Privacy Policy

Your personal information is very important.

This Privacy Policy describes how we treat the information we collect when you visit our Site and/or register with us as a Massago Provider,  Massago Member or other user or customer of our Services. Please take the time to read this Privacy Policy carefully.

This Privacy Policy is incorporated into and subject to our Terms of Use available at https://massago.ca/help/terms-of-use/.  Undefined capitalized terms used in this Privacy Policy have the meanings given to them in our Terms of Use.

1. INTRODUCTION

Massago Inc. and its affiliated companies (collectively, “Massago”, “we” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This means Massago does not transfer, distribute, disclose, rent or sell any of your personal information to third parties except as provided for in this Privacy Policy or as specifically consented by you.

Massago has developed policies and procedures consistent with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), the Personal Health Information Protection Act (Ontario) (“PHIPA”), and other relevant privacy laws.

By accepting this Privacy Policy in registration for our Services and/or by visiting and using our Site, you expressly consent to our collection, use and disclosure of your Personal Information in accordance with this Privacy Policy.

 

2. Scope

This Privacy Policy applies to all Personal Information collected, used or disclosed by Massago from end-users of Massago’s Services (“Users”), including you.  “Personal Information” is any information in any form that identifies or can identify an individual or could be combined other information to identify an individual and includes Personal Health Information.  “Personal Health Information” is any identifying information about an individual that relates to the physical or mental health of the individual.

This Privacy Policy also applies to information that is about you but individually does not identify you, as described below.

 

3. ACCOUNTABILITY

Massago is responsible for the Personal Information under its possession and control.  Massago has designated a Privacy Officer to be responsible for its compliance with this Privacy Policy and privacy legislation.

 

4. Information Massago Collects

Personal Information

Personal Information that Massago collects includes, but is not limited to:

  • Registration information, such as name, e-mail address, phone number and a picture of yourself;
  • Booking related information, including your address, and service-related information (e.g. type of massage you wish to receive)
  • Billing and payment information, including credit card information bank account details, the name of your health benefits provider and your benefits provider account number;
  • Personal Health Information, such as health history, injuries, health conditions and treatment notes;
  • COVID-19 related information, including your recent travel activity, whether you have been asked by Public Health to self-isolate or quarantine, and whether you are experiencing any symptoms of COVID-19;
  • Any other Personal Information that you may provide when you use the Services, or when you contact Massago with questions and/or inquiries;
  • Technical support records;
  • Service requests and inquiries; and
  • Any information that we collect from you that is intended to improve and personalize our services.

b. Non-Personal Information

Non-Personal Information (“NPI”) means information that is aggregated, anonymized or otherwise cannot be linked with any individual.  Massago collects NPI about Users when they interact with our Site. For instance, NPI may include, but is not limited to, browser name, type of computer or device, IP address, geo-olcation information and technical information about a User’s means of connecting to the Site, such as operating system, Internet service provider utilized, and mobile network information.  See the section below entitled “How does Massago collect, use and share NPI?” for more information.

 

5. How does Massago use Personal Information?

Massago collects Personal Information for the following purposes:

  • to provide Services to you, including to facilitate massage sessions between you and our registered therapists;
  • to establish and maintain responsible commercial relations with you;
  • to communicate with you in order to provide our Services;
  • to arrange for payment of our Services through our payment processor, currently Stripe, and/or your insurance benefits provider;
  • to respond to any correspondence and support requests you may direct to Massago;
  • to understand our customers’ needs and preferences;
  • to enforce Massago’s Terms of Use;
  • to provide you with service or administrative messages;
  • to meet legal and regulatory requirements;
  • to prevent, detect and mitigate illegal, fraudulent, or counterfeit activities;
  • to improve our Site and Services; and
  • for any other reasonable purposes for which you may have provided your express consent or in which your consent can be reasonably implied.

 

6. How does Massago collect, use and share NPI?

Massago uses NPI in an ongoing effort to better understand and serve our customers and to improve the content and functionality of our Site.

In addition, Massago may use Personal Information, on an aggregated de-identified basis, for research purposes to improve our Site or Services.  This aggregated de-identified information does not identify any individual and therefore is considered and treated as NPI under this Privacy Policy.  For instance, Massago uses NPI to monitor traffic and to collect statistical data.

No NPI by itself, or together with aggregated Personal Information, can be tracked to a specific individual’s Personal Information.

Specific Uses of NPI by Massago:

  • To conduct internal research on our customers to better understand and serve them, including usage patterns, demographics, interests and behaviors.
  • We use anonymized and aggregated information about Users interaction with our Site to test our systems, data analysis, developing new services and improving and/or personalizing your experience on our Site.

The NPI collected by Massago will not be shared with third parties, except as expressly indicated in this Privacy Policy, or for other lawful purposes.

