Privacy Policy

Maison Oolong takes the protection of personal information seriously. In accordance with Law 25, we have appointed a Privacy Officer (Responsable de la protection des renseignements personnels — RPRP) who oversees compliance and responds to individual rights requests.

We collect the following categories of personal information:

• Identity: first name, last name, date of birth
• Contact information: postal address, email, phone number
• Health data (sensitive): pre-treatment medical history, allergies, contraindications, medications — collected exclusively for the safety and personalization of treatments
• Payment information: processed exclusively through Moneris and Shopify Payments. Maison Oolong does not store credit card numbers
• Before/after photographs: if consented to for clinical protocol tracking
• Browsing data: IP address, cookies, site usage statistics (see section 08)

Your personal information is collected for the following purposes:

• Providing medical aesthetic and wellness services
• Clinical monitoring of protocols and results
• Appointment management and invoicing
• Marketing communications (with explicit consent only)
• Improving the website user experience
• Compliance with legal obligations (health record-keeping under Quebec law)

• Explicit consent: for sensitive health data and marketing communications
• Performance of contract: for transactional and appointment data necessary to deliver the agreed service
• Legitimate interest: for anonymized website statistics, subject to balancing test
• Legal obligation: for health record-keeping and accounting records

Maison Oolong does not sell personal information. We share data only with trusted technical subcontractors who have signed data processing agreements compliant with Law 25:

In accordance with Law 25, any transfer of personal information outside Quebec is subject to a privacy impact assessment (PIA) to verify that the destination jurisdiction offers equivalent protection.

Under Quebec's Law 25, you have the following rights regarding your personal information:

• Right of access: obtain a copy of your personal information held by us
• Right of rectification: correct inaccurate or incomplete information
• Right to withdraw consent: at any time, subject to legal constraints
• Right to data portability: receive your data in a structured, commonly used format
• Right to erasure: subject to applicable legal retention obligations
• Right to de-indexation: have information about you removed from search engine results
• Right to cessation of dissemination: stop the use of your information in certain contexts
• Right to file a complaint: with the Commission d'accès à l'information du Québec (CAI)

A consent banner is displayed on first visit. You may modify your cookie preferences at any time.

• TLS 1.3 encryption across the entire site
• Medical data stored in SimplyBook.me (GDPR-compliant)
• Access restricted to authorized practitioners only
• Regular security audits
• Data breach notification procedure within 72 hours, as required by Law 25

This site and our services are not intended for minors under 14 years of age.

For persons aged 14 to 17, parental or guardian consent is required for both services and the collection of personal data. A parent or guardian must be present or provide written consent prior to any treatment.

This privacy policy may be updated periodically to reflect changes in our practices or applicable law. The date of the last revision is displayed at the top of this page.

In the event of a material change affecting your rights, we will notify you by email using the address on file, at least 30 days before the change takes effect.

For any question, rights request, or complaint relating to your personal information: