Supporting Individuals & Relationships Across Ontario
Privacy Policy
We are committed to protecting the privacy and confidentiality of personal information and personal health information in accordance with the Personal Health Information Protection Act, 2004 (PHIPA) and other applicable privacy legislation in Ontario. There are federal and provincial laws on privacy governing private health care practitioners in Ontario. Every private health care practitioner who is in independent practice should be aware of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Health Care Consent Act.
This Privacy Policy describes how we collect, use, disclose, store, and protect personal health information, and outlines your rights regarding your information.
Everyone who has a private, independent practice at Sedâ has the following documents on file:
-
-
A brochure or outline of the information contained in this document, available to clients (in our case, linked to on our website). This information needs to be in “user-friendly” language; and
-
A consent and confidentiality agreement, signed by the client, indicating that they have read, understood and have agreed to the contents.
The Information and Privacy Commissioner of Ontario is responsible for overseeing and enforcing the following provincial access and privacy laws:
-
-
Municipal Freedom of Information and Protection of Privacy Act, Ontario’s municipal public sector privacy law;
-
Personal Health Information Protection Act, 2004, Ontario’s privacy law relating to health records that has been deemed “substantially similar” to the federal private sector privacy law with respect to health information custodians.
Protection of Personal Health Information
The privacy and protection of your personal health information is our top priority. We take all reasonable steps to protect personal health information that is shared with us.
Information may be stored:
-
Electronically within secure, encrypted practice management systems
-
On secure password-protected devices
-
In locked physical filing systems (if applicable)
Safeguards include:
-
Physical safeguards such as locked offices and filing cabinets (if applicable)
-
Technical safeguards such as encryption, secure servers, password protection, and multi-factor authentication
-
Administrative safeguards such as confidentiality agreements, staff training, and limited access to records
-
Secure communication platforms for virtual care
Retention and Destruction:
Personal health information is retained in accordance with professional regulatory requirements. When information is no longer required, it will be permanently and securely destroyed using methods such as secure shredding of paper records and permanent deletion of electronic files.
Privacy Inquiries and Breaches
All privacy inquiries, requests, or complaints should be directed to Nikki Sedaghat, the appointed Privacy Officer at Sedâ Psychotherapy. Requests will be responded to within timelines required by law.
You have the right to:
-
Request access to your personal health records
-
Request corrections to your information
-
Ask questions about how your information is used
-
File a complaint regarding privacy concerns
If a privacy incident occurs (such as unauthorized access, loss, or disclosure), we will:
-
Contain and assess the breach
-
Notify affected individuals where required
-
Document the incident and corrective actions
-
Notify the Information and Privacy Commissioner of Ontario (IPC) when required by law
You also have the right to file a complaint directly with the Information and Privacy Commissioner of Ontario.
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Phone: 1-800-387-0073
Website: www.ipc.on.ca
Cookie Policy
Use of Cookies
Our website, www.sedapsychotherapy.com (hereinafter: “the Website”), uses cookies and other related technologies (for convenience, all technologies are referred to as “cookies”). We use cookies to ensure our website is secure, functions properly, and to analyze our traffic. Information about your use of our site is shared with our advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
This Cookie Policy explains how cookies are used on our Website. If you are not comfortable with the use of cookies as described in this policy, you may adjust your browser settings, change discontinue use of the Website.
What Are Cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Websites use cookies to help users navigate efficiently and perform certain functions. Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser.
What Are Scripts?
A script is a piece of program code used to ensure our Website functions properly and interactively. This code may be executed on our server or on your device.
What Is a Web Beacon?
A web beacon (or pixel tag) is a small, invisible piece of text or image on a website used to monitor traffic. Web beacons may collect limited information about your interaction with the Website and may work together with cookies.
Third-Party Cookies
We may use third-party services that place cookies on your device. These third parties may include analytics providers (Google Analytics), scheduling platforms (JaneApp), or embedded services. While we make reasonable efforts to work with reputable providers, we do not control how third parties handle your personal data. These third parties are considered independent data controllers.
We recommend reviewing the privacy policies of any third-party services used.
Types of Cookies we Use
Strictly Necessary Cookies
Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies. These cookies are necessary for the proper functioning of the Website.
Functionality Cookies
Functionality cookies are used to remember visitor information on the website, eg. language, timezone, enhanced content. Where required, these cookies will only be used with your consent.
Analytics/Performance Cookies
Performance cookies are used to see how visitors use the website, eg. analytics cookies. Analytics cookies may be used to understand how visitors use the Website. These cookies help us improve the performance and functionality of the Website by collecting aggregated and anonymized information about site usage. Those cookies cannot be used to directly identify a certain visitor. We also use cookies to collect data for the purpose of personalizing and measuring the effectiveness of our advertising. For more details, visit the Google Privacy Policy. Where required, these cookies will only be used with your consent.
Targeting Cookies
Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites. Where required, these cookies will only be used with your consent.
Social Media Buttons
Our Website may include social media buttons (such as “share” or “follow” features). These buttons may place cookies and may collect information about your interaction with the Website.
These social media platforms operate independently and may use the information they collect for their own purposes, including advertising. We encourage you to review the privacy policies of those platforms.
Your Consent
When you visit our Website for the first time, you will be presented with a cookie notice explaining the use of cookies. By continuing to use the Website or selecting “Accept,” you consent to the use of cookies as described in this policy. You may withdraw your consent at any time by adjusting your browser settings or cookie preferences. Disabling cookies may impact the functionality of certain features of the Website.
Your Rights
Under applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:
-
Request access to personal data we hold about you
-
Object to processing of your data
-
Request correction of inaccurate information
-
Request deletion where appropriate
-
Withdraw consent to the use of cookies (where applicable)
-
File a complaint regarding privacy practices
To exercise these rights, please contact Nikki Sedaghat.
Enabling or Disabling Cookies
You can use your internet browser to automatically or manually delete cookies. You may also configure your browser to notify you when cookies are placed or to block certain cookies.
Please note that disabling cookies may affect the functionality of the Website.
Updates to This Policy
This Cookie Policy may be updated from time to time to reflect changes in technology, legal requirements, or best practices. The most current version will always be posted on this page.
Last Updated: March 2026
PIPEDA’S 10 fair information principles
PIPEDA’s 10 fair information principles form the ground rules for the collection, use and disclosure of personal information, as well as for providing access to personal information.
Principle 1 – Accountability
An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.
Principle 2 – Identifying Purposes
The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.
Principle 3 – Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Principle 4 – Limiting Collection
The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.
Principle 5 – Limiting Use, Disclosure, and Retention
Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.
Principle 6 – Accuracy
Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
Principle 7 – Safeguards
Personal information must be protected by appropriate security relative to the sensitivity of the information.
Principle 8 – Openness
An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.
Principle 9 – Individual Access
Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 – Challenging Compliance
An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.