By visiting or using the First Session Health Inc. (“First Session”) website at www.firstsession.com, applications, or other online resources provided by First Session (collectively, the “Website”), each web user, counsellor, social worker, psychotherapist, psychologist, client, patient or other member of the public (each a “User”) acknowledges that they may be providing personal information and/or personal health information to First Session.
Personal Information is defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. In other words, it does not include the information that one expects to find on a business card or information that is available in public records. Personal Information includes, but is not limited to, a User’s name, mailing address, telephone number, e-mail address, facsimile number, age, gender, marital status, health status, financial status, credit card information, credit history, interests, browsing preferences, web logs, internet protocol addresses, network and server particulars, and/or other information relevant to the Website, promotional and marketing activities.
Personal health information is more specific, and is defined in the Personal Health Information Protection Act, 2004 (Ontario) (“PHIPA”) as identifying information about an individual which relates to that individual’s physical or mental health, the provision of health care to that individual, payments made or eligibility for health care or health care coverage of that individual.
As the Website connects Mental Healthcare Professionals with potential patients/clients, First Session may at times be subject to the more stringent obligations imposed by PHIPA to the extent that personal health information is collected. First Session will abide by these higher standards when the more stringent obligations apply.
A User who does not consent to the collection of personal information or personal health information, or who withdraws their consent, should immediately cease use of the Website and inform Fist Session’s Privacy Officer (see contact information below). If a User withdraws or limits its consent for First Session to collect or disclose personal information or personal health information, First Session may be limited in its ability to provide services or access to certain aspects of the Website.
Personal information or personal health information will only be collected or disclosed without the consent of the User in the limited circumstances that are expressly permitted by law. For example, privacy legislation allows for the collection and/or disclosure of personal information where there is an emergency, or a serious concern for health and safety.
THE SITE IS INTENDED FOR USERS WHO ARE OVER 18 YEARS OF AGE. Persons who are under 18 years of age should not provide personal information or personal health information without the express consent of their parents or guardians.
First Session collects personal information and/or personal health information in one (or more) of three ways:
1. Volunteered Information
First Session may collect personal information and/or personal health information that is voluntarily provided by a User utilizing the Website (i.e. data or comments entered into forms or data fields on the Website).
2. Information from Public or Third-Party Sources
First Session may collect personal information and/or personal health information about Users who register or access the Website from public or third-party sources.
3. Information Collected from a User’s Computer or other Electronic Device
First Session collects information from a User’s computer and other electronic devices (i.e. phones, tablets, etc.) when a User accesses the Website. The information collected includes but is not limited to: a User’s Internet Protocol (IP) address, domain name, browser type, date and time of a User’s request and information provided by tracking technologies, such as cookies and single-pixel tags.
First Session may also anonymously use log information on operational systems, and identify categories of Users by items such as domains and browser types to properly manage the Website.
First Session only collects personal information and personal health information that is necessary to accomplish the specific goals for which it is being collected.
For efficiency and functionality, First Session uses cloud based data collection and storage methods and products from third party service providers. For example, First Session collects and stores information collected from Users through the use of products and services provided by Acuity Scheduling, Inc., Evenly Odd, Inc. (d/b/a Knack), Google, Stripe and Webflow, Inc.
Third party service providers engaged by First Session may host, transfer, and process data, including personal information and personal health information, in the United States and in other countries, and subject to the laws of such jurisdictions and to the terms of their own respective privacy policies. You may wish to review in connection with your consideration of First Session.
By using the Website, the User consents to the storage of the User’s personal information and personal health information in servers located throughout Canada, the United States, and in other countries, including by third party cloud related service providers engaged by First Session.
Unless otherwise notified, First Session will retain a User’s information until the access to services is terminated by the User or First Session. Upon termination, the User will be provided with the opportunity to download their booking and payment history. Once downloaded, First Session will not retain any other information except as required under applicable law. Other information relating to the services provided to the User by any Health Care Provider maybe available from the Health Care Provider directly. When information is deleted, it is removed from our active database. Any information that remains is securely stored and isolated from any further processing until deletion is possible.
