PUBLIC PRIVACY NOTICE
Therapy with Empathy – Psychotherapy Services

Effective Date: April 17, 2026 | Last Updated: April 17, 2026 | Version 1.0

    1. About This Notice
      This Public Privacy Notice explains how Therapy with Empathy collects, uses, discloses, safeguards, retains, and handles personal health information and other personal information in the course of providing psychotherapy and related services.
      This notice is intended for clients, prospective clients, and website visitors. It is a public-facing document. It is not the practice’s internal privacy manual, records retention schedule, or staff policy.
    2. Who We Are
      Therapy with Empathy is a psychotherapy practice located at:
      Address: 1355 Wellington St W, Suite 202, Ottawa, ON, K1Y 3C2
      Phone: (343) 451-7276
      Email: info@therapywithempathy.com
      Website: https://therapywithempathy.com
      We provide psychotherapy and related professional services. In doing so, we act as a health information custodian responsible for protecting your personal health information in accordance with applicable privacy laws and professional standards.
    3. Privacy Officer
      We have designated a Privacy Officer to oversee our privacy practices and respond to questions, requests, and complaints.
      Name: Benslyne Avril
      Title: Clinic Director, RP
      Email: info@therapywithempathy.com
      Phone: (343) 451-7276
      Mailing Address: 1355 Wellington St W, Suite 202, Ottawa, ON, K1Y 3C2

      Please contact the Privacy Officer if you:
      • have questions about this notice;
      • want to request access to your information;
      • want to request a correction;
      • want to withdraw or change consent, where permitted; or
      • want to raise a privacy concern or complaint.
    4. Governing Privacy Law
      Our primary obligations regarding personal health information are governed by Ontario’s Personal Health Information Protection Act, 2004 (PHIPA), which applies to health information custodians in Ontario regardless of whether their activities are commercial in nature.
      PHIPA has been declared substantially similar to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). As a result, PHIPA governs the collection, use, and disclosure of personal health information within Ontario. PIPEDA may apply in the limited circumstances where personal information crosses provincial or national borders, for example, where a service provider stores or processes information outside Canada. PIPEDA may also apply where we collect, use, or disclose personal information that is not personal health information in the course of commercial activities, such as billing and payment processing.
      We also comply with our professional obligations under the Psychotherapy Act, 2007 and the Professional Practice Standards of the College of Registered Psychotherapists of Ontario (CRPO).
    5. What Information We May Collect
      Personal Health Information
      This may include:
      • your name, date of birth, contact details, and other identifying information;
      • health history and current health concerns;
      • assessment information;
      • therapy goals, treatment plans, and progress notes;
      • records of sessions, attendance, cancellations, and no-shows;
      • referrals, consultations, reports, and correspondence related to your care;
      • safety planning information;
      • records of consent, withdrawal of consent, or restrictions on consent;
      • information about substitute decision-makers or authorized representatives, where applicable; and
      • billing information related to health services.

      Other Personal Information
      This may include:
      • payment and invoicing information;
      • insurance or benefits information;
      • website inquiry details;
      • general administrative communications; and
      • technical information generated through our website or online systems, such as basic usage or security data.
      We only collect information that is reasonably necessary for appropriate clinical, administrative, legal, regulatory, security, or operational purposes.
    6. Why We Collect, Use, and Disclose Information
      We collect, use, and disclose information only for purposes that are lawful and appropriate to the services we provide, including to:
      • provide psychotherapy, assessment, consultation, and related services;
      • confirm your identity and contact you;
      • schedule, reschedule, and manage appointments;
      • create, maintain, retrieve, and update clinical and administrative records;
      • obtain or document informed consent;
      • communicate with you about your care, services, billing, or administration;
      • receive or make referrals and coordinate care, where appropriate;
      • support supervision or professional consultation, where permitted and appropriate;
      • prepare invoices, receipts, and process payment;
      • respond to access, correction, or complaint requests;
      • maintain privacy, security, audit, and quality-assurance processes; and
      • meet legal, professional, regulatory, insurance, or risk-management requirements.

      Where required, we identify the purpose of collection at or before the time the information is collected.
    7. Consent
      We generally rely on your consent to collect, use, and disclose your information, except where the law permits or requires otherwise. Consent may be express (written or verbal) or, where permitted by law, implied. We aim to ensure that consent is informed, voluntary, specific to the purpose, and documented where appropriate.

