Massago has developed policies and procedures consistent with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), the Personal Health Information Protection Act (Ontario) (“PHIPA”), and other relevant privacy laws.
4. Information Massago Collects
Personal Information that Massago collects includes, but is not limited to:
- Registration information, such as name, e-mail address, phone number and a picture of yourself;
- Booking related information, including your address, and service-related information (e.g. type of massage you wish to receive)
- Billing and payment information, including credit card information bank account details, the name of your health benefits provider and your benefits provider account number;
- Personal Health Information, such as health history, injuries, health conditions and treatment notes;
- COVID-19 related information, including your recent travel activity, whether you have been asked by Public Health to self-isolate or quarantine, and whether you are experiencing any symptoms of COVID-19;
- Any other Personal Information that you may provide when you use the Services, or when you contact Massago with questions and/or inquiries;
- Technical support records;
- Service requests and inquiries; and
- Any information that we collect from you that is intended to improve and personalize our services.
b. Non-Personal Information
Non-Personal Information (“NPI”) means information that is aggregated, anonymized or otherwise cannot be linked with any individual. Massago collects NPI about Users when they interact with our Site. For instance, NPI may include, but is not limited to, browser name, type of computer or device, IP address, geo-olcation information and technical information about a User’s means of connecting to the Site, such as operating system, Internet service provider utilized, and mobile network information. See the section below entitled “How does Massago collect, use and share NPI?” for more information.
5. How does Massago use Personal Information?
Massago collects Personal Information for the following purposes:
- to provide Services to you, including to facilitate massage sessions between you and our registered therapists;
- to establish and maintain responsible commercial relations with you;
- to communicate with you in order to provide our Services;
- to arrange for payment of our Services through our payment processor, currently Stripe, and/or your insurance benefits provider;
- to respond to any correspondence and support requests you may direct to Massago;
- to understand our customers’ needs and preferences;
- to provide you with service or administrative messages;
- to meet legal and regulatory requirements;
- to prevent, detect and mitigate illegal, fraudulent, or counterfeit activities;
- to improve our Site and Services; and
- for any other reasonable purposes for which you may have provided your express consent or in which your consent can be reasonably implied.
6. How does Massago collect, use and share NPI?
Massago uses NPI in an ongoing effort to better understand and serve our customers and to improve the content and functionality of our Site.
No NPI by itself, or together with aggregated Personal Information, can be tracked to a specific individual’s Personal Information.
Specific Uses of NPI by Massago:
- To conduct internal research on our customers to better understand and serve them, including usage patterns, demographics, interests and behaviors.
- We use anonymized and aggregated information about Users interaction with our Site to test our systems, data analysis, developing new services and improving and/or personalizing your experience on our Site.
Technology Used to Collect NPI:
- Massago uses different types of technology to collect this information, such as log files, embedded scripts, cookies, web beacons, and pixel tags.
7. Cookies & opt-out
You may disable cookies using your browser’s settings. Please consult your browser’s help function for information on how to disable cookies.
You may opt-out of Google Analytics by clicking here: tools.google.com/dlpage/gaoptout?hl=en
Note that if you disable cookies, certain features of Massago’s Services may not function to their fullest potential.
Massago respects your privacy and, unless otherwise required by law, Massago will not collect, use or disclose your Personal Information without your prior consent. Your consent may be expressed or implied. You may expressly give your consent in writing, verbally or through any electronic means. In certain circumstances, your consent may be implied by your actions. For example, providing Massago Personal Information to register for massage session is implied consent to use such information to provide you with the associated services.
Where appropriate, Massago will generally seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when Massago wants to use information for a purpose other than those identified above). In obtaining consent, Massago will use reasonable efforts to ensure that a User is advised of the identified purposes for which Personal Information collected will be used or disclosed.
The form of consent sought by Massago may vary, depending upon the circumstances and type of information disclosed. In determining the appropriate form of consent, Massago shall take into account the sensitivity of the Personal Information and the reasonable expectations of Massago’s Users. Massago will seek express consent when the information is likely to be considered sensitive. Implied consent will generally be appropriate where the information is less sensitive.
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. In order to withdraw consent, you must provide notice to Massago in writing.
9. Limiting Use, Disclosure and Retention
Massago may transfer your Personal Information to third party providers, contractors, including our massage therapists, and agents (“Affiliates”) who are engaged by us in providing and developing products and services, storing data (including your Personal Information), and providing you with the Services. Examples of our Affiliate include:
- Stripe – we use Stripe for payment services.
