Rumini

Menu
Join Rumini

Privacy Policy

Effective Date: November 11, 2025  —  Last Updated: November 11, 2025

1. INTRODUCTION AND SCOPE

Rumini Health Inc. (“Rumini”, “we”, “us”, “our”) operates the digital healthcare platform accessible via www.rumini.ca and associated mobile applications. We provide telemedicine services, prescription reviews, medication fulfillment and delivery services to residents of Ontario, Canada.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information and personal health information in the context of our services.
We respect your privacy and are committed to compliance with PHIPA and PIPEDA.

2. DEFINITIONS

  • Personal Information: Information about an identifiable individual (e.g., name, contact details).
  • Personal Health Information (PHI): Any information regarding an individual’s physical or mental health, health history, treatments, or prescriptions.
  • Sensitive Data: Includes medical diagnoses, test results, medication usage, health conditions such as weight loss, erectile dysfunction, hair loss.
  • Data Controller:  Rumini Health Inc.
  • Data Subject: You, the individual user or patient of our services.

3. INFORMATION WE COLLECT

3.1 Information You Provide

  • Registration information: first and last name, date of birth, gender.
  • Contact details: email, phone number, postal address.
  • Identification documents: OHIP health card, other government ID (as required).
  • Health information: medical history, current medications/allergies, conditions (e.g., weight-management, ED, hair loss), test results, physician/nurse practitioner consultation notes.
  • Payment and billing information: credit or debit card details (processed via secure providers).
  • Communication records: messages, emails, video consultation recordings (with explicit consent).

3.2 Information Collected Automatically

  • Technical data: IP address, browser type, operating system, device model, unique device identifiers.
  • Usage data: pages visited, time spent, clicks, session data.
  • Cookies and similar tracking technologies: for preferences, login sessions, analytics.

3.3 Information from Third Parties

  • Licensed healthcare professionals: consultation reports, prescriptions.
  • Laboratories: diagnostic/test results.
  • Pharmacies: prescription fulfilment history.
  • Insurance providers: coverage or claims data (with consent).

4. LEGAL BASIS & PURPOSES OF PROCESSING

4.1 Legal Basis (under PIPEDA & PHIPA):

  • Your explicit consent to collect, use or disclose PHI.
  • Performance of services you request (telemedicine, prescription services).
  • Legal or regulatory obligations we must meet.
  • Legitimate interests: improving our services, conducting internal analytics, maintaining security.

4.2 Purposes of Processing:

  • Provide health consultations, telemedicine, and prescription management.
  • Review eligibility for treatment programmes (e.g., weight-loss, ED, hair-loss).
  • Issue and deliver prescriptions via qualified professionals and pharmacies.
  • Maintain electronic medical records and track care continuity.
  • Communicate with you: appointment scheduling, reminders, follow-ups.
  • Billing management, payment processing, tax compliance.
  • Conduct anonymized research or analytics (with your consent).
  • Fraud detection, system security, ensuring regulatory compliance.

5. INFORMATION SHARING & DISCLOSURE

We may share your information when necessary for service delivery, under strict confidentiality:

  • Healthcare professionals (physicians, nurse practitioners, pharmacists) engaged in your care.
  • Pharmacies and diagnostic laboratories assisting with fulfilled prescriptions or tests.
  • Service providers (hosting, payment processors, communication platforms) operating on our behalf under confidentiality agreements.
  • Governmental or regulatory authorities where required by law.
  • Insurance companies, only if you consent and for the purposes of reimbursement or coverage verification.

We do not sell or rent your personal or health information to third parties for marketing purposes.

6. DATA SECURITY

We have implemented technical and organizational safeguards consistent with PHIPA and PIPEDA requirements and industry best practices:
  • Secure transmission (HTTPS/SSL/TLS) for data in transit.
  • Secure hosting: Canadian-based servers, encrypted storage.
  • Role-based access control, multi-factor authentication for staff access.
  • Audit logging: tracking access to PHI.
  • Password policies, encryption at rest, regular backups with encryption.
  • Periodic vulnerability assessments, penetration testing.
  • Staff training on privacy and information security.
  • Use of PHIPA-compliant video/telehealth platforms where applicable

