Our Privacy Policy

---

 At Goldentia Home Care Services, we are committed to providing compassionate, high-quality non-medical home care services to the communities we serve. Our dedicated team delivers a range of supports—including companionship, personal care, meal preparation, light housekeeping, and respite care—to help clients live independently and with dignity in their own homes.

We value collaboration and often work in partnership with local service providers, healthcare organizations, and community resources to ensure each client receives the most comprehensive care possible. Our regular business hours are Monday to Friday, 8:30AM–5PM, and we offer after-hours contact processes to support our clients’ needs at any time.

This Privacy Policy details the principles and practices our non-medical home care business uses to collect, use, store, disclose, and protect personal information of clients, caregivers, and visitors, in compliance with Ontario’s Personal Health Information Protection Act, 2004 (PHIPA) and other applicable laws. By accessing our services, you agree to this Policy, which is aligned with Canadian and Ontario privacy best practices and industry standards.

For questions or to access our services, please contact us at:

• Phone: 289-499-2870
• Email: support@goldentiahomecare.ca
• Office Address:  Plaza II, 350 Rutherford Road S Unit 104, Brampton, ON, L6W 4N6

We are here to serve you according to the highest standards of privacy, professionalism, and respect for your individual needs.

This policy applies to all personal information collected, used, stored, or disclosed by our business, including information collected:

• In person, by phone, electronically, or by other means.
• About clients, caregivers, substitute decision-makers, and any individual whose information is necessary to the provision of care.

At Goldentia Home Care Services, we recognize the unique diversity and richness of the communities we serve across Ontario. Our commitment extends beyond simply providing non-medical home care services—we strive to ensure that all clients, regardless of background, receive respectful, individualized care that honors their cultural, linguistic, and social needs.

• Culturally Responsive Care: Our staff are trained to be sensitive to the diverse cultural values and traditions present in our client base. We seek to provide care that respects each person’s cultural, religious, and personal preferences.
• Language Accommodation: We offer information materials and service communications in multiple languages upon request, reflective of our community’s needs. Interpreter services are available upon request to assist with care planning, consent, and service delivery, ensuring clear and informed communication for clients and their families.
• Inclusive Recruitment Practices: Our staffing partners actively recruit staff from varied backgrounds to better reflect and understand the communities we support. Team members receive guidance on cultural competence and inclusive service delivery as part of their ongoing training.
• Community Partnerships: We work collaboratively with local organizations and community resources to provide holistic support, making referrals and connections where appropriate to meet broader client needs.
• Support for Vulnerable Groups: Special attention is given to the needs of vulnerable individuals, including seniors living alone, recent immigrants, and those facing barriers to care. Our processes are designed to promote privacy and dignity for all clients.

• We collect, use, and disclose personal information with an awareness of cultural sensitivities and only as required for quality service delivery or as mandated by law.
• Clients are encouraged to share any specific privacy or cultural preferences with our team, and we will make every effort to accommodate these within our service framework.
• If clients have accessibility or language-related concerns regarding their information or our policies, we work proactively to provide appropriate resources and support.

We strictly comply with:

• Personal Health Information Protection Act (PHIPA) (Ontario)
• Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), where applicable (for personal information outside health records or for cross-border activities)
• Any additional provincial or municipal privacy legislation and regulations that may apply to home care.

We designate a Privacy Officer responsible for organization-wide compliance with this policy, for privacy-related complaints, and for liaising with regulators. Contact information for the Privacy Officer is available to all interested parties.

We collect personal information only for lawful and necessary business purposes, typically including:

• Contact details (name, address, phone, email)
• Care needs and service preferences
• Scheduling and billing information
• Data required to assess client needs and provide personalized care plans.

The nature and extent of information collected are limited to what is required for care delivery, regulatory compliance, or as otherwise consented to by the individual.

Obtaining Consent:
Informed Consent is obtained before personal information is collected, used, or disclosed, either digitally (through acceptance forms in Shiftcare) or verbally, with records of consent uploaded or noted in the client’s digital file.

Consent may be express (written or verbal) or implied, in accordance with PHIPA and PIPEDA.

Clients are informed clearly about the types of information collected, the intended use, and their rights regarding their data.

Withdrawing Consent:
A client may withdraw consent at any time by written notice (email, physical letter). Upon withdrawal, we inform the client of any service impacts and update records accordingly.

We may collect, use, or disclose personal information without consent where required or permitted by law, such as in emergencies, to reduce risk of harm, or for certain legal/regulatory disclosures.

We use and/or disclose personal information solely for:

• Providing and coordinating requested home care services
• Billing and payment processing
• Quality assurance, risk management, or legal compliance
• With your consent, to coordinate with other care providers within your circle of care.

We do not sell or rent personal information. Information may be shared with third parties (e.g., insurers, regulatory bodies) only as permitted or required by law.

 Service Delivery: Only authorized staff (caregivers, coordinators, supervisors) may access client information in Shiftcare relevant to their duties. Each user has a unique login with role-based permissions to limit data access.

Disclosure: Information is not shared outside our organization except as required by law or with explicit client consent (e.g., coordination with healthcare partners or for billing purposes).

We protect personal information with administrative, physical, and technical safeguards appropriate to the sensitivity of the information, including but not limited to:

• Role-based access controls for staff
• Secure recordkeeping (physical and electronic)
• Mandatory privacy and security training for all personnel
• Regular reviews and updates of privacy practices.

