Privacy Policy

DiveThru’s Website Privacy Policy

Date of Last Amendment: January 5, 2025

DiveThru respects and endorses your rights to privacy and to understand how and why we collect, use, safeguard, and disclose personal information.

A. Accountability

The Website is provided by DiveThru Inc.,  Bell Tower, 2100, 10104 103 Ave NW, Edmonton, AB T5J 0H8. (“DiveThru,” “we,” “us,” “our”):

• as a source of information about our services, locations, and therapists, and how we and our therapists provide services (including virtual options); and
• as a portal to the DiveThru App, where our services and those of our therapists are accessed.

In this Website Privacy Policy, we use the terms:

• “App User” to refer to users of the App but not the Website;
• “Client” to refer to App Users who have booked an appointment with one of our therapists; and
• “Website User” to refer to users (visitors, browsers) of the Website but not the App.

Except as described in section G and in the case of Website Users who join our mailing list, DiveThru DOES NOT collect personal identifying information, personal information, or personal health information (as those terms as defined in this Policy) from Website Users. In other words, anyone can visit/browse the Website without entering information in data collection fields.

In section G of this Website Privacy Policy, we describe how we collect, store, use, disclose, safeguard, and dispose of the limited information that we do collect from Website Users. By using the Website, Website Users consent to our collection of the information described.

DiveThru DOES collect personal identifying information, which may include personal information and personal health information from App Users. Dive Thru DOES collect personal identifying information, personal information,and personal health information from Clients.

The DiveThru App Privacy Policy explains how we collect, use, disclose, safeguard, and dispose of Clients’ (1) personal identifying information, (2) personal information, (3) personal health information, and (4) other rights Clients have concerning that information.

Content is not mental health counselling.

The information on the Website is informational/educational only. Nothing on the Website is, should be considered as, or substituted for, mental health counselling or psychotherapy. The provision of the information on the Website does not constitute the practice of mental health counselling, psychotherapy, or the provision of any other professional mental health advice, diagnosis, or treatment. If you are not sure if mental health counselling or psychotherapy will benefit you, you can connect with our team by reaching out to hello@divethru.com.

B. Personal Identifying Information

Personal identifying information is information that identifies a specific individual. Personal identifying information is subject to privacy rights.

An individual’s name alone can be personal identifying information. An individual’s name combined with a second piece of information is almost always personal identifying information. Home address, email address, telephone number, social media handle, age, nickname, a detailed description of physical features, the neighbourhood in which the person lives,  and where they went to school are examples of information that would be personal identifying information when combined with a name or another identifier.

C. Personal Information

Personal information is information about an identifiable individual. Personal information is subject to privacy rights.

Examples of personal information include:

• An individual’s race, national or ethnic origin, colour, religion, age, sex, sexual orientation, or marital or family status.
• An individual’s education, criminal record, or employment history.
• an individual’s financial status or information relating to financial transactions in which the individual has been involved.
• an individual’s social insurance number, social security number, or any unique number or identifier assigned to them by a government agency or authority or any other organization. An example of the latter is an employee number issued by the individual’s current or past employer.
• an individual’s fingerprints or blood type.
• an individual’s personal opinions or views about social or political issues.
• the views or opinions of others about the individual.
• any information that could prove embarrassing or harmful to an individual’s reputation or that a reasonable person would not want in the public domain.

D. Personal Health Information

Personal health information is subject to stringent privacy rights. Personal health information can include personal identifying or personal information.

Personal health information includes: 

• an individual’s medical, psychiatric, or psychological history;
• diagnostic, treatment, or care information related to an individual’s physical or mental health;
• Information that identifies the health services provider providing health services to an individual or who has provided health services to the individual in the past;
• a drug provided to or prescribed for an individual;
• a health care aid, device, product, equipment, or other item provided to an individual pursuant to a prescription or other authorization;
• the amount of any benefit paid or payable by a public or private insurer, or any other amount paid or payable for a health service provided to an individual; and
• any other information about an individual that is collected when a health service is provided to the individual, including the health history of the individual’s family.

