1. Privacy officer

In accordance with Section 3.1 of Law 25, we have designated a person responsible for handling personal information:

2. Information we collect

When you request a booking, we collect only:

  • Identity: first name, last name
  • Contact details: email, phone
  • Reason for visit and preferred practitioner
  • Additional notes you voluntarily provide (anxiety, allergies, scheduling constraints)

3. Purpose of processing

Your information is used exclusively to:

  • Confirm and schedule your appointment
  • Contact you in case of changes or unforeseen events
  • Create your dental record (only after your first visit with explicit written consent)
  • Send you appointment reminders and prevention tips, only if you consented

4. Consent

We obtain your free, informed, and explicit consent before any collection. Consent is requested separately for:

  • Processing your booking request (mandatory)
  • Sending reminders and newsletters (optional, 1-click unsubscribe)

You may withdraw consent at any time by emailing us.

5. Retention period

  • Unprocessed booking request: max 12 months, then deleted
  • Patient record: 5 years after last visit (per Order of Dentists of Quebec)
  • Accounting / billing data: 6 years (tax obligation)

6. Your rights

Under Law 25, you have the following rights:

  • Right of access: get a copy of the information about you
  • Right to rectification: correct any inaccurate information
  • Right to erasure ("right to be forgotten")
  • Right to portability: receive your data in a structured format
  • Right to withdraw consent at any time
  • Right to de-indexation of personal information

To exercise these rights, email privacy@studio-belmont-demo.ca. We respond within 30 days maximum.

7. Sharing and data transfer

We do not sell or rent your information. Sharing is strictly limited to:

  • The clinical team (on a need-to-know basis)
  • Your insurer (only with your consent, for direct billing)
  • Our technical subprocessors (web hosting, email) under Law 25-compliant confidentiality contracts

8. Data security

Technical and organizational measures in place:

  • Encrypted HTTPS connection (TLS 1.3)
  • Patient records access restricted by authentication
  • Daily encrypted backups
  • Staff trained in data protection
  • Internal incident management policy

9. Cookies

This site uses no advertising or tracking cookies. Only strictly necessary technical cookies may be set (language, session).

10. Privacy incidents

In the event of an incident likely to cause serious harm, we commit to:

  • Notify you as soon as possible
  • Notify the Commission d'accès à l'information (CAI)
  • Maintain an internal incident registry for 5 years

11. Complaint to the CAI

If you believe your rights are not respected, you may file a complaint with the Commission d'accès à l'information du Québec:
🌐 cai.gouv.qc.ca
📞 1-888-528-7741

Back to home
DEMO · Built by Nextiweb.ca