About Face Aesthetics LLC Privacy Policy


Last Modified: April 22, 2025


Introduction

This Privacy Policy outlines About Face Aesthetics LLC ("we," "our," or "the Company") practices regarding information collected from users who access our website at aboutfaceaesthetics.com ("Site") or otherwise share personal information with us (collectively: "Users"). As a healthcare provider, we are committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) and protecting the privacy and security of your Protected Health Information (PHI) and other personal information.


Grounds for Data Collection

Processing of your personal information, including any information that may identify you with reasonable means ("Personal Information") and Protected Health Information (PHI) as defined under HIPAA, is necessary for:

  • Performing our contractual obligations to provide you with healthcare and related services.
  • Protecting our legitimate interests, such as improving our services and ensuring security.
  • Complying with legal, financial, and regulatory obligations, including HIPAA, to which we are subject.

By using the Site or our services, you consent to the collection, storage, use, disclosure, and other uses of your Personal Information and PHI as described in this Privacy Policy. We encourage our Users to carefully read this Privacy Policy to make informed decisions.


What Information We Collect?

We collect two types of data from Users:

  1. Non-personal Information: This is un-identified and non-identifiable information gathered via your use of the Site. It includes aggregated usage data and technical information from your device (e.g., browser type, operating system, language preference, access time) to enhance Site functionality. We may also collect data on your Site activity (e.g., pages viewed, clicks, actions).
  2. Personal Information and PHI: This includes individually identifiable information that identifies you or could reasonably identify you, including PHI as defined by HIPAA. Such information includes:
  • Device Information: Geolocation data, IP address, unique identifiers (e.g., MAC address, UUID), and activity-related data from your device.
  • Registration Information: Full name, email address, physical address, phone number, and other details provided during registration or service use.
  • Health Information: Medical history, treatment records, appointment details, billing information, insurance details, and other PHI collected during the provision of healthcare services.


How Do We Receive Information About You?

We receive your Personal Information and PHI from:

  • Voluntary submissions when you register on our Site or use our services (e.g., filling out forms, scheduling appointments).
  • Your interactions with our Site or services.
  • Third-party providers, such as analytics vendors, payment processors, or healthcare partners, in compliance with HIPAA regulations.
  • Communications with you, such as appointment confirmations or medical inquiries.


How Do We Use Your Information?

We use your information for the following purposes:

  • Providing and managing healthcare services, including scheduling, confirming, and reminding you of appointments.
  • Communicating with you regarding services, technical updates, or customer service issues.
  • Billing and processing payments, including coordination with insurance providers.
  • Personalizing your experience on our Site.
  • Conducting statistical and analytical research to improve our services and Site.
  • Complying with legal obligations, including HIPAA, and responding to legal processes or governmental requests.
  • Marketing our services (with opt-out options) or serving advertisements (see "Marketing" and "Advertisements" sections).
  • Ensuring the security of our Site and services.


Sharing and Disclosure of Information

We do not rent, sell, or share your Personal Information or PHI with third parties except as described below and in compliance with HIPAA:

  • Business Associates: We may share PHI with trusted third-party providers (e.g., hosting providers, billing services, analytics vendors) who are bound by Business Associate Agreements (BAAs) to ensure HIPAA compliance. These providers may be located in different jurisdictions.
  • Healthcare Operations: We may share PHI with subsidiaries, affiliates, or subcontractors for purposes such as treatment, payment, or healthcare operations, as permitted by HIPAA.
  • Legal Compliance: We may disclose information if we believe in good faith that it is necessary to:
  • Comply with applicable laws, regulations, legal processes, or governmental requests.
  • Enforce our policies or investigate potential violations.
  • Detect, prevent, or address fraud, security issues, or illegal activities.
  • Protect the rights, property, or safety of our Company, Users, or others.
  • Collaborate with law enforcement or enforce intellectual property rights.
  • Corporate Transactions: In the event of a merger, sale, or asset transfer, we may share information with the acquiring entity, which will assume the obligations of this Privacy Policy.


HIPAA-Specific Safeguards

To ensure compliance with HIPAA, we:

  • Implement administrative, physical, and technical safeguards to protect PHI from unauthorized access, use, or disclosure.
  • Train our staff on HIPAA compliance and data protection.
  • Maintain BAAs with third-party vendors who handle PHI.
  • Use secure methods (e.g., encryption) for transmitting PHI.
  • Regularly audit and monitor our systems for compliance.


