Privacy policy.

Privacy Policy

Date of last update: February 1, 2025

GOVERNANCE POLICY FOR PERSONAL INFORMATION (PGI) HELD BY THE OMICRON CLINIC AND PRIVACY POLICY

Edit Content

This policy governs the use of virtual care tools provided by Clinique Omicron. It aims to :

- Protect patients' rights in accordance with the ethical standards of professional orders, including the Collège des médecins du Québec (CMQ), the Ordre des infirmières et infirmiers du Québec (OIIQ), the Ordre des psychologues du Québec (OPQ), the Ordre professionnel des diététistes du Québec (OPDQ), as well as other relevant orders depending on the specialty involved.

- Define the legal responsibilities of Clinique Omicron and healthcare professionals;

- Ensure compliance with applicable laws, including the Act respecting the protection of personal information and the Act respecting health services and social services (LSSSS).

Visit make an appointment for a teleconsultation via our websiteyou automatically consent to this policy. This consent is legally binding.

2. APPLICATION

Edit Content

2.1. Scope of Consent
By confirming an appointment for a teleconsultation via the Clinique Omicron platform, you :
- Acknowledge having read, understood and accepted the terms of this virtual care consent policy;
- Consent to the collection, use, disclosure and retention of your personal information in accordance with the Act respecting the protection of personal information in the private sector and our privacy policy;
- Please understand that this consent is valid for all future teleconsultations with Clinique Omicron, unless explicitly withdrawn in writing.

2.2 Legally binding nature
- This consent constitutes a legal agreement between you (the patient) and Clinique Omicron, equivalent to a signed written consent.
- Checking the "I accept" box or confirming an appointment via our website constitutes express, free and informed consent.
- In the event of a dispute, proof of your acceptance may be established by electronic confirmation of the appointment.

2.3 Conditions of Validity of Consent
- Consent is deemed valid as long as the patient does not notify its withdrawal in writing to the following address: protectionrenseignements@cliniqueomicron.ca.
- In the event of a significant change in the way virtual care is provided, new consent may be required.

2.4. Limits of Automatic Consent
- This consent does not replace the specific consent required for certain medical procedures, invasive treatments or interventions requiring in-person clinical evaluation.
- The patient retains the right to refuse a teleconsultation at any time and request a face-to-face consultation.

2.5. Disclaimer
By confirming your appointment, you acknowledge that you have been informed of the conditions of teleconsultation, the risks associated with the use of digital technologies, and the limitations associated with the absence of direct physical examination."_

3. DEFINITIONS

Edit Content

3.1 Quality of care
- Providing care in accordance with professional standards: Clinique Omicron is committed to ensuring that all health care professionals, including physicians, nurses, psychologists and other specialists, perform their duties in accordance with the ethical standards of their respective professional orders (CMQ, OIIQ, OPQ, etc.).
- Virtual consultations are conducted in such a way as to guarantee a quality of service equivalent to that of a face-to-face consultation, within the technological and clinical limits inherent in remote care.

3.2. Protection of Personal Information
- Clinique Omicron is responsible for the security, confidentiality and integrity of personal data collected during teleconsultations, in accordance with the Act Respecting the Protection of Personal Information in the Private Sector (Quebec) and the Personal Information Protection and Electronic Documents Act (PIPEDA).
- Rigorous cyber-security measures (data encryption, authentication protocols, access control) are in place to protect sensitive information against unauthorized access, loss or accidental disclosure.

3.3 Transparent information on teleconsultation limitations
- Clinique Omicron undertakes to clearly inform patients of the limitations of virtual consultations, including:
- The absence of a complete physical examination may affect the diagnosis;
- The impossibility of managing certain emergency situations remotely;
- The need, in some cases, to recommend in-person consultation or referral to specialized services.
- Patients are advised that virtual care may not be appropriate for all medical conditions and that it is their responsibility to disclose all relevant information to ensure proper evaluation.

3.4. Responsibility in the event of a medical emergency
- Clinique Omicron specifies that teleconsultation services are not intended for the management of medical emergencies.
- In the event of serious symptoms (chest pain, respiratory distress, signs of stroke, etc.), the patient should immediately contact emergency services (dial 9-1-1) or go to the nearest hospital.

3.5. Limitation of liability clause
The Clinique Omicron cannot be held responsible for the medical consequences of virtual consultations when the limitations inherent in this mode of service have been clearly communicated to the patient.

4. FUNDAMENTAL PRIVACY PRINCIPLES

Edit Content

Clinique Omicron has established these limitations of liability in order to clearly define the obligations of the clinic and patients in the context of teleconsultations. These limitations are intended to protect the clinic while informing the patient of the risks inherent in the use of virtual health services.

4.1. Limitations Related to Information Provided by the Patient
- Responsibility for information provided: Clinique Omicron cannot be held responsible for medical decisions made on the basis of incomplete, inaccurate or omitted information provided by the patient.
- Duty of disclosure: The patient is responsible for providing complete, accurate and up-to-date medical information at the time of consultation. Omission of important details can compromise diagnostic accuracy and quality of care.
- Mandatory clause:_ "The patient acknowledges that the accuracy of the diagnosis relies on the truthfulness and completeness of the information he or she provides during the teleconsultation."

