PIPEDA Compliance Statement (Canada)

Your Privacy, Our Commitment Under Canadian Law

PrivadoCare+, a division of Moryn Network, provides virtual administrative support for private, self-pay healthcare clinics across Canada. We are fully committed to protecting personal information in accordance with PIPEDA (Personal Information Protection and Electronic Documents Act), PHIPA (Personal Health Information Protection Act - Ontario), and HIA (Health Information Act - Alberta).

PrivadoCare+ acts as a Service Provider, not a healthcare entity. We handle only administrative data such as bookings, invoices, and forms - we do not access, store, or manage EMR/EHR or patient health records.

PIPEDA (Federal)

Under PIPEDA, PrivadoCare+ adheres to Canada's federal privacy principles governing the collection, use, and disclosure of personal information in commercial activities:

  • Consent: Personal information is collected only with appropriate consent from clinics and individuals
  • Purpose Limitation: Data is collected and used solely for administrative purposes such as scheduling, billing, and client communication
  • Transparency: We clearly communicate what data we collect, why, and how it is used
  • Security: All data is protected with industry-standard encryption and access controls

PrivadoCare+ only handles clinic administrative data - bookings, invoices, and forms. We do not process EMR/EHR systems or patient health records.

PHIPA (Ontario)

For clinics operating in Ontario, PrivadoCare+ complies with the Personal Health Information Protection Act (PHIPA). Under PHIPA:

  • The clinic remains the Health Information Custodian and retains full ownership and control over all patient-related data
  • PrivadoCare+ acts as a Health Information Service Provider, processing administrative data only as authorized by the clinic
  • We do not act as a custodian and do not have independent access to health records

All patient-related administrative data remains under the clinic's control and governance. PrivadoCare+ processes this information strictly within the scope of our service agreement.

HIA (Alberta)

PrivadoCare+ complies with Alberta's Health Information Act (HIA), which governs the collection, use, and disclosure of health information in the province.

While we do not directly process health information as defined under HIA, we securely manage authorized administrative workflows on behalf of Alberta-based clinics. All data handling is conducted under strict confidentiality and security protocols.

Data Security & Storage

All data processed by PrivadoCare+ is secured using industry-leading cloud platforms and technologies, all of which are SOC 2 and ISO 27001 certified:

  • Google Workspace - Email, documents, and communication
  • Zoho - CRM and customer management
  • Cal - Scheduling and appointments
  • Tally.so - Form collection and data capture
  • Notion - Internal workflows and documentation
  • Skydo - Payment processing

All data is encrypted using AES-256 encryption both in transit and at rest. Data is stored on servers located in the UK, EU, or Canada, with access restricted to authorized personnel only. We enforce two-factor authentication (2FA) and strict access control protocols across all systems.

Roles & Responsibilities

Under Canadian privacy law and our service agreements:

  • Clinic = Data Controller / Health Information Custodian (owns and controls patient data)
  • PrivadoCare+ = Service Provider / Data Processor (processes data on behalf of the clinic)
  • VA Team = Authorized Sub-Processors under strict Non-Disclosure Agreements (NDAs)

All PrivadoCare+ staff members and virtual assistants are trained in PIPEDA compliance and bound by confidentiality agreements. They are authorized to access only the minimum data necessary to perform their administrative duties.

Data Access & Rights

Under PIPEDA, individuals have the right to access their personal information and request corrections to inaccurate data. Clinics and patients may request data access or correction at any time by contacting:

Privacy Inquiries:

privacy@privadocareplus.co.uk

PrivadoCare+ will respond to all data access requests within 30 days, in accordance with PIPEDA guidelines.

Security Certifications & Technology Standards

All third-party platforms used by PrivadoCare+ meet or exceed international security and compliance standards:

Google Workspace
ISO 27001, ISO 27018 certified
Zoho
SOC 2 Type II certified
Cal
GDPR & HIPAA compliant
Skydo
PCI-DSS compliant
Tally.so
TLS 1.2 encryption
Notion
SOC 2 certified

Jurisdiction

All Canadian clients of PrivadoCare+ are governed by PIPEDA (Federal) and the laws of Ontario, Canada. Regional privacy laws such as PHIPA (Ontario) and HIA (Alberta) apply where relevant to the clinic's location and operations.

Changes to This Statement

We may update this statement to remain compliant with evolving privacy regulations or to improve transparency. Updates will be reflected on this page and dated accordingly.

Last updated: November 5, 2025

PrivadoCare+ complies with PIPEDA (Canada) and applicable provincial regulations (PHIPA, HIA). All data is encrypted and processed within secure, SOC 2 and ISO 27001 certified cloud systems.

Questions About Privacy?

We're here to help clarify any concerns about how we protect your data.

Contact Our Privacy Team