By using the Website, the User consents to the collection, use, and disclosure of the User’s personal information in accordance with this Privacy Policy. If the User does not consent to all aspects of the Privacy Policy, they must immediately cease using the Website. Please note that the User’s access and continued use of the Website will be deemed as consent by First Session.

A User who does not consent to the collection of personal information or personal health information, or who withdraws their consent, should immediately cease use of the Website and inform Fist Session’s Privacy Officer (see contact information below). If a User withdraws or limits its consent for First Session to collect or disclose personal information or personal health information, First Session may be limited in its ability to provide services or access to certain aspects of the Website.

Personal information or personal health information will only be collected or disclosed without the consent of the User in the limited circumstances that are expressly permitted by law. For example, privacy legislation allows for the collection and/or disclosure of personal information where there is an emergency, or a serious concern for health and safety.

THE SITE IS INTENDED FOR USERS WHO ARE OVER 18 YEARS OF AGE. Persons who are under 18 years of age should not provide personal information or personal health information without the express consent of their parents or guardians.

Collection of personal information and personal health information

First Session collects personal information and/or personal health information in one (or more) of three ways:

1. Volunteered Information

First Session may collect personal information and/or personal health information that is voluntarily provided by a User utilizing the Website (i.e. data or comments entered into forms or data fields on the Website).

2. Information from Public or Third-Party Sources

First Session may collect personal information and/or personal health information about Users who register or access the Website from public or third-party sources.

3. Information Collected from a User’s Computer or other Electronic Device

First Session collects information from a User’s computer and other electronic devices (i.e. phones, tablets, etc.) when a User accesses the Website. The information collected includes but is not limited to: a User’s Internet Protocol (IP) address, domain name, browser type, date and time of a User’s request and information provided by tracking technologies, such as cookies and single-pixel tags.  

First Session may also anonymously use log information on operational systems, and identify categories of Users by items such as domains and browser types to properly manage the Website.

First Session only collects personal information and personal health information that is necessary to accomplish the specific goals for which it is being collected.

Storage of personal information and personal health information (including outside of Canada)

For efficiency and functionality, First Session uses cloud based data collection and storage methods and products from third party service providers. For example, First Session collects and stores information collected from Users through the use of products and services provided by Acuity Scheduling, Inc., Care Portals (App Gen Studio Inc.) Google, Stripe and Webflow, Inc.

Third party service providers engaged by First Session may host, transfer, and process data, including personal information and personal health information, in the United States and in other countries, and subject to the laws of such jurisdictions and to the terms of their own respective privacy policies. You may wish to review in connection with your consideration of First Session.

By using the Website, the User consents to the storage of the User’s personal information and personal health information in servers located throughout Canada, the United States, and in other countries, including by third party cloud related service providers engaged by First Session.

Retention/Deletion of Information

Unless otherwise notified, First Session will retain a User’s information until the access to services is terminated by the User or First Session. Upon termination, the User will be provided with the opportunity to download their booking and payment history. Once downloaded, First Session will not retain any other information except as required under applicable law. Other information relating to the services provided to the User by any Health Care Provider maybe available from the Health Care Provider directly. When information is deleted, it is removed from our active database. Any information that remains is securely stored and isolated from any further processing until deletion is possible.

How is the personal information and personal health information used?

First Session collects, uses, and discloses personal information and personal health information to provide the User with better services. In particular, personal information and personal health information is collected for the following reasons:

● to register a User for, and facilitate a User’s participation in, certain areas of the Website (for example, by collecting a User’s name and email address in order to contact the User);

● to connect potential patients/clients with Mental Healthcare Professionals (for example, basic information may be collected to assist in filtering or matching a User with Health Care Providers – provided however that such information will not be shared with a Health Care Provider without the express permission of a User);

● to provide information and reminders to Users regarding their appointments or consultations;

● to properly advertise and promote Mental Healthcare Professionals and their degrees, specifications, and certifications;

● to gather a User’s opinion and feedback;

● internal record keeping;

● to improve the Website;

● to audit online resources for authorized access and security;

● to customize the Website according to a User’s interests; and

● such other uses as may be permitted or required by applicable law.

Specifically, the personal information of Users who are seeking to connect with Mental Healthcare Professionals may be collected in order to filter or match a User with Mental Healthcare Professionals. In these circumstances, certain information such as a User’s name, email address, phone number, gender, occupation, therapy history and responses to assessment questions may be used.

Aggregated Data may be used for data analytics, and for such purpose may be reported to third parties assisting First Session in managing the Website and providing its services.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

In certain limited circumstances, First Session may be required to release or provide access to personal information or personal health information in response to a subpoena, search warrant, court order, law, or regulation. In such case, First Session will take all appropriate measures to ensure that Users’ personal information and personal health information is protected to the greatest extent possible while First Session cooperates fully with court and law enforcement authorities in this regard.

To whom does First Session disclose personal information and personal health information?

Except as otherwise provided in this Privacy Policy, personal information and personal health information will not be shared without Users’ permission. However, First Session reserves the right to disclose personal information and personal health information, including e-mail addresses, for reporting to government authorities, to parties in relevant legal proceedings as authorized by the presiding court or tribunal and otherwise to the extent required or explicitly authorized by law.

When a User agrees to be matched with a Health Care Provider, First Session will disclose a User’s personal information (to the extent consented to by such User) to the Health Care Provider in order to facilitate appointments and communication.