4.2. Limitations due to technical constraints
- Technical incidents: Clinique Omicron is not responsible for service interruptions, Internet connection problems, software failures, or any other technical problems related to the patient's equipment or technological environment.
- Impact on quality of care: If consultation is interrupted due to technical difficulties, the clinic will do its utmost to re-establish communication, but cannot guarantee immediate continuity of service.
- Safety clause:_ "Clinique Omicron cannot be held responsible for data loss or service interruptions caused by technological incidents beyond its control."

4.3. Limitations inherent to teleconsultation
- Lack of direct physical examination: Teleconsultation has clinical limitations, including the impossibility of performing a full physical examination when necessary for a precise diagnosis.
- In-person consultation recommendation: In cases where a physical assessment is deemed essential, the healthcare professional will recommend that the patient consult in person.
- Disclaimer:_ "Clinique Omicron declines all responsibility for medical consequences resulting from the absence of in-person medical follow-up when recommended."

4.4. Limitations in the event of a medical emergency
- No management of emergencies: Teleconsultation services are not intended for the management of medical emergencies. In the event of an emergency (severe chest pain, breathing difficulties, signs of stroke, etc.), the patient must immediately contact emergency services (9-1-1) or go to the nearest hospital.
- Limitation clause: "Clinique Omicron cannot be held responsible for any consequences resulting from the inappropriate use of teleconsultation services for situations requiring immediate emergency care."

4.5. Acceptance of Limitations of Liability
Before confirming a teleconsultation appointment, the patient must read and explicitly accept this section.
- Acceptance clause:_ "By confirming my teleconsultation appointment, I acknowledge that I have read, understand and accept Clinique Omicron's limitations of liability, including those related to the information provided, technical limitations and medical constraints inherent in virtual care."

5. CONSENT TO THE COLLECTION OF PERSONAL INFORMATION

Edit Content

To ensure legal and ethical compliance of the teleconsultation services offered by Clinique Omicron, specific consent is required for each specialty. This consent ensures that patients are informed of the particularities of each discipline and the applicable regulatory framework.

5.1. General and specialist medicine
- Compliance with the Collège des Médecins du Québec (CMQ) : All remote medical consultations are carried out in accordance with the CMQ's ethical standards, particularly with regard to diagnosis, prescription and remote follow-up.
- Limitations of virtual medical consultations: Patients are informed that certain medical conditions may require in-person examination, physical tests or further investigations.
- Consent clause:_ "I acknowledge that remote medical consultations meet CMQ standards and that, if necessary, in-person follow-up may be recommended."

5.2. Nursing care
- Supervision by the Ordre des Infirmières et Infirmiers du Québec (OIIQ) Remote nursing care is governed by OIIQ guidelines, including clinical assessment, intervention under collective prescription and remote follow-up management.
- Patient responsibilities: The patient undertakes to provide accurate information on his or her state of health, necessary for an appropriate remote assessment.
- Consent clause:_ "I agree that my nursing care will be performed according to OIIQ standards and understand that limitations may exist in the absence of a physical examination."

5.3. Psychology
- Compliance with the standards of the Ordre des Psychologues du Québec (OPQ) Remote psychological interventions comply with OPQ guidelines, ensuring the confidentiality of exchanges and the effectiveness of remote follow-up.
- Risks and limits of remote consultations: Patients are informed of the limits of online psychological consultations, particularly in the event of an acute crisis requiring immediate in-person intervention.
- Consent clause:_ "I consent to receive psychological services remotely in accordance with OPQ standards, understanding the limitations and risks associated with this mode of intervention."

5.4. Nutrition
- Practices governed by the Ordre des Diététistes-Nutritionnistes du Québec (ODNQ) : Our nutrition consultations follow the ODNQ's professional standards, guaranteeing the quality of nutritional advice provided remotely.
- Patient responsibilities: The patient recognizes that the effectiveness of recommendations depends on accurate communication of their medical history, dietary habits, and health goals.
- Consent clause:_ "I consent to receive remote nutritional counseling in compliance with ODNQ standards, with the understanding that these services do not replace specialized medical consultations if necessary."

5.5. Other Health Professions
- Compliance with the guidelines of the respective professional orders : For other healthcare professionals (occupational therapists, physiotherapists, social workers, etc.), services are rendered in compliance with the ethical rules and regulatory frameworks of their respective professional orders.
- Consent clause : "I consent to receive remote services provided by healthcare professionals in accordance with the current standards of their respective professional orders."

5.6. Global Acceptance of Consent
- Acceptance clause:_ "By confirming my appointment, I acknowledge that I have read, understood and accepted the specific conditions of consent applicable to the specialty of the consultation. I understand the limitations and responsibilities associated with virtual care."

6. COLLECTION OF PERSONAL INFORMATION

Edit Content

Clinique Omicron is committed to handling all complaints confidentially, impartially and efficiently, to ensure patient satisfaction and professional standards. Complaints management follows a structured process, enabling every patient to express his or her concerns in complete transparency.

6.1. Filing a complaint with Clinique Omicron

- Form of complaint :
Complaints must be formulated in writingThis includes the reason for the incident, the date of the incident, the professionals involved, and any other relevant information needed to assess the situation.

