403-475-0111 Unit 101, 10601 Southport Rd SW, Calgary Mon-Fri 9:00–17:00 · Sat 9:00–15:00
Home Privacy

Privacy Policy.

How Holy Cross Family Medicine Clinic handles website messages, contact forms, physician referrals, and personal health information.

1. Who this policy applies to

This policy applies to information submitted through the Holy Cross Family Medicine Clinic website, including contact forms, physician referrals, file uploads, and basic website usage data.

Holy Cross Family Medicine Clinic is located in Calgary, Alberta. Personal health information is handled in line with Alberta health privacy obligations, including the Health Information Act, and general private-sector privacy obligations that may apply to clinic operations.

2. Information we collect

  • Contact form details such as name, email, phone number, requested service, message, and new-patient status.
  • Referral details submitted by physicians, including physician contact details, patient name, date of birth, PHN, phone number, referral reason, selected services, and lab attachments.
  • Technical safeguards and abuse-prevention signals such as IP address, rate-limit metadata, honeypot fields, and Cloudflare Turnstile verification tokens when enabled.

3. How we use information

  • To respond to inquiries, contact forms, and referral submissions.
  • To generate and deliver referral PDFs and attachments to the clinic-approved secure destination.
  • To protect the website from spam, abuse, automated submissions, and service misuse.
  • To maintain clinical, administrative, security, and compliance records required for clinic operations.

4. Service providers

The website may use hosting, CMS, email, SMS, spam-prevention, uptime, analytics, and map providers. These providers should only be enabled after the clinic confirms the processor list, privacy terms, and data-processing agreements needed for launch.

Referral submissions can contain sensitive personal health information. The production referral endpoint is designed to fail closed if secure email delivery is not configured.

5. Retention and storage

Website submissions are retained only as long as needed for care, clinic administration, legal, security, and operational requirements. Referral PDFs, lab files, and any imported clinical records should follow the clinic's approved health-record retention policy.

In production, referral PHN, DOB, referral reason, and attachments should not be written to application logs or public analytics tools.

6. Cookies, analytics, and maps

The website may use cookies or similar technologies for language preference, spam prevention, analytics, uptime monitoring, embedded maps, and site performance. Non-essential analytics should not collect personal health information and should be configured conservatively.

7. Safeguards

The website uses HTTPS in production, server-side validation, rate limiting, honeypot fields, optional Cloudflare Turnstile verification, and fail-closed delivery checks for sensitive referral intake. Clinic staff access to referral and contact destinations should be limited to authorized users.

8. Access, correction, and questions

Patients may contact the clinic to ask questions about information submitted through the website, request correction of contact details, or ask how to access health information held by the clinic.

For urgent medical issues, do not use the website forms. Call the clinic at 403-475-0111, call 911, or go to the nearest emergency department.