Technology Used to Collect NPI:

  • Massago uses different types of technology to collect this information, such as log files, embedded scripts, cookies, web beacons, and pixel tags.

 

7. Cookies & opt-out

Massago uses cookies to enhance Users’ experiences.  Users’ web browsers place cookies on their computers for record-keeping purposes and sometimes to track information about them.   Cookies help Massago accurately understand how many consumers are visiting Massago’s Website, how often Users visit the Website, what content Users are most interested in, and how they prefer to interact with Content on the Website.  For example, a cookie will allow Massago to remember certain things like your Internet Protocol (IP) address (IP addresses are strings of numbers that identify senders and receivers of information sent across the Internet), your login information, the time and duration of your visits, how you navigated through Massago’s content and where you exited the Website. To save you the time of re-entering your login information every time you come back to Massago’s website, Massago may link information contained in a cookie to your email address.  Massago does not use cookies to retrieve information from your device that Massago did not originally send in a cookie.

Massago uses Google Analytics, which uses cookies to track information about traffic and visitors and sends such information (i) to Google servers in the United States and (ii) to the Massago.  Google Analytics does not identify any individual users or associate your IP address with any other data held by Google.   Massago uses such information in the aggregate to compile statistical reports about the activity on the Services as well as to benchmark the Services to other third parties who also use Google Analytics.  This information is used by Massago to improve the Services and their functionality. Google’s privacy policy can be found here: policies.google.com/privacy

You may disable cookies using your browser’s settings. Please consult your browser’s help function for information on how to disable cookies.

You may opt-out of Google Analytics by clicking here: tools.google.com/dlpage/gaoptout?hl=en

Note that if you disable cookies, certain features of Massago’s Services may not function to their fullest potential.

 

8. Consent

Massago respects your privacy and, unless otherwise required by law, Massago will not collect, use or disclose your Personal Information without your prior consent. Your consent may be expressed or implied. You may expressly give your consent in writing, verbally or through any electronic means.  In certain circumstances, your consent may be implied by your actions.  For example, providing Massago Personal Information to register for massage session is implied consent to use such information to provide you with the associated services.

Where appropriate, Massago will generally seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when Massago wants to use information for a purpose other than those identified above).  In obtaining consent, Massago will use reasonable efforts to ensure that a User is advised of the identified purposes for which Personal Information collected will be used or disclosed.

The form of consent sought by Massago may vary, depending upon the circumstances and type of information disclosed. In determining the appropriate form of consent, Massago shall take into account the sensitivity of the Personal Information and the reasonable expectations of Massago’s Users.  Massago will seek express consent when the information is likely to be considered sensitive. Implied consent will generally be appropriate where the information is less sensitive.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. In order to withdraw consent, you must provide notice to Massago in writing.

 

9. Limiting Use, Disclosure and Retention

As noted above, Massago does not disclose your Personal Information to third parties, except as provided for in this Privacy Policy.

Massago may transfer your Personal Information to third party providers, contractors, including our massage therapists, and agents (“Affiliates”) who are engaged by us in providing and developing products and services, storing data (including your Personal Information), and providing you with the Services.  Examples of our Affiliate include:

  • Stripe – we use Stripe for payment services.
  • Noterro – we use Noterro for secure patient charting and storing your Personal Health Information you provide us or that we collect with respect to your massage sessions*;
  • Persona – we use Personna for new customer ID verification purposes;

* Note, Personal Health Information that you provide us with respect to COVID-19 screening is not stored with Noterro.

Our Affiliates will only use your Personal Information for the purposes identified in this Privacy Policy.

As explained above, Massago uses Google Analytics.  Google’s privacy policy can be found here: policies.google.com/privacy

In the event your Personal Information is disclosed to a third party pursuant to a business transaction, Massago will ensure that it has entered into an agreement under which the collection, use and disclosure of the information is related to those purposes that relate to the transaction.

Subject to the foregoing, only Massago’s and Massago’s Affiliates’ employees and contractors with a business need to know, or whose duties reasonably so require, are granted access to Personal Information about you.   All such employees and contractors will be required as a condition of employment to contractually respect the confidentiality of Massago’s Users’ Personal Information.

Massago will retain Personal Information for only as long as required to fulfill the identified purposes or as required by law. Personal Information that is no longer required to fulfill the identified purposes will be destroyed, erased or made anonymous according to the guidelines and procedures established by Massago.

Massago will disclose Personal Information without your knowledge or consent if Massago receives an order, subpoena, warrant or other legal requirement issued by a court, tribunal, regulator or other person with jurisdiction to compel disclosure of your Personal Information. If Massago receives a written request from a police officer or other law enforcement agency with authority to request access to your Personal Information in the course of an actual or potential investigation into a breach of a law, Massago’s policy is to provide the requested information.