- Contact details for complaints :
E-mail : plainte@cliniqueomicron.ca
Telephone (for assistance with procedure): 514-606-3350

- Complaints handling process :
1. Acknowledgement of receipt within 5 working days of receipt of complaint.
2. Assessment of the complaint by an internal complaints management committee.
3. Written response to complainant within 20 working days, specifying findings and corrective measures envisaged, if any.

6.2. Complaints to the competent professional bodies

If the complaint concerns the professional conduct of a Clinique Omicron employee, the complainant may also contact the appropriate professional association directly:

- Medicine (CMQ):
Collège des Médecins du Québec - www.cmq.org

- Nursing Care (OIIQ) :
Ordre des Infirmières et Infirmiers du Québec - www.oiiq.org

- Psychology (OPQ) :
Ordre des Psychologues du Québec - www.ordrepsy.qc.ca

- Nutrition (ODNQ):
Ordre des Diététistes-Nutritionnistes du Québec - www.odnq.org

- Other health professions :
The complainant can consult the website of the professional association concerned to find out about the specific procedure.

6.3. Additional right of recourse

In the event of dissatisfaction after the complaint has been handled by Clinique Omicron or the relevant professional association, the patient may also contact :
- The Commission des droits de la personne et des droits de la jeunesse (CDPDJ) if the complaint concerns fundamental rights issues.
- The Commission d'accès à l'information (CAI) if the complaint concerns the protection of personal information.

6.4. Commitment of Clinique Omicron

Clinique Omicron undertakes to :
- Ensure the confidentiality of information exchanged in connection with the complaint.
- Protect patients who make complaints from any form of reprisal.
- Implement corrective actions, where necessary, to improve service quality.

Acceptance clause:_
_"By using the services of Clinique Omicron, I acknowledge that I have been informed of the complaint management procedures and recourses available from the competent professional orders."_

7. USE OF PERSONAL INFORMATION

Edit Content

Clinique Omicron reserves the right to modify this virtual care consent policy at any time, in order to adapt to legislative, regulatory, technological or organizational changes.

7.1. Frequency and Terms of Revision

- The policy may be revised periodically, at least once a year, or more frequently if significant changes occur in the regulatory framework or in the Clinic's practices.
- Occasional modifications may also be made without notice in the event of legal or regulatory emergency.

7.2. Notification of Modifications

- Publication on website: All changes will be clearly indicated on the official website of Clinique Omicron, in the section dedicated to privacy and consent policies.
- Updated revision date: The date of the last update will be displayed at the top of the policy for transparency.
- Direct communication: In the event of substantial changes affecting patients' rights or obligations, specific notification may be sent by e-mail or posted in the clinic's official communications.

7.3. Implicit acceptance of the New Conditions

- Continued use of Clinique Omicron's services after publication of the changes constitutes implicit acceptance of the new conditions by the patient.
- Patients are encouraged to consult this policy regularly to stay informed of any updates.

Acceptance clause:_
_"By continuing to use the services of Clinique Omicron after the publication of changes to this policy, I acknowledge that I have read the changes and I accept them without reservation."_

8. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES

Edit Content

If you have any questions, concerns or complaints about this Virtual Care Consent Policy, the handling of your personal information, or your privacy rights, please contact Clinique Omicron's Privacy Officer :

- Responsible for the protection of personal information :
E-mail : protectionrenseignements@cliniqueomicron.ca

Telephone: 514-606-3350

The Manager is available to respond to your requests for access, rectification, withdrawal of consent, as well as for any question relating to the management of confidentiality incidents.

9. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

Edit Content

Clinique Omicron Inc. undertakes to keep personal information only as long as necessary for the purposes for which it was collected, in accordance with applicable legal, regulatory and ethical requirements. Strict security measures are in place to ensure the confidentiality, integrity and protection of data throughout its life cycle.

9.1. Shelf life

The length of time personal information is kept varies according to the nature of the data and the associated legal obligations:
- Patient medical information :
- In accordance with the requirements of the Collège des médecins du Québec, medical records are kept for a minimum of 10 years from the last date of intervention in the file or, in the case of minors, until they reach the age of 18, plus an additional 10 years.
- Employee information :
- Employee files are kept for a minimum period of 6 years after the end of the employment relationship, in compliance with tax and labor laws.
- Administrative and financial information :
- Accounting, tax and contractual documents are kept for the period prescribed by applicable laws, generally 7 years.

In some cases, longer retention periods may apply due to specific obligations, such as litigation, regulatory investigations or research needs, subject to appropriate safeguards.

9.2 Secure destruction methods

Once the retention period has expired or the personal information is no longer required, Clinique Omicron securely destroys it to prevent unauthorized access, loss or accidental disclosure.

Secure destruction methods include :
- Physical destruction: shredding of paper documents, secure destruction of physical storage media (hard disks, USB sticks).
- Secure electronic deletion: permanent deletion of electronic files using specialized software to ensure that data cannot be recovered.
- Backup deletion: deletion of data backups in accordance with the clinic's security protocols.

Information destruction is carried out by authorized employees or service providers specialized in secure document management, under contractual confidentiality agreements.

9.3. Data anonymization (if applicable)

In certain situations, rather than destroying personal information, Clinique Omicron may choose to anonymize it in order to use it for research, statistical analysis or service improvement purposes. Anonymization consists in irreversibly transforming data so that it can no longer be associated with an identifiable person, either directly or indirectly.

