Privacy Policy

This is the default text value
This is the default text valueThis is the default text value

Governing Legislation: PIPEDA | PHIPA (Ontario) | RHPA | CMA Telemedicine Polic

The Panday Group (“TPG,” “we,” “our,” or “us”) operates pandaygroup.com and delivers private, elective hormone optimization and performance health services via telemedicine to patients across Canada. This Privacy Policy governs how we collect, use, disclose, retain, and protect personal information and personal health information (“PHI”) in compliance with:

  • The Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5
  • The Personal Health Information Protection Act (PHIPA), S.O. 2004, c. 3, Sched. A
  • The Regulated Health Professions Act (RHPA), 1991, S.O. 1991, c. 18
  • The College of Physicians and Surgeons of Ontario (CPSO) and the College of Nurses of Ontario (CNO) professional standards
  • The Canadian Medical Association (CMA) and Ontario Medical Association (OMA) guidelines on telemedicine practice

By accessing our website or engaging with our services, you acknowledge that you have read, understood, and consented to the practices described in this Privacy Policy.

1. Who We Are and Our Privacy Obligations

The Panday Group is a health information custodian as defined under PHIPA. Our licensed healthcare practitioners — which may include physicians regulated by the CPSO and/or nurse practitioners regulated by the CNO, depending on clinical assignment and availability — are the regulated health professionals responsible for the collection and use of personal health information within this clinic. All personnel who handle patient information are bound by confidentiality obligations consistent with PHIPA and applicable college standards.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily submit through our patient assessment and intake forms, which are completed at the time of initial registration. This includes:

  • Full legal name, date of birth, and contact details (email, phone, mailing address)
  • Personal health information (PHI): health history, current medications and supplements, existing diagnoses, symptoms, and hormone-related concerns
  • Payment and billing information, processed via secure third-party platforms
  • Referral source information and written or electronic correspondence with our team

Patient intake and consent is completed electronically through our assessment form at pandaygroup.com/performance. By submitting that form, you provide express consent to the collection and use of your PHI as described in this Policy.

2.2 Laboratory and Diagnostic Information

With your consent, we receive bloodwork results and laboratory data from our approved laboratory service providers. This information is PHI and is handled under the same standards as all other patient health information.

2.3 Automatically Collected Information

Our website may collect technical data including IP address, browser type, device type, pages visited, and navigation behaviour. This information is used for website analytics only and is never linked to your PHI.

3. Legal Basis for Collection and Consent

Under PHIPA, we collect and use PHI on the basis of your express consent, which is obtained at intake through our patient assessment form. Consent covers:

  • Collection of your health history and diagnostic information for clinical review
  • Coordination with our licensed practitioners for assessment and ongoing care
  • Coordination with our approved pharmacy network for prescription fulfillment
  • Ordering and receiving bloodwork results from approved laboratories
  • Administrative communications related to your care, invoicing, and monitoring

You may withdraw consent at any time in writing. Withdrawal of consent will result in the inability to continue providing care. All PHI collected prior to withdrawal is retained in accordance with professional college record-keeping standards.

4. How We Use Your Information

We use your personal and health information exclusively for the following purposes, consistent with PHIPA ss.29–30:

  • Clinical assessment of your suitability for our private, elective programs
  • Delivery of telemedicine consultations and ongoing clinical care
  • Coordination with our approved pharmacy network for prescription processing and dispensing
  • Issuance and receipt of bloodwork requisitions and laboratory results
  • Administrative communications: invoicing, scheduling, refill reminders, and monitoring follow-up
  • Compliance with legal, regulatory, and professional college obligations
  • Quality improvement using de-identified aggregate data only — never identifiable PHI

We do not use PHI for marketing profiling, advertising, or any commercial purpose beyond the direct delivery of your clinical care.

5. Disclosure of Your Information

5.1 Internal Access

Access to your PHI is restricted to: your assigned healthcare practitioner, and patient coordination staff who require access to provide administrative support. All personnel operate under strict confidentiality obligations.

5.2 Third-Party Service Providers

We disclose necessary information to trusted third-party service providers performing functions on our behalf, including:

  • Licensed pharmacies within our approved network — for prescription fulfillment and dispensing
  • Accredited medical laboratory services — for bloodwork requisitions and results
  • Secure patient scheduling and health record management platforms
  • Secure billing and invoicing platforms
  • Encrypted communication and document delivery services

Vendors are not named in this Policy as technology partners may change. All vendors are contractually bound to PHIPA-compatible data handling and may use your information only to perform their specific function. We do not disclose identifiable PHI to vendors for any other purpose.