First Session may disclose personal information and personal health information to a buyer or transferee in connection with the sale, assignment, or reorganization of its business. In this case, First Session will require the buyer to agree to treat personal information and personal health information in accordance with the terms of this Privacy Policy.

Requests to stop collection, use, and/or disclosure

Users may withdraw their consent to First Session’s collection, use, and disclosure of personal information and personal health information at any time, subject to legal and/or contractual restrictions and upon reasonable notice, by contacting First Session’s Privacy Officer (see contact information below).

Notwithstanding the above, certain personal information may be collected automatically when a User visits the Website. Continued use of the Website will be deemed by First Session to be consent to obtain any personal information that derives from Users’ use of the Website notwithstanding the fact that such User has previously communicated their withdrawal of consent for such collection.

How do Users limit the collection, use, and disclosure of information?

Users may choose not to provide personal information or personal health information by not entering it into forms or data fields on the Website when prompted. Users should be aware that choosing not to provide this information may limit their ability to access all features of the Website.

Users who previously agreed to permit the use of personal information for marketing, advertising, or other promotional purposes may revoke their consent by following the opt-out instructions provided in each communication they receive, or by making a request in writing to First Session’s Privacy Officer.

How does First Session protect a User’s Personal Information?

First Session employs physical, administrative, and technological security safeguards appropriate to the sensitivity of the information. With respect to personal health information collected, First Session acts as custodian thereof and takes all precautions required by PHIPA to prevent the unauthorized disclosure thereof.

First Session confirms that it does not use any personal health information for treatment purposes. First Session also confirms that it does not take any steps to verify the accuracy of any personal health information. We do not sell your personal information to any organization or person; the only exceptions to this would be if we sell or transfer any part of our business.

First Session will take all reasonable and legally required steps to protect personal information and personal health information as it is transmitted from a User’s computer to the Website or other online resources and servers. First Session will also protect personal information and personal health information from unauthorized access, disclosure, alteration or destruction.  First Session ensures that all affiliates and other third parties that are retained to perform services on First Session’s behalf and are provided with personal information and/or personal health information are contractually required to observe the Privacy Policy. It is a User’s personal responsibility to secure a User’s own copies of any logins, passwords and related access codes used on or for the Website.

Please note, security risks on the internet cannot be eliminated, and First Session cannot and does not guarantee that a User’s personal information and personal health information will not be accessed in ways not otherwise described in the Privacy Policy.

Access and correction to personal information and personal health information

Users may access, update, and correct inaccuracies in personal information in First Session’s possession, subject to certain exceptions prescribed by law.

Upon written request, First Session will provide a User with any personal information and personal health information in its possession to the extent required by law.  

If a User would like to access any of its personal information and personal health information, or believes that any of the personal information and personal health information collected by First Session relating to a User is incorrect or incomplete, they should contact First Session’s Privacy Officer (see contact information below).

Miscellaneous

Former Users

If a User ceases using the Website, or a User’s access to the Website has been terminated for any reason, First Session may continue to use and disclose a User’s personal information and personal health information in accordance with the Privacy Policy.

Terms and Conditions of Use of Website

Any applicable terms & conditions of use governing a User’s use of the Website, including but not limited to the Terms of Service, contain important provisions, including provisions disclaiming, limiting, or excluding the liability of First Session for a User’s use of the Website and provisions determining the applicable law and exclusive jurisdiction for the resolution of any disputes regarding a User’s use of the Website.  Each of those provisions applies to any disputes that may arise in relation to the Privacy Policy, including any collection, use and disclosure of personal information and personal health information and are of the same force and effect as if they had been reproduced directly in this Privacy Policy.

Third Party Links and Web Sites

The Website may contain links to other third party web sites or internet resources, which are not affiliated with the Website, nor provided by First Session, and are not subject to the Privacy Policy.  The User assumes any risk associated with any third party links or web sites. First Session assumes no responsibility or liability for, or control over any third party web sites or their collection, use and disclosure of a User’s personal information and/or personal health information.

Third Party Payers

User consents to First Session: 1) communicating with the User via the email address provided to First Session by the third party payer; 2) disclosing the information that the User requested to the third party payer to permit First Session to process payment for the services; and 3) notifying the third party payer of any changes or termination of the User’s access to First Session’s website/platform.

Privacy Policy Amendments

To accommodate amendments to the Website, changing technology, and legal developments, the Privacy Policy may be revised in First Session’s absolute discretion and without any prior notice or liability to the User or any other person.  First Session’s collection, use and disclosure of the personal information and personal health information through the Website will be governed by the version of the Privacy Policy in effect at that time when the information is collected, used, or disclosed.  New versions of the Privacy Policy will be posted on the Website and will be available upon request from First Session.  A User’s continued access, use and/or dealings with the Website after any amendments to the Privacy Policy, will signify a User’s consent or continued consent to the collection, use and disclosure of personal information and personal health information in accordance with the revised Privacy Policy.

Further Information

For more information about the Privacy Policy, please contact the First Session Privacy Officer, via electronic mail at privacy@firstsession.com.

For more information on your privacy rights, you may also contact the Federal Privacy Commissioner at:

Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Ottawa, Ontario
K1A 1H3

Or your provincial office of the Information and Privacy Commissioner for more information.