Anonymization practices :
- Comply with recognized security standards to ensure that data cannot be re-identified.
- Are used only where relevant, in particular for scientific research projects, statistical reports or internal performance analyses.
- Subject to rigorous risk assessment before use.

Data anonymization offers an effective way of retaining information for useful purposes, while protecting the privacy of the individuals concerned.

10. SECURITY OF PERSONAL INFORMATION

Edit Content

Clinique Omicron Inc. attaches the utmost importance to protecting the personal information it holds. We have implemented rigorous physical, administrative and technological security measures to prevent unauthorized access, loss, theft, disclosure, modification or destruction of data.

10.1. Physical, administrative and technological measures

To ensure the security of personal information, Clinique Omicron applies a comprehensive security framework, including :

- Physical measurements
- Secure access control to facilities (electronic keys, access cards, video surveillance)
- Secure workspaces for managing sensitive files
- Lockable filing cabinets for confidential paper documents

- Administrative measures
- Internal information security and data management policies
- Employee awareness and ongoing training on the protection of personal information
- Confidentiality agreements signed by all personnel, including employees, consultants and subcontractors
- Regular security risk assessments of personal information

- Technological measures
- Encryption of sensitive data, both in transit and at rest, particularly in electronic medical records
- Firewalls, antivirus and intrusion detection solutions to protect IT systems
- Regular data backups with secure restoration mechanisms
- Using two-factor authentication (2FA) to access critical systems

10.2 Access management and system protection

Access to personal information is limited to authorized persons who need it to perform their duties. Clinique Omicron implements strict procedures to manage access rights:

- Logical access control
- Assign individual user accounts with complex logins and passwords
- Manage access privileges according to employee roles and responsibilities (principle of least privilege)
- Quick access deactivation for employees or partners no longer connected with the clinic

- Securing systems and networks
- Continuous monitoring of system activity to detect any suspicious activity
- Regular software and operating system updates to correct vulnerabilities
- Secure mobile devices and remote connections via virtual private networks (VPNs)

10.3 Managing confidentiality incidents

Despite the security measures in place, confidentiality incidents can occur. Clinique Omicron has established an incident management process to respond quickly and effectively:

- Detecting and reporting incidents
- Obligation for all employees to immediately report any suspicious incident (unauthorized access, loss of data, theft of equipment, etc.).
- Designated point of contact: the Privacy Officer is responsible for incident management.

- Risk assessment
- Incident analysis to determine the nature and extent of the data breach
- Assessing the risk of harm to those concerned

- Corrective measures
- Contain the incident to limit its impact (disable compromised accounts, restore data from backups)
- Implementation of patches to prevent recurrence of the incident

- Incident notification
- Notification of those concerned when an incident presents a serious risk of harm, with recommendations for mitigating the impact
- Declaration of the incident to the Commission d'accès à l'information du Québec (CAI) if required by law

- Post-incident follow-up
- Full documentation of the incident and actions taken
- Revision of safety policies and procedures as necessary

This security framework reflects Clinique Omicron's commitment to proactively protect personal information and respond appropriately to any threats to data confidentiality.

11. RIGHTS OF PERSONS CONCERNED

Edit Content

Clinique Omicron Inc. recognizes and respects the rights of individuals with respect to the protection of their personal information. In accordance with applicable laws, in particular the Act respecting the protection of personal information in the private sector, each individual has several rights aimed at ensuring control of his or her personal information.

11.1. Right of access

Any person has the right to ask whether Clinique Omicron holds personal information about him or her and, if so, to obtain a copy. This right includes :
- Access to information held, whether in paper or electronic format
- Knowledge of the categories of people within the clinic who have access to this information
- Information on the purpose of data collection and use

To exercise this right, the person concerned must submit a written request to the Privacy Officer. The Clinic will respond to the request within 30 days of receipt.

11.2. Right of rectification

Individuals have the right to request the correction of inaccurate, incomplete, equivocal or outdated personal information. This includes :
- Correction of factual errors (name, address, date of birth, etc.)
- Add additional information to complete an incomplete file
- Deleting incorrect information

The request for rectification must be submitted in writing and accompanied by the evidence necessary to justify the corrections requested. Clinique Omicron undertakes to make the corrections within a reasonable time and to inform third parties who have had access to the erroneous data, if applicable.

11.3 Right of deletion (within legal limits)

Data subjects may request the deletion of their personal information when:
- The information is no longer required for the purposes for which it was collected.
- Consent has been withdrawn and there is no legal basis for retaining the data
- The information has been collected, used or disclosed in a manner that does not comply with the law.

However, this right of deletion may be limited by legal or regulatory obligations, in particular :
- The need to keep medical records for minimum periods prescribed by law
- Tax, legal or contractual obligations requiring data to be kept for a certain period of time

11.4. Right to withdraw consent

Individuals have the right to withdraw their consent to the collection, use or disclosure of their personal information at any time. Withdrawal of consent :
- Has no retroactive effect on treatments performed prior to withdrawal
- May limit the Clinic's ability to provide certain services if the information is essential to their provision

Withdrawal of consent must be made in writing. The clinic will inform the person concerned of the possible consequences of such withdrawal.

