Waypoint Physiotherapy is committed to protecting you and your personal information. This Privacy Policy describes how personal information is collected, used and stored to provide you the best possible care. We use a cloud based clinic and administrative management platforms to run our clinic behind the scenes. We refer to our cloud-based platforms, websites and web-based resources as the “Services”.

In this policy, we use the word “patient/client” to refer to anyone who has or is looking to book an appointment with Waypoint Physiotherapy. We use the word “you” to refer to any individual user of our Services, such as a practitioner or staff member, an individual browsing or using our websites and web-based resources.

Why Does Waypoint Physiotherapy Need to Collect Your Personal Information?

We collect personal information in order to provide our Services to you, to communicate with our associated healthcare professionals in our team, and any third party healthcare providers you request and give consent for us to communicate with. We also use your information to provide you with suitable information about our Services, including billing and insurance funding. We collect only the minimum amount of personal information needed for these purposes. We do not sell or trade personal information, and we will only share your personal information with third parties with your consent and in the ways that are described in this Privacy Policy.

What We Collect from You

Contact Information: We collect only your contact information that you choose to provide, such as your name, email address, phone number and personal health number, date of birth, etc… when you fill out our online forms or set up your user account for our Services. We use your contact information to activate your user account, give you access to the Services, and to send you notices about your user account. We may also use your contact information for marketing purposes, such as promotional emails, direct mail and sales contacts. You can opt-out of our marketing communications at any time by unsubscribing or contacting us at info@waypointphysio.ca or updating your settings in our online booking system Jane. 

Billing Information: Should you wish to provide us with a credit card on your file to pay for your treatments, your information is provided directly to our payment processor and is processed in a PCI-compliant manner. We do not keep your credit card information. Note that when credit card information is referred to as being “stored”, this means we have a “token”. The token replaces sensitive information and acts as a non-sensitive placeholder that can be used by the payment processor to reference your credit card information when payments need to be processed. The information is triple encrypted like online-banking and we can only see the last 4 digits of the card number.

Insurance Information: We collect only the necessary insurance information required to complete insurance claims on your behalf for MSP, ICBC, Veterans Affairs, and active military Blue Cross. However, your consent must be obtained prior to us completing any insurance claims on your behalf. All other insurance claims can be submitted by you using issued electronic receipts. 

Log and Device Information: When you access and browse our Services, we collect information about how you are accessing our Services, such as your internet or mobile network connection, your browser or the type of mobile device you are using (if applicable). We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used. This information is not used to market or send promotions to you.

Cookies and Tracking Information: Our website uses cookies. Cookies are small data files that are downloaded to your computer or device by a website. Your web browser lets you manage cookies through its “settings” or “options” menus. You can change your browser settings to display a warning before accepting a cookie or to refuse all cookies. You can also delete cookies at any time; however, please note that certain cookies must remain in order to use certain portions of the Services. We also use web beacons, which are tiny graphic objects embedded in a web page or an email which allows us to determine if a user has viewed the web page or email.

We use cookies and web beacons:

  • To learn about use of our websites, such as user traffic patterns and the effectiveness of our navigational structure
  • To identify email open rates in order to gauge the effectiveness of certain communications or marketing campaigns to clinics
  • To allow you to login to secure areas of our Services
  • To store your login credentials for easy access to our Services

Social Media: If you login to our Services using a third-party sign-in service, such as Google, or Facebook, we will receive personal information from those services, such as your name, email address and profile photo, in order to pre-populate our online forms. We also include social media “Like” and “Share” buttons on our websites. These features may collect your IP address and the page you are visiting on our website. They may also set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policies of the third parties who provide them not by us.

Patient Data

Waypoint Physiotherapy uses clinic and administrative management platforms to collect and store personal information from their patients and create patient records. These records may include a patient’s name, address, health insurance and billing information, medical charts, appointment history, and other patient data (“Patient Data”). This information is referred to as “personal health information” and there are very specific privacy laws applicable to them. If you are a patient, Patient Data is collected from you when you visit Waypoint Physiotherapy and when you set up an account with Waypoint Physiotherapy through our online booking website or an account is set up for you when you call or email to book an appointment.

We retain the sole control over Patient Data and may be referred to as a “health information custodian”, a “covered entity” or a “controller” depending on the privacy laws. Waypoint Physiotherapy is responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use. In British Columbia, we are governed by the Personal Information and Privacy Protection Act (PIPA) as we are a private organization.

Waypoint Physiotherapy uses Jane App to complete the clinical and administrative processes for the clinic. These are service providers and may be referred to as an “agent” or “processor” of Waypoint Physiotherapy. Jane App stores Patient Data in its secure data centres and makes it available to their users through our clinic management platform. Jane otherwise has no control over Patient Data. Jane app will only access Patient Data on the instructions or its associated healthcare practitioners or staff or, in rare cases, where needed in order to prevent or address technical problems or if required by law or court order. 

Storage Location: Patient Data is stored in Canada or the United States. When possible Waypoint Physiotherapy selects options that keep all information stored in Canada. Please note that we use US-based service providers for appointment reminders sent by email or SMS and, therefore, Patient Data contained in appointment reminders will go through and may be stored outside of Canada. All our data centres and service providers maintain a high level of security and are compliant with applicable privacy laws here in British Columbia.

