Privacy policy

Effective Date: March 11, 2025

1. ABOUT US

Zaretsky Aesthetics LLC (“we,” “us,” or “our”) is a medical spa providing aesthetic and wellness treatments at:

1250 Wood Branch Park Drive #205, Houston, TX, 77079

Email: info@zaretskyaesthetics.com

We value your privacy and are committed to protecting your personal and health information in accordance with the Texas Data Privacy and Security Act (TDPSA) and the Health Insurance Portability and Accountability Act (HIPAA).

2. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy explains:

What information we collect (both personal and health-related)

How we use and share your information

Your rights under TDPSA and HIPAA

How you can exercise your privacy rights

By using our services, website, or communicating with us, you consent to the collection, use, and disclosure of your information as described in this policy.

3. INFORMATION WE COLLECT

A. Personal & Contact Information (TDPSA Applies)

We collect personal information when you interact with us, including:

Name

Email Address

Phone Number

Mailing Address

Payment Information (processed through third-party payment providers)

B. Health & Medical Information (HIPAA Applies)

As a medical spa, we may collect Protected Health Information (PHI), including:

Medical history & treatment details

Before & after photos

Medications & allergies

Doctor’s referrals or notes (if applicable)

C. Automatically Collected Data

When you visit our website, we may collect:

IP Address & Device Information

Website Usage Data (cookies, browsing behavior)

4. HOW WE USE YOUR INFORMATION

For Medical & Aesthetic Treatments (HIPAA Applies)

To provide treatments, consultations, and follow-up care

To communicate with you about appointments and medical advice

To maintain your patient records

For Business & Operations (TDPSA Applies)

To process payments and send invoices

To improve our services and customer experience

For Marketing & Promotions (TDPSA Applies, Requires Consent)

To send you newsletters, special offers, and promotional content (only if you opt-in)

For Legal & Compliance Purposes (TDPSA & HIPAA Apply)

To comply with HIPAA, TDPSA, and other applicable laws

To prevent fraud, unauthorized access, or illegal activities

We will not use your health information for marketing purposes without your written consent.

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal or medical information. However, we may share it in the following circumstances:

Mobile opt-in data will not be shared with third parties.

With Healthcare Providers (HIPAA Applies)

If necessary for your treatment, we may share information with other healthcare professionals (e.g., dermatologists, specialists).

With Third-Party Service Providers (TDPSA Applies)

We may share information with payment processors, IT service providers, and marketing platforms, but only to the extent necessary for service delivery.

For Legal Compliance (TDPSA & HIPAA Apply)

We may disclose information if required by law, court order, or to protect public health.

In Business Transactions (TDPSA Applies)

If we merge, sell, or transfer our business, your information may be transferred as part of the transaction.

6. YOUR RIGHTS UNDER TEXAS LAW (TDPSA) & HIPAA

Under the Texas Data Privacy and Security Act (TDPSA), you have the right to:

Access your personal information – Request a copy of your data.

Correct inaccuracies – Update incorrect personal information.

Delete your personal data – Request deletion of data we no longer need.

Opt-out of targeted advertising – You can ask us to stop sending promotional content.

Under HIPAA, you have additional rights regarding your health information:

Request an electronic or paper copy of your medical records

Request amendments to your health records

Request restrictions on how we use or disclose your health data

File a complaint if you believe your HIPAA rights have been violated

How to Exercise Your Rights

To request access, corrections, or deletions, email us at:

Info@zaretskyaesthetics.com

Response Time: We will respond within 45 days (TDPSA) or 30 days (HIPAA).

7. SECURITY MEASURES TO PROTECT YOUR INFORMATION

We implement the following security measures to protect your personal and medical data:

Encryption – We encrypt sensitive data to protect it from unauthorized access.

Access Controls – Only authorized staff can access your medical records.

HIPAA-Compliant Systems – We use secure electronic health record (EHR) systems.

If you suspect a data breach, please contact us immediately.

8. DATA RETENTION POLICY

Medical Records (HIPAA) – Retained for at least 6 years, per HIPAA regulations.

Personal Data (TDPSA) – Retained only as long as necessary for business or legal purposes.

Marketing Data – Retained until you opt out.

When data is no longer needed, we securely delete or anonymize it.

9. COOKIES & ONLINE TRACKING

We use cookies to enhance website functionality. You can disable cookies in your browser settings, but this may affect site performance.

10. CHANGES TO THIS PRIVACY POLICY

We may update this policy as needed to comply with legal requirements. Updates will be posted on our website, and we will notify you if required.

11. HOW TO FILE A COMPLAINT

If you believe your HIPAA or TDPSA rights have been violated, you can file a complaint:

Zaretsky Aesthetics LLC – info@zaretskyaesthetics.com

Texas Attorney General’s Office – (https://www.texasattorneygeneral.gov/)

U.S. Department of Health & Human Services (HHS) – HIPAA Complaints – (https://www.hhs.gov/hipaa/filing-a-complaint/)

12. CONTACT US

If you have any questions or concerns about this Privacy Policy, please reach out to:

Zaretsky Aesthetics LLC