11.5. Right to data portability

Data subjects may request to receive their personal information in a structured, commonly used and machine-readable format. This right also allows them to request the direct transfer of this information to another organization, where technically possible.

This right applies in particular to personal information collected with the consent of the person concerned or as part of the performance of a contract. Clinique Omicron undertakes to respond to such requests within the time limits laid down by law.

How to exercise your rights

To exercise any of these rights, the person concerned must submit a written request, accompanied by proof of identity, to the Privacy Officer of Clinique Omicron :

Privacy Officer
E-mail : protectionrenseignements@cliniqueomicron.ca

The Clinic will respond to requests within 30 days of receipt of a complete request. In the event of refusal, the person concerned will be informed of the reasons for the refusal, as well as possible recourse, including the possibility of lodging a complaint with the Commission d'accès à l'information du Québec.

12. HANDLING CONFIDENTIALITY INCIDENTS

Edit Content

Clinique Omicron Inc. takes the management of privacy incidents very seriously in order to protect the personal information it holds. A rigorous framework is in place to detect, report, assess and promptly deal with any incident so as to limit its impact and comply with legal obligations.

12.1. Definition of a confidentiality incident

A confidentiality incident is any event involving :
- Unauthorized access to personal information, whether intentional or accidental.
- Unauthorized use of personal information for unintended or unconsented purposes.
- Unauthorized disclosure of personal information to third parties without the required consent or in violation of applicable laws.
- Loss of personal information, including accidental deletion, theft, or temporary or permanent inaccessibility.

Examples of confidentiality incidents :
- Sending medical information to the wrong recipient.
- Hacking into computer systems containing sensitive data.
- Loss of an unsecured laptop containing confidential files.
- Unauthorized access to files by an unauthorized employee.

12.2. Incident reporting and management procedures

Clinique Omicron has implemented a confidentiality incident management procedure to ensure a rapid and effective response in the event of an incident. This procedure includes the following steps:

- Incident detection and reporting
- Any employee, service provider or partner of the Clinic must immediately report any suspected or confirmed incident of confidentiality.
- You can report directly to the Privacy Officer (RPRP) by e-mail at : protectionrenseignements@cliniqueomicron.ca
- The incident report must contain a detailed description of the event, including the date, time, nature of the information involved, and the circumstances of the incident.

- Incident assessment
- The RPRP carries out an in-depth analysis to determine the nature of the incident, the causes, the extent of the impact, and the potential risk to those involved.
- Risk assessment takes into account the sensitivity of the compromised information, the likelihood of malicious use, and the possible consequences for individual privacy.

- Immediate corrective measures
- Take measures to contain the incident (e.g. suspend unauthorized access, restore data, secure compromised systems).
- Implement solutions to correct identified vulnerabilities and prevent recurrence of the incident.
- Complete documentation of the incident, the measures taken and the results of the risk assessment.

12.3 Obligation to notify data subjects and authorities

When a confidentiality incident presents a serious risk of harm to the persons concerned, Clinique Omicron is obliged to inform them and the competent authorities.

- Notification to the persons concerned
- Notification is sent as soon as possible after the incident is discovered.
- It includes :
- A description of the incident and the personal information involved.
- Possible risks for the person concerned.
- Measures taken to mitigate the effects of the incident.
- Measures the data subject can take to protect himself (e.g. credit monitoring, changing passwords).
- Contact information for the Privacy Officer should you have any questions.

- Notification to the competent authorities
- The Commission d'accès à l'information du Québec (CAI) must be informed when the incident presents a serious risk of harm.
- The notification includes details of the nature of the incident, the type of information affected, the action taken, and the number of people involved.

- Keeping an incident register
- Clinique Omicron maintains a confidentiality incident register, documenting each reported incident, whether or not it required formal notification.
- This register may be required during an audit or investigation by the CAI.

The rigorous management of confidentiality incidents reflects Clinique Omicron's commitment to protecting the privacy of those concerned and to reacting proactively in the event of a security breach.

13. USE OF DIGITAL TECHNOLOGIES

Edit Content

Clinique Omicron Inc. uses various digital technologies to improve the user experience, optimize its online services and ensure the security of electronic communications. The use of these technologies is regulated in order to respect users' privacy and protect their personal information in accordance with applicable data protection laws.

13.1. Cookies and similar technologies

Cookies are small text files stored on the user's device when visiting our website. They are used for a variety of purposes, including facilitating navigation, improving the user experience and collecting statistical data on site use.

Types of cookies used :
- Essential cookies: necessary for the proper operation of the website (e.g. session management, security).
- Performance cookies: are used to analyze site traffic and usage in order to improve performance.
- Functionality indicators: facilitate personalization of the user experience (e.g., memorization of language preferences).
- Advertising cookies: used to display ads targeted to the user's interests.

Cookie management :
- Users can manage or deactivate cookies at any time via their browser settings.
- Refusal of certain cookies may limit access to certain site functionalities.
- On the first visit to the site, a consent banner is displayed to inform users of the use of cookies and obtain their consent.

13.2. Analysis of browsing data (Google Analytics, etc.)

Clinique Omicron uses analytics tools, such as Google Analytics, to collect information about website usage. These tools help us to understand how users interact with the site in order to improve its performance and content.

