NutriKaur Privacy Policy

Effective Date: April 2020
Last Updated: August 2025

Privacy of Personal Information

Privacy of personal information is an important principle to NutriKaur. We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services we provide. We try to be open and transparent about how we handle personal information. This document describes our privacy policies.

What is Personal Health Information?

Personal health information is information about an identifiable individual. Personal health information includes information that relates to:

  • the physical, nutritional or mental health of the individual (including family health history);
  • the provision of health care to the individual (including identifying the individual’s health care provider(s));
  • a plan of service under the Home Care and Community Services Act, 1994;
  • payments or eligibility for health care or coverage for health care;
  • the donation or testing of an individual’s body part or bodily substance;
  • the individual’s health number; or
  • the identification of the individual’s substitute decision-maker.

Personal health information also includes any information shared by you via our website or telehealth services.

Who We Are

Our organization, NutriKaur, includes at the time of writing one professional/staff member. We interact with a number of consultants and agencies that may, in the course of their duties, have limited access to personal health information we hold. These include computer consultants, bookkeepers and accountants, a practice management software company, lawyers, temporary workers to cover holidays, credit card companies, and website managers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles. We may update this list of external service providers as needed, and we ensure all have signed privacy agreements.

Why We Collect Personal Health Information

We collect, use and disclose personal information in order to serve our clients. For our clients, the primary purpose for collecting personal health information is to provide nutrition/dietetic services. For example, we collect information about a client’s health history, including their family history, physical condition and function and social situation in order to help us assess what their nutrition care needs are, to advise them of their options and then to provide the nutrition care they choose to have. A second primary purpose is to obtain a baseline of health and social information so that in providing ongoing health services we can identify changes that are occurring over time.

We also collect, use and disclose personal health information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:

Related Purpose #1: To obtain payment for services or goods provided. Payment may be obtained from the individual or a third party depending on individual circumstances.

Related Purpose #2: To conduct quality improvement and risk management activities. We review client files to ensure that we provide high quality services, including assessing the performance of our staff. External consultants (e.g., auditors, lawyers, practice consultants, voluntary accreditation programs) may conduct audits and quality improvement reviews on our behalf.

Related Purpose #3: To promote our clinic, new services, special events and opportunities (e.g., a seminar or conference) that we have available. We will always obtain express consent from the client prior to collecting or handling personal health information for this purpose.

Related Purpose #4: To comply with external regulators. Our professionals are regulated by the College of Dietitians of Ontario who may inspect our records and interview our staff as a part of its regulatory activities in the public interest. The College of Dietitians of Ontario has its own strict confidentiality and privacy obligations. In addition, as professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. Also, our organization believes that it should report information suggesting illegal behaviour to the authorities. In addition, we may be required by law to disclose personal health information to various government agencies (e.g., the Ministry of Health, and Long-Term Care, children’s aid societies, Canada Customs and Revenue Agency, Information and Privacy Commissioner, Ontario, etc.).

Related Purpose #5: To educate our staff and students. We value the education and development of future and current professionals. We will review client records in order to educate our staff and students about the provision of health care.

Related Purpose #6: To fundraise for the operations of our organization, with the express or implied consent of our clients. If we rely on implied consent, we will only use the client’s name and address, we will provide clients with an easy opt-out option, and we will not reveal anything about our client’s health in the request.

Related Purpose #7: To facilitate the sale of our organization. If the organization or its assets were to be sold, the potential purchaser would want to conduct a “due diligence” review of the organization’s records to ensure that it is a viable business that has been honestly portrayed. The potential purchaser must first enter into an agreement with the organization to keep the information confidential and secure and not to retain any of the information longer than necessary to conduct the due diligence. Once a sale has been finalized, the organization may transfer records to the purchaser, but it will make reasonable efforts to provide notice to the individual before doing so.

Email Signups
We may collect your email address when you voluntarily subscribe to our newsletter or other communications. By subscribing, you consent to receive emails from us. You may unsubscribe at any time using the link provided in our emails.

We will always seek consent where possible and notify clients of any significant change in use or disclosure practices.

Protecting Personal Information

We understand the importance of protecting personal information. For that reason, we have taken the following steps:

  • Paper information is either under supervision or secured in a locked or restricted area.
  • Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, strong passwords are used on all computers and mobile devices.
  • The practice management software being utilized stores personal health information on secure servers in Canada and offers a secure telehealth system.
  • Personal health information is only stored on mobile devices if necessary. All personal health information stored on mobile devices is protected by strong encryption.
  • When working at home or in flexible locations using laptops, we transport, use and store the personal health information securely.
  • Paper information is transferred through sealed, addressed envelopes or boxes by reputable companies with strong privacy policies.
  • Electronic information is either anonymized or encrypted before being transmitted.
  • Our staff members are trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance with our privacy policy.
  • We do not post any personal information about our clients on social media sites and our staff members are trained on the appropriate use of social media.
  • External consultants and agencies with access to personal information must enter into privacy agreements with us.

