top of page

Privacy Policy

1. Introduction

John Kim  Balance Clinic provides acupuncture and osteopathic manual therapy services in British Columbia, Canada.
This Privacy Policy explains how we collect, use, disclose and protect Personal Information obtained through:

  • our public website (suumclinic.ca and sub-domains),

  • online booking and intake forms,

  • e-mail, telephone or video consultations, and

  • in-clinic visits.

This Policy is governed primarily by BC’s Personal Information Protection Act (“PIPA-BC”) and, where applicable, Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the EU/UK GDPR for visitors located overseas. 

​

2. Definitions

  • Personal Information (PI): Information about an identifiable individual (e.g., name, e-mail, health history).

  • Personal Health Information (PHI): PI related to physical or mental health, treatment, or payment for health care.

  • Cookie/Tracking Data: Data collected automatically by your browser or device when you visit our site.

3. Consents
We collect, use or disclose PI only with your knowledge and consent, except where otherwise permitted or required by law (e.g., to address an imminent risk of harm).

  • You may withdraw consent at any time, subject to legal or contractual restrictions.

  • Withdrawal may limit our ability to provide certain services (e.g., online appointment scheduling).

​

4. Personal Information We Collect
We collect four main categories of Personal Information, each for a specific purpose.

  1. Contact details – your name, mailing address, phone number and e-mail address.
    Purpose: to book and confirm appointments, send reminders and issue invoices or receipts.

  2. Demographic and health-history information – age, sex, presenting complaints, past medical conditions, medications and relevant lifestyle factors.
    Purpose: to perform clinical assessment, formulate treatment plans and monitor progress.

  3. Insurance and payment information – insurer and policy numbers, payment-card details or other billing data.
    Purpose: to submit direct-billing claims, process payments and provide receipts for reimbursement or tax purposes.

  4. Technical and usage data – IP address, device type, browser version, pages visited and cookies generated by your browser.
    Purpose: to maintain site security, compile anonymous analytics and improve user experience.

We gather this information directly from you, from your authorized representatives, or from third parties (such as insurers) when you have given us permission to do so.

​

5. How We Use Personal Information

1. Provide health-care assessment and treatment.2. Confirm appointments and send treatment reminders.

 

 

Process payments and insurance claims.

 

Operate, secure and optimise our website.

 

Send clinic updates or newsletters only with express opt-in.

 

Meet regulatory, insurance and legal obligations (e.g., retention of clinical charts for 16 years under CTCMA guidelines).

​

 

6. Disclosure of Personal Information

We do not sell or rent your information. We may share it only:

 

With service providers (e.g., encrypted practice-management software, payment processors) bound by privacy obligations.

 

With other health professionals involved in your care, with your consent.

 

When required by law or court order (e.g., mandatory reporting of child abuse).

 

In the event of a clinic sale or merger, with appropriate safeguards and notice.

 

Any cloud providers that store data outside Canada are contractually required to safeguard PI to standards comparable to PIPA-BC and PIPEDA.

​

 

7. Transfers Outside Canada

If we use third-party platforms whose servers are located abroad, your PI may be processed in another jurisdiction and subject to the laws of that jurisdiction. We conduct vendor due-diligence and use contractual clauses to ensure comparable protection.

​

 

8. Security Measures

We implement reasonable administrative, technical and physical safeguards, including:

 

Encrypted transmission (HTTPS/TLS) and encrypted at-rest storage for electronic records.

 

Access controls restricting staff by role.

 

Regular software updates, malware protection and secure backups.

 

Shredding of paper files when legally eligible for destruction.

​

 

9. Retention & Destruction

Clinical records are retained for the longer of 16 years from last visit or age 25 + 7 years for minors, per College guidelines. Non-clinical marketing records are kept only as long as necessary for the purpose collected, then securely destroyed.

​

 

10. Your Rights

Under PIPA-BC you may:

 

Request access to your Personal Information.

 

Request correction of inaccuracies.

 

Withdraw consent to certain uses/disclosures.

 

Complain to the BC Office of the Information & Privacy Commissioner (OIPC) if unresolved. 

oipc.bc.ca

 

Requests can be made in writing (see § 12).

​

 

11. Cookies & Tracking

We use first-party cookies and Google Analytics for aggregated, de-identified traffic statistics. You can disable cookies in your browser; some site features may not function properly without them.

​

 

12. Contact Us (Privacy Officer)

John Hwan Kim, R.Ac., OMP

Suum Clinic – Privacy Officer

Unit 905, 750 West Broadway

Vancouver BC V5Z 1H1

Canada

✉ johnkimac@gmail 
 

​

 

13. Updates to This Policy

We may update this Policy from time to time. The Effective Date at the bottom will change accordingly. Material changes will be posted prominently and, where required, we will seek renewed consent.

 

Effective Date: 29 July 2025

bottom of page