Last Updated: August 6, 2025

This policy outlines how we protect the personal information we collect about you. Personal information is any identifying information about you, including, without limitation, your physical and mental health, as defined below. We value patient privacy and are committed to being accountable for how we treat your personal information. Everyone working for this office is required to adhere to the protections described in this policy.

This policy was developed in compliance with the British Columbia Personal Information Protection Act (PIPA). PIPA sets out rules for how organizations such as our office can collect, use, disclose, store, and retain your Personal Information, as defined herein. 

Please note that when using our services (our “Services”), this Privacy Policy should be read in conjunction with our Terms of Use. By accessing our website, using any of our Services, or providing us with any Personal Information, you acknowledge that the Privacy Policy and the Terms of Use govern such use and disclosure of personal information. If you do not agree to the terms set out in this Privacy Policy, we request that you cease using any of our Services immediately. If you have any questions regarding our privacy practices, please contact your physician or one of our staff prior to providing us with any personal information.

Collection, Use, and Disclosure of Personal Information

What personal information do we collect?

We collect the following identifiable Personal Information:

• Identification and contact information (name, address, date of birth, telephone number, emergency

contact, etc.)
• Information submitted to us directly through our website

• Billing information (provincial plan and/or private insurer)

• Health information (symptoms, diagnosis, medical history, test results, reports and treatment, record

of allergies, prescriptions, etc.) (“Medical Information”)

(collectively “Identifiable Information”)

Additionally, we may, from time to time, collect the following information about your use of our Services:

• Usage information about your use of our website

• Device information about the devices you use to access the Services, such as your mobile device type and operating system

• Log data, which may include your IP address, information regarding the physical location of your device, browser type, and the date and time of your access

(collectively “Usage Data”, and together with Identifiable Information, “Personal Information”)

Why do we collect your Personal Information?

We collect your Personal Information for the purposes of identifying you, providing you with care, administering the services that we provide, and communicating with you. We collect only the information that is required to fulfill those purposes. We do not collect any other information, or allow information to be used for other purposes, without your express (i.e., verbal, written, or electronic) consent - except where authorized to do so by law.

How do we use your Personal Information?

We use the information we collect for the following purposes:

• provide and maintain our Services;

• to communicate with you about the Services, including sending you updates, notifications, news, updates, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already engaged or enquired about, unless you have opted not to receive such information (acknowledging that such opt-out may affect the delivery of certain of our Services);

• to verify your identity and screen for potential risk of fraud;

• to provide customer support and respond to your enquiries;

• to analyze and improve our products and Services;

• to protect our rights and the rights of other patients or users;

• to comply with legal and regulatory obligations; or

• any other purpose with your consent.

When and to whom do we disclose personal information?

Implied consent for provision of care:

By virtue of seeking care from us, your consent is implied (i.e., assumed) for your Personal Information to be used by this office to provide you with care, and to share with other health care providers involved in your care.

Additionally, we may collect, use, or disclose your Personal Information without your consent in the following circumstances:

• in an emergency that threatens an individual's life, health, or personal security (including your own)

• when the Personal Information is available from a public source;

• when we require legal advice from a lawyer; 

• for the purposes of collecting a debt or protection from fraud; or

• other legally established reasons.

Disclosure to other health care providers:

Your implied consent extends to us sharing your Personal Information with other providers involved in your care, including (but not limited to) other physicians and specialists, pharmacists, lab technicians, nutritionists, physiotherapists, and occupational therapists.

Disclosures authorized by law:

There are limited situations where we are legally required to disclose your Personal Information without your consent. These situations include (but are not limited to) billing MSP, provincial health plans, reporting infectious diseases, fitness to drive, or by court order.

Disclosures to all other parties:

Your express consent is required before we will disclose your Personal Information to third parties for any purpose other than to provide you with care, as otherwise set out herein, or unless we are authorized to do so by law. Examples of disclosures to other parties requiring your express consent include (but are not limited to) third parties who are conducting medical examinations for purposes not related to the provision of care, enrolment in clinical (research) trials, and provision of charts or chart summaries to insurance companies.