Data collected :
- Anonymized IP address
- Browser type and operating system
- Pages visited, duration of visits and browsing paths
- Approximate geographical location
- Source of traffic (search engines, social networks, etc.)

Purposes of analysis :
- Evaluate website performance
- Identify navigation trends and areas for improvement
- Optimize content and services

Data protection :
- IP address anonymization is enabled to limit user identification.
- The data collected is used for statistical purposes and is not shared for commercial purposes without explicit consent.

Users can deactivate data collection by Google Analytics by installing the available deactivation add-on. here.

13.3. Electronic communications security

Clinique Omicron implements robust security measures to protect the confidentiality and integrity of electronic communications, including the exchange of personal information by e-mail, online forms or other digital channels.

Safety measures :
- Data encryption during transmission, including for e-mails containing sensitive information.
- Secure authentication for access to electronic platforms (two-factor authentication, strong passwords).
- Monitoring of suspicious activity on information systems for early detection of intrusion attempts or cyber-attacks.
- Staff training on best practices in electronic communications security.

Recommendations to users :
- Do not share sensitive personal information via unsecured e-mail.
- Use strong passwords and do not share them with third parties.
- Immediately report any suspicious activity to Clinique Omicron via : protectionrenseignements@cliniqueomicron.ca.

These practices are designed to ensure a secure digital environment that complies with the highest standards of cybersecurity and privacy protection.

14. STAFF TRAINING AND EMPOWERMENT

Edit Content

Clinique Omicron Inc. recognizes that the protection of personal information depends largely on the vigilance and good practices of its staff. This is why training and accountability measures are in place to ensure secure data management throughout its life cycle.

14.1 Making employees aware of the need to protect personal information

Staff awareness is essential to prevent confidentiality incidents. Clinique Omicron is committed to providing ongoing training tailored to each individual's roles and responsibilities.

Continuing education program :
- Initial training :
- Introduction to the basic principles of privacy protection.
- Presentation of internal information security policies.
- Raising awareness of data management risks (cybersecurity, human error, etc.).

- Periodic training :
- Workshops to update on new safety practices and legislative changes (e.g. Quebec's Bill 25).
- Security incident simulations to reinforce employees' ability to react.
- Awareness sessions on managing confidentiality incidents and preventing data leaks.

- Specialized modules :
- Targeted training for employees with privileged access to sensitive data (e.g. medical staff, human resources, IT).
- IT security, including best practices for the use of e-mail, passwords, mobile devices, etc.

Monitoring and evaluation :
- Knowledge tests to assess understanding of data protection issues.
- Mandatory participation reports for all employees, with reminders in the event of non-compliance.

14.2. Confidentiality agreements for employees and subcontractors

To further protect personal information, Clinique Omicron requires all employees, suppliers and subcontractors to sign confidentiality agreements.

Content of confidentiality agreements :
- Commitment to confidentiality: Obligation to protect the confidentiality of personal information and to limit its use to authorized business purposes.
- Restricted access to data: Commitment to access only the information required to perform assigned duties.
- Responsibilities in the event of an incident: Obligation to promptly report any confidentiality incident or data security breach.
- Penalties for non-compliance: Specification of the disciplinary measures that can be taken in the event of non-compliance (warning, suspension or even termination of employment or service contract).

Application to subcontractors :
- Any subcontractor with access to personal information must also sign a confidentiality agreement before commencing operations.
- Service contracts include specific clauses on data protection, including security, confidentiality and incident management requirements.

Compliance audit :
- The clinic carries out regular internal audits to ensure that employees and subcontractors comply with their confidentiality commitments.
- In the event of non-compliance, corrective measures are rapidly implemented.

These initiatives aim to create a strong organizational culture focused on the protection of personal information, and to empower every team member in the secure management of data.

15. PRIVACY OFFICER

Edit Content

Clinique Omicron Inc. refers to a Chief Privacy Officer (CPO) responsible for ensuring compliance of the organization's personal information management practices. This role is essential to ensure compliance with legal obligations, the management of privacy incidents, and the ongoing protection of patient, employee and partner personal data.

15.1 Role and responsibilities of the Chief Privacy Officer (CPO)

The RPRP is responsible for the implementation, monitoring and continuous improvement of privacy governance practices. Key responsibilities include:

- Legal compliance :
- Ensure that Clinique Omicron's practices comply with current legislation, in particular the Act respecting the protection of personal information in the private sector (Quebec).
- Carry out regular compliance assessments and recommend corrective action where necessary.

- Policies and procedures :
- Develop, update and oversee the application of privacy policies and data security protocols.
- Develop procedures for managing confidentiality incidents and requests for access to personal information.

- Confidentiality incident management :
- Coordinate the response to privacy incidents, including risk assessment, notification of data subjects and communication with regulatory authorities.
- Maintain a register of confidentiality incidents.

- Awareness-raising and training :
- Organize training and awareness programs for employees to promote a culture of privacy.
- Advise internal teams on data security best practices.

- Contact point for interested parties:
- Respond to individuals' requests for access, rectification, deletion or portability of their personal information.
- Receive and handle privacy complaints.