5.3 Your Treating Healthcare Practitioner

Your PHI is shared with the licensed practitioner assigned to your care. That practitioner holds a current licence with the applicable Ontario regulatory college (CPSO or CNO) and is independently bound by professional confidentiality and regulatory obligations.

5.4 Legal Disclosure

We may disclose your information as permitted or required under PHIPA ss.40–43:

  • Pursuant to a court order, subpoena, or statutory requirement
  • To a regulatory body or College conducting a legitimate investigation
  • To prevent or reduce a serious and imminent risk to the health or safety of any person
  • To the Office of the Information and Privacy Commissioner of Ontario upon lawful request

5.5 No Sale of Personal Information

We do not sell, rent, trade, or otherwise commercially disclose your personal information or PHI to any third party under any circumstances.

6. Patient Health Record Access and Portability

Upon written request, patients are entitled to receive their laboratory bloodwork results, consistent with PHIPA s.52. Additional clinical documentation may be provided at the discretion of the clinic and treating practitioner.

Your laboratory bloodwork results will be provided upon written request. Where the clinic determines it appropriate, additional clinical documentation may also be released to support your continuity of care.

Note that the release of a patient’s health record does not constitute, and should not be interpreted as, the transfer or reissuance of a prescription under a different clinical arrangement. Prescription issuance is a separate clinical act governed by our integrated care model and pharmacy fulfillment policy.

7. Retention of Health Information

Patient health records are retained in accordance with professional college standards:

  • Active records are maintained for the duration of your enrollment with TPG
  • Following program completion, withdrawal, or termination: minimum ten (10) years, consistent with CPSO and CNO requirements for adult patients
  • Records involving patients who were minors at the time of care are retained until the patient reaches age 28
  • Billing and administrative records are retained in accordance with applicable tax and commercial law

8. Your Rights Under PHIPA and PIPEDA

  • Right of Access (PHIPA s.52): Request a copy of your health record
  • Right to Correction (PHIPA s.55): Request correction of inaccurate or incomplete information
  • Right to Withdraw Consent: Withdraw consent to non-essential uses at any time
  • Right to an Account of Disclosure (PHIPA s.54): Request a log of disclosures of your PHI
  • Right to Complaint: File a complaint with the Information and Privacy Commissioner of Ontario (ipc.on.ca) or the Office of the Privacy Commissioner of Canada (priv.gc.ca)

To exercise any of these rights, submit a written request to medical@pandaygroup.com. We will acknowledge within 7 business days and respond within 30 days.

9. Security Safeguards

We implement safeguards consistent with PHIPA s.12, appropriate to the sensitivity of the information:

  • Encrypted transmission for all PHI communicated electronically
  • Role-based access controls limiting PHI access to authorized personnel only
  • Confidentiality agreements with all staff and contractors who access PHI
  • Periodic review of security practices and vendor compliance

In the event of a privacy breach creating a real risk of significant harm, we will notify affected patients and report to the Information and Privacy Commissioner of Ontario as required under PHIPA s.12(2) and Ontario Regulation 329/04.

10. Cookies and Website Tracking

Our website may use essential cookies (required for functionality), analytics cookies (aggregate visitor behaviour), and marketing cookies (only where explicit consent is obtained). Cookies do not contain or transmit PHI and are never linked to patient health records.

11. Telemedicine and National Service Delivery

The Panday Group delivers all clinical services via telemedicine. Our licensed practitioners hold current licences with the applicable Ontario regulatory college and prescribe from Ontario. Our approved pharmacy partners are Ontario-based and are legally authorized to dispense and ship medication to patients across Canada. This model is compliant with applicable federal and provincial pharmaceutical regulations and does not require our practitioners to hold licences in the patient’s province of residence.

You acknowledge that telemedicine has inherent limitations compared to in-person care, that our practitioner will advise you if in-person assessment is clinically warranted, and that you have the right to seek in-person care at any time.

12. Minors

Our services are exclusively for adults aged 18 and over. We do not knowingly collect PHI from individuals under 18. If such information is discovered, it will be promptly deleted and services will not be rendered.

13. Changes to This Privacy Policy

We may update this Policy to reflect changes in our practices, legal obligations, or college standards. Material changes will be communicated to active patients by email with a minimum of 30 days’ notice. Continued engagement with our services constitutes acceptance of the current policy.

14. Contact — Privacy

The Panday Group

Attention: Privacy Contact

Email: medical@pandaygroup.com

Phone: 1-844-272-6329

Address: 46 Routledge Drive, Richmond Hill, Ontario, L4C 0E3

Website: pandaygroup.com