We review security procedures at least annually to ensure continued compliance with privacy standards.

Right to Access and Correct Personal Information

Individuals have the right (with some exceptions) to access personal information about themselves held by NutriKaur and to know what NutriKaur has done with it. This ensures that the personal information is adequate, correct and up to date.

  • We may ask you to put your request for access to information in writing.
  • As needed, we will help you make an access request (e.g. to explain the filing system at NutriKaur).
  • We will take reasonable and necessary steps to help you understand the information you request (e.g. explain short forms or codes, provide in an appropriate format, etc.).
  • We will require proof of identity before disclosing information.
  • We will provide access upon request within 30 days unless grounds for refusal exist. Grounds for refusal to access personal information would include:
    • It is quality of care information or information generated for the College’s quality assurance program;
    • Raw data from standardized psychological tests or assessments;
    • There is a risk of serious harm to the treatment or recovery of the individual or of serious bodily harm to another individual; or
    • Access would reveal the identity of a confidential source of information (s. 51-52).
  • If we cannot provide you with access, we will explain the reason as to why, as best as possible. If your request for access is refused, you have the right to complain to the Information Privacy Commissioner of Ontario.
  • The Health Information Custodian (HIC), Prabhjot Kaur, can refuse frivolous, vexatious, and bad faith requests for access.
  • The cost of accessing information is $30.00 for the first twenty pages and $0.25 per page thereafter.
  • Clients may request access or corrections electronically or in writing, and we will respond within 30 days wherever possible.
  • Grounds to refuse access or correction remain as stated.

Correction Requests

Clients have the right to request a correction of erroneous information held by NutriKaur. The purpose is to maintain appropriate and accurate information on clients.

  • You will be given a response (usually within 30 days) to a request to correct, along with reasons for any refusal to do so and notice of any recourse.
  • Grounds to refuse correction may include requests where:
    • the request is frivolous, vexatious or made in bad faith; or
    • the HIC did not create the record and the HIC does not have sufficient knowledge, expertise or authority to make the correction.
  • A notice of the disagreement is filed with the record where NutriKaur does not agree that the information is incorrect. If your request for correction is refused, you have the right to complain to the Information Privacy Commissioner of Ontario.
  • Correction requests are restricted to factual information. Professional observations and opinions are not generally subject to correction requests.
  • Corrections are made without obliterating the original entry.
  • Corrections or notice of the disagreement are sent to third parties who have received the erroneous information unless doing so is not appropriate. However, there are limits that may include the following
    • the individual must request it;
    • the notification need only be made where reasonably possible; and
    • the HIC can refuse to give the notification if the correction cannot reasonably be expected to have an effect on the ongoing provision of health care or some other benefit to the individual.

Retention and Destruction of Personal Information

We need to retain personal information for some time to ensure that we can answer any questions you might have about the services provided and for our own accountability to external regulatory bodies.

We keep our client files for at least ten years from the date of the last client interaction or from the date the client turns 18.

We destroy paper files containing personal health information by cross-cut shredding. We destroy electronic information by deleting it in a manner that it cannot be restored. When hardware is discarded, we ensure that the hardware is physically destroyed, or the data is erased or overwritten in a manner that the information cannot be recovered. Electronic backups are also securely destroyed in accordance with retention schedules.

Complaints System

NutriKaur develops and maintains an internal complaint system and makes external recourse publicly available in order to be able to receive, investigate and respond to complaints. Every effort is made to investigate and decide a simple complaint within 30 days. For more complex complaints, the person investigating or deciding the complaint will advise the person making the complaint within 30 days of how long it will likely take to investigate and decide it. Clients will be notified of any breaches in writing, by phone, or at their next appointment. NutriKaur maintains a log of all breaches and remediation steps for compliance and review.

If there is a Privacy Breach

While we will take precautions to avoid any breach of your privacy, if there is a loss, theft or unauthorized access of your personal health information we will notify you.

