Privacy Policy

Effective Date: January 1, 2025

This Privacy Policy (“Policy”) sets forth the privacy practices of JohnsonDigital.Design (“Company,” “we,” “us,” or “our”) in connection with the provision of web development, hosting, SEO, and marketing services to clients primarily engaged in podiatric healthcare across Canada, the United States, the European Union, and Australia (collectively, the “Covered Regions”). This Policy is intended to comply with the applicable privacy, data protection, and electronic communications laws of each Covered Region, including but not limited to:

Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA), and provincial legislation such as Alberta’s PIPA, British Columbia’s PIPA, and Quebec’s Act to modernize legislative provisions as regards the protection of personal information.
United States: The Health Insurance Portability and Accountability Act of 1996 (HIPAA), and applicable U.S. state privacy laws including the California Consumer Privacy Act (CCPA/CPRA).
European Union: Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”).
Australia: The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Scope and Applicability

This Policy applies to all personal data that may be collected, transmitted, or otherwise processed in connection with our provision of services to clients within the Covered Regions. This includes contact forms integrated into client websites built or managed by SmartClinicSites.com.

2. Data Collection and Processing

We do not collect, access, store, or retain any personal information submitted through contact forms on client websites. The following categories of information may be transmitted by end users through such forms:

Full name
Telephone number
Email address
Message content (e.g., appointment reason or inquiry)

Such information is transmitted securely using end-to-end encrypted protocols (e.g., TLS/SSL) via third-party platforms (e.g., Formspree), and delivered directly to the client’s designated email system. We act solely as a technical intermediary and do not qualify as a data controller or processor under any applicable privacy legislation.

3. Canada-Specific Disclosures (PIPEDA and Provincial Laws)

This Policy aligns with the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c.5) and applicable provincial laws. SmartClinicSites.com does not retain or access personal information and is not considered a “data custodian” under Canadian law. Clients are fully responsible for compliance with PIPEDA, Alberta PIPA, BC PIPA, and Quebec’s modernized privacy law, including obtaining consent and responding to access or correction requests.

4. United States-Specific Disclosures (HIPAA and State Laws)

We are not a “Covered Entity” or “Business Associate” as defined by HIPAA (45 CFR §160.103). Our platform is not intended for the collection, storage, or processing of Protected Health Information (PHI), and we disclaim any liability under HIPAA or the HITECH Act. Clients are solely responsible for ensuring HIPAA compliance, including the use of secure email systems. Additionally, clients must comply with applicable state privacy laws (e.g., CCPA, CPRA, VCDPA, CPA) where relevant.

5. EU-Specific Disclosures (GDPR)

We are not a data controller or processor under Articles 4 or 28 of the General Data Protection Regulation (Regulation (EU) 2016/679). All data submitted through forms is transmitted directly to our clients and not retained or accessed by us. Clients operating in the EU are responsible for GDPR compliance, including lawful processing bases under Article 6, transparency under Articles 12–14, and international transfer safeguards under Chapter V.

6. Australia-Specific Disclosures (Privacy Act 1988 and APPs)

This Policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). SmartClinicSites.com does not collect or store personal information and is not considered an APP entity. Clients operating in or targeting Australia must ensure compliance with the APPs and are responsible for privacy notices, access controls, and mandatory breach notification under the Notifiable Data Breaches (NDB) scheme.

7. Data Retention and Control

We do not retain user data. All personal information submitted through contact forms is controlled and retained solely by the client. Clients are responsible for implementing compliant retention and disposal policies under applicable jurisdictional law.

8. Data Subject Rights

Requests for access, correction, or deletion of personal information must be directed to the client business that controls the data. SmartClinicSites.com does not have access to personal data and cannot process such requests.

9. Security Measures

We implement industry-standard technical safeguards such as HTTPS, firewalls, and access controls. However, form submissions are encrypted and transmitted directly to clients, who bear full responsibility for protecting data received via their own infrastructure.

10. Cookies and Tracking Technologies

Our website uses cookies and analytics tools to improve user experience. No personally identifiable information is collected or retained by us. Users may control cookie behavior through browser settings. EU and ePrivacy Directive compliance is observed where applicable.

11. International Data Transfers

SmartClinicSites.com does not store or route data through international servers. Contact form data is transmitted directly to clients. Clients are responsible for ensuring that any international data transfers comply with GDPR Chapter V, Australia's cross-border disclosure rules, or Canadian adequacy requirements.

12. Amendments

We reserve the right to update this Policy at any time. Revised versions will be posted with a new effective date. Continued use of our services constitutes acceptance of the updated terms.

13. Contact

For questions or concerns regarding this Privacy Policy, please contact:
SmartClinicSites.com
Email: SmartClinicSites@gmail.com