Privacy Policy

IVONNE, Inc. Privacy Policy

This Privacy Policy describes how your personal information is collected, used, and shared when you receive treatments, consultations, or make a purchase from our clinic, or from (shop.)ivonne.ca (the “Site”).

All information is collected and used in accordance with Canadian Regulations, namely Personal Information Protection and Electronic Documents Act (PIPEDA).

IVONNE, Inc. has made best efforts to ensure that clients and website visitors from outside of Canada are prevented from using our website, services, or products. However, due to increasingly complex technical constraints it is not always possible to ensure that we are compliant with extra-Canadian (local laws in your region).  If you are not located or subject to Canadian laws then you should not use this website or our related treatments or products.

This website does not contain any confidential images of clients. All images are published with express and written consent.

PERSONAL INFORMATION WE COLLECT

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
- Website Recordings are screen captures of our website visitor sessions. We use website session screen recordings to understand user behaviour, learn more about the needs of our website visitors and determine how they feel about their experience with our website. 

You can see which cookies are actively affecting your browsing by opening the Developer tools in your web browser, navigate to Application > Cookies. All of the current and up-to-date cookies (trackers) will appear in the window.

Additionally when you make a purchase or attempt to make a purchase through the Site, or make an appointment or attempt to make an appointment, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number. We refer to this information as “Order Information or Appointment Information.”

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information, Order Information and/or Appointment Information.

SURVEILLANCE VIDEO

Our clinic located at 0116-320 Queen Street uses video surveillance technology for the safety of our clients, team members, and property.  All video information is securely stored and managed in accordance with the prevailing privacy legislation. Our security system is restricted and inaccessible to anyone outside of IVONNE.

INTAKE FORMS, WEBSITE FORMS, QUESTIONNAIRES, SURVEYS AND POLLS

We collect relevant health and medical information including treatment history, contraindications, allergies, and current or previous conditions, to safely effect our treatments, and to qualify you as a candidate for any of our products or services.  

PHOTOGRAPHY 

Photos and videos of clients are occasionally taken before, during and after an appointment or procedure for the purposes of building the client profile, to monitor product retention, and to meet our record keeping obligations.  Where clients consent, any images or video may also be used for advertising and marketing purposes, namely on social media sites and on our related websites.  Clients may declare their consent in the waiver (client consent form) at the time of scheduling.  Any consent does not entitle the client to any royalties or revenues associated with the use of their likeness.  Similarly, IVONNE is not responsible for any damages arising from the use of client likenesses.

HOW WE PROTECT YOUR PERSONAL INFORMATION

Personal information stored in electronic format is:
a) limited in access to service providers, business owners, and only those third parties for which we have a non-disclosure agreement;
b) Protected by username, password, and when possible two-factor authentication and biometric/passcode authentication; and
c) Protected both by local device logins and via any website portal

Client data is not stored in paper format for any long term purposes, and is otherwise securely shredded and disposed of.

Any dormant employee accounts are suspended and deleted within 30 days of departure or termination of employees or suppliers.

 

HOW DO WE USE YOUR PERSONAL INFORMATION?

We use the Order Information and/or Appointment Information that we collect generally to fulfill any orders placed through the Site or effect any services scheduled through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information or Appointment Information to:
Communicate with you;
Screen our orders for potential risk or fraud; 
When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

SHARING YOUR PERSONAL INFORMATION

We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Acuity Scheduling (A Square Space Company) ("Acuity") to power our online scheduling system. We also use Square Space to power our eCommerce website--you can read more about how Acuity and Square Space uses your Personal Information here: www.squarespace.com/privacy. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: tools.google.com/dlpage/gaoptout.
We also use Hubspot Inc. to power our website content management system and for our client records management solution--you can read more about how Hubspot uses your Personal Information here: legal.hubspot.com/privacy-policy.

In addition, we share your personal information with our third-party vendors, and suppliers,  such as skincare and cosmetic manufacturers to create consumer accounts, to effect consultations, develop treatment plans, address any service issues, to recommend products or services for you; and to make purchases for you on your behalf. Such third-party vendors and suppliers include Alumier MD  Canada Inc., Syneron-Candela, Inc.