Upon learning of a possible or known breach, we will take the following steps, as applicable:

  • Respond immediately by implementing the organization’s privacy breach protocol.
    • Inform the necessary staff within the organization.
    • Consider whether the Commissioner must or should be notified (PHIPA provides that regulations may be passed setting out certain kinds of breaches that must be reported to the Commissioner: s. 12(3)).
  • Containment – Identify the scope of the potential breach and take steps to contain it.
    • Assess what and how much information was breached and in what manner (e.g., paper format, electronic format).
    • Determine whether copies were made.
    • Implement any necessary action to contain further unauthorized access (e.g., change passwords, identification numbers and/or temporarily shut down a system).
  • Notification – Identify those individuals whose privacy was breached and notify them of the breach.
    • Notify all individuals whose personal health information has been compromised in the most appropriate way possible in light of the sensitivity of the information (e.g., by phone, in writing, at your next appointment, etc.).
    • Inform all individuals of the steps that have or will be taken to address the privacy breach and that the Information and Privacy Commissioner’s Office, Ontario has been informed.
    • Provide the individuals with the organization’s and the Information and Privacy Commissioner’s Office of Ontario contact information in case individuals have further questions.
    • Advise the individual of their right to make a complaint to the Commissioner (s. 12).
  • Investigation and Remediation
    • Conduct an internal investigation into the matter to identify how and why the privacy breach occurred.
    • Take the necessary steps to implement a plan that strives to avoid a similar privacy breach from occurring in the future.
    • We will advise the Information and Privacy Commissioner’s Office of Ontario of the investigation findings and proposed future prevention plan and work together to make any necessary changes.
    • Report the results of investigation to the College of Dietitians of Ontario if appropriate or required
    • Ensure all staff are appropriately trained and conduct further training if required.

Depending on the circumstances of the breach, we may notify and work with the Information and Privacy Commissioner of Ontario. If we take disciplinary action against one of our practitioners (or revoke or restrict the privileges or affiliation of one of our practitioners) for a privacy breach, we are required to report that to the practitioner’s regulatory College. We may also report the breach to the relevant regulatory College if we believe that it was the result of professional misconduct, incompetence or incapacity.

This policy is made under the Personal Health Information Protection Act, 2004, S.O. 2004, c. 3. It is a complex statute and provides some additional exceptions to the privacy principles that are too detailed to set out here.

Website

This section informs you of our policies regarding the collection, use, and disclosure of personal information we receive from users of our website. By using NutriKaur’s website, you agree to the collection and use of information in accordance with this policy.

Information Collection and Use

While using our website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your name, email address, and phone number. We only collect and store personally identifiable information provided by you to us directly using our “contact us” forms on our website, when subscribing to our newsletters or signing-up for free resources, or via email, text, social media communications, and any other communication that is sent to us from you.

Communication

We may use your personally identifiable information to contact you with newsletters, marketing or promotional materials, and other information, but we will always obtain your consent to do so (as outlined above under “Why We Collect Personal Health Information”).

Log Data

Like many site operators, we collect information that your browser sends whenever you visit our site (“log data”). This log data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages and other statistics. We may also collect limited analytics data to improve website performance and user experience. For details on Squarespace Analytics, please visit their Analytics web page.

Cookies

Cookies are small pieces of data that are placed on your computer when you visit a website. Like many sites, we use cookies to collect information which helps our website run effectively. Cookies help the website to remember information about your visit which can help to provide the best experience for our visitors. Users can manage cookies through their browser settings at any time. For more information about cookies, please visit the Office of the Privacy Commissioner of Canada.

You may also visit our web host’s cookie policy for more information.

Security

The security of your personal information is of utmost important to us. While we strive to use generally acceptable standards of security to protect personally identifiable information (e.g. utilizing a practice management software that stores personal health information on secure servers in Canada and offers a secure telehealth system), we cannot guarantee its absolute security as no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do not share email addresses or other personally identifiable information of our clients and users of our website with any third-party organizations. Our website may contain links directing you to external websites. NutriKaur is not responsible for the privacy practices of these external websites.

Changes to Privacy Policy

NutriKaur reserves the right to modify our Privacy Policy at any time. This Privacy Policy is effective as of the date indicated at the bottom of this page and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page. We recommend reviewing this Privacy Policy periodically to determine if any changes have been made since your last visit. Your continued use of the website after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy. NutriKaur reserves the right to modify our Privacy Policy at any time. The effective date at the top of the policy will always reflect the latest revision.

Questions or Concerns?

If you have questions, requests, or want to make a complaint about our privacy practices, please contact NutriKaur Privacy Officer, Prabhjot Kaur, via email info@nutrikaur.ca

You also have the right to complain to the Information and Privacy Commissioner of Ontario if you have concerns about our privacy practices or how your personal health information has been handled.

Contact Information:

Information and Privacy Commissioner of Ontario

2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8

Telephone: Toronto Area: (416) 326-3333

Long Distance: 1 (800) 387-0073 (within Ontario) TDD/TTY: (416) 325-7539

FAX: (416) 325-9195

http://www.ipc.on.ca

This document is adapted from privacy policy templates provided by the College of Dietitians of Ontario and TermsFeed.

About Me

Hi there! I’m Prab, a registered dietitian who blends traditional Punjabi flavours with approachable plant-based nutrition. Here, you’ll find simple vegan and vegetarian recipes inspired by Punjabi cuisine, along with practical, evidence-based nutrition tips and information.

explore
Recipes
Nutrition
Work With Me