Consent and Withdrawal of Consent:

You can provide consent orally, in writing, electronically, or through an authorized representative. Your consent may also be implied where you have received notice and a reasonable opportunity to opt out of having the Personal Information used, and you have not provided us with notice of opting out.

You can withdraw your consent to us collecting your Personal Information or having your information shared with other health care providers or other parties at any time by giving us reasonable notice, except where the collection or disclosure is authorized by law. However, please discuss this with your physician first so we can explain the possible consequences of withdrawing consent.

No Sale:

We will not sell your Personal Information to other parties without your consent (except in the case of a merger, acquisition, or other corporate transaction). Except as explicitly specified herein, we will obtain your express or implied consent to collect, use, sell, or disclose any Personal Information. We will never sell any of your Medical Information.

Patient Rights

How can records be accessed?

You have the right to access your Personal Information in a timely manner, including what information is being stored, where it is being stored, and the purpose of such storage. With respect to any Medical Information, if you wish to view the original record, one of our staff must be present to maintain the integrity of the record, and a minimal fee may be charged for this access when required to transfer your patient chart to another provider. Patient requests for access to your medical record can be made verbally or in writing to your physician or the staff (see office address at top of Policy). All other general requests to access Personal Information can be made via the contact information set out below.

Are there limitations on access?

In extremely rare circumstances, you may be denied access to your Medical Information records, for example, if providing access would create a significant risk to you or another person.

What if the records are not accurate?

We make every effort to ensure that all of your information is recorded accurately. If an inaccuracy is identified, you can request that the information be corrected, and a note will be made to reflect this on your file.

Can you request to have your records be deleted?

Subject to our professional and legal responsibilities pertaining to your Medical Information, you may request the erasure of any part of your Personal Information.

If you wish to make any of the above requests or require more details regarding your rights, including the process to exercise them, please email us at MANAGER@BMMC.CO. and insert “Privacy Information Request” in the subject header or call 604-941-8277. Kindly note that if you request the deletion of your Personal Information, you may no longer have access to certain parts of our Services. We will provide a written or oral response to your request as soon as practical and may request identification proof to verify your request.

Office Safeguards and Data Retention

How secure is your personal information?

Safeguards are in place to protect the security of your information. These safeguards include a combination of physical, technological, and administrative security measures that are appropriate to the sensitivity of the information. These safeguards are aimed at protecting Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Your Personal Information may be stored electronically in our database, including databases hosted by applicable third-party Service Providers, as defined below, or in hardcopy format. However, no information security defenses are impenetrable, and we cannot guarantee the security of our applications, servers, or databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Accordingly, We make no guarantee as to the absolute security of the Personal Information.

What is our communications policy?

We protect Personal Information regardless of the format. Specific procedures are in place for communicating by phone, email, fax, and post/courier.

How long do we keep personal information?

We retain Medical Information for a minimum period of 16 years, or as otherwise required by law and professional regulations. We retain other categories of Personal Information for as long as it is necessary and relevant for our business and in compliance with all statutory requirements. The criteria used to determine the retention periods include: (i) how long the Personal Information is needed to provide the services and operate the business; (ii) the type of Personal Information collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the Personal Information (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes). Except as expressly provided above or under law, we make no guarantee of any other period of retention and reserve the right to delete such information at any time. 

How do we dispose of information when it is no longer required?

When information is no longer required, it is destroyed in an irreversible and secure manner, in accordance with the set procedures of the College of Physicians and Surgeons of BC that govern the storage and destruction of Personal Information. Additionally, we will use appropriate security measures when destroying all other types of Personal Information, such as shredding documents or deleting electronically stored information.

What happens if there is a data breach?

In the unlikely event that our system is breached, and any Personal Information has been compromised, we will notify such local authorities as may be required within seventy-two (72) hours of the breach, and will also use our best efforts to notify you using the most current contact information that we have on file. We are not responsible for any failure to notify you based on incorrect or outdated contact information.