 

10. Links to Other Services

You may be able to access third-party websites and services through links available on our Site.  Any links are provided for your convenience. Massago does not have any control over those third-party websites or services and Massago does not provide any guarantee that the privacy practices of the hosts of those websites or services meet Massago’s standards.  your use of such third-party websites or services is at your own risk and will be governed by the privacy policies of those websites or services and not by this Privacy Policy.   Do not transmit Personal Information using those websites or services without reading the privacy policies governing those websites and services.

NOTE that you may choose to log-in to or register for Massago’s Services through social media or other online services (e.g., Facebook or Apple ID).  When you do so, Personal Information from your social media service account may be shared with Massago. The information Massago may receive varies by such services and is controlled by that service.  By associating an account managed by a third party with your Massago account and authorizing Massago to have access to this information, and you agree that Massago may collect, store, and use this information in accordance with this Privacy Policy. Massago is not responsible for how those third parties use and share your Personal Information. Please refer to those third parties’ privacy policies to understand how they use and share your Personal Information.

 

11. Storage Outside of Canada

Your Personal Information may be used or stored by us or our service providers outside of Canada. We require that our service providers safeguard your Personal Information. However, if your Personal Information is used or stored outside of Canada, it will also be subject to the laws of the country in which it is used or stored.  Notwithstanding the foregoing, any Personal Information with respect to your health benefits provider, including claim history processed by Massago, will only be stored in Canada.

 

12. Children and Minors

Massago’s Services are not directed to children under the age of 18 years.  Massago will not knowingly collect Personal Information about a child under the age of 18.  Massago does not allow minors (persons who are under the age of majority in their place of residence) to make purchases.

 

13. EMAIL COMMUNICATIONS

From time to time we may send you e-mail, text messages or other electronic communications with information and/or special offers that we believe would be of interest to you. If you do not wish to receive e-mail, text messages or other electronic communications you can notify massago at any time of your preference by making the appropriate ‘opt-out’, ‘unsubscribe’ or ‘remove’ election contained in such communications.

Massago may use a reputable third party to deliver email, text messages or other electronic communications. If so, such third party is under a contractual requirement to keep all personal information confidential and to only use any personal information for the sole purpose of sending you email, text messages or other electronic communications on behalf of massago and to return any Personal Information once their services are completed.

 

14. How can I Access my Personal Information?

Upon request, Massago will provide you information regarding the existence, use and disclosure of your Personal Information and you will be given access to that information.  Massago will respond to an application for individual access to Personal Information within a reasonable time and at minimal or no cost to the individual. An individual may challenge the accuracy and completeness of the information and have it amended as appropriate.

NOTE: In certain circumstances, Massago may not be able to provide access to all of your Personal Information that it holds.  Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. Massago will provide the reasons for denying access upon request.

 

15. Safeguards

Massago protects your Personal Information by security safeguards appropriate to the sensitivity of the information.  Massago will protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.

Massago’s methods of protection include:

  • utilizing access controls and firewall controls for our computer servers;
  • limiting access of employees and contractors to, and the use of, Personal Information through the use of passwords and graduated levels of clearance and making available Personal Information only on a need-to-know basis;
  • the use of pseudonymization and encryption of Personal Information, where appropriate;
  • measures to ensure the ongoing confidentiality, integrity, availability and resilience of our systems and services; and
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of Personal Information.

 

16. Inquiries; Challenging Compliance

An individual will be able to make inquiries and/or address a challenge concerning compliance with this Privacy Policy to Massago’s Privacy Officer.

Massago will maintain procedures for addressing and responding to all inquiries or complaints from Massago’s Users about Massago’s handling of Personal Information. Massago shall investigate all complaints. All inquiries or complaints involving Massago’s handling of Personal Information or compliance with this Privacy Policy or with PIPEDA shall be directed to Massago’s Privacy Officer.

The Privacy Officer will respond to all such inquiries or complaints within 14 business days of receipt.  The Privacy Officer will make reasonable efforts to resolve all such complaints within 30 days of receipt of the initial complaint. If Massago finds a complaint to be justified, it will take appropriate measures, including, if necessary, amending its policies and procedures.

For more information, please contact Massago’s Privacy Office as follows:

E-mail: legal@massago.ca

Mail:

Massago
Privacy Officer
2 Orchard Heights Boulevard, Unit 26
Aurora, ON  L4G 3W3

 

17. General

Massago reserves the right to modify and amend this Privacy Policy from time to time in its sole discretion without prior notice.  Any such amendment(s) will be posted on Massago’s website and will be effective as of the date of posting.  In the case of Massago Members, we will send you notice of the amendment(s) by email.

Last updated: March 5, 2021