Home About Services Pricing Contact Blog Français Call Us (613) 702-8873 Book Now Client Portal

Privacy Policy

Last Updated: April 3, 2026

1. Introduction

Sunisa Phlakla, RMT ("we", "our", "us") is committed to protecting the privacy of our clients' personal information. This policy explains how we collect, use, and protect your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the requirements of the College of Massage Therapists of Ontario (CMTO).

2. Information We Collect

In the course of providing massage therapy services, we may collect the following information:

  • Identification Information: Name, address, phone number, email address
  • Health Information: Medical history, current conditions, medications, allergies, and other information relevant to your treatment
  • Billing Information: Insurance information, payment history
  • Treatment Notes: Documentation of treatments performed, progress, and care plans

3. How We Use Your Information

Your personal information is used only to:

  • Provide safe and effective massage therapy services
  • Communicate with you regarding your appointments
  • Issue receipts for insurance claims
  • Comply with legal and regulatory requirements of the CMTO
  • Improve the quality of our services

4. Protection of Your Information

We take the protection of your information very seriously:

  • All client records are stored securely
  • Access to information is limited to authorized personnel
  • Electronic systems are password protected
  • We never share your information without your consent, unless required by law

5. Record Retention and Deletion

We apply the following retention periods, in accordance with CMTO requirements and Ontario tax obligations:

  • Treatment records and health intake forms: Minimum 10 years after the last treatment, or until the client reaches age 28 (18 + 10 years) for minors, as required by the CMTO
  • Invoices and financial data: Minimum 7 years, as required by the Canada Revenue Agency (CRA)
  • Contact information (name, email, phone, address): Retained as long as the client relationship is active, or until the end of the treatment record retention period
  • Online booking data: Retained for the duration of the client relationship

Upon expiration of these periods, or upon legitimate client request, personal data is either deleted or anonymized (identifying information is replaced with anonymous codes while preserving statistical and financial data required by law).

You may request anonymization of your data at any time by contacting us. Please note that some information may need to be retained to comply with our legal and regulatory obligations.

6. Your Rights

Under PIPEDA, you have the right to:

  • Access your personal information upon request — we can provide you with a digital file containing all data we hold about you
  • Request correction of inaccurate information
  • Request anonymization of your personal data (your identifying information will be replaced with anonymous codes)
  • Request complete deletion of your data, subject to our legal retention obligations
  • Withdraw your consent at any time (which may affect our ability to provide services to you)
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, please contact us by email or phone. We will respond to your request within 30 days.

7. Disclosure to Third Parties

We will only disclose your personal information to third parties in the following circumstances:

  • With your written consent
  • When required by law
  • In case of a medical emergency
  • To comply with CMTO requirements

8. Cookies and Tracking

Our website uses essential cookies only — cookies that are strictly necessary for the site to function (e.g., session management for the booking form). We do not use advertising, analytics, or third-party tracking cookies. You may decline non-essential cookies via the cookie banner displayed on your first visit. Declining cookies will not affect your ability to book an appointment.

9. Data Breach Notification

In the event of a data breach that poses a real risk of significant harm to individuals, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required under PIPEDA (Breach of Security Safeguards Regulations). Notification will be provided as soon as feasible, and in any case no later than the timeframe required by law.

10. Contact Us

For any questions about this privacy policy or to exercise your rights, please contact us:

Email: contact@sunisaphlakla.com
Phone: (613) 702-8873
Privacy Officer: Sunisa Phlakla, RMT

You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

Call Book Now