• Electronic Security: All client and staff records are stored using Shiftcare’s secure, encrypted platform, protecting data against loss, theft, unauthorized access, or disclosure.
  • Access is password-protected and monitored.
  • Data is regularly backed up, and security patches and software updates are applied promptly.

• Physical Security (if applicable): Any paper records are kept in locked filing cabinets in restricted office areas and promptly digitized to Shiftcare when practical.

• Retention and Destruction: Records are retained according to legal requirements and securely destroyed (digital deletion from Shiftcare and shredding of any paper records) once no longer needed.

Caregivers  

Access to Personal Information: Client care records, contact details, limited service history (only for assigned clients)

Training Requirements: Privacy and security onboarding; annual refresher training 

Confidentiality Measures: Bound by signed confidentiality agreements; monitored access 

Coordinators 

Access to Personal Information: Client demographic profiles, service plans, schedules, billing details

Training Requirements: Privacy and security onboarding; annual refresher training

Confidentiality Measures: Role-based electronic access controls; confidentiality undertakings 

 Administrative Staff 

Access to Personal Information:  Billing details, HR records, general inquiries

Training Requirements: Privacy training at hiring; refresher as policy changes

Confidentiality Measures: Role-based access restrictions; confidentiality agreements 

Supervisors/Managers:

Access to Personal Information:  All client and staff records as needed for oversight, quality assurance, safety

Training Requirements: Comprehensive privacy/security training at start; annual review

Confidentiality Measures: Audit logs of information access; ongoing role review 

Contractors: 

Access to Personal Information: Only information necessary to fulfill contracted tasks, as specified by contract

Training Requirements : Contractual privacy terms; pre-engagement privacy briefing

 Confidentiality Measures : Limited, monitored access; contractually mandated privacy obligations 

You have the right to:

• Access your personal information, subject to certain exceptions allowed by law.
• Receive clear explanations regarding your care plan or assessment information.
• Request corrections to inaccurate or incomplete data.

Requesting Access:

Clients (or their substitute decision-makers) may request access to their records at any time by contacting our Privacy Officer (via email, phone, or Shiftcare message).

Requests are acknowledged within 5 business days, and information is provided within 30 days unless there is a legal reason for delay, which will be communicated.

Corrections:

If a client believes that information is inaccurate or incomplete, they may submit a correction request. Once verified, updates are made promptly in Shiftcare, and records of changes are maintained.

We retain personal information only as long as necessary:

• To meet the purposes for which it was collected,
• To comply with legislative requirements and best practices.

Once no longer required, records are securely destroyed in a manner that ensures confidentiality and privacy.

If a privacy breach occurs (e.g., unauthorized access, loss, or disclosure), we will:

• Notify affected individuals at the first reasonable opportunity and inform them of their right to escalate to the Information and Privacy Commissioner of Ontario.
• Notify regulators when legally required.
• Investigate causes, mitigate risks, and update practices as necessary.

Support for Questions: Clients may contact our Privacy Officer with any questions, requests, or concerns about data handling, either directly or through secure Shiftcare messaging.

Feedback, concerns, or complaints about privacy practices can be addressed in writing to our Privacy Officer. If unresolved, you may also contact the Information and Privacy Commissioner of Ontario.

This policy is reviewed annually and updated as necessary to reflect legislative changes, evolving best practices, and operational requirements. Material changes are communicated to clients and personnel.

For questions, access or correction requests, or to make a privacy complaint, please contact:

Privacy Officer
Email: privacyofficer@goldentiahomecare.ca
Mailing Address: Plaza II, 350 Rutherford Road S Unit 104, Brampton, ON, L6W 4N6

At Goldentia Home Care Services, we recognize that privacy regulations and best practices are continually evolving. We are committed to regularly reviewing and updating our privacy policy and procedures to ensure ongoing compliance with Ontario law and to reflect advancements in technology, changes in our operations, and feedback from our clients and team.

• Annual Review: This Privacy Policy is reviewed at least once each year by our designated Privacy Officer in consultation with management and, where appropriate, external privacy professionals.
• Trigger Events: Additional reviews occur promptly following any significant changes in applicable laws, industry standards, business practices, or upon implementation of new technologies (such as updates to Shiftcare or other operational systems).

• Assessment and Consultation: During policy reviews, we assess legal developments, regulatory guidance, operational changes, internal incident reports, and client feedback. Recommendations for improvements are documented and evaluated.
• Approval: Any proposed changes are reviewed and approved by senior management to ensure they meet organizational, legal, and industry requirements.
• Implementation: Updated policies are communicated clearly to all staff members through mandatory training sessions, meetings, or electronic notifications. Revised privacy practices are implemented promptly.

• Notifying Clients: When there are material updates to our privacy practices or policies, we notify active clients and their representatives by email, written notice, or through secure messaging in Shiftcare, and post updated policies on our website and/or in our office.
• Effective Date: Each version of the policy clearly states its effective date, with previous versions maintained on record for reference.

• Documentation: All policy reviews, updates, and communications are thoroughly documented and retained in accordance with applicable legal and business standards. Records of changes and the reasons for updates are accessible to regulators on request.
• Access for Stakeholders: Clients, caregivers, and other stakeholders may request a copy of the current and/or previous policy versions at any time.

• Feedback: We encourage feedback from clients and staff to identify areas for improvement. Our Privacy Officer can be contacted directly for suggestions or questions regarding our privacy management.
• Adaptation: Our commitment to privacy is ongoing. We strive for continuous improvement in our privacy and data management practices, responding proactively to new risks, regulatory requirements, and client needs.

Last Updated: July 27, 2025