15.2. Contact details for questions and complaints

Individuals wishing to exercise their privacy rights, report a privacy incident, or make a complaint may contact Clinique Omicron's Privacy Officer at the following coordinates:

Chief Privacy Officer (CPO)
E-mail : protectionrenseignements@cliniqueomicron.ca
Phone : 514-606-3350

The Privacy Officer undertakes to respond to requests within 30 days of receipt of a complete request. In the event of refusal to comply with a request, a reasoned explanation will be provided, along with possible remedies, including the possibility of filing a complaint with the Commission d'accès à l'information du Québec.

16. COMPLAINTS HANDLING PROCESS

Edit Content

Clinique Omicron Inc. is committed to handling all complaints relating to the protection of personal information in a rigorous and confidential manner. This process is designed to ensure transparency, respect for the rights of the persons concerned, and compliance with the legal obligations set out in the Act respecting the protection of personal information in the private sector.

16.1 How to file a complaint

Any person concerned may lodge a complaint if he or she believes that Clinique Omicron :
- Mismanaged personal information;
- Failed to comply with its legal obligations regarding confidentiality;
- Has not responded satisfactorily to a request for access, rectification, deletion or portability of its data.

How to file a complaint :
- The complaint must be submitted in writing (e-mail or letter) to Chief Privacy Officer (CPO).
- The complaint must contain the following information:
- Complainant's full name ;
- Contact details (address, telephone number, e-mail) ;
- Precise description of the alleged facts;
- Relevant documents in support of the complaint (if applicable).

Contact details for filing a complaint :
E-mail : protectionrenseignements@cliniqueomicron.ca
Phone : 514-606-3350

16.2. Processing times

Clinique Omicron treats each complaint confidentially and impartially, according to the following steps:

1. Acknowledgement of receipt of complaint :
- The clinic will acknowledge receipt of the complaint within 5 working days of its receipt.
- A written acknowledgement of receipt is sent to the complainant, confirming receipt of the complaint and specifying the estimated processing time.

2. Complaint assessment :
- The RPRP analyzes the complaint, assesses the facts, gathers additional information if necessary and consults the parties concerned.
- This assessment includes an analysis of the compliance of the clinic's practices with applicable laws.

3. Response to the complainant :
- Clinique Omicron will provide a reasoned written response within 30 days of receipt of the complete complaint.
- The response specifies the conclusions of the assessment, any corrective measures taken, or the reasons for any refusal to act on the complaint.

4. Time extension (if necessary) :
- If exceptional circumstances prevent a response within 30 days, the Clinic will inform the complainant of the reasons for the delay and the additional time required.

16.3. Recourse to the Commission d'accès à l'information du Québec (CAI)

If you are not satisfied with Clinique Omicron's response, or if you feel that your rights have not been respected, you may file a complaint with the Commission d'accès à l'information du Québec (CAI).

Contact information for the Commission d'accès à l'information du Québec :
– Website : www.cai.gouv.qc.ca
- Phone : 1-888-528-7741
- Complaint form : Available online on the CAI website

The complaint to CAI must be accompanied by all relevant documentation, including a copy of the complaint originally submitted to Clinique Omicron and the response received, if any.

17. POLICY UPDATE

Edit Content

Clinique Omicron Inc. is committed to keeping its privacy policy up-to-date to reflect changes in legislation, technological developments and organizational practices. This process ensures that the management of personal information remains compliant with current legal requirements and data protection best practices.

17.1. Frequency of revisions

The privacy policy is reviewed regularly to ensure its relevance and effectiveness.

Frequency of revisions :
- Annual review: The policy is reviewed at least once a year by the Chief Privacy Officer (CPO), in collaboration with the relevant stakeholders.
- Ad hoc revision: The policy may also be updated at any time in the event of :
- Legislative or regulatory changes, particularly with regard to personal data protection (e.g. changes to the Act respecting the protection of personal information in the private sector).
- Introduction of new technologies or services likely to affect the management of personal information.
- Major organizational changes (mergers, acquisitions, reorganization of departments).
- Results of internal audits or confidentiality incidents requiring adjustments.

17.2. Notification of changes to users

Clinique Omicron ensures that all persons concerned are informed in a transparent manner of any changes made to its privacy policy.

Notification procedure :
- Publication on website: The most recent version of the policy is always available on Clinique Omicron's official website at the following address www.cliniqueomicron.ca

- Notification of Changes: In the event of significant changes affecting the way personal information is collected, used, disclosed or retained, the Clinic will notify users:
- A visible notice on the home page of the website;
- By e-mail to the persons concerned, where applicable.
- Date of last update: Each version of the policy specifies the date of the last update to enable users to identify recent changes.

Effective date of changes :
- Changes take effect on the date indicated in the updated policy.
- By continuing to use the Clinic's services after the changes come into effect, users are deemed to have read the revised policy.

Responsible for updates :
The Privacy Officer is responsible for coordinating policy revisions and ensuring that all changes are properly documented and communicated.

This approach is intended to ensure the transparency of Clinique Omicron's practices and to strengthen user confidence in the management of their personal information.