7. DATA RETENTION

Data Category Retention Period Disposal Method
Medical Records Minimum 10 years from last interaction Secure deletion or anonymization
Minor-patient Records Until 10 years after the patient turns 18 Secure deletion or anonymization
Prescriptions 2 years from date of issue Secure deletion
Billing/Payments 7 years (as per CRA requirements) Secure deletion
Communications 2 years unless medically relevant Auto-deletion unless flagged
Cookies Up to 13 months User-controlled removal

8. YOUR RIGHTS

As a user and data subject under PHIPA and PIPEDA, you have rights including:
  • Right of access: You may request access to the personal and health information we hold about you.
  • Right of rectification: You may ask us to correct inaccurate or incomplete information.
  • Right to withdraw consent: Subject to legal and regulatory limitations.
  • Right to portability: In certain contexts you may request your data in a reusable format.

To exercise your rights, please contact our Privacy Officer at privacy@rumini.ca or use our online form at www.rumini.ca/privacy-rights. We will respond within 30 days

9. COOKIES & TRACKING TECHNOLOGIES

  • We use essential cookies for site functionality.
  • Functional cookies to remember your preferences.
  • Analytics cookies (e.g., anonymized usage data) for service improvement.
  • Marketing cookies only with explicit consent (opt-in).

You can manage your cookie preferences via the banner on our site and adjust browser settings accordingly.

10. TELEHEALTH & ELECTRONIC PROCESSES

  • Video consultations are delivered using platforms compliant with PHIPA encryption and security standards.
  • Recordings (if taken) are only with your explicit consent and stored securely.
  • Electronic prescriptions follow Ontario pharmacy regulatory requirements and are logged for audit purposes.
  • Intake and clinical forms (e.g., ED, weight-loss, hair-loss) are securely stored and reviewed by licensed clinicians; automated decision-logic is always subject to human oversigh

11. PACKAGING, SHIPPING & DELIVERY

  • Medications are prepared by Ontario College of Pharmacists (OCP)‐licensed pharmacists.
  • Discreet, tamper-evident packaging compliant with Health Canada requirements.
  • Shipment via signature-required courier (e.g., UPS, Purolator) with tracking.
  • Delivery notifications and instructions provided to you; contact details included in case of issues.

12. AUTOMATION & AI-ASSISTED PROCESSES

  • We may use automation (workflow tools) and AI-assisted analytics (e.g., for drug interaction checking, eligibility screenings).
  • All decisions involving patient care are reviewed by a licensed clinician; no automated decision affects your care without human supervision.
  • We disclose when automated tools are used in your care pathway.

13. DATA BREACH RESPONSE

In the event of a breach involving personal or health information:
  • We will notify appropriate regulatory authorities and you without unreasonable delay in accordance with PHIPA breach obligations.
  • We maintain a breach register, undertake root-cause analysis and implement corrective actions.
  • Notifications will include nature of the breach, data affected, mitigation steps taken, and contact information for follow-up

14. MARKETING & COMMUNICATIONS

  • Marketing or promotional communications are sent only where you have given explicit opt-in consent.
  • You may unsubscribe or withdraw consent at any time using the link in the email or via your user portal.
  • Service communications (appointment reminders, test results, security notices) are separate and may be sent without separate marketing consent as required to provide care

15. GOVERNANCE & COMPLIANCE

  • We have appointed a Privacy Officer under PHIPA.
  • Annual internal audits of privacy, security, and policy compliance.
  • Our processes align with LegitScript certification standards (where applicable) to ensure transparency and safety in online pharmacy/telehealth operations.
  • Regular policy review and updates to reflect regulatory changes and industry best practices.

16. MINORS

We do not knowingly provide our services to users under 18 without parental/guardian consent. For minors aged 14–17 in Ontario, we recognize mature minor consent rules under PHIPA. We verify age and ensure legally-appropriate consent procedures.

17. POLICY CHANGES

We may change this Privacy Policy from time to time. When we make significant changes, we will update the “Last Updated” date and provide notice (e.g., via email or website banner) at least 30 days before changes take effect. Archived versions will remain available.

18. CONTACT INFORMATION

Rumini Health Inc.
Email: admin@rumini.ca
Address: Toronto, Ontario, Canada
You may also contact the Ontario Information and Privacy Commissioner at www.ipc.on.ca for privacy law inquirie.

19. CONSENT STATEMENT

By using Rumini’s services, you acknowledge that you have read, understood and accepted this Privacy Policy. For collection or use of sensitive health information, separate explicit consent will be obtained.

Scroll to Top