Introduction
SeniorNest (“SeniorNest Living Inc.”, “we”, “our”, “us”) is a Canadian provider of age-in-place housing and concierge services that lets residents and their families manage accommodations, care add-ons, and community events through a secure online portal. This Privacy Policy describes how personal information is collected, used, stored, and disclosed when prospective residents, tenants, family guarantors, clinicians, suppliers, or visitors interact with our website, mobile app, or on-site kiosks.
Privacy Policy
• Information we collect
(a) Identity & contact – full name, preferred name, date of birth, email, phone, mailing address, emergency contacts, Power-of-Attorney details.
(b) Residency records – suite number, lease or life-lease term, dietary notes, mobility profile, care plan approvals, incident reports.
(c) Health-related data – physician orders, medication lists, allergies, vaccination status, fall-risk assessments (collected only with explicit consent under PIPEDA “sensitive information” rules).
(d) Financial data – payment tokens (last four card digits), pre-authorized debit info, provincial rent-receipt details, GST/HST allocation.
(e) Preference data – activity sign-ups, meal selections, spiritual-care requests, newsletter topics.
(f) Telemetry – device type, IP address, browser build, session duration, crash traces.
(g) Support artefacts – CCTV of common areas (retained for resident safety), call-centre recordings, chat transcripts.
• Purposes
– verify identity and assess eligibility under provincial retirement-home regulations;
– prepare tenancy agreements, meal plans, care-service schedules, and visitor passes;
– process monthly accommodation fees and à-la-carte service charges;
– deliver wellness alerts to authorised family members and healthcare professionals;
– generate anonymised occupancy analytics that improve staffing, fall-prevention protocols, and menu design;
– comply with landlord-tenant law, public-health orders, and tax statutes;
– investigate incidents, prevent fraud, and protect residents, staff, and property.
• Retention
Tenancy files and health-service records are stored for ten years after move-out or as otherwise required by provincial residential-care legislation. Payment and CRA-related records remain for at least seven years. Encrypted backups rotate on a 35-day cycle.
• Access & Correction
Residents or authorised representatives may review or amend personal data at any time via the Resident Portal or by writing to privacy@seniornest.ca. Family members granted proxy access can view only the information their mandate permits.
• Consent
Express consent is obtained at admission and whenever new healthcare services, biometric entry badges, or payment methods are added. Implied consent covers door-sensor logs essential to resident safety. Consent may be withdrawn except where legal or contractual duties override; we will outline any service impact before acting.
• Accountability
A designated Privacy Officer conducts annual audits, trains staff on elder-care confidentiality, and responds to written privacy inquiries within 30 days.
GDPR
Although SeniorNest focuses on Canada, some residents and relatives may reside in the European Economic Area (EEA). Where the EU General Data Protection Regulation applies, we act as controller for profile, billing, and residency data, and processor for medical directives you supply. Processing bases include contract performance (Art. 6 (1)(b)), legitimate interest in safeguarding vulnerable adults (Art. 6 (1)(f)), and legal obligation (Art. 6 (1)(c)). EEA individuals may request access, rectification, erasure, restriction, portability, or objection by emailing dpo@seniornest.ca and may lodge complaints with their supervisory authority.
Cookie Policy
4.1 Types of Cookies
• Essential – session tokens, CSRF guards, load-balancer cookies for secure login and care-alert routing.
• Preference – stores text-size, high-contrast mode, preferred language, and activity-calendar filter.
• Analytics – first-party Matomo cookies with IP truncation that track portal response times and feature adoption.
• Marketing – optional cookies that promote community open-houses or partner physiotherapy offers; never shared with ad networks.
4.2 How to Disable Cookies
Most browsers allow you to block or delete cookies. Essential cookies are required for portal access; disabling them will prevent login. Preference and analytics cookies can be declined via our banner or by enabling “Do Not Track.” Marketing cookies load only after explicit opt-in and can be toggled off under Account → Privacy.
Transfer to Third Parties
We do not sell personal information. Limited disclosures occur only to:
• Canadian cloud hosts operating encrypted servers in Toronto and Calgary;
• PCI-DSS Level 1 payment processors;
• Accredited home-care agencies bound by PHIPA when delivering nursing or physiotherapy onsite;
• Provincial health authorities during outbreak reporting;
• Legal counsel, ombuds, regulators, or courts when compelled;
• Law-enforcement agencies if disclosure is needed to investigate abuse or protect public safety.
All vendors sign Data Processing Agreements mandating safeguards equal to PIPEDA and, where relevant, EU Standard Contractual Clauses.
Data-Security Measures
• AES-256-GCM encryption at rest with tenant-specific keys stored in FIPS 140-2 Level 3 HSMs.
• TLS 1.3 with Perfect Forward Secrecy for data in transit.
• Zero-trust segmentation isolating each resident vault.
• Role-based access control enforced by hardware-backed multi-factor authentication.
• Hourly incremental and nightly full backups replicated across two Canadian regions (RPO 15 min, RTO 4 h).
• Continuous vulnerability scanning, quarterly penetration tests, and annual SOC 2 Type II audit.
• Incident-response plan that notifies affected users within 72 hours of a confirmed breach and provides remediation updates.
Effective Date
This Privacy Policy is effective as of 19 June 2025 and supersedes all earlier versions. Material updates will be announced by email and in-app notice at least 30 days before enforcement.