E. The Information We Collect from Website Users

We do not collect personal identifying information (unless a Website User joins our mailing list), personal information, or personal health information from Website Users. However, each time a Website User visits the Website, we collect or may collect information (“Section G Information”) that could,  in a very limited number of scenarios, be used to identify the Website User.

Examples of the Section G Information we collect or could collect include the Website User’s Internet Service Provider and IP address, the Website User’s browser type, the date and time of the visit, the site the Website User visited before or after our Website (navigation history, referring site), and the pages on our site that were viewed.

F. Why We Collect Limited Information from Website Users

We use or may use Section G Information for our internal security audit log, usage and trend analysis, system administration, and to gather aggregate demographic information about our User base for market identification and related purposes, including how Website Users use the Website (pages visited, time on pages, etc.). We share or may share Section G Information with third parties that provide services to us, including analysis, storage, and data aggregation, data organization.

Please note that we only use Section G Information for legitimate purposes related to the operation of our business and advancing our commercially reasonable business objectives, including understanding how Clients use our Website. We do not use it for any other purpose, and we do not share it except as described in this Website Privacy Policy.

G. Technologies

Cookies

Cookies are small text files that are placed on users’ computers by websites. They are widely used to allow websites to work properly and be more user-friendly, remember user preferences, improve user experience, and provide website owners with information they use for legitimate business purposes. A description of what cookies are and how they work can be found here.

We use or may use cookies for all of the reasons listed.

Some cookies that are placed or may be placed by our Website are from third-party companies that provide us with analytics and other services. The information collected helps us understand how users interact with our Website so that we may make improvements to it.

Google

We use the Google Analytics suite of tools (or another provider’s substantially identical tools). Google (Alphabet Inc.) uses cookies to provide us with data that helps us better understand how our Website is being used, including the number of users, session statistics (the pages visited, how long users stay on the site), approximate geolocation, and browser and device information.

In particular, we use Google Tag Manager, a Google Analytics tool (or another provider’s substantially identical tool), to manage tags. Marketing tags are segments of code on a website that track user actions and collect data. Specific actions on a website trigger tags to collect data about the activity and send it to an analytics tool. Different tags serve different functions: Pageview Tags monitor visits to pages on a website; Conversion Tags track, for example, each time a form is filled out.

We use the Google Search Console (or another provider’s substantially identical tool) to obtain search-engine-related data to help us optimize traffic to our Website. Examples of search-engine-relate data include user queries and the number of times our site’s URLs appear in search results (impressions), along with post-click data about site engagement, including bounce rates and e-commerce conversion rates.

Google policies require that no data be passed to Google that Google could use or recognize as personal information. More information about Google’s policies is here.

Ad Services

We use Google Ads to highlight our Website when users use Google’s search engine. We do not disclose personal information when we use Google Ads.

We use Meta Ads (Meta Platforms, Inc.) to advertise on, for example, Facebook and Instagram. We may disclose aggregate, anonymous data about visitors and visits to our Website to Meta, but we do not disclose personal information.

Other Service Providers

In addition to Google and Meta Platforms, the following companies provide services to us: 

• Amazon Web Services (AWS) provides our servers and cloud delivery network.

We provide these service providers with the information described in Section G. We acknowledge that such information could be used, in a very limited number of scenarios, to identify individual Website Users and that we are ultimately responsible for the security of information provided to us. We are satisfied that these providers properly protect and lawfully use information in their possession. Clients can access each company’s privacy policy by clicking on their names.

‍‍Other User-Tracking Technologies

We may use web beacons (sometimes called trackers). Web beacons allow the owner of a website to count the number of users who click on an advertisement for its product or service on a third-party site (to assess the value of advertising on that third-party site). Web beacons collect only specific information, such as a cookie number, time and date of visit, and a description of the page on which the web beacon is installed. Personal information is not collected.

It is not possible to opt out of web beacons used on web pages. However, because web beacons are used together with cookies, their use can be limited by deleting cookies or changing browsers’ cookie settings.

‍Managing Cookies Settings

Cookie settings can be managed to clear or block specific cookies or all cookies. However, a User who blocks all of the cookies that we use may find their user experience affected or that our Website loses most or all of its functionality. Cookie settings are accessed via browser settings. Please keep in mind that by clearing all cookies, all website preferences will be lost.