Notice of Privacy Practices

In addition to this Privacy Policy, we provide a Notice of Privacy Practices (available upon request or at our office) that details how we use and disclose your PHI for treatment, payment, and healthcare operations, as well as your rights under HIPAA.


User Rights

Under applicable laws, including HIPAA, you have the following rights regarding your Personal Information and PHI:

  1. Access: Request confirmation of whether we process your information and access your stored Personal Information and PHI, along with supplementary details.
  2. Copy: Receive a copy of your voluntarily provided information in a structured, commonly used, and machine-readable format.
  3. Rectification: Request correction of inaccurate or incomplete Personal Information or PHI.
  4. Erasure: Request deletion of your Personal Information, subject to our legal obligations (e.g., retaining PHI for healthcare or compliance purposes).
  5. Restriction: Request restriction of processing your Personal Information or PHI, where applicable.
  6. Objection: Object to the processing of your Personal Information for certain purposes, such as marketing.
  7. Accounting of Disclosures: Request an accounting of certain disclosures of your PHI made by us.
  8. Breach Notification: Be notified in the event of a breach of your unsecured PHI, as required by HIPAA.
  9. Complaint: Lodge a complaint with our Data Protection Officer or the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

These rights are subject to our legitimate interests, HIPAA requirements, and other regulatory obligations. To exercise these rights, contact our Data Protection Officer (DPO) at:

Phone: (864) 441-0431
Email: info@aboutfaceaesthetics.com


Retention

We retain your Personal Information and PHI for as long as necessary to provide our services and comply with legal obligations, including HIPAA retention requirements. Retention periods depend on the type of information and its purpose. For example, we retain medical records as required by federal and state laws. We will destroy outdated or unused information at the earliest reasonable time, in compliance with applicable regulations.


Cookies

We use cookies and similar technologies to enhance your experience on our Site. These include:

  • Session Cookies: Temporary cookies deleted when you close your browser.
  • Persistent Cookies: Stored for a fixed period to remember preferences.
  • Third-Party Cookies: Set by analytics or advertising services (e.g., Google Analytics).

Cookies do not contain personally identifiable information but may be linked to Personal Information we store. You can disable cookies via your device settings, but this may limit Site functionality. We use Google Analytics to collect non-identifiable data about Site usage, subject to Google’s Terms of Use and Privacy Policy.


Third-Party Collection of Information

This Privacy Policy applies only to information we collect. Information you share with third parties (e.g., linked websites) is subject to their privacy policies. We encourage you to review those policies before sharing information.


Data Security

We implement robust security measures to protect your Personal Information and PHI, including:

  • Industry-standard encryption for data transmission and storage.
  • Access controls to limit who can view PHI.
  • Regular security assessments and audits.
  • HIPAA-compliant procedures for third-party vendors.

While we take reasonable steps to safeguard your information, no system is entirely secure. We are not liable for unauthorized access beyond our control but will notify you of any PHI breach as required by HIPAA.


Transfer of Data Outside the EEA

If data recipients are located outside the European Economic Area (EEA), we transfer data only to countries approved by the European Commission for adequate data protection or under legal agreements ensuring equivalent protection.


Advertisements

We may use third-party advertising technologies that place cookies on your browser to serve relevant ads. You can opt out of these ads via the Network Advertising Initiative (http://optout.networkadvertising.org/) or Digital Advertising Alliance (http://optout.aboutads.info/).


Marketing

We may use your Personal Information (e.g., name, email, phone number) to send promotional materials about our services. You can opt out of marketing communications via the unsubscribe link in emails or by contacting us. Non-marketing communications (e.g., appointment reminders, billing notices) will continue as necessary for service delivery.


Minors

Our Site and services are not directed at minors. We do not knowingly collect Personal Information or PHI from minors without parental consent. If you believe a minor has provided such information, contact us at info@aboutfaceaesthetics.com.


Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals, the HHS, and, if applicable, the media, in accordance with HIPAA requirements.


Updates or Amendments to This Privacy Policy

We may revise this Privacy Policy periodically. Material changes will be effective upon posting the updated policy on our Site. Your continued use of our Site or services constitutes consent to the revised terms. The last revision date is noted at the top of this policy.


How to Contact Us

For questions about this Privacy Policy, your information, or our HIPAA compliance, contact:

About Face Aesthetics LLC
Email: info@aboutfaceaesthetics.com
Phone: (864) 441-0431

You may also file a complaint with the HHS Office for Civil Rights at:
Website: https://www.hhs.gov/hipaa/filing-a-complaint
Address: 200 Independence Avenue, S.W., Washington, D.C. 20201