Privacy Policy for Skinsculpt Aesthetics
Effective Date: August 26, 2025
Last Updated: August 26, 2025
Contact Information
Skinsculpt Aesthetics
1495 W. Shaw Avenue Fresno, Ca 93711
Phone: 559-470-2125
Email: [email protected]
Website: www.skinsculpt-aesthetics.com
1. Introduction
This Privacy Policy describes how Skinsculpt Aesthetics (“we,” “us,” “our,” or the “Practice”) collects, uses, protects, and discloses your personal information, including Protected Health Information (PHI), when you visit our website or receive medical aesthetic services at our practice.
We are committed to protecting your privacy in compliance with:
- Health Insurance Portability and Accountability Act (HIPAA)
- State medical privacy laws
- California Consumer Privacy Act (CCPA)
- General Data Protection Regulation (GDPR) where applicable
- Federal Trade Commission guidelines
2. HIPAA Notice of Privacy Practices
Your Health Information Rights
As our patient, you have the following rights regarding your Protected Health Information:
Right to Access: Request and receive copies of your medical records and health information
Right to Amend: Request corrections to your health information if you believe it’s inaccurate
Right to Restrict: Request limitations on how we use or share your health information
Right to Confidential Communications: Request that we communicate with you in a specific manner or location
Right to an Accounting: Receive a list of when and with whom we’ve shared your health information
Right to File a Complaint: Report concerns about our privacy practices without fear of retaliation
How We Use Your Protected Health Information
For Treatment: Providing medical aesthetic services, consultations, follow-up care, and coordinating treatment with other healthcare providers
For Payment: Processing payments, billing insurance, verifying coverage, and collecting payment for services
For Healthcare Operations: Quality improvement, staff training, licensing, and business administration
Other Permitted Uses:
- Emergency medical situations
- Legal requirements and court orders
- Public health and safety reporting
- Business associates with signed HIPAA agreements
3. Information We Collect
Medical and Health Information
- Medical history and health questionnaires
- Treatment records and consultation notes
- Before and after photographs (with consent)
- Progress notes and treatment outcomes
- Medication lists and allergy information
- Insurance and billing information
- Appointment and scheduling data
Personal Information
Website and Digital Information
- Name, address, phone number, email address
- Date of birth and emergency contact information
- Government-issued ID for verification
- Payment and credit card information
- Communication preferences
- IP address and device information
- Browser type and operating system
- Pages visited and time spent on our website
- Cookies and tracking technologies
- Email engagement metrics
- Online form submissions and inquiries
- Live chat conversations
4. How We Collect Information
Directly From You
- Patient intake forms and health questionnaires
- Online appointment booking systems
- Website contact forms and inquiries
- Phone calls and in-person consultations
- Email communications
- Payment transactions
Automatically Through Our Website
- Cookies and similar tracking technologies
- Web server logs and analytics tools
- Third-party plugins and integrations
- Social media interactions
5. How We Use Your Information
Medical Care and Treatment
- Providing aesthetic medical services and treatments
- Creating and maintaining medical records
- Treatment planning and follow-up care
- Medical photography for documentation
- Communicating treatment recommendations
- Coordinating care with other healthcare providers
Administrative and Business Operations
- Scheduling appointments and sending reminders
- Processing payments and insurance claims
- Maintaining patient records and databases
- Quality assurance and improvement programs
- Staff training and education
- Regulatory compliance and reporting
Communication and Marketing (with your consent)
- Sending appointment reminders and follow-up care instructions
- Sharing educational content about treatments and services
- Promotional offers and special discounts
- Newsletter and email marketing campaigns
- Social media engagement and content sharing
- Patient satisfaction surveys and feedback requests
Website Functionality
- Improving user experience and website performance
- Analyzing website traffic and usage patterns
- Preventing fraud and ensuring security
- Providing customer support and technical assistance
6. Information Sharing and Disclosure
We Share Information With:
Healthcare Providers: Other medical professionals involved in your care or treatment
Business Associates: Third-party service providers who help us operate our practice under HIPAA-compliant agreements:
- Electronic health record (EHR) systems
- Payment processing companies
- Appointment scheduling platforms
- Email marketing services
- Website hosting and analytics providers
- Cloud storage and backup services
Insurance Companies: For treatment authorization, claims processing, and payment
Legal and Regulatory Requirements: When required by law, court orders, subpoenas, or regulatory agencies
We Do NOT Share Without Your Explicit Consent:
- Medical information for third-party marketing
- Before/after photos for promotional purposes
- Treatment details with family or friends
- Patient lists with external organizations