Patient Rights: Patients have certain rights with respect to their Patient Data, which may include knowing what information Waypoint Physiotherapy has about you, correcting any inaccurate Patient Data, obtaining a record of your Patient Data and, in certain circumstances, deleting or removing your Patient Data. Please note that Waypoint Physiotherapy has strict legal and regulatory obligations around Patient Data and may not always be permitted to delete or remove Patient Data.

Questions about Patient Data: If you have any questions about your Patient Data or wish to exercise any or your patient rights, please contact our Privacy Officer at info@waypointphysio.ca or at (250) 889-5443

Sharing Your Information

We do not sell or distribute personal information to third parties for their own commercial or marketing purposes. 

Compliance with Laws: We may disclose personal information to a third party if we are required to do so by applicable law, government request, court order, or regulatory body. We may also be required to disclose personal information to enforce our legal rights, to enforce security requirements, or to respond to an emergency which we believe, in good faith, requires us to disclose personal information. In such instances, if permissible, we will make every reasonable effort to give you as much notice as possible regarding the disclosure of your personal information, what information was disclosed and why. We will not disclose Patient Data unless legally required to do so.


We protect your personal information, including Patient Data stored in our cloud platforms, by:

  • Using industry standard security controls such an end to end encryption and an SSL (Secured Sockets Layers) certificate to ensure information is transmitted over a secured connection between your browser and our web server.
  • Using state-of-the-art data centres with appropriate security and compliance certifications, such SOC 2 and EU-US Privacy Shield that are HIPAA compliant.
  • Having our personnel (practitioners and admin) and any Waypoint Physiotherapy affiliated personnel such as, book keeper, students, mentees, volunteers, must sign strict confidentiality agreements to ensure they understand the confidential nature of the data we process and only accessing your account when necessary for the provision of Services.
  • All personnel and affiliated personnel have access to the level of information they need to do their job to provide their Services. All levels of access are specifically selected for each personnel and  affiliate. Those with higher level access to the Patient Data have undergone specialty training on privacy and secure data access. 
  • All account accesses for you and our personnel require password protection with an individually selected password set by the user only and not shared with anyone else. We cannot access or identify your password. The only way to recover a password is for you to initiate a reset via the email address or mobile phone number you use for the Services.

While we employ industry standard measures to protect your information, no electronic communication can ever be completely secure. You share responsibility for protection of your personal information by setting a strong password and by keeping your username and password confidential.

Storage Period

We retain personal information only for as long as necessary to achieve our stated purposes, or as required by applicable law. For example, Contact and Billing information is kept for as long as your account is active and for a reasonable period after it has been deactivated in the event you wish to re-activate the account. User account information is retained as long as necessary  to comply with Patient Data storage and access laws. All Patient Data must be kept for 16 years in British Columbia from the date of last entry or, in the case of minors, 16 years in British Columbia from the time the patient would have reached the age of majority (either age 18 or 19 years). Credit card information is never kept or stored on any Waypoint Physiotherapy computer, server or document. All credit card information inputted into Jane App is instantly transfers that data to one of our payment processing partners through encrypted transfer. Our PCI-compliant payment processing partners store that information for Jane. The default behaviour of these partners is to store the credit card information so that refunds can be processed. Our partners for payments have been very carefully chosen, and they use the same 128-bit encryption as the big banks around the world. They send Jane back an encrypted key (a token) which represents the credit card so that Jane can continue to bill against that card if the customer wishes, but note that this token can’t be used outside of Jane. The only information that Jane stores about the credit card are the last 4 digits and the expiration date so that the customer will know which card they gave you.

Your Rights

Individuals have certain rights with respect to their personal information. These rights are set out below. If you are a patient of Waypoint Physiotherapy, please contact your clinic or practitioner to exercise any of these rights with respect to your Patient Data.

Correction and Deletion: We will make reasonable efforts to ensure that the personal information we collect from you is accurate and complete. You may update, correct or delete your account information at any time by logging into your user account and modifying your personal information, including your preferences to receive messages from us. You may also update, correct or delete your personal information by contacting us as noted below.

Withdrawing Consent: Where we have relied on your consent to use your personal information, you have the right to withdraw that consent at any time by contacting us as noted below. In addition, all our marketing email messages contain the ability to automatically “opt-out” or unsubscribe from our mailing lists and marketing messages.

Access and Portability: You have the right to request a record of the personal information that we have collected about you and to ask that the information be provided in a structured, used electronic format (where applicable and technically feasible). There may be some cases where we cannot provide you with certain information about you if it would mean disclosure of personal information of another person or other confidential information, or if it would compromise our security systems. If you require access to your personal information, please contact us. We will respond to you within thirty (30) days of receiving your request. We may charge a fee where permitted by applicable law.

Complaints: You have the right to lodge a complaint with a supervisory authority. You may also contact the Information and Privacy Commissioner of British Columbia (for British Columbia matters) ( http://www.oipc.bc.ca/ ) or the Privacy Commissioner of Canada (for international matters and inter-provincial matters) ( http://www.priv.gc.ca/ ).

Contact Us

If you have any questions or concerns about our Privacy Policy and our privacy practices, please contact us at:

Waypoint Physiotherapy
5709 Wallace Drive
Victoria, BC V9E 2G2

Tel: (250) 889-5443
Email: info@waypointphysio.ca
Attention: Privacy Officer