- Noterro – we use Noterro for secure patient charting and storing your Personal Health Information you provide us or that we collect with respect to your massage sessions*;
- Persona – we use Personna for new customer ID verification purposes;
* Note, Personal Health Information that you provide us with respect to COVID-19 screening is not stored with Noterro.
In the event your Personal Information is disclosed to a third party pursuant to a business transaction, Massago will ensure that it has entered into an agreement under which the collection, use and disclosure of the information is related to those purposes that relate to the transaction.
Subject to the foregoing, only Massago’s and Massago’s Affiliates’ employees and contractors with a business need to know, or whose duties reasonably so require, are granted access to Personal Information about you. All such employees and contractors will be required as a condition of employment to contractually respect the confidentiality of Massago’s Users’ Personal Information.
Massago will retain Personal Information for only as long as required to fulfill the identified purposes or as required by law. Personal Information that is no longer required to fulfill the identified purposes will be destroyed, erased or made anonymous according to the guidelines and procedures established by Massago.
Massago will disclose Personal Information without your knowledge or consent if Massago receives an order, subpoena, warrant or other legal requirement issued by a court, tribunal, regulator or other person with jurisdiction to compel disclosure of your Personal Information. If Massago receives a written request from a police officer or other law enforcement agency with authority to request access to your Personal Information in the course of an actual or potential investigation into a breach of a law, Massago’s policy is to provide the requested information.
10. Links to Other Services
11. Storage Outside of Canada
Your Personal Information may be used or stored by us or our service providers outside of Canada. We require that our service providers safeguard your Personal Information. However, if your Personal Information is used or stored outside of Canada, it will also be subject to the laws of the country in which it is used or stored. Notwithstanding the foregoing, any Personal Information with respect to your health benefits provider, including claim history processed by Massago, will only be stored in Canada.
12. Children and Minors
Massago’s Services are not directed to children under the age of 18 years. Massago will not knowingly collect Personal Information about a child under the age of 18. Massago does not allow minors (persons who are under the age of majority in their place of residence) to make purchases.
13. EMAIL COMMUNICATIONS
From time to time we may send you e-mail, text messages or other electronic communications with information and/or special offers that we believe would be of interest to you. If you do not wish to receive e-mail, text messages or other electronic communications you can notify massago at any time of your preference by making the appropriate ‘opt-out’, ‘unsubscribe’ or ‘remove’ election contained in such communications.
Massago may use a reputable third party to deliver email, text messages or other electronic communications. If so, such third party is under a contractual requirement to keep all personal information confidential and to only use any personal information for the sole purpose of sending you email, text messages or other electronic communications on behalf of massago and to return any Personal Information once their services are completed.
14. How can I Access my Personal Information?
Upon request, Massago will provide you information regarding the existence, use and disclosure of your Personal Information and you will be given access to that information. Massago will respond to an application for individual access to Personal Information within a reasonable time and at minimal or no cost to the individual. An individual may challenge the accuracy and completeness of the information and have it amended as appropriate.
NOTE: In certain circumstances, Massago may not be able to provide access to all of your Personal Information that it holds. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privilege. Massago will provide the reasons for denying access upon request.
Massago protects your Personal Information by security safeguards appropriate to the sensitivity of the information. Massago will protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.
Massago’s methods of protection include:
- utilizing access controls and firewall controls for our computer servers;
- limiting access of employees and contractors to, and the use of, Personal Information through the use of passwords and graduated levels of clearance and making available Personal Information only on a need-to-know basis;
- the use of pseudonymization and encryption of Personal Information, where appropriate;
- measures to ensure the ongoing confidentiality, integrity, availability and resilience of our systems and services; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of Personal Information.
16. Inquiries; Challenging Compliance
The Privacy Officer will respond to all such inquiries or complaints within 14 business days of receipt. The Privacy Officer will make reasonable efforts to resolve all such complaints within 30 days of receipt of the initial complaint. If Massago finds a complaint to be justified, it will take appropriate measures, including, if necessary, amending its policies and procedures.
For more information, please contact Massago’s Privacy Office as follows:
2 Orchard Heights Boulevard, Unit 26
Aurora, ON L4G 3W3
Last updated: March 5, 2021