7. Medical Photography and Consent
Treatment Documentation
We may photograph treatment areas for your medical record to document:
- Pre-treatment conditions
- Treatment progress
- Post-treatment results
- Adverse reactions or complications
Marketing and Promotional Use
Separate written consent is required for any use of your photographs in:
- Website galleries and testimonials
- Social media posts and advertisements
- Marketing materials and brochures
- Professional presentations and conferences
Your Rights Regarding Photos
- You may decline photography at any time
- You can withdraw marketing consent for future use
- You may request removal of photos from marketing materials
- Medical record photos remain part of your permanent record
8. Website Privacy and Cookies
Types of Cookies We Use
Essential Cookies: Required for website functionality, security, and basic operations
Analytics Cookies: Help us understand how visitors use our website through services like Google Analytics
Marketing Cookies: Used for advertising and remarketing campaigns (with your consent)
Preference Cookies: Remember your settings and preferences for future visits
Third-Party Services
Google Analytics: Tracks website usage and performance metrics. Opt-out available
Facebook Pixel: Enables targeted advertising on social media platforms
Boulevard: Powers our online appointment scheduling
GoHighLevel: Manages our email marketing communications
Managing Cookies
You can control cookies through your browser settings:
- Block all cookies (may affect website functionality)
- Delete existing cookies
- Set preferences for future cookies
- Receive notifications when cookies are set
9. Data Security and Protection
Physical Safeguards
- Locked facilities and filing systems
- Restricted access to medical areas
- Secure disposal of sensitive documents
- Employee access controls and identification
Technical Safeguards
- Encrypted data transmission (SSL/TLS)
- Secure cloud storage with encryption
- Multi-factor authentication systems
- Regular software updates and security patches
- Firewall and intrusion detection systems
- Automated data backups and recovery
Administrative Safeguards
- Comprehensive HIPAA training for all staff
- Regular security risk assessments
- Incident response and breach procedures
- Signed confidentiality agreements
- Business associate agreements with vendors
- Audit logs and access monitoring
10. Data Retention
Medical Records: Maintained for a minimum of 7 years after your last visit, or longer as required by state law
Financial Records: Retained for 7 years for tax and audit compliance
Website Data: Varies by type – cookies typically expire between 30 minutes and 2 years
Marketing Communications: Retained until you opt-out or withdraw consent
Email Communications: Archived according to business and legal requirements
11. Your Privacy Rights
Access and Correction Rights
- Request copies of your medical records (reasonable copying fees may apply)
- Review and update your personal information
- Correct inaccurate or incomplete information
- Receive records within 30 days of your request
Communication and Marketing Rights
- Opt-out of marketing emails and communications
- Choose your preferred communication methods
- Request confidential communications at alternative locations
- Withdraw consent for photo/video use in marketing
California Residents (CCPA Rights)
- Right to Know: What personal information we collect and how it’s used
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information
- Right to Non-Discrimination: Equal service regardless of privacy choices
EU Residents (GDPR Rights)
- Right to Access: Obtain confirmation of data processing and copies of your data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of personal data (“right to be forgotten”)
- Right to Data Portability: Receive your data in a structured, machine-readable format
12. Minors and Parental Consent
Age Requirements: Patients under 18 years of age require parent or legal guardian consent for treatment and information sharing
Privacy Protection: We follow state laws regarding minors’ rights to privacy for certain medical treatments
Parental Access: Parents/guardians have the right to access their minor child’s medical information as permitted by law
13. Breach Notification
In the unlikely event of a data breach involving your personal information:
- Immediate Response: We will investigate and contain the breach promptly
- Patient Notification: Affected individuals will be notified within 60 days
- Regulatory Reporting: Required agencies will be notified as mandated by law
- Remedial Actions: We will take steps to prevent future breaches and offer assistance to affected individuals
14. International Data Transfers
If you are located outside the United States, please note that your information may be transferred to and processed in the United States, where our servers and primary operations are located. By using our services, you consent to this transfer.
15. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in applicable laws and regulations
- New services, technologies, or business practices
- Improvements to our privacy and security measures
How We’ll Notify You:
- Posted notice in our office waiting area
- Email notification to patients who have consented to receive communications
- Website banner or pop-up notification
- Direct mail for significant changes affecting your rights
For any concerns, contact us at: 1495 W. Shaw Ave, Fresno, Ca 93711