Third-Party Service Providers

From time to time, we may make use of third-party service providers (“Service Providers”), including service providers located in Canada and the United States to store and process data, including your Personal Information, on our behalf. When acting on our behalf, such service Providers shall only be authorized to collect, use, disclose or store your Personal Information in accordance with this Privacy Policy and all appliable legislation. However, the government, courts, law enforcement, security, or regulatory agencies of a particular country may be able to obtain access to or disclosure of Personal Information as permitted by the laws of that country. A current list of third-party service providers who may have access to certain types of your Personal Information is as follows:

Cortico Health – we use Cortico Health to assist us in managing online patient bookings. Cortico Healh may collet your IP address, Usage Data and applicable Personal Information submitted through our website. To learn more about how Cortico Heath processes your Personal Information, please visit Cortico Health’s Privacy Policy.

Google Analytics – we use Google Analytics to help us understand how our customers use the Services. Google Analytics may collect your IP address, data related to the device/browser, or other information about your use of our website and may do so using cookies.  Google Analytics’ data practices are governed by the Google Privacy Policy, as it may be amended from time to time.

Well Health – we use Well Health’s Oscar electronic medical records platform to store, manage and safeguard your Medical Information, click here to access their Privacy Policy.

Our Services may contain links to other web sites that we do not control (“Third Party Sites”). Privacy and personal data protection principles vary from one country to another. We strongly advise you to review the privacy policy of every site you visit to determine the privacy practices that apply to information or data maintained by such website or application within such jurisdiction. We have no control over, and assume no responsibility for the content, privacy policies or practices of any Third Party Site or their associated services.   

Cookies

Cookies are small files that, when placed on your device, enable our website to provide certain features and functionalities. We and our service providers use cookies to automatically collect information, measure and analyze which pages you click on and how you use the application, enhance your experience using our Services, and for the purposes of improving such Services. Cookies may include information such as your login or registration identification, user preferences, time spent on a website, and pages visited.

Examples of Cookies we may use: (i) Session Cookies (used to operate the Services); (ii) Preference Cookies (used to remember your preferences and various settings); (iii) Security Cookies (used for security purposes); and (iv) Advertising Cookies (used to serve you with advertisements that may be relevant to you and your interests). We may also use third-party tracking technology to record similar information regarding you and your activity on our website.

By using our Services, you consent to our use of Cookies. You can change your cookie preferences by clicking on the cookie management tool implemented on our Website, or by instructing your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept the use of cookies, you may not be able to use some portions of our Services. You may obtain up-to-date information about blocking and deleting cookies via these links: Google Chrome, Mozilla Firefox, Internet Explorer, and Safari.

Do Not Track

Please note that we do not alter our data collection and use practices when we receive any type of Do Not Track signal from your browser and will continue to collect, use, and dispose of your Personal Information in accordance with this Privacy Policy.

Changes

We may update this Privacy Policy from time to time. If we make material changes to this Policy, we will notify you by email or by posting a notice on our website. Changes are effective as of their posting on this webpage. You are advised to periodically review our Services after changes are made to this Privacy Policy, you are agreeing to be bound by the updated Privacy Policy. If you do not agree to bound by the updated Privacy Policy, please stop using our Services.

Complaints Process

If you believe that this office has not replied to your access request or has not handled your Personal Information in a reasonable manner or in accordance with PIPA, please first contact our office at the number above to discuss your concerns. You may also choose to make a complaint to the College of Physicians and Surgeons of BC or the Information & Privacy Commissioner for BC.

Contact

If you have any questions or concerns about this Privacy Policy, please contact us by email at MANAGER@BMMC.CO, by phoning 604-941-8277 or by mail at:

Kanata Management Ltd.

Attn: Data Protection Officer – Dr Ali Sanei-Moghaddam

Suite 210

1465 Salisbury Avenue

Port Coquitlam, BC V3B 6J3