First Session collects, uses, and discloses personal information and personal health information to provide the User with better services. In particular, personal information and personal health information is collected for the following reasons:
● to register a User for, and facilitate a User’s participation in, certain areas of the Website (for example, by collecting a User’s name and email address in order to contact the User);
● to connect potential patients/clients with Mental Healthcare Professionals (for example, basic information may be collected to assist in filtering or matching a User with Health Care Providers – provided however that such information will not be shared with a Health Care Provider without the express permission of a User);
● to provide information and reminders to Users regarding their appointments or consultations;
● to properly advertise and promote Mental Healthcare Professionals and their degrees, specifications, and certifications;
● to gather a User’s opinion and feedback;
● internal record keeping;
● to improve the Website;
● to audit online resources for authorized access and security;
● to customize the Website according to a User’s interests; and
● such other uses as may be permitted or required by applicable law.
Specifically, the personal information of Users who are seeking to connect with Mental Healthcare Professionals may be collected in order to filter or match a User with Mental Healthcare Professionals. In these circumstances, certain information such as a User’s name, email address, phone number, gender, occupation, therapy history and responses to assessment questions may be used.
Aggregated Data may be used for data analytics, and for such purpose may be reported to third parties assisting First Session in managing the Website and providing its services.
In certain limited circumstances, First Session may be required to release or provide access to personal information or personal health information in response to a subpoena, search warrant, court order, law, or regulation. In such case, First Session will take all appropriate measures to ensure that Users’ personal information and personal health information is protected to the greatest extent possible while First Session cooperates fully with court and law enforcement authorities in this regard.
When a User agrees to be matched with a Health Care Provider, First Session will disclose a User’s personal information (to the extent consented to by such User) to the Health Care Provider in order to facilitate appointments and communication.
Users may withdraw their consent to First Session’s collection, use, and disclosure of personal information and personal health information at any time, subject to legal and/or contractual restrictions and upon reasonable notice, by contacting First Session’s Privacy Officer (see contact information below).
Notwithstanding the above, certain personal information may be collected automatically when a User visits the Website. Continued use of the Website will be deemed by First Session to be consent to obtain any personal information that derives from Users’ use of the Website notwithstanding the fact that such User has previously communicated their withdrawal of consent for such collection.
Users may choose not to provide personal information or personal health information by not entering it into forms or data fields on the Website when prompted. Users should be aware that choosing not to provide this information may limit their ability to access all features of the Website.
Users who previously agreed to permit the use of personal information for marketing, advertising, or other promotional purposes may revoke their consent by following the opt-out instructions provided in each communication they receive, or by making a request in writing to First Session’s Privacy Officer.
First Session employs physical, administrative, and technological security safeguards appropriate to the sensitivity of the information. With respect to personal health information collected, First Session acts as custodian thereof and takes all precautions required by PHIPA to prevent the unauthorized disclosure thereof.
First Session confirms that it does not use any personal health information for treatment purposes. First Session also confirms that it does not take any steps to verify the accuracy of any personal health information. We do not sell your personal information to any organization or person; the only exceptions to this would be if we sell or transfer any part of our business.
Users may access, update, and correct inaccuracies in personal information in First Session’s possession, subject to certain exceptions prescribed by law.
Upon written request, First Session will provide a User with any personal information and personal health information in its possession to the extent required by law.
If a User would like to access any of its personal information and personal health information, or believes that any of the personal information and personal health information collected by First Session relating to a User is incorrect or incomplete, they should contact First Session’s Privacy Officer (see contact information below).
User consents to First Session: 1) communicating with the User via the email address provided to First Session by the third party payer; 2) disclosing the information that the User requested to the third party payer to permit First Session to process payment for the services; and 3) notifying the third party payer of any changes or termination of the User’s access to First Session’s website/platform.
For more information on your privacy rights, you may also contact the Federal Privacy Commissioner at:
Office of the Privacy Commissioner of Canada
112 Kent Street
Place de Ville
Tower B, 3rd Floor
Or your provincial office of the Information and Privacy Commissioner for more information.