APPENDIX "A" - LIST OF PERSONAL INFORMATION COLLECTED

Edit Content

TYPE OF CONTACT WITH OMICRON CLINIC	TYPES OF RP AND SENSITIVE RP COLLECTED	PURPOSES FOR WHICH PPR AND SENSITIVE PPR ARE COLLECTED AND USED	COLLECTION RESOURCES
Service providers and consultants (in general)	- Name - Address - Remuneration - Banking information	- Identification - Sending correspondence - Payment management	- By e-mail sent by the consultant - By completing a form provided by the consultant
Patients	- Name - Date of birth - Health insurance number - Address - Phone number - Parents' first and last names - Emergency contact - Subscription type - Payment data - Speakers' notes - Medical file - Complementary and external examination results - Attachments - Medical forms - Appointment history - Invoices - Subscriptions	- Identification - Provision of medical care - Communication - Coordination with the public health system - Managing a clinical emergency - Complaints management - Accounting management	- By phone - In person - By patient-completed form (online or in person)
Job applicants and Employees	- Name - Phone number - E-mail - Contact details - Address - Social insurance number - Sex at birth - Banking information - Emergency contact - Position held - C.V. - Criminal record - Salary - Date of birth	- Payroll processing and payment - Benefits management - Employment and termination management - Identification - Sending correspondence - Career management	- By e-mail sent by the candidate or employee - A form to be completed by the applicant or employee
Service providers and consultants (care providers only)	- Various permit and license numbers - Signature	- Prescription management - Providing care and carrying out tasks assigned by providers	- By e-mail sent by the consultant - By completing a form provided by the consultant - Public websites

APPENDIX "B" AUTOMATED DATA MANAGEMENT

Edit Content

Clinique Omicron Inc. uses automated data collection technologies to optimize the user experience on its digital platforms, improve the quality of its services and ensure the security of the information processed. This appendix describes the types of data collected automatically, their purposes, and the options available to users to manage their privacy preferences.

B.1. Details of automated data collection

Automated data collection is based on various technologies that enable us to track user activity as they interact with our websites and applications.

1. Cookies
Cookies are small text files placed on the user's device (computer, phone, tablet) when visiting a website. They are essential for the proper operation of the site and offer several functionalities:
- Essential cookies: necessary for site navigation and access to secure functions (e.g. user session management).
- Performance and analysis cookies: used to collect information on site use (visitor numbers, length of visits, pages consulted) for the purposes of continuous improvement.
- Personalization indicators: to store user preferences (language, display settings).
- Advertising cookies: facilitate the delivery of advertising content targeted to the user's interests (with explicit consent).

2. Spy pixels (web beacons or invisible pixels)
Web beacons are tiny invisible images embedded in web pages or e-mails. They are used to :
- Check whether an e-mail has been opened by the recipient ;
- Track interactions on online ads;
- Analyze user behavior on the site.

3. Log Files
Log files automatically record certain information when you visit the site, such as :
- The user's IP address (often partially anonymized) ;
- Browser type and operating system;
- Pages consulted, duration of sessions and interactions carried out.

4. Traffic analysis tools (e.g. Google Analytics)
Clinique Omicron uses tools like Google Analytics to understand user behavior and optimize the digital experience. These tools collect data such as:
- Pages visited, time spent on each page ;
- Source of traffic (search engines, social networks, etc.) ;
- Click-through rates and conversions.

B.2 Purposes of automated data collection

The data collected automatically is used with respect for the confidentiality of users, and is used for the following purposes:
- Optimizing the user experience: improving navigation, personalizing content and settings.
- Site performance analysis: monitoring of traffic statistics to identify user needs and optimize services.
- Security and fraud prevention: detection of suspicious activity, protection against cyber-attacks and management of security incidents.
- Targeted marketing (with consent): displaying ads tailored to users' interests and measuring the effectiveness of marketing campaigns.

B.3 Managing user preferences

Users of Clinique Omicron have several ways to manage the collection of their automated data.

1. Managing cookies via the website
- On the first visit, a consent banner is displayed to inform the user of the use of cookies.
- Users can accept, refuse or personalize their cookie preferences at any time via the cookie management center available on the site.
- Refusal of cookies may restrict certain site functions, in particular access to personalized content.

2. Browser settings
Users can configure their browser to :
- Block all cookies;
- Delete cookies already saved ;
- Receive notifications before a cookie is installed.
Instructions vary depending on the browser used (Google Chrome, Mozilla Firefox, Safari, etc.).

3. Deactivation of analysis tools (Google Analytics, etc.)
Users can disable the collection of data by tools such as Google Analytics by installing an available browser add-on. here.

B.4 Security of automatically collected data

Clinique Omicron applies rigorous security measures to protect automatically collected data:
- Data encryption for transfers of sensitive information ;
- Access control restricted to authorized persons ;
- Monitoring suspicious activity and security vulnerabilities ;
- Regular system updates to prevent security breaches.

B.5 Contact for automated data management

For any questions or concerns relating to the management of automated data, users may contact :

Chief Privacy Officer (CPO)
E-mail : protectionrenseignements@cliniqueomicron.ca
Phone : 514-606-3350

Clinique Omicron undertakes to respond to any request relating to data confidentiality within a reasonable period of time, in accordance with the legal obligations in force.

Can't find your answer? Please contact us here.

At the clinic

At home

On line

Health assessments

Our programs

At the clinic

At home

On line

Health assessments

Our programs

Work support

Training partner of the Canadian Red Cross

Privacy Policy

Date of last update: February 1, 2025

About us

CUSTOMER SERVICE

Schedules