      Ongoing Consent
      Consent is an ongoing process. We may revisit consent if your care changes, service delivery changes, we need to share information with a new third party, supervision arrangements change, or another material change affecting your information occurs.

      Withholding, Withdrawal or Restriction of Consent
      You have the right to withhold consent at the point of collection, or to withdraw or restrict consent at any time after it has been given, subject to legal and professional limits. Withholding or withdrawing consent may affect our ability to provide certain services or coordinate care. We will explain any important consequences where applicable.
    8. Confidentiality and Its Limits
      Confidentiality is fundamental to psychotherapy. We treat psychotherapy information as highly sensitive and limit access, use, and disclosure accordingly.
      However, confidentiality is not absolute. We may be permitted or required to use or disclose information without your consent where:
      • disclosure is required by a court order, warrant, subpoena, or other lawful authority;
      • reporting is required by law;
      • there is a significant risk of serious bodily harm and disclosure is permitted to reduce that risk;
      • disclosure is permitted for the provision of health care within the applicable legal rules;
      • disclosure is necessary for regulatory, inspection, investigation, audit, insurance, or legal processes; or
      • another lawful exception applies.

      When we make a non-consensual disclosure, we limit the disclosure to the minimum amount of information reasonably necessary for the purpose.
    9. Internal Access to Your Information
      Within the practice, access to information is based on role and need to know. Clinicians access the records they need for care; administrative staff access only what is needed for scheduling, billing, or file administration. No one is permitted to access information out of curiosity, for personal reasons, or outside the scope of their role.
    10. Supervision, Consultation, and Team-Based Care
      Where services are provided under supervision, or where consultation is used to support quality care, information may be reviewed or discussed within those professional processes where permitted and appropriate. We aim to limit the use of identifying information where possible and to obtain consent where required.
    11. Service Providers and Third Parties
      We may use carefully selected third-party service providers to support our operations, including providers that assist with electronic health records, secure cloud storage, scheduling systems, video platforms, email or communications systems, billing or payment processing, IT support, document storage or destruction, and approved AI-assisted tools used to support clinical documentation. Any AI tool used in connection with client care will only be adopted after a PHIPA compliance assessment, and clients will be informed and asked for their consent before such a tool is used in connection with their personal health information.
      Where service providers handle information on our behalf, we require appropriate privacy and security protections and limit their access to what is necessary for the services they provide. We remain responsible for information handled on our behalf, subject to applicable law.
    12. Out-of-Province or Out-of-Country Processing
      Some of our service providers may store, process, or permit access to information outside Ontario or outside Canada, depending on the systems we use. Where that occurs, we assess the privacy, security, legal, and contractual implications, and require service providers to provide a level of protection appropriate to the sensitivity of the information. Your information may be subject to the laws of the jurisdiction where it is processed or stored. For details about any regular cross-border processing arrangements, please contact our Privacy Officer.
    13. Electronic Communications and Virtual Care
      We may communicate electronically and offer virtual services where appropriate, including by email, phone and voicemail, secure messaging or portal tools, videoconferencing platforms, and electronic scheduling or intake systems.
      Electronic communication and virtual care involve privacy and security risks, including the potential for misdirected messages, unauthorized device access, internet or platform failures, and limits to confidentiality in shared environments. We take reasonable steps to reduce these risks by using approved systems and procedures.
      Please help protect your privacy by using a private email account and secure device, keeping your passwords confidential, letting us know if your contact information changes, and taking care when participating in virtual sessions from shared spaces.
    14. Safeguards
      We use reasonable physical, administrative, and technical safeguards to protect information against loss, theft, unauthorized access, use, disclosure, copying, modification, or improper disposal. These safeguards include role-based access controls, privacy and confidentiality training, secure record storage, approved systems and communication tools, passwords and authentication controls, audit and monitoring processes for electronic systems, contractual controls with service providers, and secure methods for transmission, storage, and disposal.
      No method of storage or transmission is completely risk-free, but we take privacy and information security seriously and work to protect your information throughout its lifecycle.
    15. Retention and Schedule Destruction
      We retain records for as long as required or reasonably necessary for clinical care, legal, regulatory, professional, administrative, insurance, tax, security, and risk-management purposes. Records for minor clients may be kept longer. Records are not destroyed while a legal hold, complaint, investigation, audit, or similar preservation obligation applies.
      When records are no longer required and may lawfully be destroyed, we use secure destruction methods appropriate to the format of the record — secure shredding for paper records and certified deletion or physical destruction for electronic records. For more information about our retention practices, please contact the Privacy Officer
    16. Privacy Breaches and Notification
      A privacy breach occurs when personal health information is stolen, lost, or used or disclosed without authority. Under PHIPA, there is no minimum harm threshold — we are required to notify you at the first reasonable opportunity of any theft, loss, or unauthorized use or disclosure of your personal health information, regardless of whether harm has occurred.
      Our breach notification will describe what happened and will include a statement that you are entitled to make a complaint to the Information and Privacy Commissioner of Ontario (IPC). We may also be required to report certain breaches to the IPC directly, in accordance with Ontario Regulation 329/04 under PHIPA.
      For details about how we respond to breaches internally, please contact our Privacy Officer. Our breach response practices are governed by our internal Breach Protocol.
    17. Your Rights
      Subject to applicable law, you may have the right to:
      • request access to your personal health information or other personal information we hold about you;
      • request correction of inaccurate or incomplete information;
      • ask questions about how your information is handled;
      • make a complaint about our privacy practices; and
      • withdraw or restrict consent in some circumstances; and
      • be notified if your personal health information is used or disclosed in a manner not described in this notice.