H. Internal Access to Section G Information

Access to Section G Information is limited to DiveThru employees who require it to deliver and oversee the delivery or our services and those of our therapists and to those who support the Website and develop and provide our online services.

We share Section G Information with companies affiliated with DiveThru. We require those companies to adhere to this Policy or a materially identical privacy policy. Affiliate companies include our subsidiary companies and other companies we control or that are under common control with us.

If a third-party contractor has or could have access to Section G Information, we require that contractor to treat it as confidentially as we do. An IT contractor providing system maintenance is an example of a third party that may have access to Section G Information in the course of providing services to us. Other third-party services that will or may involve access to Section G Information include payment processing, customer services (e.g., contact centre services), data analysis, hosting services, marketing, and product development. Specific third-party contractors to which we provide personal information are identified in this Website Privacy Policy.

I. External Disclosure of  Section G Information

Other than as detailed in this Policy, DiveThru does not disclose information to third parties except in situations in which a reasonable person would expect it to be disclosed. An example is if we are required to do so by operation of law.

We disclose Section G Information to the proper authorities if necessary to report criminal or probable criminal activity, including fraud against us or one of our therapists or Clients, or to protect the security of our therapists, Clients, and their property, including their intellectual property.

We do not sell Section G Information.

J. Safeguards

We use medical-industry-standard administrative, electronic (HTTPS over TLS encryption), and physical security measures that meet the standards set by applicable health records privacy laws to prevent unauthorized access to Clients’ personal information. Our Privacy & Data Security Officer (see section L) is responsible for monitoring and maintaining the measures we take to protect the security of Website Users’ personal (and non-personal) information and to conduct periodic audits of our security measures to ensure that they are up-to-date and continue to meet medical industry standards.

K. Data Breaches

While we take industry-standard steps to secure all information of whatever nature, no security measures are perfect or impenetrable, and no method of data storage or transmission can be guaranteed against any interception or other misuse. In particular, information stored online is vulnerable to interception and misuse by unauthorized parties.

Section G Information is anonymous to us. For that reason, we cannot contact Website Users whose Section G Information may have been obtained by unauthorized parties. We and and would, however, post a notice with respect to the unauthorized access to Section G Information.

In the event of a data breach involving the DiveThru App and Client information provided with respect thereto (i.e., Clients’ personal identifying information, personal information, and/or personal health information) that posed a risk of significant harm to Clients, the steps we would take to inform Clients are outlined in the DiveThru App Privacy Policy.

L. DiveThru’s Privacy Compliance Officer

DiveThru has designated an appropriate official as its Privacy & Data Security Officer (PO). The PO is empowered to ensure compliance with DiveThru’s confidentiality of personal information obligations and commitments, as well as with all of our statutory privacy obligations.

Contact our Privacy Compliance Officer at privacyofficer@divethru.com with any questions you have about this Privacy Policy or our data security practices. When contacting our PO, please indicate “Website Privacy Inquiry” in the subject line. Please note that to maintain their efficacy, we do not provide detailed information about our data security technology and practices.

M. Compliance

DiveThru offers its services to Clients in some Canadian provinces. For that reason, the Website is intended for the use of individuals resident in those Canadian provinces.

This Privacy Policy complies with all applicable Canadian (federal and provincial) privacy laws in force on the Date of Last Amendment. We have made commercially reasonable efforts to create a Privacy Policy that is also generally consistent with the spirit and intent of the laws in other (international) jurisdictions, but we do not claim that our Policy strictly complies with all privacy regulations in the world.

If you believe we are not handling your personal information as required by Canadian privacy law, please address your concern in the first instance to our PO at privacyofficer@divethru.com. When contacting our PO, please indicate “Website Privacy Inquiry” in the subject line.

You have the right to have your concern reviewed fairly and impartially by our PO, and to be advised of the outcome of the review and any steps taken to address your concern, including any amendments to this Policy or any changes to our practices.

N. Amendments to this Privacy Policy

We may amend these Terms at any time without prior notice, but significant changes will be communicated via a notice on our Website or through registered user email communications. Continued use of our Website constitutes consent to its terms and, in particular, to our collection, use, and disclosure of information in accordance with Section G.