Through scheduling appointments, consultations, or purchasing products or interacting with us via form submissions or email, your information may also be shared with our payment processors to build your client record, and to support the best client experience.

In order to respect and adhere to your marketing preferences your information may also be shared with third-party suppliers to maintain an opt-out list.

Examples of Information Sharing:
Example 1: A client experiences a negative reaction, an unexpected reaction, or no improvement as a result of a skincare product or a professional skincare treatment.

Information shared in your health questionnaire, consultations, appointments, and other communication may be shared with our skincare suppliers to document the outcome of the treatment protocols or product use in an effort to resolve any concerns, and move closer towards the goals of treatment.

Example 2: If you are referred to our clinic from another regulated healthcare professional we may share details about our treatment protocols, the products used by you, and potentially any results, reactions, or achievements to coordinate your other provider's treatment plan.

Example 3: We may share your information in generalized, or aggregate form with our suppliers and vendors to help formulate proper client personas to effect more suitable treatment plans. e.g. we may conduct research and launch initiatives around helping clients with skin inflammation. This may involve sharing persona details about our skin inflammation clients e.g. lifestyle habits, age groups, response to treatments, and successes.

Example 4: When you complete a form submission, schedule a treatments or consultation appointment, or make a purchase with IVONNE we automatically create a purchasing account with AlumierMD by sending your email address, First Name and Last Name to the AlumierMD database. This allows you to easily track your product and treatment recommendations in the AlumierMD prescription pad and this attaches your client record to our clinic.

Limitations: Personally identifiable information 

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

BEHAVIOURAL ADVERTISING

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

COMMON LINKS INCLUDE:

FACEBOOK - www.facebook.com/settings/?tab=ads
GOOGLE - www.google.com/settings/ads/anonymous
BING - advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

DO NOT TRACK

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

YOUR RIGHTS

If you are a European resident, you have the right to access the personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

If you are a Canadian citizen, or permanent resident, and would like to update your personal information please contact us using the information provided at the bottom of this policy page.

DATA RETENTION

When you place an order or make an appointment through the Site, submit a form, email us, or otherwise provide your information in any manner, we reserve the right, but not the obligation to maintain your Order or Appointment Information for our records unless and until you ask us to delete this information, or in accordance with the prevailing privacy legislation in Canada, and in conjunction with our data destruction practice as outlined below.

DATA DESTRUCTION

Our commitment to client privacy and data security is paramount. For clients classified as dormant (no purchases, or appointments) after two years of inactivity, we implement a stringent protocol by transferring their information into encrypted cold digital storage. We employ one of the industry's most formidable block ciphers, the 256-bit Advanced Encryption Standard (AES), to ensure the highest level of data protection. This encryption standard is renowned for its robustness and is widely trusted for securing sensitive information.

The retention of encrypted data in cold storage is limited to a ten-year period, exclusively for historical and compliance purposes. Simultaneously, to maintain the confidentiality and integrity of our client communications, we systematically remove all data associated with inactive clients from our marketing systems following a two-year dormancy period, culminating in the secure erasure of such data.

At the conclusion of a ten-year cold-storage period your inactive personal data is automatically expunged from our systems.

This policy reflects our unwavering dedication to upholding the highest standards of privacy and security, ensuring that our clients' trust is well-placed and their data is rigorously protected.

CHANGES

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.


CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at hello@ivonne.ca or by mail using the details provided below:

0116-320 Queen Street, Ottawa, ON  K1R5A3   Canada

 

Policy Created: October 2017
Last Updated: March 1, 2024

 

Updates:
April 14, 2022 - Updated to include what information we collect on website sessions.

October 4, 2022 - Updated to include how to see which active Cookies affect your browsing session.

October 11, 2022 - Updated to include treatment plans as a reason for sharing your personal information with our suppliers; and examples of information sharing and for their purposes. Included "How We Protect Your Personal Information" section.

August 10, 2023 - Updates to circumstances on how we collect your data, and for how long.

September 25, 2023 - Updated to include instructions on how to update personal information for Canadian Citizens and Canadian Permanent Residents

February 11, 2024 - Updated with example case for AlumierMD account auto creation.

March 1, 2024 - Added Data Destruction provision.