      These rights are not absolute. In some cases, the law may limit access, permit refusal, or require us to keep a record of a requested correction without changing the original clinical entry.
    18. How to Request Access or Correction
      To request access to, or correction of, your information, please contact the Privacy Officer using the contact information above. Please include enough detail to help us identify the information you are requesting, the relevant date range if known, whether you are requesting access, correction, or both, and how we can contact you. We may need to verify your identity. We will respond within 30 days of receiving your request, or notify you if an extension is required.
    19. How to Make a Privacy or Professional Conduct Complaint
      If you have a question, concern, or complaint about our privacy practices, please contact our Privacy Officer first. We will review the matter and respond in a timely way.
      You also have the right to bring a complaint to the appropriate regulator.

      Information and Privacy Commissioner of Ontario (IPC)
      For complaints relating to personal health information handled in Ontario under PHIPA:
      Website: ipc.on.ca
      Phone: 416-326-3333 / 1-800-387-0073
      Address: 2 Bloor Street East, Suite 1400, Toronto, ON M4W 1A8

      Office of the Privacy Commissioner of Canada (OPC)
      For complaints relating to personal information subject to PIPEDA, including cross-border information flows:
      Website: priv.gc.ca
      Phone: 1-800-282-1376
      Address: 30 Victoria Street, Gatineau, QC K1A 1H3

      College of Registered Psychotherapists of Ontario (CRPO)
      For complaints relating to the professional conduct of a Registered Psychotherapist:
      Website: crpo.ca
      Phone: 416-479-4330
      Address: 375 University Avenue, Suite 800, Toronto ON M5G 2J5
    20. Website and Online Inquiries
      If you contact us through our website, email, intake form, or online booking tools, we may collect the information you provide to respond to your inquiry, determine whether our services may be appropriate, schedule a consultation or appointment, and maintain administrative records. Please avoid sending highly sensitive information through unencrypted or unsecured channels.
    21. Updates to This Notice
      We may update this Public Privacy Notice from time to time to reflect changes in our services, technology, legal requirements, or privacy practices. The most current version will be available on our website and upon request from the Privacy Officer. The version number and last-updated date at the top of this notice identify the current version.
    22. Contact Us
      If you have any questions about this notice or about how your information is handled, please contact:
      Practice: Therapy with Empathy
      Attention: Benslyne Avril
      Address: 1355 Wellington St W, Suite 202, Ottawa, ON, K1Y 3C2
      Phone: (343) 451-7276
      Email: info@therapywithempathy.com
      This Notice is issued by Benslyne Avril Psychotherapy Professional Corporation, the Health Information Custodian operating under the name Therapy with Empathy.

    This notice is governed by the Personal Health Information Protection Act, 2004 (PHIPA), the Psychotherapy Act, 2007, and the Professional Practice Standards of the College of Registered Psychotherapists of Ontario (CRPO). Compliance with PHIPA satisfies the substantially similar exemption from PIPEDA for personal health information handled within Ontario.

    Scroll to Top