Last updated September 6, 2024

You deserve

transparency

into our data use

Last updated May 1, 2024

You deserve

transparency

into our data use

ARBITRATION NOTICE AND CLASS ACTION WAIVER
THIS AGREEMENT CONTAINS PROVISIONS THAT LIMIT OUR LIABILITY AND REQUIRE YOU TO RESOLVE ANY DISPUTE WITH US THROUGH FINAL AND BINDING ARBITRATION. YOU WAIVE THE RIGHT TO PARTICIPATE IN A CLASS ACTION OR TO HAVE YOUR CLAIM HEARD IN COURT.

Daniel Walton 365 LLC, DBA Patient Acquisition ("We," "Us," "Our"), is committed to protecting the privacy and confidentiality of your personal and health-related information in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Federal Trade Commission (FTC) regulations.This Privacy Policy explains how we collect, use, disclose, and protect your personal data, including any Protected Health Information (PHI), when you use our services or interact with our affiliates, clients, or third-party service providers.

1. Information We Collect

We may collect the following types of personal and health information from you when you interact with our lead opt-in forms, landing pages, or other services provided on behalf of our clients (e.g., med spas, weight loss clinics, telemedicine services):
a. Personal Data (PII)

  • Name and contact information, such as your name, email address, phone number, and billing and physical addresses.-

  • Demographic data, such as your gender, date of birth, and zip code.-

  • Social plug-ins, such as third-party websites, networks, platforms, servers and/or application information (e.g., Facebook, Twitter, Instagram).

  • Payment information, such as your credit card number, financial account information, and other payment details.-

  • Content and files, such as photographs, videos, documents, and

b. Protected Health Information (PHI)

  • Medical history, conditions, treatments, and other health-related data, including any diagnoses.

  • Information provided during consultations, telehealth services, or appointment scheduling.

c. Technical Data

  • IP address, browser type, device identifiers, operating system, and usage data related to our digital platforms.

d. Communications Data

  • Call recordings, email correspondence, and text message interactions used for customer service, marketing, quality assurance, and health-related purposes.

2. How We Use Your Information

Your personal and health information is used to:
a. Service Provision and Coordination

  • Share relevant information with healthcare providers, clinics, or pharmacies to schedule appointments, fulfill treatments, or provide telehealth services on your behalf.

  • Assist with administrative support, payment processing, and customer service functions for you or the healthcare provider.

b. Marketing and Sales

  • We may use your information to provide targeted marketing for treatments, products, or services you’ve expressed interest in. This may involve sharing data with our affiliates or partners to tailor offers relevant to your medical or personal preferences.

c. Compliance with Legal Obligations

  • Comply with all applicable laws and regulations (HIPAA, GDPR, CCPA), including fulfilling legal requests, investigating potential violations, and conducting audits as required by law.

d. Data Analytics

  • Aggregate and anonymize your information for research, statistical analysis, and improving our services and systems without identifying you individually.

3. Sharing of Information

We share your personal and health information only when necessary and in compliance with applicable laws. This may include sharing data with:
a. Healthcare Providers and Clinics

  • Your PHI is shared with healthcare providers or clinics to ensure you receive the services you opted in for, such as telehealth consultations, treatments, or other medical services.

b. Affiliates and Business Partners

  • We may share data with affiliated businesses, marketing agencies, or other third parties to assist in providing the services you requested, for administrative purposes, or to offer additional relevant services. All partners are contractually obligated to comply with privacy and security standards.

c. Third-Party Service Providers

  • We use third-party service providers for data storage, payment processing, telecommunications, and email communications. These providers have access to your personal data only to perform their services and are required to maintain strict confidentiality and security.

d. Legal and Regulatory Authorities

  • In the event of a legal request or investigation, we may disclose your personal or health data to law enforcement or regulatory agencies as required by law.

4. Data Security Measures

We take data security seriously and implement the following measures to protect your personal and health information:
a. Encryption

  • All personal and PHI data is encrypted both in transit and at rest to prevent unauthorized access during data transmission or storage.

b. Access Controls

  • We restrict access to your information to authorized personnel only. Our systems utilize role-based access control to ensure that only individuals with a legitimate business purpose can access sensitive data.

c. Regular Audits and Security Reviews

  • We conduct regular security audits and reviews to ensure compliance with HIPAA, GDPR, CCPA, and other applicable regulations.

d. Incident Response

  • In the event of a data breach, we will notify affected individuals and relevant authorities in compliance with HIPAA’s Breach Notification Rule and GDPR requirements. Our team follows an established incident response protocol to mitigate harm and address vulnerabilities.

5. Your Rights Regarding Your Data

You have the following rights under HIPAA, GDPR, and CCPA concerning your personal and health information:
a. Right to Access

  • You may request a copy of the personal and health data we have collected from you at any time.

b. Right to Correction

  • You may request that we correct any inaccurate or outdated information in your records.

c. Right to Deletion

  • You have the right to request the deletion of your personal information in specific circumstances, such as when it is no longer necessary for the purpose it was collected.

d. Right to Withdraw Consent

  • You may withdraw consent for the use of your data at any time, although this may affect the services we are able to provide.

e. Right to Data Portability

  • Under GDPR, you may request that we transfer your data to another organization or provider.

6. Data Retention

We retain your data only as long as necessary to provide the services you opted in for or to comply with legal obligations. Upon request or after the data is no longer needed, we will securely delete or anonymize your personal and health information in accordance with HIPAA and GDPR standards.

7. International Data Transfers

For individuals subject to GDPR, we ensure that any transfer of your personal data outside the European Economic Area (EEA) is compliant with GDPR. We implement safeguards such as Standard Contractual Clauses (SCCs) to ensure your data is protected.

8. Breach Notification Protocol

If a data breach occurs that compromises the confidentiality, security, or integrity of your personal or health information, we will promptly notify you and the appropriate authorities as required by HIPAA’s Breach Notification Rule and GDPR guidelines. We will provide detailed information on the breach, including what occurred, the types of data affected, and any actions you should take to protect yourself.

9. Third-Party Data Sharing Protections

All third parties, affiliates, and partners who handle or process your personal or health information on our behalf are required to comply with HIPAA, GDPR, and CCPA. These third parties are bound by strict contractual obligations to ensure the confidentiality and security of your data. We regularly audit these partners to ensure compliance and address any vulnerabilities.

10. Call Recording and Consent

We may record phone calls for quality assurance, training, and health-related purposes. By using our services, you consent to these recordings, which may be shared with healthcare providers, affiliates, and partners to ensure service accuracy and quality. All recordings are securely stored and handled in compliance with HIPAA and GDPR regulations.

11. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal or health information from children under 18. If you are a parent or guardian and believe that we have inadvertently collected such data, please contact us immediately.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website, and we encourage you to review this policy regularly. Your continued use of the services following any changes constitutes acceptance of those updates.

13. Contact Information

If you have any questions or concerns regarding this Privacy Policy, your rights, or our data handling practices, please contact us at:

Email: info@danielwalton365.com